Stack Overflow
Stack Overflow

Questions tagged [pcap]

pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. The pcap file format is a binary format, and is the de facto standard format for network packet capture.

pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. Unix-like systems implement pcap in the libpcap library; Windows uses a port of libpcap known as .

Source: Wikipedia

pcap also refers to the file format originally generated by the libpcap library. This binary format has become a de facto standard format for packet capture, and is now generated by other network analyzer tools, such as Wireshark.

Source: https://www.lesliesikos.com/pcap

1410 questions
0
votes
1 answer

pass pcap_stat struct to pcap_stats in python with ctypes

I am using libpcap via ctypes in python. I've written a little wrapper, so I can access the pcap functions more convenient. For e.g. pcap_geterr it looks like # char *pcap_geterr(pcap_t *p); geterr = _pcap.pcap_geterr geterr.argtypes =…
Cravid
  • 653
  • 2
  • 7
  • 22
0
votes
2 answers

Valgrind errors with pcap initialization

I am trying to use Valgrind on FreeBSD and running into some issues. Here is the output ==4764== Memcheck, a memory error detector ==4764== Copyright (C) 2002-2012, and GNU GPL'd, by Julian Seward et al. ==4764== Using Valgrind-3.8.0 and LibVEX;…
Derek
  • 11,715
  • 32
  • 127
  • 228
0
votes
1 answer

Filter a PCAP file from packet ISO/OSI layer

I need to split a PCAP file in two different files: the first one should include all (and only) the packets directed to the application layer of the ISO/OSI model, while the second one includes all the other ones. I'm using Scapy to apply the…
auino
  • 1,644
  • 5
  • 23
  • 43
0
votes
1 answer

Read .enc or other capture file formats in Scapy Python

I am currently working with Scapy and encounter the error: NameError: global name 'Scapy_Exception' is not defined I have 2 options: To either catch the error and convert the capture file into pcap on the fly using: tshark -F libpcap -w
krish7919
  • 892
  • 2
  • 13
  • 30
0
votes
1 answer

Opening TCP dump files using pcap libraries

I want to read through a tcp dump file and print out the packet lengths and their start and end time or just time stamps. I know that pcap libraries can do this. But I could not find a concrete example of opening a dump file and processing it for…
P basak
  • 4,874
  • 11
  • 40
  • 63
0
votes
1 answer

Why doesn't wireshark recognize the http text in my tcp request?

I'm trying to send http data over a custom made pcap.net based tcp client. Normally, when I send request via browser, in wireshark it looks like this: However, when I send the same data over TCP myself, in wireshark the request looks like…
Arsen Zahray
  • 24,367
  • 48
  • 131
  • 224
0
votes
2 answers

My HTTP server's output is apparently invalid. How do I debug it?

Background: I have a custom HTTP server written in Erlang to stream stuff to an iPad app. I was using NSURLConnection - the standard high-level Apple way to consume HTTP content. However I was having problems with small chunks of data being buffered…
Max
  • 2,760
  • 1
  • 28
  • 47
0
votes
2 answers

Reading Packet Data With libpcap

I'm working with pcap to monitor http requests and responses. I've setup pcap_loop and I'm getting packets in my callback function but I don't know how to read packets content. this is my callback function: void got_packet(u_char *args, const struct…
Abcd Efg
  • 2,146
  • 23
  • 41
0
votes
1 answer

Find Active Internet Connection Using libpcap Mac

I'm trying to monitor packets for current active internet connection using pcaplib. But I'm not sure how can I find current active internet connection. I know pcap_findalldevs() will return list of available net devices. but user might use en0, en1…
Abcd Efg
  • 2,146
  • 23
  • 41
0
votes
1 answer

Socket read with pcap

I have a socket bound to a NIC that I am using to capture packets in a pcap_loop. I have a separate process running that eventually does a "read" on that same device, but only after a unix local pipe is ready to be read. Is it correct to say that…
Derek
  • 11,715
  • 32
  • 127
  • 228
0
votes
3 answers

How do I get the sender IP address from a packet in a PCAP file?

I am most likely missing something here, but the PCAP specification does not show the sender IP address and PORT of the packet captured. Is there a way that I can know who sent the packet in the PCAP…
chrisapotek
  • 6,007
  • 14
  • 51
  • 85
0
votes
1 answer

Google protocol buffer for parsing Text and Binary protocol messages in network trace (PCAP)

I want to parse application layer protocols from network trace using Google protocol buffer and replay the trace (I am using python). I need suggestions to automatically generate protocol message description (in .proto file) from a network trace. …
user1667320
  • 1
  • 1
0
votes
2 answers

PCAP Alternatives

Are there any alternatives to PCAP DLL for capturing packets, that are not drivers?
webby
0
votes
1 answer

C - Cannot set pcap filter. function not working properly

When I try to run this function it runs into a wall at the second if statement and printing: cannot set pcap filter: ip dest host 92.40.255.82 ��z]$ (note the odd symbols at the end). I suspect the error lies in the bpf_program filterprog but…
youjustreadthis
  • 622
  • 3
  • 9
  • 24
0
votes
1 answer

Detect port scan

I want to detect if there was a port scan done by analyzing a pcap file. I can't understand the correct algorithm . Will be like be like one source ip mapping to different IP ?Will that be consider as port scanning ? Will appreciate if you could…
Aj.
  • 25
  • 1
  • 4
1 2 3
93 94