Closed hrbrmstr closed 9 years ago
Hi, in case an application protocol is coming from the net on the top of the transport layer, libcrafter will use a RawLayer object to represent it. Try this :
#include <crafter.h>
#include <iostream>
using namespace std;
using namespace Crafter;
int main() {
std::vector<Packet*> pcap;
ReadPcap(&pcap, "/tmp/hbot.pcap", "");
RawLayer* raw = pcap[9]->GetLayer<RawLayer>();
if(raw) {
raw->Print();
}
return(0);
}
I know the "Payload" concept is confusing, but it doesn't mean to represent the data on the top of TCP / UDP. Is mostly used for IP / TCP options and extra data for a given protocol, not for what is on the top of it.
ZOMGOSH #ty. That was it! Super-helpful library, btw. I'll make sure to ping you when the R pkg is complete.
awesome! looking forward to see the R pkg working :)
I'm writing a R package to read/analyze/visualize PCAPs (and, perhaps, live sniffs) that's (right now) using your C++ library. I'm having an issue with getting the contents of layer payloads.
I've reduced my problem into a standalone example. The following uses the honeybot PCAP file:
That returns:
But there is clearly payload:
Am I missing a necessary call to ensure the payload is accessible?