Stack Overflow
Stack Overflow

Questions tagged [libpcap]

Libpcap, a portable C/C++ library for network traffic capture. Provides a common interface across various OS-specific backends like BPF, packet filter, netfilter, and NPF.

Libpcap was originally developed by the tcpdump developers in the Network Research Group at Lawrence Berkeley Laboratory. The low-level packet capture, capture file reading, and capture file writing code of tcpdump was extracted and made into a library, with which tcpdump was linked.

796 questions
3
votes
1 answer

Using libpcap with Scala

What's the best way to use libpcap with Scala? I need to capture from live network devices, so it will most likely need a native binding. I've found a couple like JPcap and JNetPcap but nothing particularly for Scala... Any recommendations?
PeterM
  • 2,534
  • 6
  • 31
  • 38
3
votes
1 answer

Simulate an HTTP/2 stream with pcap4j

I'm trying to capture the unencrypted bytes of a TLS connection and record them into a cap file for analysis of the HTTP/2 traffic. There are a lot of assumptions I am making that this is even possible. But I'm willing to fudge almost everything…
Yuri Schimke
  • 12,435
  • 3
  • 35
  • 69
3
votes
1 answer

How to use host's pcap in docker container?

I want to capture a specific network of hosts from docker container. host <-> host // How do I capture a specific port of tcp that communicates with the host? I want to know how to set it in the container.
botob
  • 81
  • 4
3
votes
1 answer

Why libpcap is better than sniffing with raw?

If I want to sniffing packet in linux without set any filters, I saw 2 options. Use libpcap Use raw socket myself like https://www.binarytides.com/packet-sniffer-code-in-c-using-linux-sockets-bsd-part-2/ Why libpcap is better than use raw sockets…
yfr24493AzzrggAcom
  • 159
  • 1
  • 2
  • 13
3
votes
1 answer

Installing Net::Pcap using strawberry perl on windows 10

I am trying to install Net::Pcap (https://metacpan.org/pod/Net::Pcap) using edition of portable strawberry Perl v5.28.1 ,below are my steps : 1.I installed npcap (winpcap for windows 10 ) from https://nmap.org/npcap/#download 2.I downloaded the…
jsor
  • 97
  • 5
3
votes
2 answers

c++ library for parsing packets with winpcap

is there a c++ opensource library for parsing capturing packets with winpcap specificly the tcp header and data ?
brian
  • 61
  • 1
  • 4
3
votes
1 answer

Rust cross-compile -lpcap from macos to linux

I am trying to cross-compile my Rust project on Mac OS to Linux using cargo build --target=x86_64-unknown-linux-musl. I installed the binary for Linux + musl cross-compilation on mac using brew install FiloSottile/musl-cross/musl-cross as I would…
ronnyking01
  • 31
  • 4
3
votes
1 answer

What is the `user` parameter in `pcap_loop` and `pcap_dispatch`?

I have Google'd this a bunch, but I have no idea what the user parameter is for pcap_loop(). The best one I found online is from Stanford (link: http://yuba.stanford.edu/~casado/pcap/section3.html): /* allright here we call pcap_loop(..) and…
Greg Schmit
  • 4,275
  • 2
  • 21
  • 36
3
votes
1 answer

Why does valgrind report a memory leak when calling `pcap_open_offline`?

I am trying to figure out if I'm having an idiot moment or if there really is a memory leak in libpcap. I'm running Ubuntu 17.10 and libpcap 1.8.1-5ubuntu1. It seems unlikely that such a mature library would have a leak. I've cut out everything to…
Greg Schmit
  • 4,275
  • 2
  • 21
  • 36
3
votes
1 answer

libpcap: pcap_next_ex with "own" buffers

What I currently do is the following: struct pcap_pkthdr *phdr; const u_char *data; pcap_next_ex(descriptor, &phdr, &data); memcpy((void*)mybuf, phdr, sizeof(*phdr)); memcpy((void*)mybuf + sizeof(*phdr), data, phdr->len); But what I'd like to do…
flowit
  • 1,382
  • 1
  • 10
  • 36
3
votes
1 answer

Problems sniffing IPV6 SYN - ACK Packets

I am using following filter expression to sniff IPv4/IPv6 SYN/ACK/FIN/RST packets. This works fine using tcpdump for IPv4 however for IPv6 I dont see any thing coming tcp port 80 and (tcp[tcpflags] & (tcp-syn|tcp-ack|tcp-fin|tcp-rst) != 0)
Neeraj Agrawal
  • 41
  • 1
  • 5
3
votes
1 answer

pcap (wireshark) filter by wlan mac address

There are (up to) 4 fields in an 802.11 frame that contain mac addresses: source mac transmitter mac destination mac receiver mac Is there a pcap capture filter for these values? Something similar to ether host ff:ff:ff:ff:ff:ff, for…
JBaczuk
  • 13,886
  • 10
  • 58
  • 86
3
votes
0 answers

libpcap: check if captured frame is received or sent

I'm developing a C application using libpcap. I can capture frames using this code that I developed: void ethernetCaptureHandler( u_char *args, const struct pcap_pkthdr *packet_header, const u_char *packet_body) { struct ether_header *eptr; …
Kallel Omar
  • 1,208
  • 2
  • 17
  • 51
3
votes
1 answer

Is it possible to parse pcap packets from buffer

I have a bunch of huge pcap files (> 10GB) that are compressed with lzma. I need to parse them on my machine, and I do not have enough space to uncompress them first. There are many libs that can stream lzma from file. The problem is on libpcap…
Pavel Davydov
  • 3,379
  • 3
  • 28
  • 41
3
votes
3 answers

libpcap get MAC from AF_LINK sockaddr_dl (OSX)

I am trying to obtain the MAC addresses of all of my interface on OSX using C. The common ways to obtain it Linux dont work on BSD - from everything I have seen, you must obtain the interfaces and look for the ones that are of type AF_LINK. My…
wuntee
  • 12,170
  • 26
  • 77
  • 106
1 2 3
53 54