Stack Overflow
Stack Overflow

Questions tagged [pcap-ng]

The PCAP Next Generation Dump File Format (or pcapng for short) is an attempt to overcome the limitations of the currently widely used (but limited) libpcap format.

The PCAP Next Generation Dump File Format (or pcapng for short) is an attempt to overcome the limitations of the currently widely used (but limited) libpcap format.

30 questions
1
vote
1 answer

Is there a way to extract the WiFi protocol type from a PcapNG trace file?

I'm building a PcapNG parser (in Python) to analyse WiFi packets. I'd like to be able to display the link type (e.g., the protocol variant: 802.11b, 802.11a, 802.11g or 802.11n). However, reading the PcapNG format definition I see only the following…
boardrider
  • 5,882
  • 7
  • 49
  • 86
1
vote
2 answers

How To Extract RTP Packet Specific Fields From Wireshark Capture?

I have a PCAPNG file and I need to get the RTP packets from it. Specifically, one of my RTP packets looks like... Frame N: X bytes on wire... Ethernet II, Src: ... IPv4, Src: ... TCP, Src Port: rstp ... RTSP Interleaved Frame, Channel: 0x02, 163…
Lane
  • 685
  • 2
  • 10
  • 25
0
votes
0 answers

CICFlowmeter(pcap->csv) : TypeError: add_packet() missing 1 required positional argument: 'direction'

I am trying to convert pcapng to csv on a ubuntu 22 machine using CICFlowmeter : sudo cicflowmeter --file ../CSa.pcapng --csv CSaCSV.csv But getting the following issue : reading from file ../CSa.pcapng, link-type EN10MB (Ethernet) Exception in…
SpawN
  • 140
  • 11
0
votes
0 answers

Which rpm i need to download for pcapplusplus library?

getting error fatal error: SystemUtils.h: No such file or directory #include "SystemUtils.h" ^~~~~~~~~~~~~~~ Packet.h: No such file or directory #include "Packet.h" ^~~~~~~~~~ these are the rpm installed on my…
ABHISHEK JAISWAL
  • 1
  • 1
0
votes
0 answers

how to get sctp layer from the packet using pcapplusplus library?

// let's get the TCP layer pcpp::TcpLayer* tcpLayer = parsedPacket.getLayerOfType(); if (tcpLayer == NULL) { cout << "NO TCP LAYER" << endl; } else { // change source port tcpLayer->getTcpHeader()->portSrc =…
ABHISHEK JAISWAL
  • 1
  • 1
0
votes
1 answer

Failing at first hurdle using pcapng in python 3.8; unable to import FileScanner SOLVED I had one line too many

This is my first attempt at writing python code; I think I'm using 3.8.5. Ironically, I have many versions of python installed, and maybe that is where I'm going wrong. But I don't see it. Everywhere I look, the very first line of code I find is…
brewmanz
  • 1,181
  • 11
  • 17
0
votes
0 answers

How to check for legitmate documents on Wireshark from export of SMB and HTTP files

I'm wondering if there is any way to check for legitimate documents through exported Wireshark files from a .pcap capture. I cannot seem to find much information on partial files or coded files on the internet. I have a total of 1415 files, how…
Sean_K
  • 23
  • 4
0
votes
0 answers

Is there an alternative function other than rdpcap to read pcap files using scapy?

I am trying to read the pcap files using Scapy in Python. I have a set of pcap/pcapng files. Few of them work just fine when rdpcap is used. Few of them throw this error. Exception has occurred: OSError [Errno 22] Invalid argument I tried using…
EngGu
  • 459
  • 3
  • 14
0
votes
1 answer

PCAPNG : Relation b/w frame length (bytes) and Data length ( bytes)?

I have some PCAPNG file, one UDP packet has Frame length 187 Bytes (1496 bits) and Data length 472 Bytes. All other packets fame length is greater than data length. Please correct me if I'm wrong. My basic understanding is Frame length should be…
Karuppasamy K
  • 1
0
votes
3 answers

How Can I Parse a Pcapng File in C#?

I'm new to Pcapng files. I've read the 40+ page whitepaper and I'm still scratching my head and sweating. I understand that the Pcapng file is: Made up of a Section Header Block - This is the start of every Pcapng file. Question 1: How large is…
user11910061
0
votes
1 answer

How to read the interface name from a .pcapng file using tshark?

I am trying to run this tshark command : tshark -r $file -T fields -E separator=/t -e frame.number -e frame.time -e frame.protocols -e frame.len -e frame.interface_id -e frame.interface_name I get this warning : ** (process:30955): WARNING **:…
Rohit Rane
  • 2,790
  • 6
  • 25
  • 41
0
votes
0 answers

Unable to extract video from pcapng, saved wireshark files

I'm trying to extract/save video from live video streaming using wireshark. I'm able to store/get rtmpt data packets however, I'm unable to extract video from those data packets... Is there any way to extract video from pcapng files? Can I directly…
Alvi
  • 3
  • 4
0
votes
1 answer

Storing Timestamps as two 32 bit words (pcapng format)

I am generating PCAPNG files of packets that I capture. Everything seems to work fine, except for the timestamp of each packet being invalid. Simply put, I store the timestamp in a bytebuffer along with all the other data and write it to a file.…
Simon Langhoff
  • 1,395
  • 3
  • 18
  • 28
0
votes
1 answer

How to print PCAPNG metadata in Python?

I'm attempting my first Python program and could use a little help. My script on github I need a way to print the metadata in a PCAPNG file. I want to print the application and version, OS, and interface for starters. The Section Header Block and…
jonschipp
  • 781
  • 2
  • 9
  • 21
0
votes
2 answers

Build libpcap for Python 2.7.x in windows 7

I've tried several different things and crawled around on lots of forums looking for an answer to this question. My goal is to simply parse through a wireshark .pcap-ng trace file using Python. From what I can gather, it seems like I need a libpcap…
Kyte
  • 834
  • 2
  • 12
  • 27
1
2