Stack Overflow
Stack Overflow

Questions tagged [pcap]

pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. The pcap file format is a binary format, and is the de facto standard format for network packet capture.

pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. Unix-like systems implement pcap in the libpcap library; Windows uses a port of libpcap known as .

Source: Wikipedia

pcap also refers to the file format originally generated by the libpcap library. This binary format has become a de facto standard format for packet capture, and is now generated by other network analyzer tools, such as Wireshark.

Source: https://www.lesliesikos.com/pcap

1410 questions
-1
votes
1 answer

PCAP headers, obtaining UDP info

I'm trying to get the UDP information from a packet capture and I'm confused where that info lies. I know the Ethernet Header is 14 bytes and the IPv6 header is 40 bytes. Also, the UDP source port is the first 2 bytes in the UDP header. Therefore,…
Mike1982
  • 439
  • 10
  • 26
-1
votes
2 answers

How to extract source ip and host address from a pcap file into a .csv file? Any ideas on a way to do it?

tshark -r example.pcap -Y http.request -T fields -e http.host -e ip.dst -e http.request.full_uri I tried using this command however it just gives me source ip. I need to make sure i get source ip and destination ip so i can list out the websites…
John
  • 1
  • 1
-1
votes
1 answer

PCAP does't work in CLion

For my assignment I need to run the C/C++ code with the libpcap. I'm using CLion 1.2. When I try to run the test code, I get the messages undefined reference to 'pcap_open_offline' undefined reference to 'pcap_next' Here is the code #include…
alexcool
  • 3
  • 2
-1
votes
1 answer

how to edit a pcap file by using lua

I can read any field from a pcap file by using lua script.I want to edit some fields,for example,the ack numbers and ip address.Can lua script handler this and how?
peter
  • 17
  • 1
-1
votes
1 answer

IP Packet from pcap file shows wrong length

I am writing a pcap file in c++ without using libpcap library. The packet structures are correct. But I see that the length of IP Packet is wrong, and hencec the rest of the protocols are not shown. Error is shown in the attached 'pcap file error…
AswathyPrasad
  • 353
  • 4
  • 12
-1
votes
1 answer

Parsing http session in python

I have a pcap with many tcp/http sessions. I would like to be able to handle each session as an object. Ideally, i could see all the requests in the sessions (get, post ...) and all of the responses to these requests. Each request and response will…
t0m9er
  • 143
  • 2
  • 11
-1
votes
1 answer

network traffic packet enumeration with tshark

Although it sounds easy, I cannot find an answer around.. I just need to enumerate certain packets in a certain pcap file (with tshark). e.g.: how many packets are ipv6.ack? how many packets are udp? and tshark has to print just a number...
George Violettas
  • 334
  • 1
  • 14
-1
votes
1 answer

Anyone know any HTTP chat clints

I am setting up a .pcap file to give as a training challenge. So I want the basic idea to be to find messages sent from host A to host B, and I need a HTTP/or some sort of insecure local chat client, so the messages won't be encrypted in the .pcap…
Rob Geraghty
  • 116
  • 9
-1
votes
2 answers

command-line flow-based pcap file viewr tools

I need some command-line tool which prints a captured pcap file flow-based as follows: src-ip src-port dst-ip dst-port protocol(tcp/udp) duration number-of-packet now, I use captcp it is perfect,but it has a main problem: it hasn't been designed for…
Mohammad Reza
  • 66
  • 5
-1
votes
1 answer

Using pcap to parse through a trace file?

I'm currently learning about TCP and packets. I'm working in the C programming language, and I understand how the pcap library can be used to sniff traffic on my computer. But can pcap be used to parse and read through a trace file as well? I need…
Vimzy
  • 1,871
  • 8
  • 30
  • 56
-1
votes
1 answer

How to get tcpdump to include layer 3 and 4 for packet size?

I use the command below to get inter arrival time of packets and length of packets: tcpdump -r example.pcap -n -ttt > result.txt The result is something like this: 00:00:00.000545 IP src-ip.52871 > dst-ip.39461: Flags [P.], seq 1:69, ack 1, win…
amin.2014
  • 11
  • 2
  • 6
-1
votes
1 answer

Libpcap radio tap packets

I'm trying to capture and process 802.11 traffic in monitor mode. I'm able to catch it with tcpdump but I'm not able to process it with libpcap. I would need to pass then all packets to deep packet inspection method which is working great with…
Maciej Bielski
  • 129
  • 1
  • 4
-1
votes
1 answer

How i can convert pcap files to txt files in Android?

I capture traffic using tcpdump, and save file in .pcap format. How can I convert this file to a plain text file, like Wireshark does?
Miguel Freitas
  • 3
  • 4
-1
votes
1 answer

How can I get the number of flows, the flows and the packets per flow from a .pcap file?

I'm working with big .pcap packet network captures (> 5GB each file) and I'm trying to group the packets in flows (For example, group by IP Source, IP Destination, Source Port, Destination Port and Layer 4 Protocol). I use some software tools as…
X.M.
  • 25
  • 6
-1
votes
3 answers

C program to split pcap file

Can anyone help me with the C programming for splitting a network packet capture file (.pcap file) into smaller sized files (of same type or other). Though utilities like editcap or T-shark are already available for the job, I would really like to…
Himant
  • 1
1 2 3
93 94