All Questions
Tagged with packet-capture packet-sniffers
156 questions
1
vote
0
answers
142
views
tcpdump is not available when extracting packet features in windows
I have been trying to extract statistical features from a packet(pcap) using pyflowmeter but I keep on getting traceback error that :'scapy.error.Scapy_Exception: tcpdump is not available', I know ...
- 11
0
votes
0
answers
75
views
How to use cicflowmeter python package
Can anyone please guide me how can I use cicflowmeter python package to convert from pcap packets into csv not from shell promt, but from python code. Like I want to comvert packets through notebook(...
- 11
1
vote
0
answers
68
views
pcap_open_live() returning address family not supported by protocol for all devices
I am trying to implement a packet sniffer using C ran on WSL with Ubuntu, and when calling pcap_open_live, for any device, returns: Couldn't open device: `pG��: socket: Address family not supported by ...
- 21
0
votes
0
answers
25
views
Capture packet on hook point after socket.listen()
I'm writing a simple kernel-space firewall and I capture a packet in pre_routing hook point.
I have a python function that is always running and listens on port 800. When receiving a packet it will ...
- 121
1
vote
1
answer
110
views
Packet Sniffing on Mirrored Port - Missing Packets when UDP Message > 50kb (Python, Scapy)
I have very little network programming experience, and am running into an issue with packet sniffing on a mirrored port, where the sniffer seems to be missing packets:
I have two computers (A and B) ...
1
vote
0
answers
54
views
Packet Arrival time Drifting Linearly at the Receiving Endpoint
I have two Linux machines connected to each other by 10G NIC Card, on one machine I have a pcap file where i am sending the packets using libpcap in C Code based on the packet interval compared to ...
- 25
0
votes
1
answer
319
views
Scapy Error sending packet (promiscuous mode)
I want to play a bit with scapy to get familiar with crafting and working with packets.
So for so good. But when I want to send a packet an OS error appears: Saying that it can not set hardware filter ...
user13021032
-1
votes
1
answer
41
views
Packet Arrival time different in recieving endpoint
I have two VM ubuntu connected to each other with 10G HP NIC card, now I want to play packets from a .pcap file on one vm and receive packets on another vm, but there is one condition that it has to ...
- 25
1
vote
1
answer
503
views
Filtering for Quic Client Hello packets with tcpdump
I am able to filter for Client Hello messages for TLS on TCP with the following:
(tcp[((tcp[12] & 0xf0) >> 2)] = 0x16) && (tcp[((tcp[12] & 0xf0) >> 2) + 5] = 0x01)
https://...
- 83
0
votes
1
answer
210
views
How to run scapy python scripts in linux?
I am new to scapy and need help with this part. So I have already installed the package and I am trying to execute the code below but nothing gets printed to my terminal. I want help understanding ...
- 13
1
vote
0
answers
132
views
Packet capturing for a simple IDS in flutter
I am thinking of developing cross platform Intrusion Detection System. I am researching its development feasibility using flutter for the front end. Is that a good idea? One thing that's bugging me is ...
- 21
2
votes
0
answers
426
views
Why can't we make tcpdump to not stop/exit when an interface on which it is capturing is brought down?
If tcpdump is started with -i <specific_interace_name> exits if that is brought down.
However, if it is started with "-i any" option, it doesn't stop if wlanX/ethX interfaces are ...
- 147
0
votes
1
answer
864
views
How to setup CICFlowmeter in Ubuntu?
I am trying to use CICFlowmeter (https://pypi.org/project/cicflowmeter/) which is a tool that extracts feature from pcap file and converts them into a csv file. I have tried on windows 10,11 but for ...
0
votes
1
answer
100
views
can i edit the packet length the of a already existing .pcap file
I want to add Laplacian noise of scale 1, to the packet lengths using Scapy or any tool.I am doing a my M.tech project in contextual privacy
I wanted to add noise but my pcap file is not editable(...
0
votes
0
answers
67
views
How can I get the E2AP packet details and printed it using PcapPlusPlus?
I am trying to implement PcapPlusPlus and print E2AP packet details.
0
votes
2
answers
930
views
How to get packet's specific value(src ip, dst ip, even port)?
Is there any way to show the packet's dst ip address, src ip address and both port only?
var device = CaptureDeviceList.Instance.FirstOrDefault(dev => dev.Description.Contains("Ethernet"))...
- 11
0
votes
0
answers
156
views
List of IP addresses found on the network
I've been working on a project for a while now where I need to create a list of IP addresses and then see if they respond to a specific command string.
the process goes something like this:
choose a ...
- 480
-2
votes
1
answer
275
views
tcpdump difference between ip host hostname | ip and host hostname
In tcpdump, which is the difference between the following two commands? I tried to understand but they seems pretty much the same to me.
tcpdump ip host google.com
and
tcpdump ip and host google.com
- 1,065
1
vote
1
answer
647
views
How to determine how fast scapy can sniff packets
So I'm quite deep into this monitoring implementation, and I'm curious as to how to calculate the theoretical maximum it can handle.
I know python is not the most efficient language, and I'm honestly ...
0
votes
1
answer
5k
views
How do I extract the TCP data packet from Wireshark? [closed]
This is a CTF challenge (a set of online information security challenges) and I have become stuck.
I noticed in the conversation one person asks for the other person to send the salted password file.
...
- 171
0
votes
1
answer
2k
views
How to Receive and capture packets from internet/remote host using DPDK?
I want to capture Raw Packets from any host and capture them in a file like "recieved.pcap" bypassing the kernel.
I am using a virtual ec2 instace for this.
To bypass kernel I have set up ...
1
vote
1
answer
3k
views
Starting remote virtual interface (rvictl) on MacBook for packet trace of iPhone is failing without error
I am hoping for tips troubleshooting why rvictl is not working on my MacBook Pro. Running rvictl -s <udid> yields Starting device 000****0-0****5****D****E [FAILED] without telling me why it is ...
-1
votes
2
answers
478
views
Wireshark not capturing packets when applying "tcp and host 157.240.23.35" (157.240.23.35= ip address of facebook)
I am trying to Capture all TCP traffic to/from Facebook, during the time when i log in to my Facebook account using this "tcp and host 157.240.23.35" capture filter, but it is not capturing ...
- 75
-1
votes
1
answer
540
views
Reading the packet information (based on the picture)
Here is an image of a packet captured (I do not have full image, only this snippet). From it, I know that 0x4500 means it indicated the IP version is IPv4. But how do i indicate what is the source and ...
- 21
12
votes
2
answers
40k
views
How to replay Wireshark captured packets?
I have captured some packets in Wireshark and need to replay those again in any way.
- 143
0
votes
0
answers
648
views
How to intercept captive portal URL via powershell?
When connecting to a walled-garden network (e.g. free airport wifi), the network usually automatically opens the URL to its captive portal in the browser. How would one intercept this URL with ...
- 265
0
votes
1
answer
810
views
Get IP version from packet data
The pcap callback function returns the IP header and data as follows:
void packet_handler(u_char* param, const struct pcap_pkthdr* header, const u_char* pkt_data);
My understanding is the first 4 ...
- 394
0
votes
1
answer
2k
views
Converting a pcap file to csv: Tshark displays multiple src,dst IP addresses in a single line for some packets
I want to convert a pcap file to csv/tsv with "Tshark" where each line corresponds to a packet and have the following format:
timestamp src_ip dst_ip protocol
I use this command:
tshark -r &...
- 48
1
vote
1
answer
64
views
IndexError list index out python3
hello i am making a script but keep having an error pop up:
File "creditcardsniff.py", line 70, in findCreditCard
print(f"{GREEN}{BRIGHT}[+] Found American Express Card: " + str(americaRE[0]) +""+...
- 11
1
vote
1
answer
4k
views
How to convert raw packet data into a PCAP file?
I'm running some software that sniffs local packets, then encapsulates the full, raw packet data in a TCP packet and sends it to the server.
What I'd like to do is have the server receive the packet ...
- 64
1
vote
0
answers
203
views
How to block Android wifi packet sniffing
I want to block sniffing to my app and I assume if there is many proxy then a sniffer working in background. But proxylist always 1 proxy.
ProxySelector defaultProxySelector = ProxySelector....
- 4,327
1
vote
1
answer
12k
views
View Contents of docx, pdf and text files obtained in Wireshark through PCAP file
So, I have got a pcap file which I opened with Wireshark tool. Now, there are 4 files I can find through the HTTP filter:
1. A docx file
2. A pdf file
3. A txt file
4. PNG file
I extracted the PNG ...
- 33
0
votes
1
answer
369
views
Avoid showing https requests from packet sniffing
I have an android app with few apis that has SSL. When i try to do packet sniffing using Fiddler2 or charles proxy after installing a trusted certificate on my device, I've been able to see all HTTPS ...
- 61
2
votes
3
answers
5k
views
I want to stop packet capture while sniffing continuously once a condition is met
Problem
I have written a script that sniffs packet from a host, however, I am sniffing the packets in continuous mode and would like to stop sniffing on a timeout. I have written the following code ...
- 118
0
votes
0
answers
402
views
Why scapy module is inconsistent, loosing constant amount of packets during sniffing?
I created program, glueing two others:
Multicast receiver from:
How do you UDP multicast in Python?
scapy packet sniffer:
https://thepacketgeek.com/scapy-sniffing-with-custom-actions-part-1/
I'm ...
- 55
0
votes
2
answers
196
views
getting VS C2664 on sniffer.h libtins
I'm working on a packet-capturing program.
I started from one of libtins examples on http http://libtins.github.io/examples/http-requests/.
but VS prompts a
C2664
Error C2664 'bool main::::...
- 647
1
vote
1
answer
861
views
Sniffing TCP packets of an android device on local network
I am writing a packet sniffer using C# and PcapDotNet, I've successfully implemented the feature and I was able to capture all the TCP packets from my laptop, the problem is if I target my android ...
- 3,117
0
votes
1
answer
1k
views
While converting Hexadecimal to ASCII characters I am getting Boxes and unrecognized Symbols
When I am Converting Hexadecimal Numbers to their ASCII Characters some are coming in boxes with numbers and question marks sort of. I want them to be converted in ASCII Characters.
I have tried ...
- 19
0
votes
3
answers
7k
views
WiFi packet sniffing
I am trying to find out specifics of the communication between a DJI Osmo Action camera and the Android vendor app (https://play.google.com/store/apps/details?id=dji.mimo). The camera communicates ...
- 4,452
0
votes
1
answer
876
views
Packet Sniffer using Scapy
I have write code for sniffing packet using scapy in python. And i got some problems that make me confused, showed by this picture below.
enter image description here -> Important
so this is the ...
user10154223
13
votes
1
answer
28k
views
Packet capture app once started doesn't have internet connectivity for other apps anymore
I have installed packet capture on my android phone - Samsung Galaxy S7 edge running Android version 8.0. It is not rooted
I followed all the steps and installed the SSL cert as well.
Here is the ...
- 2,417
0
votes
1
answer
344
views
Packet.dll get mac address (JNR-FFI)
How does one map the function below to java with jnr-ffi?
BOOLEAN PacketRequest(LPADAPTER AdapterObject,BOOLEAN Set,PPACKET_OID_DATA OidData);
Example (C): https://github.com/patmarion/winpcap/...
0
votes
1
answer
843
views
How can I change live packet length and then forward them in scapy?
I want to use scapy to manipulate network live packet (change the packet length of a special program) then forward them to dst. How can I do this and Is there better tool than scapy or not?
- 3
0
votes
1
answer
596
views
tcpdump: server client communication
I'm capturing the communication between a server and a client with tcpdump -X. I noticed a pattern and I'm not sure I fully understand it. In the following I have replaced all the header data (IP and ...
- 1,127
-1
votes
1
answer
701
views
Wireshark packet capture
If I use my phone's USB tethering feature to use internet on my PC, and play an Online Game on my phone, is there any way to capture those packets by Wireshark (or any other software you wanna ...
1
vote
1
answer
435
views
How to filter tcpdump result by keeping socket recv() data only?
As is known, the result of a tcp packet capture consists of packets that may be retransmission, out of order and so on, which will be filtered and rearranged by the network stack, and the application ...
- 449
1
vote
1
answer
99
views
Intermediate C : String search in a large file
I'm writing a 'C' code that stores the TCP payload of captured packets in a file (payload of each packet is separated by multiple "\n" characters). Using C, is it possible to search for a particular ...
- 201
1
vote
0
answers
810
views
Packet sniffing on another system
I'm developing a packet sniffer program that captures the packets going through a system using protocols(TCP,UDP,HTTP). The packet sniffer program will run on a system and captures the packets on ...
- 354
0
votes
1
answer
553
views
How do determine the type of data exchanged between client and server from tcpdump output
I have been working on a server Projekt and sniffing package exchange between Client and the server with tcpdump. I am having a little problem figuring out/ interpreting the output of the tcpdump. I ...
- 1,893
1
vote
3
answers
975
views
how to increase security while using ssl in android volley
I am searching for 2 days for my problem and i had no luck in finding it.
my problem :
I have comodo ssl/tls certificate installed on my server, and I am using android volley library for connecting ...
- 13