1

I am working on an application that get packets that don't belong to the pc,so i use promiscuous mode on my NIC,i need to read the packet and and handle it.

Because i don't have any connection formed and the packets can use either TCP or UDP(only one of them) i thought of using RAW socket in order to read the data.

If i do that i would get the packet from layer 3 up to layer 7 but i only need the data at layer 7.

If it is the case i can parse the packet myself based on the header of each layer, but that mean that that i would need to implement some of the features of the transport layer.

For example for TCP i would need to implement the construction of the packet like it was before it was divided in the sending machine.

I know the parsing of layer 3 and 4 was already implemented by the OS is there a way that i can use it or use any API for that?

Is the usage of raw socket is appropriate here or is there any other way?

PS. i would probably use the programming language C and i work with windows OS

omer12433
  • 51
  • 7
  • 4
    You are aware that there's [a mature library](http://sourceforge.net/projects/libpcap) devoted to doing just that, right? – Blrfl Oct 04 '14 at 14:11
  • @Blrfl i wasn't aware of that,i assumed there is some sort of a library that i can use but i didn't know which. can you explain about the library a bit? would it suit my needs? – omer12433 Oct 04 '14 at 14:14
  • There's tons of documentation and tutorials on libpcap there for the Googling. – Blrfl Oct 04 '14 at 15:29
  • @Blrfl ok thank you i will look into it. but would i be able to do what i want. because i need the data in layer 7 "complete" i mean as it was before it passed layer 4 in the machine that sent it – omer12433 Oct 04 '14 at 16:33

0 Answers0