Highest Voted 'pcap' Questions - Server Fault Stack Exchange

4

votes

1 answer

Other PCAP network software other than TCPREPLAY?

I would like to find out if there are more other useful softwares with the same functions or more like TCPREPLAY which has the ability to "playback" PCAP files? Thanks for your suggestions!

pcap tcpreplay

asked Aug 31 '10 at 06:32

VMNoob

3

votes

1 answer

How can I export more than 1000 http request bodies from a large pcap file?

I have a pcap file (~2.3G) containing HTTP requests. I need to extract the body of each request in some way that I can further process it. Each request in its own file would work well, but I can be flexible on that. I found something promising in…

pcap tshark

asked Feb 15 '18 at 06:00

pkaeding

810
2
13
23

3

votes

0 answers

Modify ip addresses in a socks capture pcap

I have a pcap capture of socks traffic. The traffic goes like - client_ip <-> 127.0.0.1:9050 <-> destination_ip Looking at pcap in wireshark, thus, shows: src_ip = 127.0.0.1 dst_ip = 127.0.0.1 Is it possible to change src_ip and dst_ip…

socks pcap

asked Feb 18 '17 at 20:55

Sunshine

131
2

3

votes

3 answers

Recording network traffic on one linux box, transferring it to another in real time

I have a situation where I want to capture all of the network traffic on one Linux box (currently using tcpdump) but have that data transferred in real time to another Linux on a separate (but connected) network. Essentially I have [network i'm…

linux tcpdump pcap

asked Nov 21 '13 at 18:58

tjac

133
3

3

votes

2 answers

Reducing a pcap file down to all operations on a specific NFS file

I have an 80GB packet capture (libpcap) and I want to filter it down to everything involving all operations on a particular NFS file/filehandle. How can I accomplish this? I know the following facts about what I want to capture (in tshark display…

pcap tshark

asked Apr 22 '13 at 19:00

MikeyB

39,291
10
105
189

3

votes

3 answers

How to separate PCAP by unique IP address

I have an hour long PCAP file which has about 60 individual network attacks done on our test network here at work. Each attack comes from a unique IP address which was not used elsewhere during the hour. I'd like to make 60 pcaps out of this one…

networking wireshark packet-capture pcap

asked Apr 30 '12 at 17:15

Evan

177
2
8

3

votes

1 answer

HTTP dissector that reads from pcap

I have some pcap data from a local interface which I'd like to analyze. Specifically, I'd like the content of HTTP sessions. I'm aware of many HTTP header statistics tools, but I would specifically like to reassemble the content of each complete…

http pcap

asked Jul 16 '11 at 22:46

Kerrek SB

201
1
5

3

votes

1 answer

Kill FINished sockets (using libpcap - tcpdump/tcpkill)

I'm trying to create a small service that monitors and kills sockets which have the FIN flag. I can get them with tcpdump (I also tried tcp[13] & 1): tcpdump "tcp[tcpflags] & tcp-fin != 0" tcpkill is suppose to use the same interface as tcpdump,…

perl tcpdump pcap java

asked Jul 12 '10 at 06:14

Eric

133
4

2

votes

0 answers

disabling ethernet loopback packets

I have a linux machine with a few network interfaces which I use to run communication tests. In some of the tests I get a lot of packets with ether type 0x9000 (ethernet configuration testing protocol). This makes my packet analysis test run slower…

linux networking linux-networking python pcap

asked Jul 10 '19 at 15:18

barisdad

151
1
5

2

votes

1 answer

Wireshark under Windows: Any way to capture packets before dropped by special filter drivers?

I've got some GigabitEthernet Vision cameras, which use Ethernet to communicate. The protocol is simple UDP, but for performance reasons (high packet throughput causing CPU load) the manufacturer uses a filter driver that prevents those packets from…

ethernet udp wireshark pcap winpcap

asked Feb 20 '18 at 09:15

SDwarfs

385
4
18

2

votes

1 answer

Allowing node.js applications to run libpcap without sudo ("Symlink" issue )

I want to use the following command to allow usage of the libpcap package without to sudo (on a debian system): sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/bin/nodejs I'm getting this error: Failed to set capabilities on file…

linux debian node.js pcap

asked Sep 04 '16 at 20:23

Bastl

121
2

2

votes

2 answers

How to efficiently re-order packets in PCAP files based on timestamp?

I have a PCAP file which contains many packets. They are however out of order based on the timestamp (it is actually randomized). What is the best way to efficiently sort the PCAP packets based on timestamp for later replay? Currently I am doing…

python wireshark pcap

asked Aug 10 '15 at 15:43

Daniel

165
1
9

2

votes

2 answers

How to use tshark or tcpdump to calculate bytes transmitted

I am using this command with tshark: tshark -r pcapfile "tcp and ip.src==192.168.1.1" -T text -V -x | grep 'Total Length' This essentially parses the pcap for only connections from the source ip and looks for the total length in bytes from each…

log-files tcpdump pcap tshark

asked Jan 29 '15 at 21:01

user53029

629
3
14
36

2

votes

2 answers

Counting number of connections in a pcap file

What tool can I used to get a count of the number of TCP and UDP connections inside of a pcap file?

linux networking pcap

asked Aug 01 '14 at 22:53

oonska

33
1
4

2

votes

0 answers

Can I use tshark to write SSL-decrypted packets to a file?

I have a PCAP file containing SSL-encrypted HTTP traffic and the private key from the relevant web server. I'd like a PCAP file that contains the decrypted HTTP traffic to feed into a different tool. I've been able to get tshark to decrypt and…

ssl wireshark pcap tshark

asked Jul 08 '14 at 22:57

Willi Ballenthin

365
1
2
11

Questions tagged [pcap]