Questions tagged [packet-capture]

is for questions about capturing packets of various protocols that are transmitted over a network.

A lot of computer network protocols transmit their contents in packets. Packet capture is the interception of these packets as they are moved over a network of some type.

A packet sniffer captures raw data traveling over a network segment and saves it to a file for analysis.

Software

A software sniffer can generally only capture network data either originating from or going to the computer running it, plus any "broadcast" messages, if the computer is connected to the network via a switch. If the computer is connected to the network via a router, it may be able to capture network data for any device on connected to the same router.

Hardware

A hardware packet sniffer is physically connected to the network by connecting it to a router or switch. Sometimes the router or switch has to be configured to allow the sniffer to capture traffic being routed through it; this is called port mirroring.

Analysis

The captured data can be analyzed by the software that captured it, or by a program specifically designed to analyze the network data.

See Also

Wikipedia Article on Packet Analyzers
The term packet sniffer is also common and can be considered a synonym.

659 questions

0

votes

0 answers

problems using wireshark capture local files opened in browser

I have a xml doc saved locally, I want to generate a pcap file from the xml doc. I tried doing this by opening wireshark, tailor the capture for the Ethernet interface and then start capturing, I then open the document in my web browser. This…

protocols wireshark pcap packet-capture packet-sniffers

asked Apr 11 '17 at 10:57

manic bubble

147
1
3
13

0

votes

2 answers

pcap only picking up on new connections

I wrote a very simple C program to do a packet capture using pcap. Thing is, it only picks up on a small subset of my network activity. (I think the pattern is that it only picks up on new TCP connections.) For instance, it picks up on a bunch of…

c pcap packet-capture packet-sniffers

asked Dec 01 '10 at 23:50

ktm5124

11,861
21
74
119

0

votes

1 answer

Modify packet's payload in pcap

So I have to generate some specific pcap files with one packet in each. I have followings options: 1) I can modify the payload of an existing pcap file that I have (I'm not successful in this even after spending hours googling about it. Headers can…

network-programming wireshark pcap packet-capture tshark

asked Apr 02 '17 at 07:38

Scissor

153
2
14

0

votes

1 answer

How to stop subsequent packets after returning NF_DROP with netfilter?

To block some URLs, with netfilter's NF_INET_LOCAL_OUT chain, when I return NF_DROP for some packets, I am getting multiple packets for same request. I want to stop subsequent packets to avoid unwanted process of blocking same URL. Is there any…

c linux-kernel packet-capture packet-sniffers netfilter

asked Feb 23 '17 at 14:15

Nitinkumar Ambekar

969
20
39

0

votes

1 answer

How to parse captured data using logstash?

I have an elk stack used with cyberoam, and I want to parse this message with logstash can you help me please: "<30>date=2017-02-19 time=21:59:15 timezone=\"IST\" device_name=\"CR200iNG\" device_id=C20313272882-BQ2EUG log_id=010302602002…

logstash packet-capture

asked Feb 19 '17 at 17:34

user136591

1
3

0

votes

0 answers

C# capture process network traffic

Can anyone point me in the right direction for some examples or docs which would help create a program that monitors the processes on a local host and gathers as much information about them if they are caught trying to communicate with a given URL…

c# windows networking process packet-capture

asked Feb 04 '17 at 02:36

chryscrz

1
1

0

votes

1 answer

Write my own packet monitor

I am using an application called Splunk, which has 2 layers of data processing on separate systems. I can connect to both systems via putty and directly logging into the GUI. Archiecture of the system attached I want to monitor the output port on…

java port packet-capture

asked Jan 30 '17 at 17:40

Divya Dutta

7
5

0

votes

1 answer

Trying to understand packets captured with tcpdump

So I have intercepted a packet being sent from my android device to an apps server. I want to understand what my phone is sending to the server. I have rooted the phone, and install tcpdump on it. I have used adb shell to run: tcpdump -n -i wlan0 -w…

tcpdump packet-capture packet-sniffers

asked Jan 06 '17 at 05:34

Matt Gardner

527
1
5
12

0

votes

1 answer

Unrelated packets in TCP communication capturing results

I am using Wireshark to capture TCP communication packets in my experiment (using Mininet Simulation). The experiment involves a client (10.0.0.2) who requests HTTP page from the server (10.0.0.1). The following screenshot shows the capturing number…

http tcp wireshark packet-capture pdu

asked Dec 12 '16 at 19:32

Frank

25
6

0

votes

0 answers

How to filter packets seen on unnumbered eth then dump raw filtered stream out another eth without using iptables

I can capture packets using tcpdump OK as the source eth1 port is connected to a cisco switch span port, and filter using tcpdump options (at this stage interested in DNS packets to and from a particualar IP only). Rather than writing to a file, I…

packet-capture packet-sniffers packet-injection

asked Nov 17 '16 at 03:35

NZDave

1
2

0

votes

1 answer

Parsing a PCAP file - Why does this packet header timestamp contains SOH \01?

I'm extracting the first 4 bytes from a pcap packet header, which should represent a quantity of seconds. Here they are, in order of appearance in the ByteStream (I'm using Haskell): \192 (192) \166 (166) x (120) SOH (01) (Start of…

haskell pcap packet-capture packet-sniffers packets

asked Nov 09 '16 at 12:09

paperduck

1,175
1
16
26

0

votes

1 answer

Tcpdump - counting outgoing and incoming ump packets

Is it possible with tcpdump to count (for some set up time) the number of outgoing and incoming UDP packets? I don't have much experience in tcpdump, so an advice how to do that would be very helpful. I read that a timeout commend is good if I…

sockets udp timeout tcpdump packet-capture

asked Nov 02 '16 at 21:54

Ziva

3,181
15
48
80

0

votes

1 answer

Capture a websites objects in separate pcap files

A website usually consists of multiple objects (e.g. text file, a few png files etc.), I would like to know if there's a tool that can capture the individual requests/responses in different pcap files? So for example if I browse to…

wireshark pcap packet-capture packet-sniffers network-traffic

asked Sep 12 '16 at 20:44

tiajuana6

27
7

0

votes

0 answers

How to count the HTTP request and response packet on dedicate URL on AWS cloudfront

A few days ago we migrate our one of web server to AWS cloudfront, we want to calculate how many request and response packet from client when they open the web server URL since AWS will count number of request and response packet, is it Wireshark…

httprequest httpresponse wireshark amazon-cloudfront packet-capture

asked Sep 12 '16 at 09:39

user2302406

15
4

0

votes

1 answer

How to manipulate packet and write to pcap file using pcap4j

I want to get through a pcap file and go to each packet. Then get IP Address and manipulate it. In the end, I'm going to write it into a new pcap file. I use pcap4j version 1.6.4 and below is how I get the Source IP Address: String fname =…

pcap libpcap packet-capture packet-sniffers

asked Jul 11 '16 at 09:15

Mojtaba Yousefi

626
1
9
27

Prev 1 2 3

…

43 44 Next