pcap

Recently, I tried to install perl module Net::Packet and Net::Pcap through cpan but it complained that it cannot find pcap library. So I was searching if cpan would accept external lib/include directory when installing module, but no luck til now. looking for -lpcap... no - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - You appear to lack the pcap(3) library. If it is installed in a non-standard locatio n, please try setting the LIBS and INC values on the command line. Or get the sources and install the pcap library from http://www.tcpdump.org/ If you install the pcap library using

I want to extract raw data using pcap and wincap. Since i will be testing it against a neural network trained with NSLKDD dataset, i want to know how to get those 41 attributes from raw data?.. or even if that is not possible is it possible to obtain features like src_bytes, dst host_same_srv_rate, diff_srv_rate, count, dst_host_serror_rate, wrong_fragment from raw live captured packets from pcap? If someone would like to experiment with KDD '99 features despite the bad reputation of the dataset, I created a tool named kdd99extractor to extract subset of KDD features from live traffic or .pcap

I have written simple network traffic monitor to get transfer rate in B/s and/or total data transfer (in B). However when I test it by transferring a file with ftp (using Total Commander) I just can not make it measure total transfer as a size of the file. It always give much lower size than actual one. I am not sure if I am doing something wrong.. The BPF filter I set is dst <IP of ftp server pc> Below is my source code : import threading import sys import pcapy import time import logging as logger class NetMonitor(threading.Thread): _timeout = 1 @classmethod def get_net_interfaces(cls):

I am trying to write a .pcap file, which is something that can be used in Wireshark. In order to do that, I have a couple of structs with various data types I need to write to a file. (see code) So, I create the struct instances, fill in the data, use FILE* fp = fopen("test.pcap","w"), and then I'm unsure how to properly write it to the file. I believe I should use memcpy but I'm not sure of the best way to do it. I have mostly resorted to C++ libraries in the past to do this. Any suggestions? typedef struct pcap_hdr_s { uint32_t magic_number; /* magic number */ uint16_t version_major; /*

wondering any of you can give me a bit of comments + insights please. In term of performance, which one should I use, jNetPcap or Jpcap? Thanks! The referenced post contains an admittedly biased opinion by the owner of the jNetPcap project. It is hardly a reliable source for a true comparison. One difference that is obvious between the two projects is that jNetPcap uses JNI for access to native code. PCap4j ( http://www.pcap4j.org/ ) uses JNA for access to native code and a "com.sun" JNA compatibility library ( https://github.com/twall/jna ). Also, the latest version of jNetPcap does not build

How to you parse a packet from either a .pcap file, or an interface, using python? I'm specifically looking for a solution that uses a well documented library. Andrea Spadaccini Try scapy . It is a very powerful program for packet inspection, manipulation and creation. You can use it to build your own tools . theist I tried that and then tried pcapy. I choose pcapy because my use was similar to an example which I found googling. http://snipplr.com/view/3579/live-packet-capture-in-python-with-pcapy/ (or see the same code copied below) import pcapy from impacket.ImpactDecoder import * # list all