Stack Overflow
Stack Overflow

Questions tagged [libpcap]

Libpcap, a portable C/C++ library for network traffic capture. Provides a common interface across various OS-specific backends like BPF, packet filter, netfilter, and NPF.

Libpcap was originally developed by the tcpdump developers in the Network Research Group at Lawrence Berkeley Laboratory. The low-level packet capture, capture file reading, and capture file writing code of tcpdump was extracted and made into a library, with which tcpdump was linked.

796 questions
0
votes
1 answer

pcap_next return NULL

I am working in openwrt with libpcap 1.5.3. I have init pcap as following: handle = pcap_create(capnic, errbuf); if(!handle) { sys_err("pcap_create failed:%s\n", errbuf); exit(-1); } if(pcap_set_snaplen(handle, BUFSIZE)) { …
jianxi sun
  • 340
  • 1
  • 19
0
votes
1 answer

Determine the closed/closing flow in the network traffic

I've developed a network traffic classification program in C. I used the 5 tuple to determine a flow. The 5 tuple is: source adress destination adress source port destination port protocol(tcp,udp,dns etc) However, in addition to determine a…
Anamort
  • 341
  • 4
  • 17
0
votes
0 answers

libpcap compiling as external library

I'm making a project that requires libpcap library, I downloaded the library from official website (libpcap-1.7.2.tar.gz) and I want to compile and the project on Unix server, but I am not allowed to install the library there (school server) and I…
Marek Teuchner
  • 327
  • 1
  • 4
  • 15
0
votes
2 answers

Wireshark error when opening .pcap dumped with pcapy

I'm using the following piece of python code to capture traffic and dump it to a .pcap file: from pcapy import open_live p = open_live("eth0", 65535, 1, 0) dumper = p.dump_open("./test.pcap") while capturing: (header, packet) = p.next() …
synack
  • 1,699
  • 3
  • 24
  • 50
0
votes
3 answers

Compare Const char* and char *

I'm trying to compare the values in these two char pointers but i'm getting strange outputs: The first one is (libpcap IP address): const char* ip_source = inet_ntop(AF_INET, &ip->ip_src, buffer1, sizeof(buffer1)); //192.168.56.1 The second one…
Crizly
  • 971
  • 1
  • 12
  • 33
0
votes
3 answers

Libpcap compilation fail using MS Visual Studio 2012

I've been trying to create a program to analyze ethernet frames captured in pcap files using MS Visual Studio 2012 in C++. I have downloaded latest WinPcap (4.1.3) and Libpcap (1.7.2). I've managed to include all the sub-folders in the extracted…
Jan Prášek
  • 13
  • 3
0
votes
1 answer

Wireless packet injection using libpcap

I have been trying to inject packets into my wireless interface through libpcap for quite a while now. I am able to see the same packets when I check for packets from same interface, but no other interface or machine is able to get the packets. In…
Jay Bosamiya
  • 3,011
  • 2
  • 14
  • 33
0
votes
1 answer

Using libpcap to library sample dump files

Using libpcap has proven really easy, but, speed is always an issue with giant (in an arbitrary sense) .pcap dumps. Are there any common practices for just sampling a dump? Perhaps something that effectively says "Read every fifth frame" as the pcap…
Aage Torleif
  • 1,907
  • 1
  • 20
  • 37
0
votes
1 answer

Trouble capturing IP packets with libpcap

First the structs: /* Ethernet addresses are 6 bytes */ #define ETHER_ADDR_LEN 6 /* Ethernet header */ struct sniff_ethernet { u_char ether_dhost[ETHER_ADDR_LEN]; /* Destination host address */ u_char ether_shost[ETHER_ADDR_LEN]; /* Source…
xnor
  • 343
  • 5
  • 11
0
votes
1 answer

Why packets injected with libpcap are duplicated?

I'm using sharppcap in order to send packets as part of a monitoring system. Usually it works well but I've encountered the strangest bug on a hosted vista machine and I would like your help. On that virtual vista machine, injected packets are…
r0u1i
  • 3,526
  • 6
  • 28
  • 36
0
votes
1 answer

Most efficient way to subtract arrays of unsigned chars in C

I'm using libpcap to analyze and process packets. I have to compare two arrays of unsigned chars, take the difference and save it to a hashtable. Another thread will periodically scans across the hashtable and compute for average,standard deviation,…
user2066671
  • 177
  • 4
  • 16
0
votes
1 answer

How to forward packets coming on wlan0 to eth0

I have one application in which i have following setup, --------- LAN ------- Wifi ------- | PC1 | <=====> | PC2 | <=====> | STA | --------- ------- ------- PC1 is connected to network and PC2 is connected to…
rk.kant
  • 3
  • 2
0
votes
1 answer

Extracting RTP payload from packet

I am trying to write a utility to extract the payload from RTP packet. From my understanding about the network packets and protocols, RTP is wrapped in UDP. How can we decide whether the UDP packet that we have captured has RTP packet wrapped in it?…
user3119346
  • 463
  • 2
  • 6
  • 12
0
votes
1 answer

Correct filter expression in libpcap for outgoing packets

I want to sniff only outgoing 'TCP-ACK' packet from my system. Hence I set my filter expression in my lib-pcap program as: char filter_exp[] = "src host 172.16.0.1 and tcp[tcpflags] & (tcp-syn | tcp-fin | tcp-rst | tcp-psh) == 0"; But it's showing…
RatDon
  • 3,403
  • 8
  • 43
  • 85
0
votes
0 answers

Is libpcap faster than reading a socket for inter-process communication on localhost?

I have a (legacy) specialized packet sniffing application which sniffs the Ethernet using libpcap and analyzes the received data. "The analyzer" I'm adding another process which reads "data" from a PCI card and I'd like to feed that data into the…
Danny
  • 2,482
  • 3
  • 34
  • 48
1 2 3
53 54