Stack Overflow
Stack Overflow

Questions tagged [libpcap]

Libpcap, a portable C/C++ library for network traffic capture. Provides a common interface across various OS-specific backends like BPF, packet filter, netfilter, and NPF.

Libpcap was originally developed by the tcpdump developers in the Network Research Group at Lawrence Berkeley Laboratory. The low-level packet capture, capture file reading, and capture file writing code of tcpdump was extracted and made into a library, with which tcpdump was linked.

796 questions
0
votes
1 answer

What is the right pcap filter string to capture packets sent to IP address 10.24.11.73 and UDP port 32806?

I want to capture outgoing UDP packets sent to IP address 10.24.11.73 and destination port number 32806. so I set pcap_setdirection(*pchandle, PCAP_D_OUT); but my problem is the filter string (const char *) passed to pcap_compile(*pchandle,…
Roham Amini
  • 361
  • 3
  • 12
0
votes
0 answers

Libpcap issues with release build C++ application

I've developed a network sonification app in C++ that uses libpcap for packet capture. It works fine on my computer (early 2012 Macbook) but when I try to run the release build application on any other machine libpcap can't open a handle and returns…
Ed Davies
  • 1
  • 1
0
votes
1 answer

Linux Sniffer Between Client and Server Libpcap

I am trying to create a sniffer which reads a text being sent from server to client using inet address 127.0.0.1 (loopback address). Program keeps stays halts even when client has received data from server. CODE of sniffer : int main(int argc,char…
Usman
  • 3
  • 1
0
votes
0 answers

libpcap findalldevs not working in guest LDOM on Solaris 11

Environment Oracle Solaris 11 for SPARC Running in a Non-primary (Guest) Logical Domain (LDOM). Logged in with root access. Problem My application uses libpcap to capture network traffic. When my application (myTestApp) calls libpcap findalldevs, my…
reggie
  • 33
  • 1
  • 3
0
votes
1 answer

How to get domain address and A-records from pcap file?

I have a problem with pcap file. I created my pcap file with tcpdump using filters: -v -i lo Here is an example of my pcap file records in in txt format: 11:15:47.746058 IP (tos 0x0, ttl 64, id 56805, offset 0, flags [DF], proto UDP (17), length…
user5045814
0
votes
1 answer

Calling C callback in Objective C

Here is a code I'm trying to use Objective C method in C function callaback. As result it crashes: typedef void (^BlockCallback)(u_char *args, const struct pcap_pkthdr *header, const u_char *packet); -…
Serge
  • 2,031
  • 3
  • 33
  • 56
0
votes
1 answer

unresolved external symbol (LNK 2001) error with pcap functions

I know how to fix typical LNK2019 errors in MSVS (2013) but I'm having some extra trouble when trying to use winpcap.. I installed winpcap from this site (a couple times, actually), which supposedly installed the necessary .dlls I need, and I also…
galois
  • 825
  • 2
  • 11
  • 31
0
votes
1 answer

How to check if flag in TCP struct is set?

I'm using the pcap C library to read packets. Currently, I use the following to check and see whether a flag in the struct tcphdr (this struct is defined in the netinet/tcp.h library) is set: struct tcphdr *tcp = .... if(tcp->th_flags & TH_SYN) { …
The Legendary Programmer
  • 63
  • 1
  • 7
0
votes
1 answer

Include only the necessary functions from libpcap

I have a C++ JNI Library (that I did not write myself) that uses the functionality of libpcap. There are only a few functions that are actually being used from libpcap but when the library is compiled, every function gets included. Perhaps it's a…
user0000001
  • 2,092
  • 2
  • 20
  • 48
0
votes
1 answer

Packet reassembly at Network Layer libpcap

Environment As per my understanding Network layer is responsible for reassembly of fragmented datagrams and then it supplies the reassembled data to upper Transport layer. I have collected packet traces using libpcap and i want to reassemble…
Adi Tiwari
  • 761
  • 1
  • 5
  • 17
0
votes
1 answer

copy libpcap packet data from const u_char* to another const u_char*

I am trying to make a deep copy of const u_char* to another const u_char* in c/++. I have the following code - void packetHandler(u_char *userData, const struct pcap_pkthdr* pkthdr, const u_char* packet) { if(packet!=NULL) { int…
Ankit Mishra
  • 474
  • 3
  • 11
0
votes
2 answers

Frame 1 too long (-16711680 bytes) error in Wireshark

I have been using Cooja in Instant Contiki v2.7. I have added the global and pcap header in the write_to_serial() function in tunslip6.c . Later these packets are sent to the named pipe /tmp/myfifo (which will be the interface for wireshark). And…
Parvathi
  • 97
  • 2
  • 8
0
votes
1 answer

libpcap: printing tcp source and destination ports

I am facing a weird problem retrieving tcp header and trying to print source and destination ports code : src_p = tcp->th_sport; dest_p = tcp->th_dport; output (in hex): 8e08 and 64a2 wireshark shows that the ports are 088e and a264 why is…
SurajHande
  • 3
  • 1
0
votes
1 answer

pcap_sendqueue_transmit equivalent for linux

I am trying to do high speed packet sending on Linux using libpcap (~100mbps but >100k packets/second). The limitation appears to be (although I am not sure) the number of calls to pcap_send. Winpcap has pcap_sendqueue_transmit, which allows…
Jay
  • 13
  • 3
0
votes
1 answer

pcap - not receiving traffic [OS X, El Capitan]

I am creating a software switch, as a school project. It's implemented in C using lpcap and working fine (despite some bugs) on my Ubuntu machine. However I have a Mac and it's not working there as it should. When frame is captured using…
Horkyze
  • 349
  • 2
  • 13
1 2 3
53 54