Stack Overflow
Stack Overflow

Questions tagged [pcap]

pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. The pcap file format is a binary format, and is the de facto standard format for network packet capture.

pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. Unix-like systems implement pcap in the libpcap library; Windows uses a port of libpcap known as .

Source: Wikipedia

pcap also refers to the file format originally generated by the libpcap library. This binary format has become a de facto standard format for packet capture, and is now generated by other network analyzer tools, such as Wireshark.

Source: https://www.lesliesikos.com/pcap

1410 questions
0
votes
2 answers

How to read multiple pcap files >2GB?

I am trying to parse large pcap files with libpcap but there is a file limitation so my files are separated at 2gb. I have 10 files of 2gb and I want to parse them at one shot. Is there a possibility to feed this data on an interface sequentially…
yoktur
0
votes
3 answers

How do I modify the destination MAC address in a packet?

I've a question related to a very basic thing in Perl, but I'm unable to find an efficient solution. Here's a bit of context first. I use Net::Pcap etc and when I'm in my function which processes packets (used by pcap_loop) I get a $packet scalar…
meik
  • 78
  • 1
  • 4
0
votes
1 answer

Android - parse network dump (pcap)

I am currently desperately looking for a possibility to parse tcpdump network dump files (tcpdump -w ) inside my android app. I really just need the parsing stuff - no sniffing. Does anyone knows a proper library or something else to parse such…
pinas
  • 2,708
  • 4
  • 21
  • 33
0
votes
1 answer

Understanding a function. pcap and BPF

In my attempt at making a TCP program that can recieve acks and create connections I came across this function in an example program: void *pth_capture_run(void *arg) { pcap_t *pd; char *filter = "dst host 172.17.14.90 and ip"; char *dev =…
youjustreadthis
  • 622
  • 3
  • 9
  • 24
0
votes
1 answer

How to plot packets vs seconds using pcap file

Using tshark I tried to generate a dat file. The following is the command that I used to generate the fields using tshark: $ C:\Program Files (x86)\Wireshark>tshark.exe -r "C:\swp-final-30.0.0.13.pcap" -T fields -e frame.number -e frame.time -e …
user128956
  • 123
  • 1
  • 14
0
votes
2 answers

Java pcap parser into ByteBuffer

So I used tcpdump to capture my UDP packets into a file. I now have my pcap file with my packets. Now I need: A Java program to open this file, parse it and place the packet contents, one at a time, into a ByteBuffer so my protocol parser can…
chrisapotek
  • 6,007
  • 14
  • 51
  • 85
0
votes
1 answer

Replay Pcap files like data

I want to record the handshake messages between server and client into the file and replay them later. For example, when I run s_server command with -debug option, I get some output like follows: read from 0x9482088 [0x948d518] (2064 bytes => 2064…
NLander
  • 35
  • 1
  • 4
0
votes
1 answer

Library to generate pcap-file from application logs

I have been looking at generation pcap-files myself, from application log-files. (I figured that Wireshark would be a good tool for analyzing how network traffic has bounced around in the system.) However, the believed simple task seems hard. I have…
leiflundgren
  • 2,876
  • 7
  • 35
  • 53
0
votes
1 answer

stop a tshark command when it finds the right packet

I have a Pcap file with a rather big size. I just want to read one packet in this file, for example, the 10th packet. I have a tshark command like this: tshark -r myfile.pcap frame.number == 10 -V The command will continue searching the entire…
Alice
  • 185
  • 1
  • 1
  • 5
0
votes
1 answer

SSH...Reading PCAP file to determine the IDle time and connection type of a SSH connection

I am develping a project in Python for analysing SSH. Curently i am stuck at two things: Determining the idle time of a connection (percentage of time when no data was transferred over the connection) Determining the connection type ( shell,…
Ragit
  • 125
  • 1
  • 7
0
votes
1 answer

Python Scapy and read a pcap in reverse mode

I'm reading a pcap file using the rdpcap function: s = rdpcap(pcap) I'd like to know how to reverse s: it should be a list, but I tried with: rev_s = s.reverse() and it doesn't work: it gives me the SyntaxError: invalid syntax error. Can anyone…
auino
  • 1,644
  • 5
  • 23
  • 43
0
votes
1 answer

Pcaprub Methods

I checked out pcaprub's documentation here I didn't see any methods to learn about at the documentation site. It is a very thin documentation! Where can I go to find Pcaprub's methods?
cj3kim
  • 196
  • 2
  • 17
0
votes
2 answers

given a pcap file, how to find if a src ip address is local or remote using jpcap

Given a pcap file, how can I find out which src ip addresses are local and which are remote using jpcap? Can any one guide me?
blackfyre
  • 2,549
  • 5
  • 39
  • 58
0
votes
1 answer

Getting logs out of wireshark pcap files

I converted the wireshark pcap file to a windows txt file using TShark's command tshark -V -r {file} Is the data contained inside the windows txt file converted from the wireshark's pcap file the log data? Or is there a better way to get logs out…
user1284808
  • 61
  • 2
  • 9
0
votes
1 answer

pcap_open_dead to simulate full UDP packets capture

Following up on my question about pcap file creation, I now would like to simulate the saving of a full UDP packet, including the Ethernet, IP and UDP headers. Which DLT_XXX type should I use? I believe pcap_dump() skips the Ethernet header when…
Robert Kubrick
  • 8,413
  • 13
  • 59
  • 91
1 2 3
93 94