674 questions
0
votes
0
answers
197
views
android apps connection error when using burpsuite for traffic interception
I'm trying to pentest an android app using Burpsuite, so:
1- I set the proxy and port in Burpsuite as 192.168.1.249:8080 (my PC IP), and I set the proxy in my android device WIFI as 192.168.1.249 and ...
- 493
0
votes
1
answer
50
views
How to Detect Websites Opened by User in Android Using Kotlin
I'm working on a kotlin Android app where I need to monitor the websites that a user is visiting on their device. I've tried many different variations of code that all, in one way or another, try to ...
- 75
1
vote
0
answers
142
views
tcpdump is not available when extracting packet features in windows
I have been trying to extract statistical features from a packet(pcap) using pyflowmeter but I keep on getting traceback error that :'scapy.error.Scapy_Exception: tcpdump is not available', I know ...
- 11
0
votes
0
answers
75
views
How to use cicflowmeter python package
Can anyone please guide me how can I use cicflowmeter python package to convert from pcap packets into csv not from shell promt, but from python code. Like I want to comvert packets through notebook(...
- 11
0
votes
0
answers
83
views
How to Improve Wireshark Capture Speed for USB Packets to Match Real-Time Data Transfer Rate?
I'm currently facing an issue with Wireshark where it cannot keep up with the real-time USB data transfer rate in my use case. This results in Wireshark only capturing a portion of the USB packets, ...
- 1
1
vote
0
answers
68
views
pcap_open_live() returning address family not supported by protocol for all devices
I am trying to implement a packet sniffer using C ran on WSL with Ubuntu, and when calling pcap_open_live, for any device, returns: Couldn't open device: `pG��: socket: Address family not supported by ...
- 21
0
votes
0
answers
135
views
Dpdk L3fwd with Pdump
I wanted to run pdump to capture packets on the l3fwd application of dpdk.
But I ran into an error, while following the steps as discussed in the dpdk document.
I am using dpdk version 24.03 and I ...
0
votes
0
answers
25
views
Capture packet on hook point after socket.listen()
I'm writing a simple kernel-space firewall and I capture a packet in pre_routing hook point.
I have a python function that is always running and listens on port 800. When receiving a packet it will ...
- 121
0
votes
0
answers
31
views
Use PCAPNG for different protocols
I have a microcontroller under test that use different peripherals that communicate using either ethernet (udp) or UART.
I want to record every messages exchanged between this microcontroller and a ...
- 1,361
2
votes
2
answers
1k
views
How to avoid Windows Defender false positives with C# software?
I am developing software in C# that includes packet capture functionality.
In Windows, the software must be configured as an exception to the Windows firewall in order to analyze incoming packets.
I ...
- 153
1
vote
0
answers
24
views
How can I start a process based on the information sent from another computer?
Background
I have two computers, A and B. These computers are connected through the use of an ethernet cable where A is connected wireless to the router while B is in monitor mode and is therefore not ...
- 11
1
vote
0
answers
70
views
Receiving Duplicate packets in receiver side when played through DPDK
I have a scenario where i am trying to send packets from a pcap file using dpdk to other other port connected by loopback cable,
Issue: Getting Duplicate packets instead of different ones on receiver ...
- 25
0
votes
0
answers
105
views
Detect and capture openconnect traffic using eBPF/XDP
I'm new to networking. I'm also learning the usage of eBPF. Currently I'm working on a project where I've to capture the inner packet of a openconnect traffic. This is my code:
https://github.com/...
- 787
0
votes
0
answers
91
views
AWS SDK transcribe streaming not working for OPUS
I have a telephonic system using 3cx and broadworks. When a call is initiated an Invite packet is sent to a port. That invite packet contains the port number for capturing RTP data. My Python code ...
- 1
0
votes
0
answers
28
views
I observed that a duplicate request was sent 60 seconds following the first request, yet the browser's devtool displays only a single request
I use axios to perform the request, here is an example of my codes:
const abort = new AbortController()
const res = await axios.get('/rl/dev/network/status', { signal: abort.signal })
// ...
...
0
votes
0
answers
72
views
modifying sent and received packets on my machine using scapy
I want to get do a inspect and check http/https requests and responses sent a certain website sent from my machine (running windows).
I want to sniff packets sent and coming from this website, process ...
- 69
0
votes
1
answer
6k
views
is the RST ACK packet in wireshark normal?
wireshark capture
when i try to analyse the trafic in the network with wireshark software i see packets with red color (RST ACK) . is that a normal trafic packet or there are some things wrongs?and if ...
- 21
1
vote
1
answer
110
views
Packet Sniffing on Mirrored Port - Missing Packets when UDP Message > 50kb (Python, Scapy)
I have very little network programming experience, and am running into an issue with packet sniffing on a mirrored port, where the sniffer seems to be missing packets:
I have two computers (A and B) ...
1
vote
0
answers
54
views
Packet Arrival time Drifting Linearly at the Receiving Endpoint
I have two Linux machines connected to each other by 10G NIC Card, on one machine I have a pcap file where i am sending the packets using libpcap in C Code based on the packet interval compared to ...
- 25
0
votes
1
answer
319
views
Scapy Error sending packet (promiscuous mode)
I want to play a bit with scapy to get familiar with crafting and working with packets.
So for so good. But when I want to send a packet an OS error appears: Saying that it can not set hardware filter ...
user13021032
0
votes
1
answer
963
views
tcpdump is buffering incoming packets and storing into pcap file
I have two VM connected to each other with 10G NIC card, now on one vm i am playing packets from the pcap file using libpcap in continuous stream, on other end of vm i am using tcpdump to capture the ...
- 25
-1
votes
1
answer
41
views
Packet Arrival time different in recieving endpoint
I have two VM ubuntu connected to each other with 10G HP NIC card, now I want to play packets from a .pcap file on one vm and receive packets on another vm, but there is one condition that it has to ...
- 25
1
vote
1
answer
503
views
Filtering for Quic Client Hello packets with tcpdump
I am able to filter for Client Hello messages for TLS on TCP with the following:
(tcp[((tcp[12] & 0xf0) >> 2)] = 0x16) && (tcp[((tcp[12] & 0xf0) >> 2) + 5] = 0x01)
https://...
- 83
0
votes
1
answer
210
views
How to run scapy python scripts in linux?
I am new to scapy and need help with this part. So I have already installed the package and I am trying to execute the code below but nothing gets printed to my terminal. I want help understanding ...
- 13
0
votes
1
answer
290
views
Packet Capture and Retransmission, socat permission denied
I am trying to do packet capture and retransmission using a raspberrypi using tcpdump and socat. However i keep getting the error:
tcpdump: listening on eth0, link-type EN10MB (Ethernet), snapshot ...
- 1
0
votes
0
answers
229
views
Use Arkime to read and process packets from kafka
We have huge amount of custom packets with different size and length in Kafka topics. about 1 GigB/s.
we want read this packets, process and then store useful part of data in elastic.
is it possible ...
- 1
0
votes
1
answer
419
views
How to add dpdk-dumpcap packet capture framework to a custom simple dpdk app
I am using dpdk_v22.11.1 on ubuntu_v22.04.2. I have a simple app derived from skeleton and icmpecho examples which can reply to proper arp requests and also can reply to appropriate pings. Now what ...
- 424
1
vote
0
answers
132
views
Packet capturing for a simple IDS in flutter
I am thinking of developing cross platform Intrusion Detection System. I am researching its development feasibility using flutter for the front end. Is that a good idea? One thing that's bugging me is ...
- 21
2
votes
0
answers
426
views
Why can't we make tcpdump to not stop/exit when an interface on which it is capturing is brought down?
If tcpdump is started with -i <specific_interace_name> exits if that is brought down.
However, if it is started with "-i any" option, it doesn't stop if wlanX/ethX interfaces are ...
- 147
0
votes
2
answers
898
views
capture network traffic and send to a remote machine
I am trying to capture network traffic with tcpdump from a machine in the network and send each packet over the network to another device. I cannot save the packets captured by tcpdump in a file, ...
- 805
0
votes
0
answers
121
views
Capture network traffic with python
I want to start the capturing, send a message via signal and stop the capture in python. I want to measure the time of the packets.
The problem is, i cant sniff and send at the same time.
I tried ...
1
vote
0
answers
30
views
What is the realistic performance of live packet capture?
I know it depends on the environment, but I would like to know the real live packet capture performance.
The questions are:
What is the BPS (Bits per second) and PPS (Packet per second) do you ...
- 11
-1
votes
1
answer
178
views
Construct a pcap record from a csv record using C# .Net libraries
I have a CSV record as shown below.
"1","0.000000","2.1.1.2","2.1.1.1","IPv4","1010","Fragmented IP protocol (proto=ICMP 1, off=0, ID=...
- 107
0
votes
1
answer
864
views
How to setup CICFlowmeter in Ubuntu?
I am trying to use CICFlowmeter (https://pypi.org/project/cicflowmeter/) which is a tool that extracts feature from pcap file and converts them into a csv file. I have tried on windows 10,11 but for ...
0
votes
1
answer
100
views
can i edit the packet length the of a already existing .pcap file
I want to add Laplacian noise of scale 1, to the packet lengths using Scapy or any tool.I am doing a my M.tech project in contextual privacy
I wanted to add noise but my pcap file is not editable(...
0
votes
0
answers
67
views
How can I get the E2AP packet details and printed it using PcapPlusPlus?
I am trying to implement PcapPlusPlus and print E2AP packet details.
0
votes
2
answers
930
views
How to get packet's specific value(src ip, dst ip, even port)?
Is there any way to show the packet's dst ip address, src ip address and both port only?
var device = CaptureDeviceList.Instance.FirstOrDefault(dev => dev.Description.Contains("Ethernet"))...
- 11
0
votes
1
answer
273
views
Can SharpPcap find Ethernet itself?
Can SharpPcap auto choose Ethernet for capturing packets?
var device = CaptureDeviceList.Instance[3];//I don't want to hard-code it.
Should I use "if, else" or "for-loop" to check ...
- 11
1
vote
1
answer
3k
views
How to Use Pyshark to Read a .pcapng file's content directly from memory instead of from disk?
I am using the file capture API of pyshark like this.
#!/usr/bin/env python3
# encoding:utf-8
import pyshark as ps
filename: str = 'some_file.pcapng'
with ps.FileCapture(input_file=filename) as ...
- 1,602
1
vote
0
answers
216
views
Problems making a "proxy" for Android with VPNService
For some reason I can't understand, when I'm parsing the buffer values, I almost never get the version as 4 (which would be the default for IPv4), and most of the time I get some random value like 10 ...
- 31
0
votes
0
answers
156
views
List of IP addresses found on the network
I've been working on a project for a while now where I need to create a list of IP addresses and then see if they respond to a specific command string.
the process goes something like this:
choose a ...
- 480
0
votes
1
answer
71
views
How to know whether an application is using Video, Email or File Transfer from Pyshark Captured Packets?
Running Pyshark on Ubuntu 20.04 desktop. Forgive me for the very basic question since I do not have much background on networking
I am able to capture packets on my Wi-Fi interface for, let's say 10-...
- 1,602
1
vote
2
answers
634
views
How to Convert Packet to TcpPacket?
I'm using PacketDotNet to resolving captured packets. In PacketDotNet0.12.0, it provides a method called GetEncapsulated.
TcpPacket tcppacket = TcpPacket.GetEncapsulated(this.packet);
But now, I ...
- 23
0
votes
1
answer
105
views
Capturing Data of a User Visiting my website
How can I capture data of someone visiting my website via a shortened link? I want to be able to capture the OS, IP, divide ID etc. Would capturing the user agent string be the best option? What are ...
- 69
-2
votes
1
answer
275
views
tcpdump difference between ip host hostname | ip and host hostname
In tcpdump, which is the difference between the following two commands? I tried to understand but they seems pretty much the same to me.
tcpdump ip host google.com
and
tcpdump ip and host google.com
- 1,065
1
vote
1
answer
647
views
How to determine how fast scapy can sniff packets
So I'm quite deep into this monitoring implementation, and I'm curious as to how to calculate the theoretical maximum it can handle.
I know python is not the most efficient language, and I'm honestly ...
1
vote
2
answers
1k
views
Azure Functions Collect Network Trace for a Linux app
TL;DR: What can I do to capture packets when the "Collect Network Trace" facility is not available?
I have an Azure Function App running on a linux app service plan, which is seeing some ...
- 1,254
0
votes
1
answer
5k
views
How do I extract the TCP data packet from Wireshark? [closed]
This is a CTF challenge (a set of online information security challenges) and I have become stuck.
I noticed in the conversation one person asks for the other person to send the salted password file.
...
- 171
2
votes
2
answers
3k
views
Pylibpcap for python-3.x
There was a library pylibpcap for python2 that contained the functionality to create pcap objects like this:
import pcap
pc = pcap.pcapObject()
Now I'm looking for an analogue for python3, but from ...
- 533
2
votes
1
answer
1k
views
How to intercept IP packets going to the kernel Linux
I need to create a TCP session "manually", without using the connect() function. I have tried to use RAW sockets. But in this case, I only get copies of the incoming IP packets. The original ...
- 23