Stack Overflow
Stack Overflow

Questions tagged [libpcap]

Libpcap, a portable C/C++ library for network traffic capture. Provides a common interface across various OS-specific backends like BPF, packet filter, netfilter, and NPF.

Libpcap was originally developed by the tcpdump developers in the Network Research Group at Lawrence Berkeley Laboratory. The low-level packet capture, capture file reading, and capture file writing code of tcpdump was extracted and made into a library, with which tcpdump was linked.

796 questions
0
votes
1 answer

How can I merge 'split/partial' packets with libpcap?

I am capturing HTTP packets, and as I expected, it is breaking them up as some of the packers are just too large for one packet. How can I merge packets together? I've looked into the structure, and nothing is popping out. The one thing I did find…
Kladskull
  • 10,332
  • 20
  • 69
  • 111
0
votes
1 answer

How to Match a URL in UDP payload using POSIX regexec and libpcap in C

I'm trying to capture the URL from an UDP payload using Libpcap in C with POSIX regex. I have tried all the methods but nothing returns a hit. I have pasted the part of my code here where im trying to capture the URL that comes with UDP payload.…
Nishaero
  • 7
  • 4
0
votes
1 answer

where in the sources of Wireshark I can see the calls to the pcap?

I want to find the place in the code where Wireshark takes the packets that arrive to the driver. I guess this is done using libpcap or some other API for capturing packet. I looked at the source code but I didn't find any call to any function from…
Ygandelsman
  • 453
  • 7
  • 16
0
votes
1 answer

Payload Offset Value In netinet/tcp.h?

I have been trying for a little while to get the offset value from a TCP packet header and keep getting a value of 0. Here is a link to the header file I am basing my code off…
MrJman006
  • 752
  • 10
  • 26
0
votes
0 answers

Skip trimming CRC from packet

I have a application in linux, Where i expect comeplete packet including last 4 CRC Checksum bytes. In my case Linux kernel is trimming off the CRC Checksum and sending to my application. Is there any way in Linux to disable trimming CRC Checksum??
Kaushik Koneru
  • 89
  • 9
0
votes
2 answers

Getting error "The capture file appears to be damaged or corrupt. (pcap: File has 1847605831-byte packet, bigger than maximum of 65535)"

I am getting error when i am trying to dump a packet in pcap file. { unsigned char *ofilename = "packet.pcap"; pcap_t *fp; pcap_dumper_t *dumpfile; const struct pcap_pkthdr *header; fp = pcap_open_dead(DLT_RAW,256); …
Aishu
  • 27
  • 2
  • 6
0
votes
2 answers

How to pass PcapPackets into Kafka queue

With the below code to pass PcapPackets to a queue, is it possible to pass this into Kafka queue so that Kafka consumer can pull PcapPackets as such from Kafka producer? StringBuilder errbuf = new StringBuilder(); Pcap pcap =…
user3823859
  • 469
  • 1
  • 7
  • 20
0
votes
1 answer

Having trouble using winpcap to write DLT_USER0 captures

I'm making a C++ program using MINGW that uses the Winpcap library to save BTLE packets into a PCAP file. I'm trying to open a PCAP file using the DLT_USER0 link layer type. I can open DLT_USER0 using the call to pcap_open_dead() but…
franchise98bn
  • 1
  • 1
0
votes
0 answers

Ruby/Windows Pcap (pcaplet)

Is there currently anyway to get 'pcap/pcaplet' working under windows/ruby? I've seen (costly/paid) packet sniffing software for windows that lets you sniff clear-text irc traffic. I thought it would be nice for there to be free software that could…
Corrosive
  • 86
  • 1
  • 11
0
votes
1 answer

Pcap open an interface and inject packets

I need to write a program in C to read in pcap files and extract the packets and send them out . It's like a traffic replay. I know there's tcpreplay but I didn't see its C library, it seems to be only a command-line application. I know how to do it…
J Freebird
  • 3,664
  • 7
  • 46
  • 81
0
votes
2 answers

Passing the shell-command to RSH daemon inside an "ACK" packet

Writing a program on C, using libnet and libpcap to impersonate an RSH client and inject my own command on the server machine, running RSHD. As I understood, the command should be in the 'payload' of the ACK packet, but in the format, that RSHD will…
Dmitry
  • 156
  • 5
  • 17
0
votes
1 answer

Sniffer that filters IPv6 packets

I have a simple sniffer of packets using Python and pcapy. pc = pcapy.open_live(str(self.port), max_bytes, promiscuous, read_timeout) #My problem is here pc.setfilter('???') pc.loop(-1, self.recv_pkts) I need to drop all IPv6 packets and capture…
Konstantin
  • 2,937
  • 10
  • 41
  • 58
0
votes
1 answer

How to enable nanosecond resolution when capturing live packets in libpcap?

How do I capture packets with nanosecond resolution using libpcap v1.6.1? Based on the changelog they added support for the nanosecond resolution in v1.5.0. When I execute tcpdump and view the cap files, it is still only in microseconds. I tried…
mayor
  • 1
  • 2
0
votes
1 answer

How to simulate ICMP messages

I would like to know whether there are any programs which will help me to generate ICMP messages. I have a target board running with linux for arm and all of the ICMP messages need to be tested against it. These all are the messages need to be…
Renold Singh
  • 145
  • 12
0
votes
1 answer

WinPcap doesnt catch any arp packets

I try to sniff all the arp traffic. Here is my code: void start(){ pcap_if_t *alldevs; pcap_if_t *d; char errbuf[PCAP_ERRBUF_SIZE]; int choice; pcap_t* pcap_handle; struct bpf_program filter; int i=0; …
user2224350
  • 2,262
  • 5
  • 28
  • 54
1 2 3
53 54