changing tcpdump source code

[restc]

hi everyone,

i currently looking into modifing the source code for tcpdump and change the output format. i am thinking of creating a GUI (something like ethereal perhaps) or maybe pass the output to gnuplot.

i have looked at a few websites such as [ www.tcpdump.org ]. they provide general information on how to program with pcap but nothing specific. i was wondering if anyone has any experience with this and if you can provide any recommended links, code, c libraries, tips. anything is appreciated.

thanks

[fatalexception]

If you're just modifying the actual output (assuming by output you mean the text sent to stdout), then I would consider just parsing it rather than delving into the source code. Much of the Unix design revolves around this philosophy. Awk, Sed, Perl - any of these languages might be excellent for this task.

As for the GUI, it depends on which language you're writing it in. Many *nix GUIs are just wrappers around the original program that call the executable with whatever options are checked (in a menu or a radio box, etc) and capturing and perhaps parsing the output. There are some very simple GUI toolkits around if you're using a scripting language. At the moment, I'm experimenting with PythonCard and wxPython for Python.