pcap

问题 Below this program to retrieve the list of adapters and print it on the screen : #include <stdio.h> #include <pcap.h> int main() { pcap_if_t *alldevs; pcap_if_t *d; int i=0; char errbuf[PCAP_ERRBUF_SIZE]; if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING, NULL, &alldevs, errbuf) == -1) { fprintf(stderr,"Error in pcap_findalldevs_ex: %s/n", errbuf); exit(1); } for(d= alldevs; d != NULL; d= d->next) { printf("%d. %s", ++i, d->name); if (d->description) printf(" (%s)/n", d->description); else printf("

问题 I am writing a python program that needs to listening to traffic on all networking devices and identify packets based on their incoming interface. To listen on all interfaces I started my capture without specify a device, but I am unable to denote the interface of a particular packet. How is this done? 回答1: I assume that the MAC address is sufficient information for you. The first 6 octets of a packet is the destination MAC address, which is immediately followed by the 6 octets of source MAC

问题 I am trying to convert hping3 to hping6. hping3 uses Pcap library to receive IPv4 packets. But I need to receive IPv6 packets. 回答1: That is possible. libpcap is able to catch anything on the wire. 回答2: Example using ETHERTYPE_IPV6 : static u_int16_t ether_packet(u_char *args, const struct pcap_pkthdr *pkthdr, co nst u_char *p) { struct ether_header *eptr = (struct ether_header*)p; assert(pkthdr->caplen <= pkthdr->len); assert(pkthdr->caplen >= sizeof(struct ether_header)); return eptr->ether

问题 I am reading a pcap file and I want to print out the ip address and port number of each packet. I am using code from http://www.tcpdump.org/pcap.htm and http://www.rhyous.com/2011/11/13/how-to-read-a-pcap-file-from-wireshark-with-c/. Here is my code: #define SIZE_ETHERNET 14 #define ETHER_ADDR_LEN 6 /* Ethernet header */ struct sniff_ethernet { u_char ether_dhost[ETHER_ADDR_LEN]; /* Destination host address */ u_char ether_shost[ETHER_ADDR_LEN]; /* Source host address */ u_short ether_type; /

问题 I have written simple network traffic monitor to get transfer rate in B/s and/or total data transfer (in B). However when I test it by transferring a file with ftp (using Total Commander) I just can not make it measure total transfer as a size of the file. It always give much lower size than actual one. I am not sure if I am doing something wrong.. The BPF filter I set is dst <IP of ftp server pc> Below is my source code : import threading import sys import pcapy import time import logging as

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 2 years ago . How to you parse a packet from either a .pcap file, or an interface, using python? I'm specifically looking for a solution that uses a well documented library. 回答1: Try scapy. It is a very powerful program for packet inspection, manipulation and creation. You can use it to build your own tools. 回答2: I tried that

问题 Similar the question I asked before in enter link description here, I also need a Log pcap for MAP_OPEN_REQ and MAP_OPEN_DELIMITER_REQ messages. As I found pcap files containing MAP/TCAP/SCCP protocols enter link description here and enter link description here, but there is no log Pcap for MAP_OPEN_REQ there. How can I get that? 回答1: You won't find MAP-OPEN and MAP-DELIMITER in the pcaps because they are not sent over the wire. These are common services/primitives used between the MAP

问题 Why am I not capturing all Beacon Frames? Are they being dropped by AP? I'm using libpcap in Linux for capturing Beacon Frames and parsing the timestamp. I use the timestamps to compute the interval between captured Beacon Frames. Most of the time the interval is what it should be, namely 102.4ms. However, every 5-6 packets show an interval of a multiple of 102.4ms, this can be 204, 306 and up to 800ms. I don't know if this is due to AP not sending those Beacon Frames or my pcap not capturing

问题 Why am I not capturing all Beacon Frames? Are they being dropped by AP? I'm using libpcap in Linux for capturing Beacon Frames and parsing the timestamp. I use the timestamps to compute the interval between captured Beacon Frames. Most of the time the interval is what it should be, namely 102.4ms. However, every 5-6 packets show an interval of a multiple of 102.4ms, this can be 204, 306 and up to 800ms. I don't know if this is due to AP not sending those Beacon Frames or my pcap not capturing

问题 I am trying to run Sulley's (the fuzzer) "network_monitor.py" on an Ubuntu vm. Everytime I do, I get the following error. pcapy.PcapError: No valid interfaces to open I believe that this has little to do with the code I am running it in, because when I run python >>> import pcapy >>> devices = pcapy.findalldevs() I get the same error Any hints on what's going on would be amazing. Thanks so much in advance 回答1: Try to use it with sudo . Pcapy, AFAIK, needs special rights to access interfaces.