Reconstructing data from PCAP sniff

Question

I am trying to sniff HTTP data through libpcap and get all the http contents (header+payload) after processing the TCP payload.

As per my discussion at Writing an http s

Answer 1

Rather than reassemble the streams youself, you can use tcptrace to reassemble the pcap file. I believe -e will do it.

Once you have the application-layer data in one piece, you can apply simple HTTP header parsing.... Perhps from a library such as http://github.com/ry/http-parser