Skip to main content

All Questions

Tagged with
Filter by
Sorted by
Tagged with
1 vote
0 answers
68 views

pcap_open_live() returning address family not supported by protocol for all devices

I am trying to implement a packet sniffer using C ran on WSL with Ubuntu, and when calling pcap_open_live, for any device, returns: Couldn't open device: `pG��: socket: Address family not supported by ...
Yash Salunke's user avatar
0 votes
1 answer
963 views

tcpdump is buffering incoming packets and storing into pcap file

I have two VM connected to each other with 10G NIC card, now on one vm i am playing packets from the pcap file using libpcap in continuous stream, on other end of vm i am using tcpdump to capture the ...
Anoop C's user avatar
  • 25
2 votes
0 answers
426 views

Why can't we make tcpdump to not stop/exit when an interface on which it is capturing is brought down?

If tcpdump is started with -i <specific_interace_name> exits if that is brought down. However, if it is started with "-i any" option, it doesn't stop if wlanX/ethX interfaces are ...
Vaibhav S's user avatar
  • 147
0 votes
0 answers
67 views

How can I get the E2AP packet details and printed it using PcapPlusPlus?

I am trying to implement PcapPlusPlus and print E2AP packet details.
VIkrant Singh's user avatar
2 votes
2 answers
3k views

Pylibpcap for python-3.x

There was a library pylibpcap for python2 that contained the functionality to create pcap objects like this: import pcap pc = pcap.pcapObject() Now I'm looking for an analogue for python3, but from ...
Helen's user avatar
  • 533
0 votes
2 answers
1k views

Can I use DPDK as a packet capture module for a network monitoring application?

My passive network monitoring application needs packets to be captured from network interface (at higher packet rates). The packet capture module should be able to call a monitoring function upon ...
reddi hari's user avatar
2 votes
1 answer
873 views

Packets getting dropped with Libpcap in C on 1 Gig Traffic

I'm writing a packets parser in C using libpcap library. Here is the simple code int main(int argc, char *argv[]) { pcap_t *pcap; const unsigned char *packet; char errbuf[PCAP_ERRBUF_SIZE]...
Alamgir Qazi's user avatar
1 vote
1 answer
4k views

How to convert raw packet data into a PCAP file?

I'm running some software that sniffs local packets, then encapsulates the full, raw packet data in a TCP packet and sends it to the server. What I'd like to do is have the server receive the packet ...
August H's user avatar
0 votes
0 answers
1k views

Reading Pcap files with tcmpdump pcap through C++ reads the packet correctly, but not the timestamp

i was reading a pcap file using pcap_open_offline() and pcap_loop(). The packets are read correctly. But in the pcap_loop function, header->ts.tv_sec gives me the current timestamp( I checked the ...
habi's user avatar
  • 163
0 votes
1 answer
1k views

What is difference between PF_RING technology and PACKET_RX_RING

I stumbled upon PF_RING while reading about PACKET_MMAP kernel documentation (https://www.kernel.org/doc/Documentation/networking/packet_mmap.txt) Can someone explain the difference between the ...
msgboardpana's user avatar
1 vote
4 answers
3k views

How does wireshark interpret the order of bytes?

I'm working with the 802.11 radiotap header making my own parser and it states the packet format is this where the length is 2 bytes long: In wireshark the hex of the header is this where the 2 bytes ...
Crizly's user avatar
  • 1,009
0 votes
1 answer
93 views

Network and Transport layer functionalities on Captured packets

I have a Client and Server programs communicating on TCP, implementing IEC-60870-5-104 protocol on the application layer. I am sniffing a copy of all traffic between them, How do I exactly replicate ...
reddi hari's user avatar
-1 votes
1 answer
346 views

Libpcap ARP packet struct not mapping correctly

This code is run every time a packet is detected, but the ARP IP addresses are not matching up to what they should be, the source IP address is not even local. I've added a test printout to try find ...
Crizly's user avatar
  • 1,009
0 votes
1 answer
2k views

How to manipulate packet and write to pcap file using pcap4j

I want to get through a pcap file and go to each packet. Then get IP Address and manipulate it. In the end, I'm going to write it into a new pcap file. I use pcap4j version 1.6.4 and below is how I ...
Mojtaba Yousefi's user avatar
1 vote
1 answer
73 views

Error in capturing "MMM" DateTime format with libpcap

I have programmed a packet simulator in C# that produces some UDP packets and sends them to a given IP address. The simulator produces and sends packets successfully to my UBUNTU virtual machine but ...
Rezaeimh7's user avatar
  • 1,545
0 votes
1 answer
4k views

How to check if flag in TCP struct is set?

I'm using the pcap C library to read packets. Currently, I use the following to check and see whether a flag in the struct tcphdr (this struct is defined in the netinet/tcp.h library) is set: struct ...
The Legendary Programmer's user avatar
1 vote
2 answers
838 views

How to use librte_pmd_pcap of dpdk in our own dpdk app for packet capturing?

I am new to DPDK, I'm trying to write my own app, which would capture packets at wire rate. Can I use the default kernel space libpcap long with dpdk ring and lcore. Or can I use the librte_pmd_pcap ...
Isai selvan's user avatar
0 votes
0 answers
56 views

Pcap producing strange packets after un- and replugging cable

After physically pulling the line and reconnecting it again, pcap (I am programming it in C) produces packets which are most likely not really there and misses out on all "normal" traffic which is ...
Vroomfondel's user avatar
  • 2,888
-1 votes
1 answer
957 views

Libpcap radio tap packets

I'm trying to capture and process 802.11 traffic in monitor mode. I'm able to catch it with tcpdump but I'm not able to process it with libpcap. I would need to pass then all packets to deep packet ...
Maciej Bielski's user avatar
0 votes
1 answer
431 views

C: libpcap doesn't capture wlan0 packets

I'm new in C and got little confused. I've read some topics about this problem but none of them worked for me. I'm trying to capture wlan0 packets with libpcap but something goes wrong. pcap_next() ...
Ojs's user avatar
  • 954
0 votes
1 answer
1k views

Libpcap filter strings using "vlan" are behaving weirdly

I am getting some weird errors when using libpcap pcap_compile Please let me know if these are known issues or I am making some bpf formating/ordering mistakes For example: 1) if I pass (...
user avatar
0 votes
1 answer
386 views

Libpcap not capturing any interface on android device

I am trying to make a packet sniffing Application and I had build it as a system Application for nexus 4. r = pcap_findalldevs (&alldevs, errbuf); printf("R==========%d",r); ...
nauman siddiqui's user avatar
0 votes
1 answer
71 views

Determine the closed/closing flow in the network traffic

I've developed a network traffic classification program in C. I used the 5 tuple to determine a flow. The 5 tuple is: source adress destination adress source port destination port protocol(tcp,udp,...
Anamort's user avatar
  • 341
4 votes
2 answers
3k views

libpcap and wireless signal capture

I am trying to write a c++ app (linux) that would capture a wireless packet along with the associated Signal strength (in dBm). The capturing part is easy but the problem is I can't find any ...
Sean D's user avatar
  • 376
2 votes
1 answer
2k views

How do I turn on nanosecond precision when capturing live traffic?

How do I tell libpcap v1.6.2 to store nanosecond values in struct pcap_pkthdr::ts.tv_usec (instead of microsecond values) when capturing live packets? (Note: This question is similar to How to ...
Richard Hansen's user avatar
0 votes
1 answer
505 views

How can I merge 'split/partial' packets with libpcap?

I am capturing HTTP packets, and as I expected, it is breaking them up as some of the packers are just too large for one packet. How can I merge packets together? I've looked into the structure, and ...
Kladskull's user avatar
  • 10.7k
2 votes
2 answers
2k views

Is it possible to write a packet, read by libpcap, with libnet? in c?

I'm trying to get libpcap to read a pcap file, get the user to select a packet and write that packet using libnet, in c. I got the reading from file part done. Libpcap puts that packet into a const ...
Gibberfish's user avatar
4 votes
1 answer
4k views

Python Packet Sniffing / Packet Capture - pcapy not capturing packets

I have my wireless interface in monitor mode, and I'm able to successfully sniff network packets and analyze them with Wireshark. I've been trying to implement something similar with pcapy and ...
Jordan Messina's user avatar
0 votes
1 answer
688 views

Drop captured packet

The project I am working has the requirement of dropping captured packets. I am successfully captuing packets with the use of libpcap like so, pcap_loop(handle, num_packets, got_packet, NULL); Where ...
Hasitha Shan's user avatar
  • 2,980
3 votes
1 answer
637 views

network analyzer - handling captured pcap files

I'm about to write a program that analyzes network traffic. after searching for answers and not finding any on the net, a few questions: Capturing network traffic - I'm using the winpcap library for ...
Andrei's user avatar
  • 31
1 vote
1 answer
979 views

How to determine packet direction using libpcap?

I am working on project using libpcap. Now, I need to know the direction of packet (inbound or outbound) once I got the packet in callback function. I am going to write the methods to compare IP and ...
Anh Ma's user avatar
  • 11
4 votes
1 answer
2k views

Time difference between two packets using Radiotap header MAC timestamp

I am trying to parse MAC timestamp fields of radiotap headers of 802.11 packets captured on monitor mode. TSFT field of radiotap header is 64bit value in microseconds. Raw hex value is highlighted ...
dorsalfin's user avatar
0 votes
1 answer
482 views

Packet capture on wireless network (libpcap)

I have a small home network that I would like to analyze and capture the traffic on. What are my options for doing this? Ultimately, I would like to use a packet capture library, such as libpcap, to ...
amoeba's user avatar
  • 105
-1 votes
2 answers
2k views

How to program pcap with Objective-C and get HTTP request and response values in text format

I am working with pcap in an OS X application to understand packet analysis. I am working with a app https://github.com/jpiccari/MacAlyzer but I am getting only raw data but I want to differentiate ...
Retro's user avatar
  • 4,005
0 votes
1 answer
2k views

Filter on GRE packets payload ip /dst

I´m using libjpcap to capture packets from the network and handle them in my application. Currently, we can use filters so that we capture only from a certain destination. For example, src host 10.159....
Tom's user avatar
  • 45.1k
0 votes
1 answer
2k views

Traceroute and packet capture

The following code is required to capture the route taken by a packet as it moves from the local router to destination router. It should print all the intermediate routers and its ip addresses. The ...
Chaitra Rp's user avatar
1 vote
1 answer
1k views

how to dynamically modify the filter in tcpdump

I am modifying tcpdump to dynamically change the filter that it uses to get the output from. currently the tcpdump uses the pcap_set_filter to actually prepare the filter for the incoming packets or ...
John's user avatar
  • 449
7 votes
4 answers
5k views

Finding the direction of packets while sniffing

I want to have a list of source IP addresses of an interface outbound traffic. How could I find the direction of a packet whether it's inbound or outbound reading traffic using libpcap? I don't know ...
Yasser's user avatar
  • 406
1 vote
1 answer
2k views

tcpdump -dd output doesn't match pcap_compile_nopcap

When I create a packet filter (eg for only tcp traffic) with tcpdump -dd tcp the packet filter output is { 0x28, 0, 0, 0x0000000c }, { 0x15, 0, 2, 0x000086dd }, { 0x30, 0, 0, 0x00000014 }, { 0x15, ...
A G's user avatar
  • 1,117
1 vote
0 answers
732 views

pcap_dispatch hangs on

Hi I have a program in which i capture the packets with pcap in python. filter=some_filter promiscuous= True read_timeout= 50 # msec self.pcap= pcapy.open_live(self.ifname, self.conf.capture_snaplen,...
barp's user avatar
  • 6,889
5 votes
2 answers
8k views

What is happening when a TCP sequence number arrives that is not what is expected?

I am writing a program that uses libpcap to capture packets and reassemble a TCP stream. My program simply monitors the traffic and so I have no control over the reception and transmittal of packets. ...
zero_dev's user avatar
  • 643
7 votes
1 answer
3k views

Does libpcap always make a copy of the packet?

I am writing monitoring program for a very high traffic network (HD videos are streamed through the network). Most packets are very large and I only want to watch the headers (IP and UDP/TCP only). Of ...
Ameer Jewdaki's user avatar
3 votes
2 answers
2k views

zero copy mechanism and libpcap

Is it possible to use zero-copy packets mechanism for reading packets using libpcap on Linux? (I'm using CentOS 6.2) If yes, can I see any example of code?
Dima's user avatar
  • 1,301
2 votes
2 answers
3k views

libpcap format - packet header - incl_len / orig_len

The libpcap packet header structure has 2 length fields: typedef struct pcaprec_hdr_s { guint32 ts_sec; /* timestamp seconds */ guint32 ts_usec; /* timestamp ...
broun's user avatar
  • 2,593
0 votes
1 answer
1k views

How to detect which websites the user is viewing or connecting to

I'm writing a Python application that, among other things, needs to know which websites the user is looking at in the web browser or otherwise connecting to on OS X and, if possible, Linux. This is to ...
terrace's user avatar
  • 784
0 votes
3 answers
1k views

Error in packet parsing

i trying to parse a packet. till the ip header everything is fine(i'm able to retrieve all the values correctly). but for the udp header( checked if the protocol is 17) , the values are coming out to ...
user1192671's user avatar
11 votes
2 answers
26k views

python / dpkt: Find out if packet is a tcp packet or a udp packet ,

I have a python scripts that captures the packets on the ethernet using dpkt, but how do i differentiate between which packets are tcp and which ones are for udp. Eventually i would like to have a ...
ConfusedAboutCPP's user avatar
1 vote
3 answers
3k views

Processing wireless frames with pcap

I am working on a project that involves interacting with the data in 802.11 frames. I am using libpcap 1.0. I have written code from most of the tutorials on the website as well as online that I could ...
dudebrobro's user avatar
  • 1,317
0 votes
2 answers
698 views

why libpcap cannot capture outbound 802.11 beacons?

I am writing my own program, which will be running on a 802.11 AP, to capture all the outgoing beacons on the AP. But I just noticed I cannot do it with the current libpcap: the program couldn't ...
ivan's user avatar
  • 33
2 votes
1 answer
3k views

how to timeout periodically in libpcap packet receiving functions

I found this post in stackoverflow.com listening using Pcap with timeout I am facing a similar (but different) problem: what is the GENERIC (platform-independent) method to timeout periodically when ...
dumbcoder's user avatar