Questions tagged [libpcap]

Libpcap, a portable C/C++ library for network traffic capture. Provides a common interface across various OS-specific backends like BPF, packet filter, netfilter, and NPF.

Libpcap was originally developed by the tcpdump developers in the Network Research Group at Lawrence Berkeley Laboratory. The low-level packet capture, capture file reading, and capture file writing code of tcpdump was extracted and made into a library, with which tcpdump was linked.

796 questions

votes

1 answer

set a filter of packet length in wireshark

I've capture a pcap file and display it on wireshark. I want to analysis those udp packets with 'Length' column equals to 443. On wireshark, I try to found what's the proper filter. udp && length 443 # invalid usage udp && eth.len == 443 # wrong…

wireshark pcap libpcap

asked Apr 05 '12 at 04:30

Daniel YC Lin

15,050
18
63
96

votes

8 answers

how to debug application as root in eclipse in Ubuntu?

I'm programming application using libpcap. when I debug the application in normal mode, pcap cannot get the network device. it seems that I have to debug the application in root. How can I debug the application in root? I have the root password. I…

c eclipse debugging root libpcap

asked May 23 '10 at 10:28

futang

votes

1 answer

Pcap functions have "undefined reference"

I'm trying to go through this tutorial: http://www.tcpdump.org/pcap.html Now I have install pcap (code hints and all that is working) using : sudo apt-get install libpcap-dev and so far I have the following code (file name is…

c linux pcap undefined-reference libpcap

asked Nov 24 '14 at 15:11

Yahya Uddin

26,997
35
140
231

votes

2 answers

Raw Socket Sniffing in Golang

I have a question concerning tcp packet sniffing with golang. We have written a small tool which captures all incoming TCP packets comming from a fibre Tap. The current implementation uses a libpcap wrapper under Linux. We need to port this tool…

networking go libpcap sniffing

asked Jan 23 '14 at 22:05

Skineffect

votes

4 answers

Parsing WiFi Packets (libpcap)

I've been working on a way to have an OpenWRT router log WiFi probe requests to a MySQL db (it stores MAC address and RSSI info for each probe request packet along with other, router-specific data). After researching libpcap quite a bit, I've been…

c parsing wifi packet libpcap

asked May 28 '13 at 20:50

Kyle G.

votes

3 answers

Easiest way to convert pcap to JSON

I have a bunch of pcap files, created with tcpdump. I would like to store these in a database, for easier querying, indexing etc. I thought mongodb might be a good choice, because storing a packet the way Wireshark/TShark presents them as JSON…

json wireshark pcap libpcap tcpdump

asked Sep 08 '12 at 13:01

Erik

11,944
18
87
126

votes

2 answers

Does libpcap use raw sockets underneath them?

I was getting a bit confused on using of raw sockets and libcap. Can, anyone in simple point out advantages of using both. I read few links, but, its making me confused.

libpcap raw-sockets

asked Oct 22 '11 at 00:00

Invictus

2,653
8
31
50

votes

1 answer

pcap_loop and pcap_dispatch Difference

What exactly is the difference between pcap_loop and pcap_dispatch?

networking wireshark libpcap packet-sniffers sniffing

asked Feb 06 '11 at 23:54

Karthick

2,844
4
34
55

votes

3 answers

jNetPcap vs Jpcap

wondering any of you can give me a bit of comments + insights please. In term of performance, which one should I use, jNetPcap or Jpcap? Thanks!

java winpcap pcap libpcap

asked Sep 02 '10 at 03:43

Gilbeg

votes

5 answers

Reconstructing data from PCAP sniff

I am trying to sniff HTTP data through libpcap and get all the http contents (header+payload) after processing the TCP payload. As per my discussion at Writing an http sniffer (or any other application level sniffer) , I am facing problems due to…

http sniffer libpcap defragmentation

asked May 26 '10 at 20:38

Ishi

votes

1 answer

Raw capture capabilities (CAP_NET_RAW, CAP_NET_ADMIN) not working outside /usr/bin and friends for packet capture program using libpcap

TL;DR: Why are cap_net_raw, cap_net_admin capabilities only working in /usr/bin (or /usr/sbin), but not other places? Can this be configured someplace? I'm having problems assigning capabilities to my C program utilizing libpcap in Ubuntu 14.04.…

linux ubuntu wireshark libpcap linux-capabilities

asked Mar 17 '15 at 13:02

dirkhas

votes

1 answer

AF_PACKET equivalent under Mac OS X (Darwin)

I am trying to compile a C program on Mac OS X that uses AF_PACKET sockets and libpcap, what is the equivalent in OS X?

macos sockets libpcap

asked Sep 02 '11 at 14:22

user198736

votes

3 answers

libpcap IP Packet Reassembly

I'm looking for a sample code for IP packet reassembly in C with libpcap*. Is IP packet defragmentation implemented in libpcap library officially? I've found this proposal :…

c ip-address libpcap

asked Jan 31 '10 at 18:26

systemsfault

15,207
12
59
66

votes

2 answers

python / dpkt: Find out if packet is a tcp packet or a udp packet ,

I have a python scripts that captures the packets on the ethernet using dpkt, but how do i differentiate between which packets are tcp and which ones are for udp. Eventually i would like to have a list of packets for each tcp connection that was…

python network-programming pcap libpcap packet-capture

asked Jan 13 '12 at 11:08

ConfusedAboutCPP

votes

1 answer

pcap_dispatch - callback processing questions

I am writing fairly simply pcap "live" capture engine, however the packet processing callback implementation for pcap_dispatch should take relatively long time for processing. Does pcap run every "pcap_handler" callback in separate thread? If yes,…

libpcap

asked Oct 14 '11 at 18:29

user270398

2 3

…

53 54 Next