Reputation: 410
decoding haskell pcap header
I am trying to get more information out of PktHdr in the
pcap Haskell library.
But it seems like the type does not give me much. How can I get things like source address, destination address and port? Do I have to translate the bytes myself, or am I not reading the doc for this library correctly?
Upvotes: 1
Views: 220
Answers (1)
Reputation:
That library looks as if it's a Haskell version of the libpcap/WinPcap library for C/C++, which means it does nothing more (other than "being callable from Haskell) tha libpcap/WinPcap does.
I.e., it does absolutely no dissection of the packet data; you're on your own there. It just hands you raw packet data.
So, yes, you have to analyze the packet bytes yourself, just as you would with a C/C++ program using libpcap/WinPcap.
Some quick Web searching for
"haskell" packet analysis
found Etherbunny, which is described as "Currently not very useful, but getting there." It was uploaded almost 8 years ago, and the home page link is broken, and I couldn't find anything more recent, but, hey, it's a start, and it does appear to include code to parse Ethernet, IPv4, and TCP headers.
Upvotes: 4