packet-sniffers

问题 Closed . This question needs to be more focused. It is not currently accepting answers. Want to improve this question? Update the question so it focuses on one problem only by editing this post. Closed last year . How can I sniff packets from my iPhone on my network? can someone give me some instructions? I tried Googling, but nothing teaches how to sniff iPhone packets、 I am on windows. 回答1: You can use Paros to sniff the network traffic from your iPhone. See this excellent step by step post

问题 How can I pull relevant packet information from a JpCap packet? I am trying to find the source/destination ip and port. So far I have tried string parsing the Packet's toString() method, but that seems brutish. 回答1: You have to cast the Packet object to the correct type of Packet i think. So something like: TCPPacket p = (TCPPacket)packet; // Get the tcp src and dest ports int destPort = p.dst_port; int srcPort = p.src_port; // Get the src and dest IP addresses from the IP layer InetAddress

问题 The documentation for Packetbeat is pretty straightforward and says it very clearly as stated below On Linux, you can specify any for the device, and Packetbeat captures all messages sent or received by the server where Packetbeat is installed. For the configuration packetbeat.interfaces.device: any But has absolutely nothing on how to do the same on Windows. Any idea how? 回答1: Currently, Packetbeat does not support Mulitple interfaces i.e. packetbeat.interfaces.device: any in windows.

问题 I was given a project to count the number of Wifi devices in a room and my research led me to getting an TL-MR3020 and installing OpenWRT on it. I can set up mon0 in Monitor Mode just fine airmon-ng start wlan0 Interface Chipset Driver wlan0 Atheros ath9k - [phy0] (monitor mode enabled on mon0) which allows me to use scapy and sniff for Probe Requests on the mon0 interface and stay connected to the internet (in Client/Station/Managed mode) on the wlan0 interface to send the results to my

问题 i asked this previous question here: tcp two sides trying to connect simultaneously i tried the method given in the solution and while sending while using netcat and sniffing packets with ethereal i observed that when i sent a "hello" string from one side to the other it was sent in a segment with the push flag set. who decides to set the push flag? what are the rules for setting the push or urgent flag in a tcp segment? is it possible to do it using the sockets api? 回答1: The PUSH flag is

问题 I am building NKE(Network Kernal Extension) for filtering and modifying the packets on the fly. myipfilter_output_redirect callback gives mbuf_t pointer and based on the researched knowledge it has every information related to the network call. I want to read the html from this mbuf_t and inject one css/html into it. how can I achieve it? static errno_t myipfilter_output(void* cookie, mbuf_t* data, ipf_pktopts_t options) { if (data) log_ip_packet(data, kMyFiltDirOut); return 0; } static errno

问题 Is it possible to do this? from scapy.all import * def action(packet): print packet[0][1].src + "==>" + packet[0][1].dst print "Rerouting to localhost" packet[0][1].dst = '127.0.0.1' print packet[0][1].src + "==>" + packet[0][1].dst sendp(packet) sniff(filter="dst host 203.105.78.163",prn=action) Something like this but is there a way to send the packet to localhost and drop the packet being sent to 203.105.78.163? (not using iptables) 回答1: There is no way to do this, because Scapy sniffs

问题 As postgreSQL documentation says about it's packets here a function call must send a packet with 'F' identifier to server. So I defined a simple function and called it with select statement and after monitoring my connection port using wireshark I see no 'F' identified packet, just multiple simple query packets ( 'Q' identified). Am I missing something here? 回答1: That is a misunderstanding. A function that is called inside a SELECT statement is part of the statement text in a Query

问题 I need small sniffer for my report so I went with C# and SharpPcap. packet = Packet.ParsePacket(rawCapture.LinkLayerType, rawCapture.Data); tcpPacket = TcpPacket.GetEncapsulated(packet); I have raw packet with all packet data. Then I get Packet out of it with some info such as source/destination/protocol/etc. After that I get tcp packet out of that. Now how do I get only actual packet data that software sent/received? 回答1: Was simple enough. packet.PayloadPacket.PayloadPacket.PayloadData 回答2:

问题 What exactly is the difference between pcap_loop and pcap_dispatch? 回答1: The manual describes this amazingly well (I'm saying that with a straight face, promise). From man pcap_loop : pcap_loop() processes packets from a live capture or ``savefile'' until cnt packets are processed, the end of the ``savefile'' is reached when reading from a ``savefile'', pcap_breakloop() is called, or an error occurs. It does not return when live read timeouts occur. A value of -1 or 0 for cnt is equivalent to