Hello everybody!!
I am currently doing my intership and I need some tips for Pcap.h.
I search some tips tp filter my paquets in a C program with the Pcap.h librairy. The onlys thing I have found is thaht I can filter low level protocol with their name like (tcp/udp..). But for the higher protocols I have to use lower protocol names with ports number. Do you know I could do to filter the higher protocols with their name like (HTTP, MSNP...)
Thanks for you help.
Detecting signatures of various application layer protocols is usually the domain of applications built on low level packet inspection facilities like libpcap: IDS, etc..
There are plenty of IDS with open codebases and modular frameworks. You could check out sourceforge and take a look under security.
Do you think that their is an IDS who can perform a full extraction form a pcap file? Because I need to develop a program wtich can extract the datas and restore it clearly.
Sure. But the pcap_dump() function and whatever method you use to store the u_char packet data and pcap_pkthdr elements gives you the raw information you need. The parsing logic for packet and packet header is what it sounds like you need.
This may help..I don't think it's very well written but it gives you a start.
libpcap packet capture tutorial