Questions tagged [packet-capture]

is for questions about capturing packets of various protocols that are transmitted over a network.

A lot of computer network protocols transmit their contents in packets. Packet capture is the interception of these packets as they are moved over a network of some type.

A packet sniffer captures raw data traveling over a network segment and saves it to a file for analysis.

Software

A software sniffer can generally only capture network data either originating from or going to the computer running it, plus any "broadcast" messages, if the computer is connected to the network via a switch. If the computer is connected to the network via a router, it may be able to capture network data for any device on connected to the same router.

Hardware

A hardware packet sniffer is physically connected to the network by connecting it to a router or switch. Sometimes the router or switch has to be configured to allow the sniffer to capture traffic being routed through it; this is called port mirroring.

Analysis

The captured data can be analyzed by the software that captured it, or by a program specifically designed to analyze the network data.

See Also

Wikipedia Article on Packet Analyzers
The term packet sniffer is also common and can be considered a synonym.

659 questions

2

votes

1 answer

Does capturing outgoing frames using linux raw socket require ETH_P_ALL

On Linux (2.6.39 kernel), using raw sockets, I'm trying to receive all the multicast frames that are sent out by the system itself. I created a raw socket socket(AF_PACKET, SOCK_RAW, htons(ETH_P_IP));, and was reading the frames from the socket,…

linux packet-capture raw-sockets

asked Jan 01 '14 at 02:05

Pawel Veselov

3,996
7
44
62

2

votes

6 answers

writing a http sniffer

I would like to write a program to extract the URLs of websites visited by a system (an IP address) through packet capture.. I think this URL will come in the data section ( ie not in any of the headers - ethernet / ip / tcp-udp ).. ( Such programs…

http url network-programming packet-capture packet-sniffers

asked Jan 15 '10 at 16:38

trinity

10,394
15
49
67

2

votes

1 answer

Using a linked list with counters for packet sniffing in C

I've been reading online and watching demo vids on how to use linked lists in C, and have a somewhat basic understanding of them now. Apologies in advance as my experience of C is both rusty and limited. I have an open source packet sniffer in C…

c linked-list packet-capture

asked Dec 16 '13 at 13:15

user3107379

23
3

2

votes

1 answer

how to solve errors like ‘struct iphdr’ has no member named ‘daddr’

I ran a program ( the link is - http://www.security-freak.net/raw-sockets/sniffer_eth_ip_tcp.c ) in my fedora core 5. On compilation , i get the following errors : [root@localhost ~]# gcc sniffer_eth_ip_tcp.c In file included from…

c linux fedora packet-capture packet-sniffers

asked Jan 09 '10 at 19:43

trinity

10,394
15
49
67

2

votes

2 answers

How to filter wireshark to display only packets between a server and a client?

I am new to wireshark and trying to write simple filters. What i am trying to do is the following: I want to write a filter so that only the packets between my computer and a specified server appear in the packets pane. Here is what i…

wireshark packet-capture wireshark-dissector

asked Nov 24 '13 at 20:08

yrazlik

10,411
33
99
165

2

votes

2 answers

intercepting network data from a particular program

im looking for a way to detect, and capture data being sent TO and FROM a specific program, ive attempted to use something like wireshark but it all seems to be a bunch of nonsense to me, so i was wondering if anybody could help me get the data,…

networking packet-capture

asked Jan 06 '10 at 16:34

Nick

21
1

2

votes

2 answers

Listening on Virtual Interface

My objective is to create a to create a virtual wireless interface and to attach a listener on that interface. I am trying to do this using a C program. So far I have been able to create the virtual interface by the following methods : Using the…

c networking wireless packet-capture tun

asked Nov 09 '13 at 07:15

Aditya Pawade

866
9
19

2

votes

1 answer

add builder.addRoute("0.0.0.0",0) causing the packets not to be routed to destination

I'm new to android development and I'm trying to capture packets in android. When I add builder.addRoute("0.0.0.0",0) to my code , it's helping me capture packets, but those packets are not being routed to there destination. Did anyone come across…

android packet packet-capture

asked Sep 09 '13 at 00:49

Yogi

21
3

2

votes

1 answer

How to capture packets off other machine?

I want to capture packets from other computers on my network. I have 3 computers in total on same SSID and I want to capture packets off these 2 other computer. How to? I have tried using wireshark but it only shows packets that being sent to/from…

networking wireshark packet-capture packet-sniffers

asked Jul 29 '13 at 23:55

user2632160

21
1
3

2

votes

1 answer

Packet sniffer only detects sent packets

I have been working on a packet sniffer just for fun/education and it's been going quite well. The problem that I'm having is that the only packets appearing in recvfrom() are SENT packets i.e. packets with my IP as their source IP and not my WAN IP…

c++ type-conversion signed packet-capture unsigned-char

asked Jul 03 '13 at 23:06

Robert

119
8

2

votes

1 answer

How to decode and play back rtp captured packets using Wireshark?

I have captured packets of RTP in Wireshark The captured packets are of .mp3, and now how should I decode these packets, so that I can play them back again in any player? Is there a way to decode these captured packets, either it be audio or video…

wireshark rtp packet-capture packet-sniffers decoder

asked Nov 05 '12 at 07:04

c-vang

61
1
2
14

2

votes

1 answer

how to display flowid alongwith frame number for each packet of a pcap using tshark/wireshark

Is there any concept of flow id in tshark ? When i searched for filters, i found out that tcp.stream exists but its equivalent for udp i.e udp.stream doesn't exist. When i open a pcap, by default it shows the frame number, ip addresses, info etc. In…

wireshark pcap packet-capture wireshark-dissector tshark

asked Oct 20 '12 at 09:03

mezda

3,537
6
30
37

2

votes

2 answers

Any good .net packet sniffers around?

I am looking for one to use from my c# application. Anyone knows a free one?

c# .net vb.net packet-capture packet-sniffers

asked Aug 13 '09 at 09:34

devoured elysium

101,373
131
340
557

2

votes

2 answers

Remove duplicated packets using jnetpcap

I have an application in Java that analyses .pcap files using jnetpcap library. I need to remove all the duplicated, retransmitted and out-of-order packets. Is there any way I can use the jnetpcap library to do that? At least to remove the…

java networking packet-capture packet-sniffers jnetpcap

asked Aug 05 '12 at 18:00

user1454263

131
1
6

2

votes

2 answers

Efficient Searching Algorithm for Capture File

I am currently developing a tool in java that will help track and interpret data being sent across an ethernet connection. I have already successfully developed both the packet sniffer and the packet data interpreter. I run into a problem when…

java algorithm search packet-capture jpcap

asked Jun 19 '12 at 19:35

Rob Wagner

4,391
15
24

Prev 1 2 3

…

43 44 Next