Stack Overflow
Stack Overflow

Questions tagged [pcap]

pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. The pcap file format is a binary format, and is the de facto standard format for network packet capture.

pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. Unix-like systems implement pcap in the libpcap library; Windows uses a port of libpcap known as .

Source: Wikipedia

pcap also refers to the file format originally generated by the libpcap library. This binary format has become a de facto standard format for packet capture, and is now generated by other network analyzer tools, such as Wireshark.

Source: https://www.lesliesikos.com/pcap

1410 questions
-1
votes
1 answer

How do I use Windump using Cuckoo in Windows10

When I analyze a file using Cuckoo These error I have. File "c:\python27\lib\site-packages\cuckoo\auxiliary\sniffer.py", line 157, in stop (out, err, faq("permission-denied-for-tcpdump")) CuckooOperationalError: Error running tcpdump to sniff…
Sang_Hyeop
  • 3
  • 4
-1
votes
1 answer

How to split a PCAP file based off time column with editcap?

I have a PCAP file I exported from wireshark that's rather large. The PCAP looks as follows: No. Time Source Destination Protocol Length Info 1 0 192.168.100.180 8.8.8.8 DNS 95 Standard query 0xf948 A detectportal.firefox.com OPT 2 …
skhan59
  • 21
  • 3
-1
votes
2 answers

Can I Submit Data-In-Memory to pcap_loop()?

Using this link as a guide, I’ve written a C program which writes a PCAP file to disk. The PCAP contains complete Ethernet/IP/TCP packets, with payload. And after my program is done, I can manually read the generated PCAP files in Wireshark, so I…
Pete
  • 1,511
  • 2
  • 26
  • 49
-1
votes
1 answer

how to extract the pcap time field using python and I need to find the time difference between 2 frames

I am trying to extract the time field from the PCAP file using the python and I need to find the time difference between 2 frames in the PCAP file thank you!
shalini Ragothaman
  • 7
  • 4
-1
votes
1 answer

Print only the final value of incremented integer in Python

I have this code in Python where I increment an integer every time I find a specific packet. I want to print in the end the final value of the integer, but python prints me all the values that the integer takes during the incrementation. I have…
Alesio
  • 19
  • 2
-1
votes
1 answer

Convert pcap text file to csv in Bash

The content in the text files have the following formats: |1=X1|2=Y1|3=K1|4=J1|5=S1| |1=X2|3=K2|4=J2|5=S2| |1=X3|2=Y3|4=J3|5=S3| ... So sometimes it appears there are missing data and what we want is a csv file like the…
jjtonyho
  • 1
  • 1
-1
votes
1 answer

It is possible to find what application was listening on a TCP/IP port from "pcap" file?

With winpcap or libpcap I can find the port. But how do I know which app was listening to the port while the package was received? Thank in advance
Avremi
  • 3
  • 3
-1
votes
1 answer

Offline PCAP to Jmeter JMX

Dears, Any Idea of an offline replacement to https://converter.blazemeter.com/ to convert a PCAP to JMeter JMX. As the PCAP contains sensitive data that we can not upload online. I need an inhouse tool Thanks
Zam
  • 1
  • 1
-1
votes
1 answer

Unable to understand the packet header format of BR/EDR packets in Wireshark

I am trying to create a BR/EDR header and verifying with the Wireshark using the Link-Header type (255) of PCAP dump. As per the Bluetooth core specification: Bit ordering for BR/EDR packets is LSB first format. Refer: Bluetooth core specification…
Prasanth Kumar Arisetti
  • 697
  • 2
  • 10
  • 33
-1
votes
1 answer

Good library for TCP reassembly

What are some good libraries for doing TCP reassembly? I have some pcap files (too large to handle using wireshark) and I want to do TCP reassembly. Development of libnids seems to have stopped. I'm wondering if anybody could give
Tianyang Li
  • 1,755
  • 5
  • 26
  • 42
-1
votes
1 answer

How to extract media.type from a PCAP using tshark?

I have a pcap file and that contain some http media.type (pdf) . I can able to export media type from wireshark gui. I tried tshark -r run.pcap -T fields -e media.type > sample.raw but no result. Please help me to figure out the issue .
James Arems
  • 87
  • 3
  • 11
-1
votes
1 answer

Multiple pcap files to csv files

i have a folder that contain a thousands of pcap files, and i want to convert each pcap file into a csv file Example: convert 1.pcap to 1.csv convert 2.pcap to 2.csv convert 3.pcap to 3.csv .bat file: @echo off set "cap_files=*.cap" set…
Phd student
  • 25
  • 1
  • 1
  • 8
-1
votes
3 answers

Why does a double pointer argument have to be declared as single pointer an passed as &var to the function?

Why does a double pointer argument have to be declared as a single pointer and passed as &var to the function? I was wondering why I can't just declare a double pointer then pass it to a function, instead I first have to declare the pointer being…
anon
-1
votes
1 answer

How to parse many pcap files in C or python

I have the problem that I want to parse 10,000 pcap files to analize 10 packets wrote in each file, I'd like to know some issues like the time between each packet was sent and the message wrote in each packet. The thing is i have no idea on how to…
Rodolfo Heron
  • 11
  • 3
-1
votes
1 answer

How I can grant permission for Pcap library in Windows 10 from C#?

I use SharpPcap library for realise GOOSE protocol listener (EtherType = 0x88B8). It works well, but only if I run Wireshark in parallel, otherwise my program does not catch GOOSE packets. SharpPcap examples also don't capture GOOSE packets while…
Papayaved
  • 103
  • 1
  • 1
  • 11
1 2 3
93 94