All Questions
Tagged with packet-capture c
57 questions
1
vote
0
answers
70
views
Receiving Duplicate packets in receiver side when played through DPDK
I have a scenario where i am trying to send packets from a pcap file using dpdk to other other port connected by loopback cable,
Issue: Getting Duplicate packets instead of different ones on receiver ...
- 25
1
vote
0
answers
54
views
Packet Arrival time Drifting Linearly at the Receiving Endpoint
I have two Linux machines connected to each other by 10G NIC Card, on one machine I have a pcap file where i am sending the packets using libpcap in C Code based on the packet interval compared to ...
- 25
0
votes
1
answer
963
views
tcpdump is buffering incoming packets and storing into pcap file
I have two VM connected to each other with 10G NIC card, now on one vm i am playing packets from the pcap file using libpcap in continuous stream, on other end of vm i am using tcpdump to capture the ...
- 25
-1
votes
1
answer
41
views
Packet Arrival time different in recieving endpoint
I have two VM ubuntu connected to each other with 10G HP NIC card, now I want to play packets from a .pcap file on one vm and receive packets on another vm, but there is one condition that it has to ...
- 25
0
votes
1
answer
810
views
Get IP version from packet data
The pcap callback function returns the IP header and data as follows:
void packet_handler(u_char* param, const struct pcap_pkthdr* header, const u_char* pkt_data);
My understanding is the first 4 ...
- 394
1
vote
0
answers
790
views
modify tcp packet payload with Windivert but than connection finished
i am working on an project and i need to edit a tcp packet data. I use Windivert for this, I can find my packet and edit also i dont vhange packet length just replace some walues with random values(i ...
- 11
0
votes
1
answer
215
views
nDPI :: Does Supplying Protocol List Delete "Default" Protocol List?
I have been learning the nDPI library through a lot of trial-and-error and from help on this forum. I recently wrote a new version of my C program (written on Ubuntu, compiler is GCC) and believe I’m ...
- 1,551
2
votes
1
answer
873
views
Packets getting dropped with Libpcap in C on 1 Gig Traffic
I'm writing a packets parser in C using libpcap library. Here is the simple code
int main(int argc, char *argv[])
{
pcap_t *pcap;
const unsigned char *packet;
char errbuf[PCAP_ERRBUF_SIZE]...
- 783
1
vote
4
answers
3k
views
How does wireshark interpret the order of bytes?
I'm working with the 802.11 radiotap header making my own parser and it states the packet format is this where the length is 2 bytes long:
In wireshark the hex of the header is this where the 2 bytes ...
- 1,009
3
votes
1
answer
2k
views
How does work capturing packets (NPF; WinPcap)?
I read about how WinPcap filters packets here and examined ndis/filter project from GitHub (Microsoft/Windows-driver-samples). I provide the main figures from WinPcap page bellow because they are ...
- 395
0
votes
1
answer
1k
views
Read SSL and TLS data in HTTPS traffic
Is it possible to parse and store SSL and TLS data without decryption? Not the http headers which are encrypted but the data that is available without decryption? I see that Wireshark is able to ...
- 813
0
votes
3
answers
333
views
How to use structure with dynamically changing size of data?
Question for C only, C++ and vectors do not solve problem.
I have such structure:
typedef __packed struct Packet_s
{
U8 head;
U16 len;
U32 id;
U8 data;
U8 end;
U16 crc;
} Packet_t, *...
- 3
0
votes
0
answers
2k
views
Parsing a pcap packet
I have written some C code to extract flow data from pcap packets.
I am new to network programming.
/* Add your own pcap file path in a fname string.
* To comile : gcc trace_reader.c -lpcap
*/
#...
2
votes
1
answer
103
views
appending int8_t array into larger int8_t array
I'm reading in pieces of a jpg captured from a udp stream and I have the following:
#define BUF_SIZ 1066
int main(int argc, char *argv[])
{
int ptr;
uint8_t buf[BUF_SIZ];
uint8_t jpg[...
- 3,605
1
vote
0
answers
894
views
How to capture a multicast packet programmatically
I have a multicast packet from a capture using tcpdump. I can replay the packet using tcpreplay -i eth0 on.pcap and I can receive it on another machine using tcpdump.
I have tried c code and python ...
- 3,605
1
vote
1
answer
99
views
Intermediate C : String search in a large file
I'm writing a 'C' code that stores the TCP payload of captured packets in a file (payload of each packet is separated by multiple "\n" characters). Using C, is it possible to search for a particular ...
- 201
-1
votes
1
answer
346
views
Libpcap ARP packet struct not mapping correctly
This code is run every time a packet is detected, but the ARP IP addresses are not matching up to what they should be, the source IP address is not even local. I've added a test printout to try find ...
- 1,009
0
votes
1
answer
254
views
How to stop subsequent packets after returning NF_DROP with netfilter?
To block some URLs, with netfilter's NF_INET_LOCAL_OUT chain, when I return NF_DROP for some packets, I am getting multiple packets for same request. I want to stop subsequent packets to avoid ...
- 1,009
1
vote
1
answer
661
views
Winpcap code - Capture loses packets in loop
I have a loop to capture packets with pcap_next_ex and in each iteraction I do a lot of functions calls according to process the packets. This stuff can be simulated by a Sleep() call in the loop. ...
2
votes
1
answer
543
views
DNS packet (response answer and DNS query)
I'm coding a program by C language in order to analyze DNS packet.
Specifically, I have to capture DNS packet and I need to know the domain name after capturing DNS packets. How can a access to the ...
- 31
0
votes
1
answer
4k
views
How to check if flag in TCP struct is set?
I'm using the pcap C library to read packets. Currently, I use the following to check and see whether a flag in the struct tcphdr (this struct is defined in the netinet/tcp.h library) is set:
struct ...
2
votes
1
answer
1k
views
Packet sniffer in C for all VM
I have 3 Ubuntu VM that represent client/server/attacker. I created an application that connect client and server in TCP and I have a packet sniffer in the attacker machine. However, the code only ...
- 23
-1
votes
1
answer
957
views
Libpcap radio tap packets
I'm trying to capture and process 802.11 traffic in monitor mode. I'm able to catch it with tcpdump but I'm not able to process it with libpcap. I would need to pass then all packets to deep packet ...
- 129
0
votes
1
answer
431
views
C: libpcap doesn't capture wlan0 packets
I'm new in C and got little confused. I've read some topics about this problem but none of them worked for me. I'm trying to capture wlan0 packets with libpcap but something goes wrong. pcap_next() ...
- 954
2
votes
0
answers
704
views
kernel module does not print packet info
I would like to use a c kernel module to capture all the network packets coming to an interface.. My topology is something like A--->B--->C, which means A sends a UDP packet to C's IP, but the packet ...
- 21
0
votes
1
answer
71
views
Determine the closed/closing flow in the network traffic
I've developed a network traffic classification program in C. I used the 5 tuple to determine a flow. The 5 tuple is:
source adress
destination adress
source port
destination port
protocol(tcp,udp,...
- 341
0
votes
1
answer
877
views
C / Python WinPCap Translation
Sorry, this will be a very simple question for most of you.
I'm trying to convert some of the code from here into Python (3.4) as I don't know C. That's primarily the basis of this issue. While I ...
- 92
2
votes
1
answer
2k
views
How do I turn on nanosecond precision when capturing live traffic?
How do I tell libpcap v1.6.2 to store nanosecond values in struct pcap_pkthdr::ts.tv_usec (instead of microsecond values) when capturing live packets?
(Note: This question is similar to How to ...
- 54k
0
votes
0
answers
100
views
Getting IP Packets from NIC in Linux
I am working on some kind of Router Project.
I need ethernet frames/ IP Packets to work correctly.
However, normal packet sniffing can't work, because it makes two copies of packets.
Is there a way ...
- 926
3
votes
2
answers
6k
views
When to use ntohs and ntohl in C?
I'm very confused in when to use ntohs and ntohl. I know when you use ntohs for uint16_t and ntohl uint32_t. But what about those with unsigned int or those where a specific amount of bits is ...
- 28.7k
5
votes
1
answer
10k
views
Parsing a TCP Packet data
I am trying to parse a tcp packet and then assign to a pointer to the start of the payload.
I am using C and this is my code so far:
void dump(const unsigned char *data, int length) { //*data ...
- 28.7k
6
votes
2
answers
16k
views
C Program to receive and send the same packets out over another interface
I have a linux system with two physical interfaces. I need to intercept (read) incoming packets over one interface, read (or process) the data and send it out over the other interface as it is - just ...
- 331
1
vote
0
answers
2k
views
Why can't I capture raw packet even though tcpdump can?
I'm trying to capture port-mirroring packets using raw socket (skipped error checking to show only main code):
int sock = socket(AF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
int size = recvfrom(sock, buf, ...
- 232
2
votes
2
answers
2k
views
Is it possible to write a packet, read by libpcap, with libnet? in c?
I'm trying to get libpcap to read a pcap file, get the user to select a packet and write that packet using libnet, in c.
I got the reading from file part done. Libpcap puts that packet into a const ...
- 23
0
votes
0
answers
253
views
Queue all TCP packets sending out from local device programmatically
I need to queue all tcp packets sent out from the local device programmatically so that the application I implemented using libnetfilter_queue and libpcap would start capturing packets within the ...
- 2,980
0
votes
1
answer
688
views
Drop captured packet
The project I am working has the requirement of dropping captured packets. I am successfully captuing packets with the use of libpcap like so,
pcap_loop(handle, num_packets, got_packet, NULL);
Where ...
- 2,980
0
votes
1
answer
539
views
How to use Wireshark to help to create a protocol fuzzing framework?
I want to make a protocol fuzzing framework for certain protocols in network devices, made by Cisco, Juniper or Huawei to detect their vulnerabilities. It is important to have a good packet handling ...
- 2,879
2
votes
1
answer
281
views
Using a linked list with counters for packet sniffing in C
I've been reading online and watching demo vids on how to use linked lists in C, and have a somewhat basic understanding of them now. Apologies in advance as my experience of C is both rusty and ...
- 23
2
votes
2
answers
1k
views
Listening on Virtual Interface
My objective is to create a to create a virtual wireless interface and to attach a listener on that interface. I am trying to do this using a C program.
So far I have been able to create the virtual ...
- 876
-3
votes
1
answer
478
views
How to capture packets from Hotspot Shield
How can I capture packet of applications, including Hotspot Shield and other free proxy applications?
- 13
7
votes
2
answers
3k
views
Is it possible to use packet_mmap on linux without root access?
Linux has a feature to allow efficient capture of network packets by mmapping a shared buffer between the kernel and user. I'm trying to use this interface in a way that does not require root access (...
- 1,990
0
votes
2
answers
2k
views
c - remove first 4 bytes of data
I'm reading a packet but I need to strip the first four bytes and the last byte from the packet to get what I need, how would you go about doing this in C?
/* Build an input buffer of the incoming ...
- 593
0
votes
1
answer
138
views
How can I obtain the MAC and IP addresses of a machine participating in ARP from the packet header data in C?
Thanks for reading,
I'm in the midst of a homework assignment in which I need to, among other things, determine the MAC and IP addresses of a remote machine based on the captured packets I have. ...
- 1,720
5
votes
2
answers
8k
views
What is happening when a TCP sequence number arrives that is not what is expected?
I am writing a program that uses libpcap to capture packets and reassemble a TCP stream. My program simply monitors the traffic and so I have no control over the reception and transmittal of packets. ...
- 643
4
votes
2
answers
2k
views
Establish direct peer-to-peer Wi-Fi communication between laptops
TL;DR available at the bottom
I've been trying to figure out a way to get two laptops (both running Ubuntu) to be able to pass basic messages back and forth without the need for them to be connected ...
- 143
2
votes
2
answers
3k
views
libpcap format - packet header - incl_len / orig_len
The libpcap packet header structure has 2 length fields:
typedef struct pcaprec_hdr_s {
guint32 ts_sec; /* timestamp seconds */
guint32 ts_usec; /* timestamp ...
- 2,593
0
votes
3
answers
1k
views
Error in packet parsing
i trying to parse a packet. till the ip header everything is fine(i'm able to retrieve all the values correctly). but for the udp header( checked if the protocol is 17) , the values are coming out to ...
- 41
1
vote
2
answers
3k
views
Berkeley Packet Filter struct bpf_insn
Can someone explain please how to set a filter using struct bpf_program member struct bpf_insn? All documentation and tutorials are welcome, for example what would be the struct bpf_insn if i want to ...
- 825
3
votes
1
answer
579
views
802.11 header mismatch - pcap
I'm capturing wirless frames the first structure i'm using is
struct mgmt_header_t {
u_int16_t fc;
u_int16_t duration;
u_int8_t da[6];
u_int8_t sa[6];
u_int8_t bssid[...
- 617
0
votes
2
answers
375
views
Web browser does not interpret the image passed via an unsigned char array
What I am trying to do basically is to capture the HTTP GET request of the browser via a socket and send that request to the Internet, then capture the reply and send it back to the browser. When the ...
