Stack Overflow
Stack Overflow

Questions tagged [pcap]

pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. The pcap file format is a binary format, and is the de facto standard format for network packet capture.

pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. Unix-like systems implement pcap in the libpcap library; Windows uses a port of libpcap known as .

Source: Wikipedia

pcap also refers to the file format originally generated by the libpcap library. This binary format has become a de facto standard format for packet capture, and is now generated by other network analyzer tools, such as Wireshark.

Source: https://www.lesliesikos.com/pcap

1410 questions
8
votes
2 answers

why pcap_setfilter did not take effect

I'm using libpcap as lib to write a C program for catching up coming IPs. my code snippet as following: struct bpf_program filter; pcap_compile(pcap_handle, &filter, "icmp[icmptype]=0 and '(dst 16.11.26.100 or dst 16.11.27.100)'", 1,…
Jack
  • 5,540
  • 13
  • 65
  • 113
8
votes
4 answers

time difference between two packets in wireshark

I want to calculate the time difference between the time from sending the packet, to getting its ACK back. I do not see any timestamp related information in the packet, could anyone give me any pointers as to how I can compute the difference.
Ashrip
  • 81
  • 1
  • 1
  • 2
8
votes
3 answers

Is there a way to programatically export files using Wireshark's facilities?

I am trying to automate a repetitive manual process for which I use WireShark: 1) Load a given pcap file 2) Apply a simple filter for a given protocol 3) Use the export dialog box to export the displayed packets to CSV file 4) Use the export dialog…
Uri
  • 88,451
  • 51
  • 221
  • 321
8
votes
2 answers

convert txt packet data to pcap format to open it by Wireshark

Hi I am working on application where I have to read live packets from network work on it. And display it in sophisticated way. But problem is I have packet but it is in text file, so to open it by Wireshark I have to convert it in .pcap…
Aniket
  • 2,204
  • 5
  • 34
  • 51
8
votes
4 answers

Scapy and rdpcap function

I'm using rdpcap function of Scapy to read a PCAP file. I also use the module described in a link to HTTP support in Scapy which is needed in my case, as I have to retrieve all the HTTP requests and responses and their related packets. I noticed…
auino
  • 1,644
  • 5
  • 23
  • 43
7
votes
3 answers

Parsing pcap files with dpkt (Python)

I'm trying to parse a previously-captured trace for HTTP headers using the dpkt module: import dpkt import sys f=file(sys.argv[1],"rb") pcap=dpkt.pcap.Reader(f) for ts, buf in pcap: eth=dpkt.ethernet.Ethernet(buf) ip=eth.data …
Leif
  • 177
  • 1
  • 5
  • 17
7
votes
2 answers

pip install pcapy cannot open include file 'pcap.h'

I tried to install pcapy using pip install pcapy, but I encoutered an error stating that the file pcap.h does not exist as following: Installing collected packages: pcapy Running setup.py install for pcapy ... error Complete output from…
Skiller Dz
  • 897
  • 10
  • 17
7
votes
0 answers

How to extract payload information and inbound/outbound ratio of packets from a pcap file?

I have a very large pcap file and I am looking to create a script to give me (in addition to the attributes that wireshark gives me), the payload and inbound/outbound ration of packets. I was thinking to use something like this below but I am not…
user3755632
  • 381
  • 1
  • 2
  • 20
7
votes
1 answer

iterate through pcap file packet for packet using python/scapy

I want to iterate through a pcap file packet for packet using python/scapy. The file has multiple protocols. Current the iteration is protocol-specific, so the iteration makes a "jump" if the next packet is from another protocol. I don't know why it…
crappidy
  • 377
  • 1
  • 5
  • 16
7
votes
2 answers

Writing to a pcap with scapy

I'm trying to write to a pcap file once I filter out all NBNS traffic. This is giving me a syntax error. from scapy.all import * Capture = raw_input("Enter file path of pcap file: " ) pcap = rdpcap(Capture) ports=137 filtered = (pkt for pkt in…
Julie Brady
  • 79
  • 1
  • 1
  • 2
7
votes
2 answers

Java PCAP file parser library

I'm looking for a fast way to parse PCAP file packets. I'm currently using jNetPcap like so: Pcap pcap = Pcap.openOffline(file, errbuf); pcap.loop(10, jpacketHandler, "jNetPcap rocks!"); But it is pretty slow, is there any other good Java libraries…
Amir Rossert
  • 1,003
  • 2
  • 13
  • 33
7
votes
6 answers

How to read .cap files other than Pyshark that is faster than Scapy's rdpcap ()?

I have been looking for a way to get 802.11 Packets from a .cap file into an Array. So far I have found: Scapy: which is kind of nice, documentation available, but too slow, when I try to open a file with size > 40 Mb, I just keeps hanging on until…
MrNoober
  • 133
  • 1
  • 1
  • 11
7
votes
1 answer

dpkt invalid tcpdump header error

I am getting ValueError: Invalid tcpdump header error for below code. Any help appreciated import dpkt f = open('a.pcap') pcap = dpkt.pcap.Reader(f) for ts, buf in pcap: eth = dpkt.ethernet.Ethernet(buf) ip = eth.data tcp = ip.data if…
CorpusCallosum
  • 179
  • 1
  • 1
  • 10
7
votes
1 answer

Get IP addresses from PCAP file in scapy

Is there a smart and fast way to get all IP addresses from a PCAP file? I need only (destination address, source address) tuples. Currently I'm using Scapy's rdpcap function like this: from scapy.all import * pcap = rdpcap('file.pcap') ips =…
reox
  • 5,036
  • 11
  • 53
  • 98
7
votes
1 answer

Scapy PcapReader and packets time

I'm reading a PCAP file using Scapy using a script such as the (semplified) following one: #! /usr/bin/env python from scapy.all import * # ... myreader = PcapReader(myinputfile) for p in myreader: pkt = p.payload print pkt.time In this…
auino
  • 1,644
  • 5
  • 23
  • 43
1 2
3
93 94