pcap

Background: I'm teaching myself about packet sniffing. I run a very simple server in one shell, telnet to it from another, then try different methods to sniff on traffic. When I use raw sockets (IPPROTO_TCP), I capture what I send fine. I capture merely what I send, nothing else from the internet. libcap's behavior confuses me as follows: (1) First, to check it out, I capture all devices with pcap_findalldevs (see (2) below as well). I find wlan0 fine. If I connect to 'all traffic' (per the man page) using if ( !( pcap_handle = pcap_open_live(NULL, 4096, 1, 0, errbuf) ) ) I capture what I send

I am reading a pcap file and I want to print out the ip address and port number of each packet. I am using code from http://www.tcpdump.org/pcap.htm and http://www.rhyous.com/2011/11/13/how-to-read-a-pcap-file-from-wireshark-with-c/ . Here is my code: #define SIZE_ETHERNET 14 #define ETHER_ADDR_LEN 6 /* Ethernet header */ struct sniff_ethernet { u_char ether_dhost[ETHER_ADDR_LEN]; /* Destination host address */ u_char ether_shost[ETHER_ADDR_LEN]; /* Source host address */ u_short ether_type; /* IP? ARP? RARP? etc */ }; /* IP header */ struct sniff_ip { u_char ip_vhl; /* version << 4 | header

I have been looking for a way to get 802.11 Packets from a .cap file into an Array. So far I have found: Scapy: which is kind of nice, documentation available, but too slow, when I try to open a file with size > 40 Mb, I just keeps hanging on until it consumes all my Ram (all 16 gigs of it) at which point my pc just blocks and I have to reboot it Pyshark: doesn't have any of Scapy's problems, but documentation is too scarce, I can't find a way to handle and get attributes for 802.11 Packets So I was thinking maybe there are better solutions out there, or maybe someone does have some experience

I am working on converting PCAP file taken from wireshark using JAVA without using native or ready libraries. i converted the bytes to string directly just for checking the meaningful parts of it. then i tried to convert it from hexadecimal to string. It was not meaningful. there is java library jNetPcap which is wrapping all the libpcap library native calls which is written in c. The following picture is captured the wireless network. so the pcap contains the same information: Source ip, destination ip, protocol, length and info I am trying to get the same result form the pcap file which

I installed the pcap library on my linux system but when including it I get the errors /usr/include/pcap/bpf.h:88:1: error: unknown type name ‘u_int’ /usr/include/pcap/bpf.h:108:2: error: unknown type name ‘u_int’ /usr/include/pcap/bpf.h:1260:2: error: unknown type name ‘u_short’ /usr/include/pcap/bpf.h:1261:2: error: unknown type name ‘u_char’ /usr/include/pcap/bpf.h:1262:2: error: unknown type name ‘u_char’ In file included from ../src/test.c:1:0: /usr/include/pcap/pcap.h:125:2: error: unknown type name ‘u_short’ /usr/include/pcap/pcap.h:126:2: error: unknown type name ‘u_short’ /usr/include