Questions tagged [packet-capture]

is for questions about capturing packets of various protocols that are transmitted over a network.

A lot of computer network protocols transmit their contents in packets. Packet capture is the interception of these packets as they are moved over a network of some type.

A packet sniffer captures raw data traveling over a network segment and saves it to a file for analysis.

Software

A software sniffer can generally only capture network data either originating from or going to the computer running it, plus any "broadcast" messages, if the computer is connected to the network via a switch. If the computer is connected to the network via a router, it may be able to capture network data for any device on connected to the same router.

Hardware

A hardware packet sniffer is physically connected to the network by connecting it to a router or switch. Sometimes the router or switch has to be configured to allow the sniffer to capture traffic being routed through it; this is called port mirroring.

Analysis

The captured data can be analyzed by the software that captured it, or by a program specifically designed to analyze the network data.

See Also

Wikipedia Article on Packet Analyzers
The term packet sniffer is also common and can be considered a synonym.

659 questions

5

votes

0 answers

Listing active NDIS filters

I am performing a multilayer packet capture on Windows using the built-in NDIS capture service in order to determine where in the stack packets for my application are being dropped. When viewing the resulting ETL file in Microsoft Message Analyzer,…

windows powershell networking packet-capture ndis

asked Mar 20 '18 at 14:40

random7983405

87
1
3
11

5

votes

0 answers

Packet capture inside windows docker container

Is it possible to capture tcp packets inside a windows docker container? (using an image ultimately based on microsoft/windowsservercore) netsh trace start fails with The inbox capture driver could not be started…

docker tcp packet-capture windows-container

asked Jan 23 '18 at 15:22

Duncan

1,183
2
12
22

5

votes

4 answers

How do I programatically collect packets from passively sniffing?

I want to test the vulnerability of the server I just wrote against man in the middle attacks. How (on Mac OS X) do I analyze packets. (I'll be checking where they are going, pulling information from if they are heading to my server, and seeing…

java c++ macos packet-capture packet-sniffers

asked Sep 26 '10 at 16:31

NullVoxPopuli

61,906
73
206
352

5

votes

1 answer

Android VpnService forward packets

I want to use android's VpnService to capture packets filter them based off IP address. I can get the packets from the "tun" interface just fine but after that i'm not sure how to forward them to their original destination. Based off of the comments…

java android sockets tcp packet-capture

asked May 17 '16 at 04:25

TychoTheTaco

664
1
7
28

5

votes

0 answers

Fix for 'bytes missing in capture file' using rawcap?

I am using rawcap tcp capture tool for capturing localhost packets on windows. I have a huge stream flowing and there are multiple 'XXXX bytes missing in the capture file' in the captured file. How can I prevent this? How can I capture the…

tcp packet-capture packet-sniffers packet-loss

asked May 13 '16 at 06:37

Starfish

697
1
6
18

5

votes

1 answer

Parsing a TCP Packet data

I am trying to parse a tcp packet and then assign to a pointer to the start of the payload. I am using C and this is my code so far: void dump(const unsigned char *data, int length) { //*data contains the raw packet data unsigned int i; …

c tcp packet packet-capture packet-sniffers

asked Dec 04 '14 at 14:09

Yahya Uddin

26,997
35
140
231

5

votes

2 answers

What is happening when a TCP sequence number arrives that is not what is expected?

I am writing a program that uses libpcap to capture packets and reassemble a TCP stream. My program simply monitors the traffic and so I have no control over the reception and transmittal of packets. My program disregards all non TCP/IP traffic. …

c tcp libpcap packet-capture

asked Jul 31 '12 at 18:53

zero_dev

613
9
17

4

votes

2 answers

Establish direct peer-to-peer Wi-Fi communication between laptops

TL;DR available at the bottom I've been trying to figure out a way to get two laptops (both running Ubuntu) to be able to pass basic messages back and forth without the need for them to be connected via a wireless network,either by an AP or ad-hoc.…

c wifi packet-capture packet-sniffers raw-sockets

asked Mar 20 '12 at 20:38

Kaz

143
1
9

4

votes

2 answers

Creating a Packet Filter in C#/C++?

In the past I have written C++ plugins that detoured the recvfrom() function in Winsock and dropped/manipulated incoming traffic from the primary application. I now wish to write a stand-alone application that listens on all interfaces, reads…

c++ c#-4.0 windows-server-2008-r2 packet-capture windows-firewall

asked Mar 04 '12 at 14:11

user470760

4

votes

1 answer

Packet modification with netfilter queue?

I'm currently trying to use codes with libnetfilter_queue in userspace to modify packets that were queued in the NFQUEUE target in iptables. However I have little idea as to how to go about doing it. I have set it to copy the packet with…

packet packet-capture packets netfilter packet-mangling

asked Jul 19 '11 at 15:07

user849336

51
1
4

4

votes

6 answers

Deciphering Encoding: Packet Analysis Tools

I am looking for better tools than Wireshark for this. The problem with Wireshark is that it does not format the data layer (which is the only part I am looking at) cleanly for me to compare the different packets and attempt to understand the third…

encoding packet-capture packet-sniffers encryption

asked Feb 12 '09 at 14:35

Zombies

25,039
43
140
225

4

votes

1 answer

tshark packet capture filter by request url

I am trying to only capture packets that contain requests to a certain API endpoint so tried to filter using the following: tshark -i 2 -f 'port 80' -T pdml http.request.uri contains "/google/" However I keep getting the following error: tshark: A…

rest packet-capture tshark

asked Oct 03 '16 at 20:52

vbNewbie

3,291
15
71
155

4

votes

2 answers

How do I Control a Device’s Embedded Control Software in C# using HTTP?

I have a piece of hardware with an embedded user control accessed by typing the device's IP Address into a web browser. The device is connected directly to my PC via x-over ethernet cable and static IP's. I need to integrate the control of the…

c# http packet-capture embedded-control

asked Sep 16 '10 at 15:01

user441603

487
3
6
16

4

votes

3 answers

How to perform port mirroring in an AWS IAAS?

I have an EC2 instance, with 3 AWS instances on it. Now I want to be able to capture all the traffic(inbound and outbound) that goes to the 3 instances in one AWS instance (mirror the traffic to this instance). Real world networks: Use a TAP or…

amazon-web-services amazon-ec2 packet-capture

asked Nov 10 '15 at 15:59

deeks jain

41
1
4

4

votes

5 answers

Capture server-client communication with tcpdump

I wrote a simple server and client apps, where I can switch between TCP, DCCP and UDP protocols. The goal was to transfer a file from the one to the other and measure the traffic for each protocol, so I can compare them for different network setups…

c++ client-server communication packet-capture tcpdump

asked Jul 27 '10 at 09:19

stefita

1,785
2
20
35

Prev 1 2 3

…

43 44 Next