sniffing

问题 I am trying to sniff the http headers by using tcpdump. This filter works well but I can't understand it - (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0) I've googled it but I can't find any useful info Here is the whole tcpdump command sudo tcpdump -A 'dst [dest host] or src [src host] and tcp and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' -i eth0 回答1: It's not the BPF filter that gets http headers but the "-A" switch on your tcpdump command. Your tcpdump

问题 I am writing a program with a Raw Socket in promiscuous mode and I need the raw socket not sniff the packet I send. I need to read only the data over the ethernet rx wire (not the tx wire). It's posible? Thanks a lot. 回答1: The solution is to look in the read packet if it is a PACKET_OUTGOING. Using this option you can diference the packet you put in the ethernet tx wire and the packet you read from the rx wire. Open the Socket in promiscuous mode: char* i = "eth0"; int fd; struct ifreq ifr;

问题 i want to add jpcap.jar the path is this: C:\WINDOWS\Sun\Java\lib\ext how to do this? import java.lang.ClassLoader; is it needed? or: System.loadLibrary('what must be in here?'); or: System.load(???); suppose this code: public void receivePacket(Packet packet) { System.out.println(packet); if (packet instanceof IPPacket) { IPPacket ipp = (IPPacket)packet; InetAddress dest = ipp.dst_ip; InetAddress src = ipp.src_ip; System.out.print(src); System.out.print(dest); } in the main i have this: s

问题 Does any know some good http (at least) sniffer which works under Windows Phone 7 OS? Currently I use wireshark/fiddler + windows phone 7 emulator for testing, but anyway I want to test my app using real phone + some win 7 phone sniffer too. I'll appreciate any help. 回答1: You can use Fiddler with your device also. Mike Ormond demonstrates here. More Monitoring Web Requests on Windows Phone 回答2: The current Windows Phone platform SDK does not expose access to the network stack or the radio

问题 As far as I understand all sniffing libraries in .NET just a wrapper around WinpCap, which is OK. If you know any other better option please write as answer. Have you used any of them? Which one is the best according to your experience? I'm only looking for libraries which have commercial friendly licenses, Also commercial libraries are OK as soon as they got a decent price tag 回答1: Why not use Microsoft Network Monitor? It's free, supported, and has an API you can use, in addition to a set

问题 I wrote a Web Application and I would like to allow other developers to get the information from it. The server Im working on is not that awsome and cant handle that many request, so the idea is to generate and assign api keys to everyone that wants to query our information. With Api keys I can limit the daily requests and perhaps collect some statistics to see what information is really useful for the other developers. The thing is, Im concerned about the security aspect of it. Since the Api

问题 I wrote a Web Application and I would like to allow other developers to get the information from it. The server Im working on is not that awsome and cant handle that many request, so the idea is to generate and assign api keys to everyone that wants to query our information. With Api keys I can limit the daily requests and perhaps collect some statistics to see what information is really useful for the other developers. The thing is, Im concerned about the security aspect of it. Since the Api

问题 Charles SSL works on basically any other app or website except Facebook. I have installed all the certificates on iOS devices, but when sniffing Facebook only, I always get status Failed when method is CONNECT . What is wrong? 回答1: Probably using certificate pinning. Find some info in the comments to the answers here: How Facebook, SnapChat, or Gmail iOS apps prevent Fiddler decrypting their https traffic? Blog that explains it well Certificate Pinning is an extra layer of security that is

问题 First, I'm a beginner in python. I developed a simple raw packet sniffer utilizing the PF_PACKET interface that operates at layer 2. The sniffer simply figures out the following... - Ethernet Header (Source - Destination - Protocol) - IP Header (Source IP - Destination IP) - TCP Header(Source Port - Destination Port) Here's the code I've written so far... #!/usr/bin/env python import struct import socket import binascii rawSocket=socket.socket(socket.PF_PACKET,socket.SOCK_RAW,socket.htons

问题 When i run a simple packet sniffer coded in C on my Mac OS X, i got no output at all, this is a strange thing! can someone help me to understand what going on. #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> int main(void) { int i, recv_length, sockfd; u_char buffer[9000]; if ((sockfd = socket(PF_INET, SOCK_RAW, IPPROTO_TCP)) == -1) { printf("Socket failed!!\n"); return -1; } for(i=0; i < 3; i++) { recv_length =