Questions tagged [packet-capture]

is for questions about capturing packets of various protocols that are transmitted over a network.

A lot of computer network protocols transmit their contents in packets. Packet capture is the interception of these packets as they are moved over a network of some type.

A packet sniffer captures raw data traveling over a network segment and saves it to a file for analysis.

Software

A software sniffer can generally only capture network data either originating from or going to the computer running it, plus any "broadcast" messages, if the computer is connected to the network via a switch. If the computer is connected to the network via a router, it may be able to capture network data for any device on connected to the same router.

Hardware

A hardware packet sniffer is physically connected to the network by connecting it to a router or switch. Sometimes the router or switch has to be configured to allow the sniffer to capture traffic being routed through it; this is called port mirroring.

Analysis

The captured data can be analyzed by the software that captured it, or by a program specifically designed to analyze the network data.

See Also

Wikipedia Article on Packet Analyzers
The term packet sniffer is also common and can be considered a synonym.

659 questions

1

vote

0 answers

Problems making a "proxy" for Android with VPNService

For some reason I can't understand, when I'm parsing the buffer values, I almost never get the version as 4 (which would be the default for IPv4), and most of the time I get some random value like 10 or 0 instead. The same is true with the protocol,…

android kotlin packet packet-capture android-vpn-service

asked Oct 28 '22 at 20:28

DiaDeTedio

31
2

1

vote

2 answers

Which .NET library / wrapper do you recommend for sniffing packets?

As far as I understand all sniffing libraries in .NET just a wrapper around WinpCap, which is OK. If you know any other better option please write as answer. Have you used any of them? Which one is the best according to your experience? I'm only…

.net packet-capture winpcap sniffing

asked Apr 12 '09 at 16:35

dr. evil

26,944
33
131
201

1

vote

1 answer

Using text2pcap (or equivilent) to merge multiple plain text packets into one pcap

I'm trying to merge multiple plain text packets into one large pcap file. I have been using text2pcap on each individual text file, then using mergecap on all the pcaps to create my final output. However, that's really slow, as it involves writing…

packet wireshark packet-capture tshark

asked Sep 08 '11 at 19:53

lightstrike

954
2
15
31

1

vote

2 answers

How to Convert Packet to TcpPacket?

I'm using PacketDotNet to resolving captured packets. In PacketDotNet0.12.0, it provides a method called GetEncapsulated. TcpPacket tcppacket = TcpPacket.GetEncapsulated(this.packet); But now, I have to update PacketDotNet from version 0.12.0 to…

c# packet-capture sharppcap packetdotnet

asked Aug 10 '22 at 07:03

Frank Zheng

23
4

1

vote

1 answer

How to determine how fast scapy can sniff packets

So I'm quite deep into this monitoring implementation, and I'm curious as to how to calculate the theoretical maximum it can handle. I know python is not the most efficient language, and I'm honestly not too worried about missing a packet here or…

python python-3.x scapy packet-sniffers packet-capture

asked May 30 '22 at 18:50

Nick Kaminsky

11
2

1

vote

2 answers

Azure Functions Collect Network Trace for a Linux app

TL;DR: What can I do to capture packets when the "Collect Network Trace" facility is not available? I have an Azure Function App running on a linux app service plan, which is seeing some issues with TCP connection resets. To debug the issue I would…

azure azure-functions tcpdump packet-capture

asked Apr 27 '22 at 10:23

Khior

1,244
1
10
20

1

vote

1 answer

How to intercept IP packets going to the kernel Linux

I need to create a TCP session "manually", without using the connect() function. I have tried to use RAW sockets. But in this case, I only get copies of the incoming IP packets. The original incoming packets slip through to the kernel and it…

sockets tcp linux-kernel packet-capture

asked Mar 17 '22 at 20:45

asdo

13
4

1

vote

1 answer

Starting remote virtual interface (rvictl) on MacBook for packet trace of iPhone is failing without error

I am hoping for tips troubleshooting why rvictl is not working on my MacBook Pro. Running rvictl -s yields Starting device 000****0-0****5****D****E [FAILED] without telling me why it is failing or giving an error message. I have identified…

packet packet-sniffers packet-capture ios15 xcode13

asked Feb 13 '22 at 22:57

J. Alex Whitman

61
4

1

vote

0 answers

Questions of wireshark packet capturing(promiscuous vs monitor mode)

After setting up promiscuous mode on my wlan card, I started capturing packets with wireshark. But only broadcast packets or packets destined to my localhost were captured. I cannot find the reason why. Also, after changing to monitor mode, captured…

wifi wireshark packet-capture

asked Jan 30 '22 at 13:33

Chrome Google

13
2

1

vote

3 answers

piping to awk hangs

I am trying to pipe tshark output to awk. The tshark command works fine on its own, and when piped to other programs such as cat, it works fine (real time printing of output). However, when piped to awk, it hangs and nothing happens. sudo tshark -i…

awk packet-capture piping tshark

asked Aug 06 '11 at 03:18

Kevin

4,070
4
45
67

1

vote

1 answer

read data from PCAP and print details when conditions met

I have assignment to Read packets from a file and output the details of those packets having. Do not fragment(DF) flag set for IP header and SYN and ACK flags set (together) for TCP header (all the three flags should be set). For packets qualifying…

pcap tcpdump packet-capture

asked Oct 09 '21 at 11:10

pooja sankpal

11
1

1

vote

0 answers

Capture Postgresql Trafic to replay it on another database

In order to check if a new version of the database (in staging) react the same way (or better) than the production database, I would like to capture all requests execute on production server, .. to replay them on the staging database. Is there a…

postgresql packet-capture mirroring

asked Aug 09 '21 at 16:16

Enialis

173
1
9

1

vote

1 answer

tshark: not able to apply filter while saving the captured packet

We had a command which used to work with previous version of wireshark (1) but does not working with latest version (1.6.1) "C:\Program Files\Wireshark\tshark.exe" -i \Device\NPF_{282F8D86-F9CC-4575-8F20-7E9F5B04BB89} -l -q -R "h245" -S -T pdml …

networking cygwin wireshark packet-capture tshark

asked Jul 29 '11 at 08:59

rpg

1,632
2
18
34

1

vote

1 answer

Getting data from nfq_get_payload

When I use 'nfq_get_payload(nfqData, &data);' and then print 'data', all I get are E's, is there something else that I should be doing to get the payload? ret = nfq_get_payload(nfqData, &data); if (ret >= 0) …

network-programming packet packet-capture packets netfilter

asked Jul 18 '11 at 04:13

user849336

51
1
4

1

vote

0 answers

How can I run a packet capture on an unrooted phone that I can call through Java

How can I run a packet capture on an unrooted phone that I can call through Java. Specifically I want to be able to run the packet capture command using Runtime.getRuntime().exec(command). I set up termshark using termux but I am unable to access…

java android permission-denied packet-capture

asked Mar 01 '21 at 16:38

user15307812

11
1

Prev 1 2 3

…

43 44 Next