Stack Overflow
Stack Overflow

Questions tagged [libpcap]

Libpcap, a portable C/C++ library for network traffic capture. Provides a common interface across various OS-specific backends like BPF, packet filter, netfilter, and NPF.

Libpcap was originally developed by the tcpdump developers in the Network Research Group at Lawrence Berkeley Laboratory. The low-level packet capture, capture file reading, and capture file writing code of tcpdump was extracted and made into a library, with which tcpdump was linked.

796 questions
0
votes
2 answers

facing /usr/lib/libpcap.so: undefined reference to `pcap_lex' while running make command nprobe

I am trying to install nprobe on my system when i followed the following steps git clone https://github.com/xrl/nprobe.git sudo apt-get install libpcap-dev cd nprobe/plugsins ./buildMakefile.sh >Makefile.in cd .. ./autogen.sh ./configure …
Shoaib Ahmed
  • 157
  • 3
  • 15
0
votes
1 answer

Implementing Arp Sweep

I have been playing with libpcap/jpcap. Implementing a arp sweeper. I send a request for all ip's in the block to the broadcast address and read replies. Now i can't think of a way to exit from the listening function. Now i wait 2 secs and assume…
Hamza Yerlikaya
  • 49,047
  • 44
  • 147
  • 241
0
votes
1 answer

Way to get packet count on a network with C

Is it possible to code a way to make a packet counter for the whole network, similar to Wireshark's packet count while choosing the interface. The main thing being that I want a packet count of the whole LAN not just the actual machine only. I heard…
Andrei0427
  • 573
  • 3
  • 6
  • 18
0
votes
2 answers

Getting wrong ip and port number from libpcap captured packet

My Ubuntu virtual machine's IP address is 192.168.1.110. Everything else looks fine. I don't know what is wrong with the code. Maybe I'm using a wrong package header structure? Below is my code and output. Again my host IP should be 192.168.1.110…
ouyadi
  • 475
  • 1
  • 6
  • 13
0
votes
1 answer

commercial application licensing issue and a solution for libpcap applications

I would like to develop some commercial tool in the area of processing data extracted out of a packet sniffer. I am aware that libpcap is available for that but I am quite sure that there are many restrictions due to licensing issues. Suppose I…
Abruzzo Forte e Gentile
  • 14,423
  • 28
  • 99
  • 173
0
votes
1 answer

Is it possible to inject on a raw socket while sniffing in promiscous mode?

I'm writting a program which sniffs out traffic with libpcap only to take out packets to modify and inject back into the network with a raw socket. I know that for normal promiscous mode operation of a wireless card, your not suppose to be able to…
Dr.Knowitall
  • 10,080
  • 23
  • 82
  • 133
0
votes
2 answers

arping in c++ on linux

I was wondering if anyone knows of a arping api or wrapper written in c++ not c ? I have looked at the libpcap library but I want a c++ alternative if possible http://www.tcpdump.org/pcap3_man.html Programmatic use of ARP Thanks
gda2004
  • 718
  • 13
  • 32
0
votes
1 answer

how to calculate udp packet size libpcap

From a linux OS I am trying to write my own data usage monitor in C or python. I've searched and researched for a couple of days now. Currently I am trying to adapt sniffex.c to suit my needs. I've succeeded in verifying the total bytes sent and…
nomadicME
  • 1,389
  • 5
  • 15
  • 35
0
votes
2 answers

how to sandbox and analyse traffic by firewall

I read Palo Alto Wildfire product. There its said: WildFire, which provides the ability to identify malicious behaviors in executable files by running them in a virtual environment and observing their behaviors I didn't how i can…
ashmish2
  • 2,885
  • 8
  • 40
  • 54
0
votes
1 answer

Tcpdump: Sequence and acknowledgement number mismatch with libpcap

I am writing an app where I am printing TCP sequence and ack numbers. I ran tcpdump on the same box and the numbers do not match. Here is my code, all headers and structures are from sniffex.c void got_packet(u_char *args, const struct pcap_pkthdr…
ACC
  • 2,488
  • 6
  • 35
  • 61
0
votes
1 answer

Libpcap does not capture whole packet

I am trying to capture packets with libpcap. Here is my code: int main (int argc, char **argv) { char *dev = "eth0"; char errbuf[PCAP_BUFFER_SIZE]; pcap_t *handle; char filter[] = "tcp and src port 80"; struct bpf_program fp; …
ACC
  • 2,488
  • 6
  • 35
  • 61
0
votes
1 answer

Writing to an image

I am trying to extract an image from a HTTP stream. I have a requirement of using C++ and no other library, except for libpcap to capture packets. Here is what I am doing: if ((tcp->th_flags & TH_ACK) != 0) { i = tcp->th_ack; …
ACC
  • 2,488
  • 6
  • 35
  • 61
0
votes
2 answers

Reading Packet Data With libpcap

I'm working with pcap to monitor http requests and responses. I've setup pcap_loop and I'm getting packets in my callback function but I don't know how to read packets content. this is my callback function: void got_packet(u_char *args, const struct…
Abcd Efg
  • 2,146
  • 23
  • 41
0
votes
1 answer

Find Active Internet Connection Using libpcap Mac

I'm trying to monitor packets for current active internet connection using pcaplib. But I'm not sure how can I find current active internet connection. I know pcap_findalldevs() will return list of available net devices. but user might use en0, en1…
Abcd Efg
  • 2,146
  • 23
  • 41
0
votes
1 answer

pcap_next occasionally losing packets on Linux

Yesterday, I asked if my asynchronous use of libpcap was making me lose packets. Today, I looked further and it seems that the problem is not on the asynchronous use of libpcap, but on the use of pcap_next_ex. Occasionally (10 runs out of a 1000),…
bruno nery
  • 2,022
  • 2
  • 20
  • 31
1 2 3
53 54