pcap

I have some network traffic captured pcap file and want to send its packets on NIC; is it possible? Is there any application to do this? You should be able to use some kind of replay application like this one (tcpreplay) . bit-twist can do this. just install it and inject your packet like this : # bittwist -i eth0 pcap-file.pcap There is a libpcap/winpcap library, that allows the programmer to send/receive packets and work directly with NDIS-level driver. http://www.winpcap.org Anand Yes there is a way - sending a packet to NIC means injecting it to an interface. You can do this with the help

I've capture a pcap file and display it on wireshark. I want to analysis those udp packets with 'Length' column equals to 443. On wireshark, I try to found what's the proper filter. udp && length 443 # invalid usage udp && eth.len == 443 # wrong result udp && ip.len == 443 # wrong result By the way, could the wireshark's filter directly apply on libpcap's filter? All these workable on wireshark's filter frame.len==243 <- I use this ip.len=229 udp.length==209 data.len=201 来源： https://stackoverflow.com/questions/10022710/set-a-filter-of-packet-length-in-wireshark

My application is running on CentOS 5.5 I need to send raw packets using libpcap API: pcap_inject() or pcap_sendpacket() To the specific IP address How can I determinate MAC address belongs to a specific target? It looks like what you want is ioctl and SIOCGARP . That should let you query your arp cache. I'm assuming that the host in question is on your local network or all you're going to get is your router. You can also read from /proc/net/arp, which seems easier. You'll need to get an arp request returned first but you'll be doing that whether your tool does it or some third-party makes the

I need to write all the output CSV files to a different folder. For example if .pcap files were in subfolders Sub1 , Sub2 . And Sub1 has a1.pcap and a2.pcap . Sub2 has b1.pcap and b2.pcap . I need my output CSV files to get written into a folder with the same names as above. Sub1 , Sub2 , then Sub1 should have a1.csv , a2.csv . Sub2 should have b1.csv , b2.csv . How can I do that please? I am getting the error below: outputdir = startdir / "Outcsv" TypeError: unsupported operand type(s) for /: 'str' and 'str' The code is: import os startdir= '/root/Desktop/TTT' suffix= '.pcap' outputdir =

I have a pcap file to replay. I want to rewrite packet payload to include a timestamp. How can I do that with tcpreplay or tcprewrite ? Is there a default option or should I implement it myself (modifying tcpreplay)? I have been reading these pages for a while and google did not help me either. Thanks in advance PS: I don't want to modify the original size of the packet, since the data is not important overwriting is fine. If only option is to modify packet size, I am fine with that too. That kind of editing isn't supported by tcpreplay/tcprewrite, so you'd have to write the code yourself. If

I need to read a PCAP file, modify some fields (actually IPv4 source and destination and Ethernet source and destination). The PCAP is pre-filtered to only include IPv4 over Ethernet packets. Up to now I tried to do this with scapy, which however has a severe memory problem. My 16GB RAM are completely filled when reading a ~350MB PCAP file. Actually, just reading. I did nothing else with this file yet. I have also found this answer , and with these changes reading is very fast. As soon as I start to modify the packet, memory is bloated again. Scapy is in fact not usable in this context I also

I need to sniff TCP traffic into my application. Can libpcap reassemble TCP segments or I have to do it manually? The home page says "Full documentation is provided with the source packages in man page format". After I sudo apt-get install libpcap-dev I only find one man pcap. Is it all the documentation available or I simply missed something? Thanks Packet or stream reassembly is not mentioned in pcap(3). If I remember correctly, the dsniff tools use libnids to reassemble IP packets and TCP streams. Three years ago I used libpcap and I had to reassemble TCP streams myself, it's not very