Stack Overflow
Stack Overflow

Questions tagged [libpcap]

Libpcap, a portable C/C++ library for network traffic capture. Provides a common interface across various OS-specific backends like BPF, packet filter, netfilter, and NPF.

Libpcap was originally developed by the tcpdump developers in the Network Research Group at Lawrence Berkeley Laboratory. The low-level packet capture, capture file reading, and capture file writing code of tcpdump was extracted and made into a library, with which tcpdump was linked.

796 questions
3
votes
2 answers

preventing libpcap to capture the packets injected with pcap_inject()

currently thinking on a possibility to sniff at the same interface using only pcap and also inject the packets using pcap_inject. The thing can be solved easily using either: persistent checksum tracking /large slow map/, checksum tracking - until…
kagali-san
  • 2,964
  • 7
  • 48
  • 87
3
votes
1 answer

Find device address with libpcap

I am trying to find address of devices in my computer. So far i managed to get list of devices(with pcap_findalldevs) but i can`t figure out how to get to those addresses. I saw this manpage - http://www.tcpdump.org/pcap3_man.html where is written…
Pirozek
  • 1,250
  • 4
  • 16
  • 25
3
votes
1 answer

Conflicting types during libpcap compilation

I'm trying to compile libpcap with cross compilator arm-linux-gcc. When I run 'make' I get an error: ./pcap-linux.c:254:14: conflicting types for socklen_t /usr/arm-linux-gnueabi/include/unistd.h:275:21: note previous declaration of 'socklen_t'…
kmbm
  • 115
  • 2
  • 9
3
votes
3 answers

How to use the "pcap_lookupdev()" in libpcap?

The code cant find any device, I want to know what does pcap_lookupdev() do ? thanks #include int main(int argc, char *argv[]) { pcap_t *handle; char *dev;// = "eth0"; char errbuf[PCAP_ERRBUF_SIZE]; dev =…
why
  • 23,923
  • 29
  • 97
  • 142
3
votes
5 answers

How to distinguish between different type of packets in the same HTTPS traffic?

There's something that bothers me: I'd like to distinguish between a packet coming from Youtube and a packet coming from Wikipedia: they both travel on HTTPS and they both come from the port 443. Since they travel on HTTPS, their payload is not…
elmazzun
  • 1,066
  • 2
  • 18
  • 44
3
votes
2 answers

Ethernet adapter clock sync when capturing with tcpdump

Setup and observation I have a PC equipped with an Intel i350 T2 NIC where I would like to capture on both interfaces simultaneously using tcpdump. Both interfaces are connected to a 100mbit HUB (sic!) which forwards various traffic from an external…
Valentin
  • 31
  • 4
3
votes
3 answers

How do I make libpcap/pcap_loop non-blocking?

I'm currently using libpcap to sniff traffic in promiscuous mode int main() { // some stuff printf("Opening device: %s\n", devname.c_str()); handle = pcap_open_live(devname.c_str(), 65536 , 1 , 0 , errbuf); if (handle == NULL) …
Bob
  • 383
  • 1
  • 5
  • 16
3
votes
0 answers

Decrypt https with libpcap?

I am looking for a library or code snippet or general advice for decrypting https traffic from a browser, from the client point of view (no access to the server, but full access to the client). I know that firefox for example supports NSS, so that…
vylway
  • 31
  • 4
3
votes
1 answer

Libpcap API does not remove the filter

I am using lib-pcap library for installing/uninstalling the filters. For installing the pcap filter, i use pcap_compile followed by pcap_setfilter which works fine. and for uninstalling the filter, i use pcap_freecode but unfortunately, it does not…
Ashish
  • 31
  • 2
3
votes
2 answers

Extract files from packet payload

Libpcap helps to capture network packets and save them in '.pcap' files. I know how to do this but how to extract files from the payload? I want to analyze pcap file, extract files (maybe using 'magic numbers' ?), guess their extension and save…
ForceBru
  • 43,482
  • 10
  • 63
  • 98
3
votes
2 answers

packet handlers in different threads in pcap

I'm trying to work with pcap and want it to work in a way wherein once I receive a packet, I want that packet to be processed independently while my pcap_loop() stills sniffs on other incoming packets. This way I have my packet being processed and…
Akshay
  • 329
  • 1
  • 7
  • 19
3
votes
1 answer

network analyzer - handling captured pcap files

I'm about to write a program that analyzes network traffic. after searching for answers and not finding any on the net, a few questions: Capturing network traffic - I'm using the winpcap library for the analyzis. does the capture functionality…
Andrei
  • 31
  • 2
3
votes
1 answer

how to print flags in TCP header of raw packets using libpcap

sniffex.c is a program that is based on libpcap , to sniff and display some packet information. How do i modify it so as to print the values of TCP flags - urg , ack , psh , rst , syn and fin ? please help..
trinity
  • 10,394
  • 15
  • 49
  • 67
3
votes
1 answer

PCAP nanosecond resolution from Java

Context Current status For performance analysis, my company is interested in nanosecond resolution. So far, we have been using hardware timestamps and the support of nanoseconds was quickly hacked into the C libpcap library. It seems that the…
snooze92
  • 4,178
  • 2
  • 29
  • 38
3
votes
1 answer

How to store packet capture data (*.pcap) for analyzing

I have collected a few mb of network traffic and want to run analysis on it. The problem that i am facing is that i want to store it in a manner such that i can reduce the time complexity when i search it. The very first idea that i had in my mind…
thecreator232
  • 2,145
  • 1
  • 36
  • 51
1 2 3
53 54