Questions tagged [pcap]

pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. The pcap file format is a binary format, and is the de facto standard format for network packet capture.

pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. Unix-like systems implement pcap in the libpcap library; Windows uses a port of libpcap known as winpcap.

Source: Wikipedia

pcap also refers to the file format originally generated by the libpcap library. This binary format has become a de facto standard format for packet capture, and is now generated by other network analyzer tools, such as Wireshark.

Source: https://www.lesliesikos.com/pcap

1410 questions

votes

3 answers

How to prevent Windows from sending RST packet when trying to connect to somebody via Pcap.net?

I'm trying to use Pcap.Net to open a tcp connection. I'm sending following package: The server is responding with: After this, Windows on its own sends the reset packet: Why is this happening, and how do I block this behavior? I'm doing this on…

windows sockets tcp pcap pcap.net

asked Oct 22 '12 at 09:24

Arsen Zahray

24,367
48
131
224

votes

1 answer

Issue in pcap_set_buffer_size()

#include #include #include #define BUFFER_SIZE 65535 char errbuf[PCAP_ERRBUF_SIZE]; int main(int argc, char **argv) { int d; pcap_if_t *alldevsp; pcap_t *pkt_handle; …

c linux pcap libpcap

asked Jul 09 '12 at 14:41

bengaluriga

votes

2 answers

Creating a pcap file

I need to save UDP packets to a file and would like to use the pcap format to reuse the various tools available (wireshark, tcpdump, ...). There are some information in this thread but I can't find how to write the global file header 'struct…

c linux udp pcap libpcap

asked Apr 11 '12 at 20:44

Robert Kubrick

8,413
13
59
91

votes

7 answers

How to stream pcap file to RTP/RTCP stream?

I have captured three different stream as pcap file with meta datas. How can I stream back to RTP/RTCP stream?

stream rtp pcap rtcp

asked May 20 '11 at 15:06

Swaminathan

votes

1 answer

How to write PCAP capture file header?

Without using libpcap I am trying to write a log file that adheres to the pcap file format (format). This file needs to be readable by WireShark. So far I've written this in C++: struct pcapFileHeader { uint32_t magic_number; /* magic number…

c++ logging wireshark pcap libpcap

asked Mar 08 '11 at 19:49

Scott

votes

1 answer

Continuously feeding pcap files to tshark/wireshark

I have pcap files continuously generated to me. It want to continuously feed them to a "ever-running" tshark/wireshark. Here is what I have tried (OSX) mkfifo tsharkin tail -f -c +0 tsharkin | tshark -l -i - > tsharkout 2>stderr & cat file1.pcap >…

wireshark pcap sniffing tshark

asked Nov 11 '16 at 10:42

Per Steffensen

votes

2 answers

Get first and last times from pcap file with Wireshark command line tools (like tshark)

I have a huge collection of PCAP files, some of which have been "touched" since they were captured. This means the system timestamp on the file may not equate to the time of the data capture. Additionally, most of the files are autosaves from…

wireshark pcap epoch tshark

asked Sep 13 '16 at 19:58

Trashman

1,424
18
27

votes

2 answers

How to remove Ethernet layer from a pcap file?

I have a pcap captured with Wireshark. Is there any function in Wireshark that will strip Ethernet layer from the result? Or any command line tool to do it?

ethernet wireshark pcap

asked Oct 06 '10 at 08:00

mcv

votes

2 answers

Sniffing wifi using libpcap in monitor mode

Problem Statement Calling pcap_activate() results in PCAP_ERR_RFMON_NOTSUP error, i.e. RF monitor mode is not supported. Context I'm writing small C program whose job is to listen on my laptop's wifi card in monitor mode. The laptop is running…

wifi pcap libpcap

asked Mar 21 '14 at 20:43

user108879

votes

1 answer

Detect ARP poisoning using scapy

I have captured some traffic and stored on a .pcap file. In there, an ARP poisoning attack occured. Is there a way of detecting the attacker's IP and MAC adress and victim's IP and MAC adress using scapy in a python script?

python pcap scapy arp

asked Nov 30 '13 at 14:02

Dimitris S

votes

4 answers

How to send pcap file packets on NIC?

I have some network traffic captured pcap file and want to send its packets on NIC; is it possible? Is there any application to do this?

network-programming packet-capture pcap

asked Dec 23 '09 at 15:05

salman

1,966
3
15
18

votes

3 answers

pcap files and endianness

Running the file command against a pcap file will print out something along the lines of - $ file pcap.pcap pcap.pcap: tcpdump capture file (little-endian) - version 2.4 .... I've been looking for a way to create a big-endian capture file, or…

endianness pcap libpcap tcpdump

asked Feb 20 '13 at 20:47

RyPeck

7,830
3
38
58

votes

2 answers

RawCap sniffer results in empty pcap file

So... I'm attempting to use RawCap to capture traffic to localhost When I run rawcap, it reports packets in the cmd prompt - but the dump file is always empty. Any ideas (I've tried running with admin privs)

pcap packet-capture

asked Jan 17 '13 at 20:42

iasksillyquestions

5,558
12
53
75

votes

2 answers

"Replay" tcpdump file

I am writing a program for analyzing certain type of packets. I got the dump file containing test packets in tcpdump format. is there any way to send this dump into one of the interfaces? I thought tcpdump would be able to do this on its own…

c networking network-programming pcap tcpdump

asked Dec 07 '11 at 08:48

Blackie123

1,271
4
16
22

votes

4 answers

How to capture traffic from multiple interfaces using pcap

In order to sniff from multiple interfaces using pcap, I would do the following (in pseudocode): foreach interface: open a file descriptor using pcap_open_live() set the file descriptor to non-blocking while true: check for a ready file…

c linux interface pcap

asked Oct 27 '11 at 14:00

ziu

2,634
2
24
39

Prev 1 2 3

…

93 94 Next