Questions tagged [packet-capture]

is for questions about capturing packets of various protocols that are transmitted over a network.

A lot of computer network protocols transmit their contents in packets. Packet capture is the interception of these packets as they are moved over a network of some type.

A packet sniffer captures raw data traveling over a network segment and saves it to a file for analysis.

Software

A software sniffer can generally only capture network data either originating from or going to the computer running it, plus any "broadcast" messages, if the computer is connected to the network via a switch. If the computer is connected to the network via a router, it may be able to capture network data for any device on connected to the same router.

Hardware

A hardware packet sniffer is physically connected to the network by connecting it to a router or switch. Sometimes the router or switch has to be configured to allow the sniffer to capture traffic being routed through it; this is called port mirroring.

Analysis

The captured data can be analyzed by the software that captured it, or by a program specifically designed to analyze the network data.

See Also

  • Wikipedia Article on Packet Analyzers
  • The term packet sniffer is also common and can be considered a synonym.
659 questions
4
votes
0 answers

Dropwatch reports drop in ip_rcv

I have a network capture device running CentOS 7 that receives SPAN traffic from a core switch. Unfortunately, the kernel is dropping some packets (about ~0,05%). I installed dropwatch to investigate this issue and it reports drops in…
mcjoy
  • 41
  • 2
4
votes
2 answers

libpcap and wireless signal capture

I am trying to write a c++ app (linux) that would capture a wireless packet along with the associated Signal strength (in dBm). The capturing part is easy but the problem is I can't find any documentation on how to get the signal strength for each…
Sean D
  • 356
  • 5
  • 20
4
votes
0 answers

SSLdump can't decrypt pcap trace

I'm trying to decrypt my tls pcap trace using ssldump and it doesn't work, but I'm able to do it in wireshark, providing correct keys and certificates (so I supposed they don't have any problem). I'm asking if someone has a tested ssl trace to share…
Mark
  • 43
  • 5
4
votes
3 answers

Is there a way to save a reassembled TCP in Wireshark

I am trying so sniff a multi-part POST request using Wireshark. When viewing the capture I can select "Reassembled TCP" which looks to contain the header and all the data in the transmission. However I can't seem to select the entire thing to save…
QueueHammer
  • 10,515
  • 12
  • 67
  • 91
4
votes
1 answer

Python Packet Sniffing / Packet Capture - pcapy not capturing packets

I have my wireless interface in monitor mode, and I'm able to successfully sniff network packets and analyze them with Wireshark. I've been trying to implement something similar with pcapy and impacket. It looks as if pcapy is not capturing the same…
Jordan Messina
  • 1,511
  • 1
  • 16
  • 25
4
votes
1 answer

Save raw binary payload only using tcpdump

How can I capture traffic with tcpdump and only save the full payload (application layer data, no tcp/ip headers) in a raw binary format?
user3207230
  • 587
  • 7
  • 16
4
votes
1 answer

Android VpnService, packets forwarding

I'm creating application based on ToyVPN to capture tcp/udp packets. After i get outgoing packets in my apllication i would like to forward them to original destination. I have managed to get destination ip and port from headers but i have no idea…
user2087932
  • 128
  • 2
  • 9
4
votes
1 answer

Time difference between two packets using Radiotap header MAC timestamp

I am trying to parse MAC timestamp fields of radiotap headers of 802.11 packets captured on monitor mode. TSFT field of radiotap header is 64bit value in microseconds. Raw hex value is highlighted below. The MAC timestamp value is represented in…
dorsalfin
  • 85
  • 1
  • 1
  • 13
4
votes
3 answers

which language is better for packet capturing and processing

I want to write a program that has 2 threads , one thread continuously captures packets from the network and dumps them in a buffer every t seconds and the other thread continuously reads this buffer and processes it every t seconds.. Can this be…
trinity
  • 10,394
  • 15
  • 49
  • 67
4
votes
3 answers

How to see webpage content (as a whole) sent to user with wireshark

I use my pc as the wifi hotspot, and connect other devices to it. Then with wireshark, I can see the packets sending/receiving on a specific device, but how can I see the complete webpage that the device is viewing instead of separate packets?
Arch1tect
  • 4,128
  • 10
  • 48
  • 69
4
votes
1 answer

localhost icmp packet found in capture file: why?

Here's my tcpdump filter (ip[8] is the IP ttl field and icmp[0]=11 corresponds to time-exceeded ICMP messages): (ip and ip[8]=2 and src host $myIPAddress) or (icmp and dst host $myIPAddress and icmp[0]=11) And here's what I found in the capture…
Ricky Robinson
  • 21,798
  • 42
  • 129
  • 185
4
votes
4 answers

Finding the direction of packets while sniffing

I want to have a list of source IP addresses of an interface outbound traffic. How could I find the direction of a packet whether it's inbound or outbound reading traffic using libpcap? I don't know the subnet information of either side. And there…
Yasser
  • 376
  • 5
  • 13
4
votes
3 answers

Reading outgoing packets from selected process

Is it possible to read outgoing packets from selected process in C#? If yes, what api should I use? Thanks in advance.
Charlie Hopperson
  • 415
  • 1
  • 9
  • 23
4
votes
2 answers

IEEE 1394/Firewire sniffers?

Does anybody know any software (for win7 or winXP) that will allow me to capture or simply see data transferred between Firewire device and Application. I wish to see data streams between my (ASIO) audio interface that works on firewire and my…
bierkof
  • 49
  • 2
3
votes
0 answers

Replay UDP Packet Capture

I have a UDP packet capture which I captured using wireshark on network N1. This capture contains packets going from Port 4000 on IP address IP1 to Port 4000 on IP address IP2. I am now replaying these packets using Colasoft Packet Player on…
inspectorG4dget
  • 110,290
  • 27
  • 149
  • 241