packet-sniffers | 易学教程

How to manipulate packet and write to pcap file using pcap4j

阅读更多关于 How to manipulate packet and write to pcap file using pcap4j

问题 I want to get through a pcap file and go to each packet. Then get IP Address and manipulate it. In the end, I'm going to write it into a new pcap file. I use pcap4j version 1.6.4 and below is how I get the Source IP Address: String fname = "FileName"; String dumpFile = "newFileName"; PcapHandle h = Pcaps.openOffline(fname); PcapDumper dumper = h.dumpOpen(newFileName); Packet p = null; while ((p = h.getNextPacket()) != null) { IpV4Packet ip = p.get(IpV4Packet.class); Inet4Address srcAddr = ip

Writing an http sniffer (or any other application level sniffer) [closed]

阅读更多关于 Writing an http sniffer (or any other application level sniffer) [closed]

问题 Closed . This question needs to be more focused. It is not currently accepting answers. Want to improve this question? Update the question so it focuses on one problem only by editing this post. Closed last year . I am trying my hands understanding PCAP libraries. I am able to apply a filter and get the TCP payload at port 80. But what next ? How can I read the HTTP data - suppose I want to know the "User Agent" field value in the http header..how should I proceed ? I have searched the

Testing Adobe Analytics Instrumentation with Python

阅读更多关于 Testing Adobe Analytics Instrumentation with Python

问题 I'm attempting to automate tests of Adobe Analytics (aka Omniture) instrumentation of a web app by implementing test scripts with the Selenium Python package. If correctly instrumented, HTTP requests are made from the browser with certain expected query parameters. Is there a Python package that would allow me to capture those outgoing HTTP requests? Right now, we do it manually with the Chrome dev tools in the Network -> Images section. This application is also available as a native app

When to use ntohs and ntohl in C?

阅读更多关于 When to use ntohs and ntohl in C?

问题 I'm very confused in when to use ntohs and ntohl. I know when you use ntohs for uint16_t and ntohl uint32_t. But what about those with unsigned int or those where a specific amount of bits is specified (e.g. u_int16_t doff:4;). Here is my working code to demostrate the issue: // Utility/Debugging method for dumping raw packet data void dump(const unsigned char *data, int length) { unsigned int i; static unsigned long pcount = 0; // Decode Packet Header struct ether_header *eth_header =

Packet filtering in Windows (XP, 7 etc)

阅读更多关于 Packet filtering in Windows (XP, 7 etc)

问题 How can i filter (allow, deny etc) outgoing packets in Windows? I want to search in TCP or UDP packet types to find in the data segment for example this "387602304fd236e048125453b1fa10c980e9dad4fa7f3f5dd2497c2e8b2b" and drop/block/deny the packet, if it matches the search hex string. I have already tried WIPFW and PKTFILTER but they only serve IP source, dest, port etc filtering. They don't inspect the packet's data. I think Berkeley Packet Filter doe's that job, but it's for unix... 回答1:

Writing an http sniffer (or any other application level sniffer) [closed]

阅读更多关于 Writing an http sniffer (or any other application level sniffer) [closed]

Closed . This question needs to be more focused . It is not currently accepting answers. Want to improve this question? Update the question so it focuses on one problem only by editing this post . Closed last year . I am trying my hands understanding PCAP libraries. I am able to apply a filter and get the TCP payload at port 80. But what next ? How can I read the HTTP data - suppose I want to know the "User Agent" field value in the http header..how should I proceed ? I have searched the website (and googled a lot too), and could find a related thread here : writing a http sniffer . But this

writing a http sniffer

阅读更多关于 writing a http sniffer

问题 I would like to write a program to extract the URLs of websites visited by a system (an IP address) through packet capture.. I think this URL will come in the data section ( ie not in any of the headers - ethernet / ip / tcp-udp ).. ( Such programs are sometimes referred to as http sniffers , i'm not supposed to use any available tool ). As a beginner , I've just now gone through this basic sniffer program : sniffex.c.. Can anyone please tell me in which direction i should proceed.. 回答1: Note

Packet filtering in Windows (XP, 7 etc)

阅读更多关于 Packet filtering in Windows (XP, 7 etc)

How can i filter (allow, deny etc) outgoing packets in Windows? I want to search in TCP or UDP packet types to find in the data segment for example this "387602304fd236e048125453b1fa10c980e9dad4fa7f3f5dd2497c2e8b2b" and drop/block/deny the packet, if it matches the search hex string. I have already tried WIPFW and PKTFILTER but they only serve IP source, dest, port etc filtering. They don't inspect the packet's data. I think Berkeley Packet Filter doe's that job, but it's for unix... Here is some to filter packet in windows: WinDivert Free open source project work on Windows 7, 2008 or upper.

How to filter by ethernet MAC address

阅读更多关于 How to filter by ethernet MAC address

The following code: sniff(filter = "dst aa:bb:cc:dd:ee" ) throws an error because sniff is expecting an IP, not a MAC. So how are you supposed to filter by MAC? what about specyfing a lfilter for sniff ? zzz = sniff(lfilter=lambda d: d.src == 'aa:bb:cc:dd:ee:ff') dst and src are attributes of sniffed message. previously i have posted an answer where stop_filter was specified. i suppose that it wouldn't work for you, since scapy would stop after receving first packet that match the mac address from stop_filter . lfilter should do the job. from sendrecv.py : lfilter: python function applied to

How can I determine which packet in Wireshark corresponds to what I sent via Postman?

阅读更多关于 How can I determine which packet in Wireshark corresponds to what I sent via Postman?

I'm trying to figure out why REST calls sent from my handheld device (Windows CE / Compact Framework) are not making it to my server app (regular, full-fledged .NET app running on my PC). The handheld device and the PC are connected - I know that because I can see the handheld device in the PC's Windows Explorer, Windows Mobile Device Center verifies the connection between the two is valid, etc. I reach the breakpoint on my server app running on my PC when I pass the same REST call via Postman, namely: http://192.168.125.50:21609/api/inventory/sendXML/duckbill/platypus/poisontoe ...but not