Stack Overflow
Stack Overflow

Questions tagged [libpcap]

Libpcap, a portable C/C++ library for network traffic capture. Provides a common interface across various OS-specific backends like BPF, packet filter, netfilter, and NPF.

Libpcap was originally developed by the tcpdump developers in the Network Research Group at Lawrence Berkeley Laboratory. The low-level packet capture, capture file reading, and capture file writing code of tcpdump was extracted and made into a library, with which tcpdump was linked.

796 questions
5
votes
1 answer

jNetPcap on Android: problem with findAllDevs method!

I've sucessfully compiled jNetPcap as a shared library for Android. I have made a simple application using this code: http://jnetpcap.com/examples/classic to test the API. The problem is that when I call the method findAllDevs and exception is…
Thanasis Petsas
  • 4,378
  • 5
  • 31
  • 57
5
votes
2 answers

tcpdump on monitor-mode interface - nothing captured

I've been using tcpdump (version 4.1.1) to attempt to capture wireless frames from a monitor mode interface set up by airmon-ng. I say "attempt" because so far nothing has been happening. It's very odd: tcpdump -i mon0 The above command works fine.…
jvstech
  • 844
  • 1
  • 9
  • 28
5
votes
1 answer

URL Sniffing in Python

Does anyone know how to write a live data sniffer in Python which extracts the originating IP address and the full URL that was being accessed? I have looked at pulling data from urlsnarf however IPv6 is not supported (and the connections will be to…
platten
  • 53
  • 4
5
votes
1 answer

Analyzing RTP packets from browser's webRTC stream using Wireshark or similar tool

Is my observation correct that RTP/RTCP packets from a webRTC stream cannot be analyzed in Wireshark running on the same desktop to analyze RTP packets because the browser would have encrypted them using DTLS/SRTP? I know there are some browser APIs…
asinix
  • 966
  • 1
  • 9
  • 22
5
votes
1 answer

Listening on two devices at once with libpcap

I am trying to listen on two devices with libpcap but I still cant find out how to do the trick. I tried to set device to "any" but it isnt working. I am trying to write dhcp relay agent so i need to listen on eth0 and eth1. I tried to create two…
Pirozek
  • 1,250
  • 4
  • 16
  • 25
5
votes
2 answers

libpcap: pcap_breakloop() causing memory leak

While working with Linux pthreads and libpcap I noticed some weird behavior when using pcap_breakloop. My goal is the following: Opening a new thread that will run pcap_loop and deal with captured packets, while the main thread will do other stuff.…
IanC
  • 1,968
  • 14
  • 23
5
votes
1 answer

perl bitwise AND and bitwise shifting

I was reading some example code snippet for the module Net::Pcap::Easy, and I came across this piece of code my $l3protlen = ord substr $raw_bytes, 14, 1; my $l3prot = $l3protlen & 0xf0 >> 2; # the protocol part return unless $l3prot == 4; #…
nohup
  • 3,105
  • 3
  • 27
  • 52
5
votes
2 answers

How to read and send UDP packets on Mac OS X?

I'm trying to create a program for read, given IP address and port (in this case on localhost), of UDP packets on Mac OS X (current version 10.9.5). The only one that gave me some useful data is tcpdump and nc (netcat), but it worked only 1…
genesisxyz
  • 778
  • 3
  • 14
  • 29
5
votes
1 answer

Pcap Dropping Packets

// Open the ethernet adapter handle = pcap_open_live("eth0", 65356, 1, 0, errbuf); // Make sure it opens correctly if(handle == NULL) { printf("Couldn't open device : %s\n", errbuf); exit(1); } // Compile filter if(pcap_compile(handle,…
John Smith
  • 53
  • 2
  • 7
5
votes
1 answer

libpcap: what is the efficiency of pcap_dispatch or pcap_next

I use libpcap to capture a lot packets, and then process/modify these packets and send them to another host. First, I create a libpcap handler handle and set it NON-BLOCKING, and use pcap_get_selecable_fd(handle) to get a corresponding file…
misteryes
  • 2,167
  • 4
  • 32
  • 58
5
votes
2 answers

What is happening when a TCP sequence number arrives that is not what is expected?

I am writing a program that uses libpcap to capture packets and reassemble a TCP stream. My program simply monitors the traffic and so I have no control over the reception and transmittal of packets. My program disregards all non TCP/IP traffic. …
zero_dev
  • 613
  • 9
  • 17
5
votes
3 answers

Order of sending "Frame Control field"data of an 802.11 frame?

Below is bit format for FC field for QoS Data: 00|01|0001 01000010 The first 2 bits represent version, the next 2 bits type, the next 4 bits subtype, with ToDS=0, FromDS=1,Protection bit=1. So, in what order is the above data sent through the…
bengaluriga
  • 319
  • 2
  • 5
  • 9
5
votes
2 answers

802.11 FCS (CRC32)

Is the below code correctly calculating the FCS value of wireless 802.11 frames? Because the value produced by the below code does not match the value shown by wireshark. const uint32_t crctable[] = { 0x00000000L, 0x77073096L, 0xee0e612cL,…
bengaluriga
  • 319
  • 2
  • 5
  • 9
5
votes
2 answers

Capturing packets with nodejs on windows

node.js v0.8.0 , XP / WIN7 (not Cygwin) google and found node_pcap ( https://github.com/mranney/node_pcap ) but it only support osx and linux. is there any module for windows? thanks. .
atian25
  • 4,166
  • 8
  • 37
  • 60
4
votes
3 answers

How can I open a pcap-ng file in C#

Up to now I have been using WinPcap to open pcap files in C#: [DllImport("wpcap.dll", CallingConvention = CallingConvention.Cdecl, CharSet = CharSet.Ansi)] private extern static IntPtr pcap_open_offline(string fname, byte[] errbuf); Now I want to…
pedro.lupin
  • 77
  • 1
  • 5
1 2 3
53 54