All Questions
Tagged with packet-capture libpcap
54 questions
1
vote
0
answers
68
views
pcap_open_live() returning address family not supported by protocol for all devices
I am trying to implement a packet sniffer using C ran on WSL with Ubuntu, and when calling pcap_open_live, for any device, returns: Couldn't open device: `pG��: socket: Address family not supported by ...
0
votes
1
answer
963
views
tcpdump is buffering incoming packets and storing into pcap file
I have two VM connected to each other with 10G NIC card, now on one vm i am playing packets from the pcap file using libpcap in continuous stream, on other end of vm i am using tcpdump to capture the ...
2
votes
0
answers
426
views
Why can't we make tcpdump to not stop/exit when an interface on which it is capturing is brought down?
If tcpdump is started with -i <specific_interace_name> exits if that is brought down.
However, if it is started with "-i any" option, it doesn't stop if wlanX/ethX interfaces are ...
0
votes
0
answers
67
views
How can I get the E2AP packet details and printed it using PcapPlusPlus?
I am trying to implement PcapPlusPlus and print E2AP packet details.
2
votes
2
answers
3k
views
Pylibpcap for python-3.x
There was a library pylibpcap for python2 that contained the functionality to create pcap objects like this:
import pcap
pc = pcap.pcapObject()
Now I'm looking for an analogue for python3, but from ...
0
votes
2
answers
1k
views
Can I use DPDK as a packet capture module for a network monitoring application?
My passive network monitoring application needs packets to be captured from network interface (at higher packet rates). The packet capture module should be able to call a monitoring function upon ...
2
votes
1
answer
873
views
Packets getting dropped with Libpcap in C on 1 Gig Traffic
I'm writing a packets parser in C using libpcap library. Here is the simple code
int main(int argc, char *argv[])
{
pcap_t *pcap;
const unsigned char *packet;
char errbuf[PCAP_ERRBUF_SIZE]...
1
vote
1
answer
4k
views
How to convert raw packet data into a PCAP file?
I'm running some software that sniffs local packets, then encapsulates the full, raw packet data in a TCP packet and sends it to the server.
What I'd like to do is have the server receive the packet ...
0
votes
0
answers
1k
views
Reading Pcap files with tcmpdump pcap through C++ reads the packet correctly, but not the timestamp
i was reading a pcap file using pcap_open_offline() and pcap_loop().
The packets are read correctly.
But in the pcap_loop function, header->ts.tv_sec gives me the current timestamp( I checked the ...
0
votes
1
answer
1k
views
What is difference between PF_RING technology and PACKET_RX_RING
I stumbled upon PF_RING while reading about PACKET_MMAP kernel documentation (https://www.kernel.org/doc/Documentation/networking/packet_mmap.txt)
Can someone explain the difference between the ...
1
vote
4
answers
3k
views
How does wireshark interpret the order of bytes?
I'm working with the 802.11 radiotap header making my own parser and it states the packet format is this where the length is 2 bytes long:
In wireshark the hex of the header is this where the 2 bytes ...
0
votes
1
answer
93
views
Network and Transport layer functionalities on Captured packets
I have a Client and Server programs communicating on TCP, implementing IEC-60870-5-104 protocol on the application layer. I am sniffing a copy of all traffic between them,
How do I exactly replicate ...
-1
votes
1
answer
346
views
Libpcap ARP packet struct not mapping correctly
This code is run every time a packet is detected, but the ARP IP addresses are not matching up to what they should be, the source IP address is not even local. I've added a test printout to try find ...
0
votes
1
answer
2k
views
How to manipulate packet and write to pcap file using pcap4j
I want to get through a pcap file and go to each packet. Then get IP Address and manipulate it. In the end, I'm going to write it into a new pcap file.
I use pcap4j version 1.6.4 and below is how I ...
1
vote
1
answer
73
views
Error in capturing "MMM" DateTime format with libpcap
I have programmed a packet simulator in C# that produces some UDP packets and sends them to a given IP address. The simulator produces and sends packets successfully to my UBUNTU virtual machine but ...
0
votes
1
answer
4k
views
How to check if flag in TCP struct is set?
I'm using the pcap C library to read packets. Currently, I use the following to check and see whether a flag in the struct tcphdr (this struct is defined in the netinet/tcp.h library) is set:
struct ...
1
vote
2
answers
838
views
How to use librte_pmd_pcap of dpdk in our own dpdk app for packet capturing?
I am new to DPDK, I'm trying to write my own app, which would capture packets at wire rate. Can I use the default kernel space libpcap long with dpdk ring and lcore. Or can I use the librte_pmd_pcap ...
0
votes
0
answers
56
views
Pcap producing strange packets after un- and replugging cable
After physically pulling the line and reconnecting it again, pcap (I am programming it in C) produces packets which are most likely not really there and misses out on all "normal" traffic which is ...
-1
votes
1
answer
957
views
Libpcap radio tap packets
I'm trying to capture and process 802.11 traffic in monitor mode. I'm able to catch it with tcpdump but I'm not able to process it with libpcap. I would need to pass then all packets to deep packet ...
0
votes
1
answer
431
views
C: libpcap doesn't capture wlan0 packets
I'm new in C and got little confused. I've read some topics about this problem but none of them worked for me. I'm trying to capture wlan0 packets with libpcap but something goes wrong. pcap_next() ...
0
votes
1
answer
1k
views
Libpcap filter strings using "vlan" are behaving weirdly
I am getting some weird errors when using libpcap pcap_compile
Please let me know if these are known issues or I am making some bpf formating/ordering mistakes
For example:
1)
if I pass (...
0
votes
1
answer
386
views
Libpcap not capturing any interface on android device
I am trying to make a packet sniffing Application and I had build it as a system Application for nexus 4.
r = pcap_findalldevs (&alldevs, errbuf);
printf("R==========%d",r);
...
0
votes
1
answer
71
views
Determine the closed/closing flow in the network traffic
I've developed a network traffic classification program in C. I used the 5 tuple to determine a flow. The 5 tuple is:
source adress
destination adress
source port
destination port
protocol(tcp,udp,...
4
votes
2
answers
3k
views
libpcap and wireless signal capture
I am trying to write a c++ app (linux) that would capture a wireless packet along with the associated Signal strength (in dBm). The capturing part is easy but the problem is I can't find any ...
2
votes
1
answer
2k
views
How do I turn on nanosecond precision when capturing live traffic?
How do I tell libpcap v1.6.2 to store nanosecond values in struct pcap_pkthdr::ts.tv_usec (instead of microsecond values) when capturing live packets?
(Note: This question is similar to How to ...
0
votes
1
answer
505
views
How can I merge 'split/partial' packets with libpcap?
I am capturing HTTP packets, and as I expected, it is breaking them up as some of the packers are just too large for one packet. How can I merge packets together? I've looked into the structure, and ...
2
votes
2
answers
2k
views
Is it possible to write a packet, read by libpcap, with libnet? in c?
I'm trying to get libpcap to read a pcap file, get the user to select a packet and write that packet using libnet, in c.
I got the reading from file part done. Libpcap puts that packet into a const ...
4
votes
1
answer
4k
views
Python Packet Sniffing / Packet Capture - pcapy not capturing packets
I have my wireless interface in monitor mode, and I'm able to successfully sniff network packets and analyze them with Wireshark. I've been trying to implement something similar with pcapy and ...
0
votes
1
answer
688
views
Drop captured packet
The project I am working has the requirement of dropping captured packets. I am successfully captuing packets with the use of libpcap like so,
pcap_loop(handle, num_packets, got_packet, NULL);
Where ...
3
votes
1
answer
637
views
network analyzer - handling captured pcap files
I'm about to write a program that analyzes network traffic.
after searching for answers and not finding any on the net, a few questions:
Capturing network traffic - I'm using the winpcap library for ...
1
vote
1
answer
979
views
How to determine packet direction using libpcap?
I am working on project using libpcap. Now, I need to know the direction of packet (inbound or outbound) once I got the packet in callback function. I am going to write the methods to compare IP and ...
4
votes
1
answer
2k
views
Time difference between two packets using Radiotap header MAC timestamp
I am trying to parse MAC timestamp fields of radiotap headers of 802.11 packets captured on monitor mode.
TSFT field of radiotap header is 64bit value in microseconds. Raw hex value is highlighted ...
0
votes
1
answer
482
views
Packet capture on wireless network (libpcap)
I have a small home network that I would like to analyze and capture the traffic on. What are my options for doing this? Ultimately, I would like to use a packet capture library, such as libpcap, to ...
-1
votes
2
answers
2k
views
How to program pcap with Objective-C and get HTTP request and response values in text format
I am working with pcap in an OS X application to understand packet analysis.
I am working with a app https://github.com/jpiccari/MacAlyzer
but I am getting only raw data but I want to differentiate ...
0
votes
1
answer
2k
views
Filter on GRE packets payload ip /dst
I´m using libjpcap to capture packets from the network and handle them in my application. Currently, we can use filters so that we capture only from a certain destination. For example, src host 10.159....
0
votes
1
answer
2k
views
Traceroute and packet capture
The following code is required to capture the route taken by a packet as it moves from the local router to destination router. It should print all the intermediate routers and its ip addresses. The ...
1
vote
1
answer
1k
views
how to dynamically modify the filter in tcpdump
I am modifying tcpdump to dynamically change the filter that it uses to get the output from.
currently the tcpdump uses the pcap_set_filter to actually prepare the filter for the incoming packets or ...
7
votes
4
answers
5k
views
Finding the direction of packets while sniffing
I want to have a list of source IP addresses of an interface outbound traffic. How could I find the direction of a packet whether it's inbound or outbound reading traffic using libpcap? I don't know ...
1
vote
1
answer
2k
views
tcpdump -dd output doesn't match pcap_compile_nopcap
When I create a packet filter (eg for only tcp traffic) with
tcpdump -dd tcp
the packet filter output is
{ 0x28, 0, 0, 0x0000000c },
{ 0x15, 0, 2, 0x000086dd },
{ 0x30, 0, 0, 0x00000014 },
{ 0x15, ...
1
vote
0
answers
732
views
pcap_dispatch hangs on
Hi I have a program in which i capture the packets with pcap in python.
filter=some_filter
promiscuous= True
read_timeout= 50 # msec
self.pcap= pcapy.open_live(self.ifname, self.conf.capture_snaplen,...
5
votes
2
answers
8k
views
What is happening when a TCP sequence number arrives that is not what is expected?
I am writing a program that uses libpcap to capture packets and reassemble a TCP stream. My program simply monitors the traffic and so I have no control over the reception and transmittal of packets. ...
7
votes
1
answer
3k
views
Does libpcap always make a copy of the packet?
I am writing monitoring program for a very high traffic network (HD videos are streamed through the network). Most packets are very large and I only want to watch the headers (IP and UDP/TCP only). Of ...
3
votes
2
answers
2k
views
zero copy mechanism and libpcap
Is it possible to use zero-copy packets mechanism for reading packets using libpcap on Linux?
(I'm using CentOS 6.2)
If yes, can I see any example of code?
2
votes
2
answers
3k
views
libpcap format - packet header - incl_len / orig_len
The libpcap packet header structure has 2 length fields:
typedef struct pcaprec_hdr_s {
guint32 ts_sec; /* timestamp seconds */
guint32 ts_usec; /* timestamp ...
0
votes
1
answer
1k
views
How to detect which websites the user is viewing or connecting to
I'm writing a Python application that, among other things, needs to know which websites the user is looking at in the web browser or otherwise connecting to on OS X and, if possible, Linux. This is to ...
0
votes
3
answers
1k
views
Error in packet parsing
i trying to parse a packet. till the ip header everything is fine(i'm able to retrieve all the values correctly). but for the udp header( checked if the protocol is 17) , the values are coming out to ...
11
votes
2
answers
26k
views
python / dpkt: Find out if packet is a tcp packet or a udp packet ,
I have a python scripts that captures the packets on the ethernet using dpkt, but how do i differentiate between which packets are tcp and which ones are for udp.
Eventually i would like to have a ...
1
vote
3
answers
3k
views
Processing wireless frames with pcap
I am working on a project that involves interacting with the data in 802.11 frames. I am using libpcap 1.0. I have written code from most of the tutorials on the website as well as online that I could ...
0
votes
2
answers
698
views
why libpcap cannot capture outbound 802.11 beacons?
I am writing my own program, which will be running on a 802.11 AP, to capture all the outgoing beacons on the AP. But I just noticed I cannot do it with the current libpcap: the program couldn't ...
2
votes
1
answer
3k
views
how to timeout periodically in libpcap packet receiving functions
I found this post in stackoverflow.com
listening using Pcap with timeout
I am facing a similar (but different) problem: what is the GENERIC (platform-independent) method to timeout periodically when ...