Questions tagged [packet-capture]

is for questions about capturing packets of various protocols that are transmitted over a network.

A lot of computer network protocols transmit their contents in packets. Packet capture is the interception of these packets as they are moved over a network of some type.

A packet sniffer captures raw data traveling over a network segment and saves it to a file for analysis.

Software

A software sniffer can generally only capture network data either originating from or going to the computer running it, plus any "broadcast" messages, if the computer is connected to the network via a switch. If the computer is connected to the network via a router, it may be able to capture network data for any device on connected to the same router.

Hardware

A hardware packet sniffer is physically connected to the network by connecting it to a router or switch. Sometimes the router or switch has to be configured to allow the sniffer to capture traffic being routed through it; this is called port mirroring.

Analysis

The captured data can be analyzed by the software that captured it, or by a program specifically designed to analyze the network data.

See Also

Wikipedia Article on Packet Analyzers
The term packet sniffer is also common and can be considered a synonym.

659 questions

1

vote

0 answers

Python - Convert Application Layer Info Into IP Layer Info

In Python, I have all the information about a web request that I can get, by intercepting and blocking a web request. I have the URL, the URL of the site requested the next URL, Get/Post, navigation type, resource type, etc..., in a dictionary…

python httprequest packet-capture

asked Dec 26 '19 at 15:55

SamG101

488
1
7
18

1

vote

0 answers

Why does tcpdump on the loopback interface only capture half the packets received by the filter?

I am trying to understand why when using tcpdump on the loopback interface, only half of the packets received by the filter are captured. But when I run the exact same traffic and do tcpdump on the eth0 interface all the traffic is captured. In…

loopback tcpdump packet-capture

asked Dec 06 '19 at 14:46

Dave

244
2
16

1

vote

1 answer

Who bears the responsibility for dealing with client ephemeral port reuse after power loss?

We have clients that, on startup, map an smb share on a FreeNAS server. We've noticed that after a power loss, they sometimes have an issue connecting to the smb share. After a bit of debugging and packet capture, it appears the problem is that the…

tcp smb packet-capture winpe

asked Sep 03 '19 at 21:00

aggieNick02

2,557
2
23
36

1

vote

1 answer

Sniffing TCP packets of an android device on local network

I am writing a packet sniffer using C# and PcapDotNet, I've successfully implemented the feature and I was able to capture all the TCP packets from my laptop, the problem is if I target my android device I get no packets at all, I am a beginner at…

c# packet packet-sniffers packet-capture packetdotnet

asked Jul 02 '19 at 09:18

HMZ

2,949
1
19
30

1

vote

0 answers

Using wireshark, is it possible to capture the parameters of a sql prepared statement?

I'm debugging an issue where I'm running a query against an oracle database and not getting a response. More specifically the query will run forever unless I set a timeout, in which case it will timeout. The query is a prepared statement created by…

java jdbc prepared-statement wireshark packet-capture

asked Jun 17 '19 at 11:28

Øyvind Strømmen

31
6

1

vote

3 answers

Convert HEX to ASCII, data from GPS tracker

I have just bought a GPS Tracker, it can send SMS to cellphone just fine. It also supports reporting to a server via GPRS. I have setup the device to contact my own server on port 8123, it's a FreeBSD server and i have checked that i recieve packets…

php tcp gps packet-capture

asked Apr 12 '11 at 09:00

Phliplip

3,582
2
25
42

1

vote

1 answer

Reading an incoming/received Lora frame with I-Cube End-node sample code

I'm using the ST I-Cube End-node sample code (in C) embedded on the B-L072Z-LRWAN1 discovery kit board and transmitting a LoRaWAN packet to my End-node device. I'm seeing that the packet has been received by the end device because it prints:…

stm32 packet packet-capture lorawan

asked May 27 '19 at 13:28

shahar zidon

127
2
8

1

vote

4 answers

How does wireshark interpret the order of bytes?

I'm working with the 802.11 radiotap header making my own parser and it states the packet format is this where the length is 2 bytes long: In wireshark the hex of the header is this where the 2 bytes 19 00 are the length field, but wireshark…

c wireshark libpcap packet-capture wifi

asked May 07 '19 at 20:08

Crizly

971
1
12
33

1

vote

2 answers

Is there a way to determine all base64 encoded traffic to/from a large packet capture?

I have a large (8GB) packet capture (.pcap) that has generated a number of Snort alerts. I suspect that some data may have been exfiltrated while encoded. Is there an easy way to determine if anything has gone out as Base64 encoded without having…

networking wireshark packet pcap packet-capture

asked Apr 12 '19 at 13:56

user3440278

33
1
4

1

vote

0 answers

Catching layer 2 packets using scapy and nfqueue

I am trying to create packet sniffer which can modify some packets (using Netfilter Queue and Scapy). Firstly my script adds iptable rule iptables -t raw -A PREROUTING -j NFQUEUE --queue-num 1. Secondly I am creating queue with custom handler import…

python iptables scapy packet-capture netfilter

asked Feb 02 '19 at 12:32

ventaquil

2,780
3
23
48

1

vote

1 answer

Is it possible to apply a read filter on a .pcap file using tshark based on the interface?

Can I do something like : tshark -r filename.pcap -R -i wan0 ? Where filename.pcap is the packet capture file being analysed and wan0 is the interface for which I need to apply the filter?

wireshark pcap packet-capture tshark

asked Jan 17 '19 at 06:13

Rohit Rane

2,790
6
25
41

1

vote

0 answers

Why is [ACK] sent after [FIN,ACK] in wireshark packet tracer?

I am using packettracer for the first time to capture and analyze the packets. I created a Apache2 webserver and created a html webpage and then opened it on browser by hosting this page. I analyzed the packets but couldn't understand the part…

wireshark packet-capture

asked Oct 04 '18 at 16:38

asn

2,408
5
23
37

1

vote

1 answer

Extracting Packet payload length

I captured some Internet packets via Wireshark, now i want to extract the payload length only from the total length of the packet Using PYTHON. I can get the full length of the packet using pkt.length or pkt.captured_length. But i didn't find any…

python wireshark packet-capture payload

asked Jul 11 '18 at 06:55

faiz

115
1
10

1

vote

0 answers

TCP response with RST, ACK

My unit is supposed to send CSR request to a CA server and get the new certificate. When checked packets captured via Wireshark, TCP packet is sent with SYN but received RST,ACK. When tried to identify the root cause for this, I see many…

tcp packet-capture

asked Jul 06 '18 at 12:05

Ravi

239
2
14

1

vote

0 answers

Jpcap crashes when trying to open device

I use Jpcap in order to create ARP requests but when calling the method JpcapCaptor.openDevice(interface,snaplen,promisc,to_ms);, I get the following error : java.lang.NoSuchMethodError: setPacketValue at jpcap.JpcapCaptor.nativeOpenLive(Native…

java packet-capture jpcap

asked Jun 25 '18 at 19:41

GoldenBolt

51
8

Prev 1 2 3

…

43 44 Next