4

I'm receiving IP packets using the SLIP protocol, and I'd like to pretty-print them similarly to how tcpdump does it. My program is able to decode the SLIP protocol and create a single string containing an IP packet if necessary.

I couldn't find any relevant tcpdump command-line flags except for -r. The file format is documented at http://www.tcpdump.org/pcap/pcap.html , but it looks a bit too complicated.

Is there a Linux tool for pretty-printing raw IP packets?

pts
  • 425
  • 1
  • 5
  • 15
  • I would take a strong look a the source of tcpdump or wireshark. – Zoredache Oct 19 '13 at 01:29
  • 1
    I'm not sure the reason for closing this question is valid. @pts is asking how to save data to a standard, common file format used by a *ton* of products. Neither pcap nor pcap-ng are going to be obsolete any time soon. If anything it's a programming question and therefore a good candidate for moving to SO. – Gerald Combs Nov 20 '13 at 00:38

1 Answers1

3

The link above is for the pcapng, the next-generation pcap file format. It allows for wonderful features and a great deal of functionality but it's probably overkill for your needs.

Assuming you just want to log packets the original pcap file format should suit your neeeds and is easy to write: 24 bytes of global header information followed by a 16-byte header + packet data for each packet. Tcpdump (and Wireshark and everything else) will read it just fine. You can even (and arguably should) include the SLIP header.

Gerald Combs
  • 6,331
  • 23
  • 35