Stack Overflow
Stack Overflow

Questions tagged [pcap]

pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. The pcap file format is a binary format, and is the de facto standard format for network packet capture.

pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. Unix-like systems implement pcap in the libpcap library; Windows uses a port of libpcap known as .

Source: Wikipedia

pcap also refers to the file format originally generated by the libpcap library. This binary format has become a de facto standard format for packet capture, and is now generated by other network analyzer tools, such as Wireshark.

Source: https://www.lesliesikos.com/pcap

1410 questions
5
votes
0 answers

Replaying pcap on loopback

I have a set of pcap files containing UDP traffic from two hosts, and have to perform some analysis on this traffic on a regular basis. Ideally, I would want to avoid having to frequently setup local interfaces with specific IPs and such to replay…
NewbiZ
  • 2,395
  • 2
  • 26
  • 40
5
votes
2 answers

How to Find TCP Retransmissions while sniffing packets in C

I've written a simple source file that can read pcap files using the libpcap library in C. I can parse the packets one by one and analyze them up to a point. I want to be able to deduce whether a TCP packet I parsed is a TCP retransmission or not.…
Konstantinos Zafeiris
  • 141
  • 2
  • 11
5
votes
1 answer

Find answer to tcp packet in PCAP with scapy

I parse pcap file with scapy python , and there is TCP packet in that pcap that I want to know what is the answer of this pcaket, How can I do that? For example : client and server TCP stream client-> server : "hi" server-> client : "how are…
paramikoooo
  • 177
  • 2
  • 16
5
votes
1 answer

TCP Server sends [ACK] followed by [PSH,ACK]

I am working on a high-performance TCP server, and I see the server not processing fast enough on and off when I pump high traffic using a TCP client. Upon close inspection, I see spikes in "delta time" on the TCP server. And, I see the server…
user2548514
  • 53
  • 1
  • 2
  • 4
5
votes
2 answers

How to convert integers to a hex string without the 0x (Julia 1.0)

I have an issue where I want to decode the MAC address of a pcap record and represent it as 4c:76:25:e9:78:42 from a UInt8 array. The array looks like this which is a part of the pcap record. UInt8[0x4c, 0x76, 0x25, 0xe9, 0x78, 0x42, 0xe0, 0x0e,…
Zak21
  • 63
  • 5
5
votes
2 answers

Find the max value of TTL in DNS Wireshark

I have pcap file which contains many DNS request and responses and i want to find the max value of ttl field from all of these packets for example: If my pcap packets are the following: DNS response ttl 1045 DNS response ttl 202 DNS response ttl…
Itay Braha
  • 536
  • 1
  • 7
  • 16
5
votes
1 answer

Efficiently convert Foreign.Ptr Word8 (or ByteString) to UArray Int Word8

I'm doing some Network capture with Network.Pcap (pcap) and plan to do some inspection using Net.PacketParsing (network-house). To do so, it looks like i have to put my packet parsing in either Pcap.Callback :: PktHdr -> Ptr Word8 -> IO () or…
trevor cook
  • 1,531
  • 8
  • 22
5
votes
2 answers

Gstreamer: RTP jitter buffer not working properly with packet loss?

For a VoIP speech quality monitoring application I need to compare an incoming RTP audio stream to a reference signal. For the signal comparison itself I use pre-existing, special-purpose tools. For the other parts (except packet capture) the…
paprika
  • 2,424
  • 26
  • 46
5
votes
3 answers

cmake: undefined reference to any pcap functions

I want to use pcap in my Clion project on linux. I installed libpcap-dev: sudo apt-get install libpcap-dev But then I try to compile any file, containing pcap functions like: #include #include int main(int argc, char *argv[]) { …
Egor Miroshnichenko
  • 53
  • 1
  • 3
5
votes
1 answer

Listening on two devices at once with libpcap

I am trying to listen on two devices with libpcap but I still cant find out how to do the trick. I tried to set device to "any" but it isnt working. I am trying to write dhcp relay agent so i need to listen on eth0 and eth1. I tried to create two…
Pirozek
  • 1,250
  • 4
  • 16
  • 25
5
votes
4 answers

Export raw packet bytes in tshark, tcpdump, or similar?

Context: I have a *.pcap file with many WLAN probe requests. My goal is to extract the WLAN management frame of each probe request as raw bytes (that is, no headers and no extra information - only the raw bytes like they were originally…
ctitze
  • 691
  • 2
  • 7
  • 17
5
votes
2 answers

How to improve scapy performance reading large files

I have to read and parse .pcap files that are too large to load into memory. I am currently using sniff in offline mode sniff(offline=file_in, prn=customAction, store=0) with a customAction function that looks roughly like…
deltap
  • 4,176
  • 7
  • 26
  • 35
5
votes
2 answers

Installing pypcap on Windows 10 python 2.7 (64 bit)

I'm trying to install pypcap from: https://github.com/dugsong/pypcap/blob/master/INSTALL#L75 I'm trying to install it on Windows 10 - 64 bit and python 2.7.11 64 bit. I downloaded the source and moved it to c:\pypcap. downloaded pyrex and installed…
MyNick
  • 536
  • 1
  • 9
  • 25
5
votes
3 answers

Where is a good place for a code review?

A few colleagues and I created a simple packet capturing application based on libpcap, GTK+ and sqlite as a project for a Networks Engineering course at our university. While it (mostly) works, I am trying to improve my programming skills and would…
Carlos Nunez
  • 2,047
  • 1
  • 18
  • 20
5
votes
3 answers

Decomposition of an IP header

I have to do a sniffer as an assignment for the security course. I am using C and the pcap library. I got everything working well (since I got a code from the internet and changed it). But I have some questions about the code. u_int ip_len =…
scatman
  • 14,109
  • 22
  • 70
  • 93
1 2 3
93 94