Stack Overflow
Stack Overflow

Questions tagged [pcap]

pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. The pcap file format is a binary format, and is the de facto standard format for network packet capture.

pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. Unix-like systems implement pcap in the libpcap library; Windows uses a port of libpcap known as .

Source: Wikipedia

pcap also refers to the file format originally generated by the libpcap library. This binary format has become a de facto standard format for packet capture, and is now generated by other network analyzer tools, such as Wireshark.

Source: https://www.lesliesikos.com/pcap

1410 questions
5
votes
1 answer

Pcap Dropping Packets

// Open the ethernet adapter handle = pcap_open_live("eth0", 65356, 1, 0, errbuf); // Make sure it opens correctly if(handle == NULL) { printf("Couldn't open device : %s\n", errbuf); exit(1); } // Compile filter if(pcap_compile(handle,…
John Smith
  • 53
  • 2
  • 7
5
votes
3 answers

Convert pcap <-> pcap-ng, pcap-ng tools/libraries

I'm looking for some information about pcap-ng. What is the difference between pcap-ng and pcap? Is there any tool/library for pcap-ng? How to convert pcap to pcap-ng and pcap-ng to pcap?
akuzma
  • 1,592
  • 6
  • 22
  • 49
5
votes
1 answer

Extracting domain name from a DNS Response packet using dpkt library

I'm trying to generate a list of all domain names and their corresponding IP addresses from a pcap file, using dpkt library available here My code is mostly based on this filename = raw_input('Type filename of pcap file (without extention): ') path…
Matan
  • 111
  • 1
  • 6
5
votes
3 answers

Sniffer with libpcap on Mac OS X in C

I was trying to create my own sniffer (ONLY FOR FUN), and I work on a Mac. I'm using libpcap, which is a very good library for sniffing. So, I used this simple sniffer, which sniffs 5 packets: (It is written in C) #include #include…
jndok
  • 909
  • 3
  • 14
  • 28
5
votes
1 answer

How to derive KDD99 Features from DARPA pcap file?

I have worked recently with the DARPA network traffic packets and the derived version of it used in KDD99 for intrusion detection evaluation. Excuse my limited domain knowledge in computer networks, I could only derive 9 features from the DARPA…
amaatouq
  • 2,297
  • 5
  • 29
  • 50
5
votes
2 answers

802.11 FCS (CRC32)

Is the below code correctly calculating the FCS value of wireless 802.11 frames? Because the value produced by the below code does not match the value shown by wireshark. const uint32_t crctable[] = { 0x00000000L, 0x77073096L, 0xee0e612cL,…
bengaluriga
  • 319
  • 2
  • 5
  • 9
5
votes
1 answer

wireshark network topology

Does anyone know of a programme that can take a wireshark (pcap) trace and turn it into a visual network topology? I have 3 pcap files with "ALOT" of data and I really want to see if I can make sense of some things. I played with things like…
G Gr
  • 6,030
  • 20
  • 91
  • 184
5
votes
2 answers

Capturing packets with nodejs on windows

node.js v0.8.0 , XP / WIN7 (not Cygwin) google and found node_pcap ( https://github.com/mranney/node_pcap ) but it only support osx and linux. is there any module for windows? thanks. .
atian25
  • 4,166
  • 8
  • 37
  • 60
4
votes
3 answers

How can I open a pcap-ng file in C#

Up to now I have been using WinPcap to open pcap files in C#: [DllImport("wpcap.dll", CallingConvention = CallingConvention.Cdecl, CharSet = CharSet.Ansi)] private extern static IntPtr pcap_open_offline(string fname, byte[] errbuf); Now I want to…
pedro.lupin
  • 77
  • 1
  • 5
4
votes
1 answer

How to install PCAP for ruby on Windows

This must be a relatively newb question but I am still stuck. I know there is a simple solution to this. I've done some googling but could not find an exact answer. Here is the error I get... C:\Ruby193\include\ruby-1.9.1\i386-mingw32>gem install…
Beaon
  • 347
  • 1
  • 4
  • 16
4
votes
1 answer

Confused by libcap (pcap) and wireless

Background: I'm teaching myself about packet sniffing. I run a very simple server in one shell, telnet to it from another, then try different methods to sniff on traffic. When I use raw sockets (IPPROTO_TCP), I capture what I send fine. I capture…
gnometorule
  • 2,151
  • 2
  • 20
  • 29
4
votes
1 answer

Reassembling fragments in a PCAP file

We have largish (100 MiB-3 GiB) PCAP files that have huge UDP datagrams that are heavily fragmented, and we need to process them in Python, preferably datagram-by-datagram without reading everything into memory first, due to the potential size of…
Vercingatorix
  • 1,838
  • 1
  • 13
  • 22
4
votes
2 answers

Get HID report Descriptor from .pcap file

I am building a C++ app on windows that should reinterpret USB data stream captured by Wireshark and USBPCap stored into a .pcap file. I am currently having trouble to get HID Report descriptor, so then i would be able to interpret data that mouse…
Peter
  • 57
  • 1
  • 7
4
votes
2 answers

Can I use pcap library for receiving ipv6 packets?

I am trying to convert hping3 to hping6. hping3 uses Pcap library to receive IPv4 packets. But I need to receive IPv6 packets.
Adi
  • 1,589
  • 3
  • 19
  • 27
4
votes
1 answer

Does recv remove packets from pcaps buffer?

Say there are two programs running on a computer (for the sake of simplification, the only user programs running on linux) one of which calls recv(), and one of which is using pcap to detect incoming packets. A packet arrives, and it is detected by…
Benubird
  • 18,551
  • 27
  • 90
  • 141
1 2 3
93 94