create pcap file "per flow" #10
Description
I would like to have a pcap file created for each src-ip:port/dst-ip:port combination, or just ip address at a minimum, for all tcp and udp packets. I am not a c++ developer but I was able to make this work in principle with a test program. here's the relevant part of the code:
` if (ip->ip_p == 6 /* tcp protocol number */) {
//printf("\ntcp!\n");
char srcname[100];
strcpy(srcname, inet_ntoa(ip->ip_src));
char dstname[100];
strcpy(dstname, inet_ntoa(ip->ip_dst));
int &stored_val = map[dstname];
oss << "/" << odest << "/"<< dstname << "-" << stored_val << ".pcap";
pfile = oss.str();
if (GetFileSize(pfile) >= 0) {
dumpfile= pcap_dump_open_append(fp, pfile.c_str());
}
else {
dumpfile= pcap_dump_open(fp, pfile.c_str());
}
pcap_dump((unsigned char *) dumpfile, header, pkt_data);
}
else if (ip->ip_p == 17 /* tcp protocol number */) {
//printf("\nudp!\n");
char srcname[100];
strcpy(srcname, inet_ntoa(ip->ip_src));
char dstname[100];
strcpy(dstname, inet_ntoa(ip->ip_dst));
int &stored_val = map[dstname];
oss << "/" << odest << "/"<< dstname << "-" << stored_val << ".pcap";
pfile = oss.str();
if (GetFileSize(pfile) >= 0) {
dumpfile= pcap_dump_open_append(fp, pfile.c_str());
}
else {
dumpfile= pcap_dump_open(fp, pfile.c_str());
}
`
My program loses a lot of packets under load however, hence why I looked to yours for some insipiration on how to optimize. This is all still quite a bit over my head though. Do you think it would be possible to add a feature that would write to a file based on the ip:port information it receives in the header?