I use the pcapy/impacket library to decode network packets in Python. It has an IP decoder which knows about the syntax of IPv4 packets but apparently no IPv6 decoder. Does anyone get one? In a private correspondance, the Impacket maintainers say it may be better to start with Scapy ...
Disclaimer: This is for a homework assignment, but the question is not regarding the assignment, just about general syntax weirdness. I'm trying to use libpcap in the context of a much larger program, but when I try to get the packet header and data for each packet gcc complains that the third parameter to pcap_next_ex is of an incompat...
I need to sniff TCP traffic into my application. Can libpcap reassemble TCP segments or I have to do it manually? The home page says "Full documentation is provided with the source packages in man page format". After I sudo apt-get install libpcap-dev I only find one man pcap. Is it all the documentation available or I simply missed so...
I need a program which prints the number of packets in a capture file which uses the pcap format. This number does not seem available in the pcap header (probably because it is written before the capture starts) and it does not seem there is a "footer" in the file, with this information. So, I believe the only algorithm is to loop over ...
How to concatenate two tcpdump files, so that one traffic will appear after another in the file? To be concrete I want to "multiply" one tcpdump file, so that all the sessions will be repeated one after another sequentially few times. ...
I've a question related to a very basic thing in Perl, but I'm unable to find an efficient solution. Here's a bit of context first. I use Net::Pcap etc and when I'm in my function which processes packets (used by pcap_loop) I get a $packet scalar which contains my whole packet (ethernet header + ip header + tcp/udp header + payload). W...
I am trying to parse large pcap files with libpcap but there is a file limitation so my files are separated at 2gb. I have 10 files of 2gb and I want to parse them at one shot. Is there a possibility to feed this data on an interface sequentially (each file separately) so that libpcap can parse them on the same run? ...
Are there any alternatives to PCAP DLL for capturing packets, that are not drivers? ...
We're sniffing packets using libpcap on linux The header we get on each packet looks like: struct pcap_pkthdr { struct timeval ts; /* time stamp */ bpf_u_int32 caplen; /* length of portion present */ bpf_u_int32 len; /* length this packet (off wire) */ }; Now, It is my understanding that caplen ...
Hi. I want to capture packets going out of my machine, and I'm using libpcap (version 1.0.0-1) for the same. The problem is, that a basic program like this - #include <stdio.h> #include <pcap.h> int main(int argc, char *argv[]) { char *dev, errbuf[PCAP_ERRBUF_SIZE]; dev = pcap_lookupdev(errbuf); if (dev == NULL) { ...
how do you decrypt SSH .pcap file that uses Diffie Hellman ecryption. With public and private keys. We are trying through Wireshark with no luck. please advise. ...
Hi all, I'm new to using Visual Studio. I'm currently using VS .NET 2003 on Vista, and I'm trying to port a program from Linux to Windows. The program uses the pcap library. I have installed WinPcap 4.0.2 and downloaded the Developer's Pack WpdPack_4_0_2. However, I have no idea what to do with the developer's pack, i.e. what do I do w...
pcap_compile() compiles a string into a filter program in the form of a bpf_program struct. In theory I could save the compiled form of the program and supply it to pcap_setfilter() on a different network interface or even on a different machine. Will that work? Is the bpf_program form portable across different interfaces? Different pro...
I have some network traffic captured pcap file and want to send its packets on NIC; is it possible? Is there any application to do this? ...
How can I determine if a saved .pcap file contains an ERF (Extensible Record Format) header? pcap_open_offline() doesn't provide this information. I'm running into issues where some captures I open have the 16-byte header, and some don't, and I can't find any documentation online in how to determine the format. ...
I am writing an application to save the captured IP packets to file. Which of the following packet capture format is better suited for use as the file format? Click on the link for more information on each. Snoop (rfc1761) PCAP In addition, is there a C# library for any of the above format? ...
Hello. Using ruby 1.9 and latest gem install pcap + fix for compiling (convert ->ptr/->len to _PTR/_LEN), i found that after doing simple code: require 'pcap' cap = Pcap::Capture.open_offline('1.dmp') cap.each { |pkt| p pkt.src; } exit Pcap gem not leaving block cap.each, i.e. output: ... 213.248.106.202 192.168.1.50 213.248.106.20...
Hi everybody, I am analyzing Pcap captures with C and I need to uncompress the Gzipped body of the HTTP replies. I know that I can do that using Wireshark manually, but I would need to do it on the fly, inside my program. My understanding is that I should look into zlib and the RFC. But since it's a little analysis program, do you know...
Hello I have some pcap files and I want to filter by protocol, i.e., if I want to filter by HTTP protocol, anything but HTTP packets will remain in the pcap file. There is a tool called openDPI, and it's perfect for what I need, but there is no wrapper for python language. Does anyone knows any python modules that can do what I need...
Hi all, I have a pcap_loop function in another function, that captures packets until the user stops it, i.e. void functionA() { signal(SIGINT, terminate_process); pcap_loop(handle, -1, callback, NULL); ... } void terminate_process(int signum) { pcap_breakloop(handle); pcap_close(handle); } Is it possible to set a d...