packets direct access

[Giovanni Venturi <giovanni () ksniffer org>]

Hello,
I'm new in this list. I wrote a sniffer using libpcap but I've got some 
questions. I'd like to access directly to the packets number N in the dump 
file. How can I do without start form the first packet and go on sequentially 
till the N packet? I ask you this becase If I've got a file with 100'000 
packets and I want to display the information of the 99'000th packet, if read 
sequentially packet after packet, this operation can also to last 2-3 minutes 
or more.
I was thinking to store in a vector the lenght of each packets, so adding the 
lenghts of the first 89999 packets I can know that the data is contained 
after the SUM bytes, so I can do a seek into the dumped file, but there are 2 
problems to do this:
 1. when I save a pcap packet in a dump file it is bigger that its real lenght 
(so I can't predict if a packet is of D bytes how many bytes will fill in the 
file);
 2. how can I access directly to the packet starting from the byte SUM in the 
dump file? (a seek on the dumped file)... I found no function that do this in 
the libpcap code.

Does someone can give me some hints?
Giovanni
-- 
A KDE Italian translator and KSniffer core developer
Slackware GNU/Linux current version - kernel 2.6.24.2
KSniffer Project - http://www.ksniffer.org/

Attachment: signature.asc
Description: This is a digitally signed message part.