Questions tagged [pcap]

pcap (packet capture) consists of an application programming interface (API) for capturing network traffic

pcap (packet capture) consists of an application programming interface (API) for capturing network traffic. Unix-like systems implement pcap in the libpcap library; Windows uses a port of libpcap known as winpcap.

Source

Wikipedia

1283 questions

votes

3 answers

pcap struct pcap_pkthdr len vs caplen

We're sniffing packets using libpcap on linux The header we get on each packet looks like: struct pcap_pkthdr { struct timeval ts; /* time stamp */ bpf_u_int32 caplen; /* length of portion present */ bpf_u_int32 len;…

c pcap

asked Sep 29 '09 at 10:09

nos

207,058
53
381
474

votes

1 answer

set a filter of packet length in wireshark

I've capture a pcap file and display it on wireshark. I want to analysis those udp packets with 'Length' column equals to 443. On wireshark, I try to found what's the proper filter. udp && length 443 # invalid usage udp && eth.len == 443 # wrong…

wireshark pcap libpcap

asked Apr 05 '12 at 04:30

Daniel YC Lin

11,949
11
54
80

votes

4 answers

How to parse packets in a python library?

How to you parse a packet from either a .pcap file, or an interface, using python? I'm specifically looking for a solution that uses a well documented library.

python tcp pcap

asked Feb 09 '11 at 17:02

PSS

4,411
4
25
27

votes

4 answers

Sending packets from pcap with changed src/dst in scapy

I am trying to send a previously recorded traffic (captured in pcap format) with scapy. Currently I am stuck at striping original Ether layer. The traffic was captured on another host and I basically need to change both IP and Ether layer src and…

python pcap scapy

asked Jan 04 '12 at 12:29

Jason Bart

votes

6 answers

How to concatenate two tcpdump files (pcap files)

How to concatenate two tcpdump files, so that one traffic will appear after another in the file? To be concrete I want to "multiply" one tcpdump file, so that all the sessions will be repeated one after another sequentially few times.

networking tcp wireshark pcap tcpdump

asked May 26 '09 at 21:24

anon

votes

1 answer

Pcap functions have "undefined reference"

I'm trying to go through this tutorial: http://www.tcpdump.org/pcap.html Now I have install pcap (code hints and all that is working) using : sudo apt-get install libpcap-dev and so far I have the following code (file name is…

c linux pcap undefined-reference libpcap

asked Nov 24 '14 at 15:11

Yahya Uddin

18,489
26
104
189

votes

2 answers

Parsing a pcap file in python

I am trying to parse through a pcap file in python. My goal is to be able to pull out the type of TCP or UDP file it is and the time they start/end. Does anyone have any advice in any certain packages might be useful to use and the documentation for…

python parsing pcap

asked Aug 15 '13 at 15:42

Matthew Spriesterbach

votes

4 answers

Getting the number of packets in a pcap capture file?

I need a program which prints the number of packets in a capture file which uses the pcap format. This number does not seem available in the pcap header (probably because it is written before the capture starts) and it does not seem there is a…

c pcap

asked Mar 25 '09 at 10:28

bortzmeyer

30,796
10
61
89

votes

1 answer

How to filter MAC addresses using tcpdump?

I am running tcpdump on DD-WRT routers in order to capture uplink data from mobile phones. I would like to listen only to some mac addresses. To do this I tried to run the command using a syntax similar to Wireshark: tcpdump -i prism0 ether src[0:3]…

wireshark ethernet pcap tcpdump packet-capture

asked Oct 26 '12 at 12:15

Giovanni Soldi

votes

1 answer

filtering by domain

I want to filter my pcap file by their domains. I mean, I want to see the packets comes on a website ends with ".com", ".org" or ".net". I tried: dns contains "com", ip.src_host == com, ip.src_host == com, http contains "com". None of them worked…

networking filter wireshark pcap tshark

asked Feb 26 '14 at 00:03

Eray Balkanli

6,960
9
39
65

votes

3 answers

Easiest way to convert pcap to JSON

I have a bunch of pcap files, created with tcpdump. I would like to store these in a database, for easier querying, indexing etc. I thought mongodb might be a good choice, because storing a packet the way Wireshark/TShark presents them as JSON…

json wireshark pcap libpcap tcpdump

asked Sep 08 '12 at 13:01

Erik

11,034
17
75
120

votes

1 answer

How to convert H264 RTP stream from PCAP to a playable video file

I have captured stream of H264 in PCAP files and trying to create media files from the data. The container is not important (avi,mp4,mkv,…). When I'm using videosnarf or rtpbreak (combined with python code that adds 00 00 00 01 before each packet)…

python ffmpeg h.264 pcap

asked May 14 '13 at 20:18

yoosha

votes

8 answers

Export pcap data to csv: timestamp, bytes, uplink/downlink, extra info

I was wondering if there is any tool that can parse pcap data and convert it to a csv file with the following information: timestamp, bytes, uplink/downlink, some extra info.. Basically, the uplink/downlink could be seen by the IP/MAC address, and…

csv wireshark pcap

asked Nov 11 '11 at 10:03

Ekhi

votes

3 answers

jNetPcap vs Jpcap

wondering any of you can give me a bit of comments + insights please. In term of performance, which one should I use, jNetPcap or Jpcap? Thanks!

java winpcap pcap libpcap

asked Sep 02 '10 at 03:43

Gilbeg

votes

1 answer

Filter a pcap dump file for a specific time range

Is there any easy way to create a pcap file for the packets related to a specific datetime range maybe using tshark, tcpdump or another commandline tool? tshark -R with frame.time seems promising but I haven't been able to work that out…

pcap tcpdump tshark editcap

asked Nov 13 '13 at 11:48

Filippo Vitale

6,895
2
52
58

2 3

…

85 86 Next