Stack Overflow
Stack Overflow

Questions tagged [libpcap]

Libpcap, a portable C/C++ library for network traffic capture. Provides a common interface across various OS-specific backends like BPF, packet filter, netfilter, and NPF.

Libpcap was originally developed by the tcpdump developers in the Network Research Group at Lawrence Berkeley Laboratory. The low-level packet capture, capture file reading, and capture file writing code of tcpdump was extracted and made into a library, with which tcpdump was linked.

796 questions
0
votes
1 answer

libpcap, payload offset 66 but sizeof(headers) + doff = 62

I am spending my sunday on understanding packet sniffing with libpcap and I came so far that I can read packets and metadata. When I was checking my code by sniffing on some packets, I found that I must have an error somewhere. When I sniff the…
markus_p
  • 574
  • 8
  • 25
0
votes
1 answer

pcap_open_dead to simulate full UDP packets capture

Following up on my question about pcap file creation, I now would like to simulate the saving of a full UDP packet, including the Ethernet, IP and UDP headers. Which DLT_XXX type should I use? I believe pcap_dump() skips the Ethernet header when…
Robert Kubrick
  • 8,413
  • 13
  • 59
  • 91
0
votes
1 answer

linux libpcap programming

A same program can be run successfully on Opensuse 12.1 (x64) While can't be run on Fedora 16 (x64) on Fedora 16 , it displayed "Err calling pcap_compile" I don't know what difference between these OS, I think they are quite same, But I make sure…
user1111073
  • 39
  • 1
  • 3
  • 10
-1
votes
1 answer

How can I use libpcap to filter only client packets?

I am using libpcap to capture packet with the following filter: "tcp[tcpflags] & (tcp-syn) != 0 and not net 127.0.0.1" But I actually want to get the packet only if the sender is the client (SYN-SENT). Basically what I am trying to do is to get…
Yosef
  • 3
  • 1
  • 3
-1
votes
1 answer

what is this kind of frames, vlan, SMLT?

i've coded a sniffer with libpcap dealing with data link layer. but i've implemented only the ethernet part. Since this morning, i receive this kind of frame all day long. Could you help me to find the protocol used there and the layer ? Thx FF FF…
Etienne Armangau
  • 255
  • 2
  • 10
-1
votes
1 answer

It is possible to find what application was listening on a TCP/IP port from "pcap" file?

With winpcap or libpcap I can find the port. But how do I know which app was listening to the port while the package was received? Thank in advance
Avremi
  • 3
  • 3
-1
votes
1 answer

Unable to understand the packet header format of BR/EDR packets in Wireshark

I am trying to create a BR/EDR header and verifying with the Wireshark using the Link-Header type (255) of PCAP dump. As per the Bluetooth core specification: Bit ordering for BR/EDR packets is LSB first format. Refer: Bluetooth core specification…
Prasanth Kumar Arisetti
  • 697
  • 2
  • 10
  • 33
-1
votes
3 answers

C: inet_ntop return value position?

I am reviewing the inet_ntop documentation. Typically, string builder operations in C return either a pointer to the end of the string, or an integer indicating the length of the string written. The documentation of inet_ntop states quite…
Chris
  • 28,822
  • 27
  • 83
  • 158
-1
votes
1 answer

How to parse many pcap files in C or python

I have the problem that I want to parse 10,000 pcap files to analize 10 packets wrote in each file, I'd like to know some issues like the time between each packet was sent and the message wrote in each packet. The thing is i have no idea on how to…
Rodolfo Heron
  • 11
  • 3
-1
votes
1 answer

Will tcpdump capture packets where destination mac address does not match NIC's mac address

I am running some data throughput tests by sending UDP packets using iperf through a VM that does some sort of processing on those packets. My application runs in promiscuous mode, so it will pick up all packets. I saw my application drop some…
Surajit
  • 5
  • 1
  • 6
-1
votes
2 answers

error pcap library not found

i am running Fedora 27 and i am trying to install Reaver 1.4 here is the command. ./configure and the result. checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out …
mego
  • 9
  • 1
  • 1
  • 1
-1
votes
1 answer

Libpcap ARP packet struct not mapping correctly

This code is run every time a packet is detected, but the ARP IP addresses are not matching up to what they should be, the source IP address is not even local. I've added a test printout to try find the problem and I'm getting output like this when…
Crizly
  • 971
  • 1
  • 12
  • 33
-1
votes
1 answer

Why all the captured packet with libpcap in C++ have a length of zero?

I followed the steps mentioned here to write a sample CPP program to capture my network adapter traffic and the final program that I compiled and run successfully is as below: 1 #include 2 #include 3 #include 4…
Ebrahim Ghasemi
  • 5,850
  • 10
  • 52
  • 113
-1
votes
1 answer

Libpcap radio tap packets

I'm trying to capture and process 802.11 traffic in monitor mode. I'm able to catch it with tcpdump but I'm not able to process it with libpcap. I would need to pass then all packets to deep packet inspection method which is working great with…
Maciej Bielski
  • 129
  • 1
  • 4
-1
votes
1 answer

libcurl error (negative value) while compiling

I am trying to compile a custom package which depends heavily on libcurl an pcap, on my machine it works great,but when i try to compile it using the toolchain i get this errors: $…
Karlovalentin
  • 321
  • 1
  • 3
  • 14
1 2 3
53 54