All Questions
Tagged with packet-capture tcp
44 questions
0
votes
0
answers
229
views
Use Arkime to read and process packets from kafka
We have huge amount of custom packets with different size and length in Kafka topics. about 1 GigB/s.
we want read this packets, process and then store useful part of data in elastic.
is it possible ...
- 1
2
votes
1
answer
1k
views
How to intercept IP packets going to the kernel Linux
I need to create a TCP session "manually", without using the connect() function. I have tried to use RAW sockets. But in this case, I only get copies of the incoming IP packets. The original ...
- 23
-1
votes
2
answers
478
views
Wireshark not capturing packets when applying "tcp and host 157.240.23.35" (157.240.23.35= ip address of facebook)
I am trying to Capture all TCP traffic to/from Facebook, during the time when i log in to my Facebook account using this "tcp and host 157.240.23.35" capture filter, but it is not capturing ...
- 75
0
votes
0
answers
762
views
Acknowledgment for [FIN,PSH,ACK] combined packet
How can I acknowledge a TCP packet with [FIN, PSH, ACK] flags set to 1? Do we need to acknowledge for both PSH and FIN separately or a single ACK can work in this case?
- 1
0
votes
1
answer
6k
views
Trouble importing pyshark module
My current project involves receiving data packets from an external IP device and displaying/using the data with python. I am currently trying to use pyshark to extract this data, but am running into ...
0
votes
1
answer
151
views
What is the difference between these 2 TCP packet captures? One doesn't work
Senario 1: TCP string containing "PV_MOTION_ON" is sent by a simple utility like PacketSender to an automation program for parsing TCP strings. It works perfectly.
Scenario 1 WireShark PCAP File
...
- 73
1
vote
1
answer
610
views
Who bears the responsibility for dealing with client ephemeral port reuse after power loss?
We have clients that, on startup, map an smb share on a FreeNAS server. We've noticed that after a power loss, they sometimes have an issue connecting to the smb share.
After a bit of debugging and ...
- 2,737
3
votes
0
answers
612
views
Get Header and Request Body from Microsoft Network Monitor 3.4
I need to read the requests and responses from a particular desktop app, I have been able to capture requests and responses from Microsoft Network Monitor. How can I get the Headers and Response Body ...
0
votes
2
answers
181
views
read raw packets over network with C#?
I've got a proprietary BMS language that is sending it's info over a specific UDP port on the network. The existing interface is not very well made or maintained, and functions poorly.
I have access ...
- 41
1
vote
0
answers
413
views
TCP response with RST, ACK
My unit is supposed to send CSR request to a CA server and get the new certificate. When checked packets captured via Wireshark, TCP packet is sent with SYN but received RST,ACK. When tried to ...
- 249
5
votes
0
answers
2k
views
Packet capture inside windows docker container
Is it possible to capture tcp packets inside a windows docker container? (using an image ultimately based on microsoft/windowsservercore)
netsh trace start fails with The inbox capture driver could ...
- 1,213
0
votes
1
answer
93
views
Network and Transport layer functionalities on Captured packets
I have a Client and Server programs communicating on TCP, implementing IEC-60870-5-104 protocol on the application layer. I am sniffing a copy of all traffic between them,
How do I exactly replicate ...
- 193
0
votes
1
answer
3k
views
Wireshark filter for packets which initiates FIN (connection close) sequence from the server-side
Apache (ec2) --- Client (ELB)
| |
|-------[1.]FIN------->|
| |
|<-----[2.]FIN+ACK-----|
| |
|---------ACK--------->|
| ...
- 1
0
votes
1
answer
7k
views
Howto intercept tcp packet and modify in the fly?
Howto intercept tcp packet and modify in the fly without proxy in Linux (Ubuntu)? by example, capture packet as wireshark but modify the packets.
Need capture, search and replace packets, but example:...
- 4,065
-1
votes
1
answer
70
views
What are different between these?(TCP packet)
enter image description here
These have a two different.
if you need more information Plz leave an answer.
Thanks.
- 18
3
votes
2
answers
2k
views
running `mtr` network diagnostic tool in the background like `nohup` processes
mtr is a great tool for debugging the network packet losses. Here i sample mtr output.
My traceroute [v0.85]
myserver.com (0.0.0.0) ...
- 21.4k
0
votes
1
answer
36
views
Unrelated packets in TCP communication capturing results
I am using Wireshark to capture TCP communication packets in my experiment (using Mininet Simulation). The experiment involves a client (10.0.0.2) who requests HTTP page from the server (10.0.0.1). ...
- 25
1
vote
0
answers
573
views
go tcp assembly missing packets for large dataset?
I am trying to use use the tcp assembly package to start reassembling TCP streams. I have looked at two examples
https://github.com/google/gopacket/tree/master/examples/httpassembly
and
https://...
- 21
6
votes
1
answer
13k
views
What's the meaning of "ecr" option in tcpdump?
19:25:47.629351 IP 2.2.2.2.80 > 1.1.1.1.31889: Flags [.], seq 2372487272:2372492544, ack 2808407165, win 122, options [nop,nop,TS val 911640439 ecr 235835291], length 5272
19:25:47.631626 IP 1.1.1....
- 3,311
1
vote
2
answers
2k
views
How can I extract HTML code with Scapy?
I recently began to use the scapy library for Python 2.x I found there to be minimal documentation on the sniff() function. I began to play around with it and found that I can veiw TCP packets at a ...
5
votes
1
answer
3k
views
Android VpnService forward packets
I want to use android's VpnService to capture packets filter them based off IP address. I can get the packets from the "tun" interface just fine but after that i'm not sure how to forward ...
- 658
5
votes
0
answers
965
views
Fix for 'bytes missing in capture file' using rawcap?
I am using rawcap tcp capture tool for capturing localhost packets on windows.
I have a huge stream flowing and there are multiple
'XXXX bytes missing in the capture file'
in the captured file.
...
- 707
0
votes
1
answer
4k
views
How to check if flag in TCP struct is set?
I'm using the pcap C library to read packets. Currently, I use the following to check and see whether a flag in the struct tcphdr (this struct is defined in the netinet/tcp.h library) is set:
struct ...
1
vote
0
answers
1k
views
How to make sure packets from the same flow land on the same queue on two NICs when bridging
I'm writing a network bridge that reassembles and analyzes TCP flows on the fly. I have a pair of multi-queue NICS and I use netmap to capture packets from each rx queues on different threads and than ...
- 4,103
0
votes
1
answer
71
views
Determine the closed/closing flow in the network traffic
I've developed a network traffic classification program in C. I used the 5 tuple to determine a flow. The 5 tuple is:
source adress
destination adress
source port
destination port
protocol(tcp,udp,...
- 341
5
votes
1
answer
10k
views
Parsing a TCP Packet data
I am trying to parse a tcp packet and then assign to a pointer to the start of the payload.
I am using C and this is my code so far:
void dump(const unsigned char *data, int length) { //*data ...
- 28.7k
0
votes
1
answer
505
views
How can I merge 'split/partial' packets with libpcap?
I am capturing HTTP packets, and as I expected, it is breaking them up as some of the packers are just too large for one packet. How can I merge packets together? I've looked into the structure, and ...
- 10.7k
0
votes
1
answer
2k
views
Modifying TCP packets on the fly
I'm currently writing a Java application where I'm running a primary sever along with a backup one (using VMs). In order to get the backup server to take over as the primary (if the primary crashes) ...
1
vote
1
answer
1k
views
BerkeleyPacketFilter, filter by TCP and port
Filter by TCP and port, using the BerkeleyPacketFilter
Having problem converting the code on tutorial from Pcap.net. Need to be able to filter packets by TCP and insert port value. I am not able to ...
- 13
4
votes
1
answer
6k
views
Android VpnService, packets forwarding
I'm creating application based on ToyVPN to capture tcp/udp packets.
After i get outgoing packets in my apllication i would like to forward them to original destination. I have managed to get ...
- 128
0
votes
1
answer
1k
views
Wireshark- Follow TCP Stream
How to invoke the GUI option of follow tcp stream using command line on Windows?
I've read that there is something like tcpflow but on using it, Wireshark says command not found.
The OS I am using is ...
- 5,121
2
votes
1
answer
3k
views
how to intercept and modify tcp packets sent and received by a certain process?
Assuming there is a process under my control (I can run it and send it commands) that sends and receives tcp packets (maybe some other types of protocol)
How can I intercept its outgoing packets and ...
- 405
17
votes
4
answers
61k
views
Get TCP Flags with Scapy
I'm parsing a PCAP file and I need to extract TCP flags (SYN, ACK, PSH, URG, ...).
I'm using the packet['TCP'].flags value to obtain all the flags at once.
pkts = PcapReader(infile)
for p in pkts:
...
- 1,656
1
vote
1
answer
1k
views
tcpdump slowed down by... its own filter?
Do long BPF filters slow down tcpdump?
I replay a packet trace where all the packets have ttl=k and wait for ICMP messages back. What I've been noticing is that if I use the following filter (on eth0)...
- 22.8k
4
votes
3
answers
3k
views
Reading outgoing packets from selected process
Is it possible to read outgoing packets from selected process in C#? If yes, what api should I use?
Thanks in advance.
5
votes
2
answers
8k
views
What is happening when a TCP sequence number arrives that is not what is expected?
I am writing a program that uses libpcap to capture packets and reassemble a TCP stream. My program simply monitors the traffic and so I have no control over the reception and transmittal of packets. ...
- 643
3
votes
1
answer
7k
views
How to capture network traffic by process name in mac?
I am trying to automate the process of capturing network packets send by a particular application.I don't have problem in windows as I am using Microsoft Network Monitoring tool and that gives all the ...
- 33
0
votes
1
answer
78
views
Inspect Traffic Destined for Another Local Application
I am writing a tool to automate a much older tool that our company uses. It uses its own console-like system where the entire thing is controlled via text. I have already written parts of a program ...
- 4,469
1
vote
3
answers
7k
views
Convert HEX to ASCII, data from GPS tracker
I have just bought a GPS Tracker, it can send SMS to cellphone just fine. It also supports reporting to a server via GPRS.
I have setup the device to contact my own server on port 8123, it's a ...
- 3,632
0
votes
1
answer
399
views
tcpdump always filters my packets
I've been using tcpdump for about a month now, and recently, it has stopped capturing any packets that were not sent to or from the computer running tcpdump. I've stripped down my command to just:
...
- 166
2
votes
1
answer
842
views
Bits in XMAS Scan
I've seen conflicting data for exactly which flags are set in an xmas packet. nmap and other packet tools use PUF flags. However, I also see documentation that states all flags are set; and that the ...
- 4,143
4
votes
3
answers
5k
views
Is there a way to save a reassembled TCP in Wireshark
I am trying so sniff a multi-part POST request using Wireshark. When viewing the capture I can select "Reassembled TCP" which looks to contain the header and all the data in the transmission. However ...
- 10.8k
1
vote
1
answer
1k
views
How is.NET's NetworkStream delimiting multiple messages in the same packet?
So I've been tasked with creating a tool for our QA department that can read packets off the wire and reassemble the messages correctly (they don't trust our logs... long story).
The application ...
- 333
3
votes
1
answer
6k
views
how to print flags in TCP header of raw packets using libpcap
sniffex.c is a program that is based on libpcap , to sniff and display some packet information. How do i modify it so as to print the values of TCP flags - urg , ack , psh , rst , syn and fin ? ...
- 10.5k