FAQ Database Discussion Community


writing pcap packets into a structure with libpcap

pcap,libpcap,winpcap
I have a pcap file captured by wireshark, now I need to read each packet of it and write them to a vector of structure. I got some promblem with writing packets into the structure. the structure: struct pktStruct { struct pcap_pkthdr * pkt_header; // header object const u_char *...

How do I turn on nanosecond precision when capturing live traffic?

c,linux,pcap,libpcap,packet-capture
How do I tell libpcap v1.6.2 to store nanosecond values in struct pcap_pkthdr::ts.tv_usec (instead of microsecond values) when capturing live packets? (Note: This question is similar to How to enable nanosecond resolution when capturing live packets in libpcap? but that question is vague enough that I decided to ask a...

capture traffic from emulator to a server on the same machine

android,http,ios-simulator,pcap,libpcap
I am trying to capture http traffic using pcap4j from an android emulator / ios simulator to a server which is hosted on the same machine. The machine can run either linux / windows or osx. I tried capturing packets from wireshark first for testing, but it didn't catch any....

Trouble capturing IP packets with libpcap

endianness,libpcap
First the structs: /* Ethernet addresses are 6 bytes */ #define ETHER_ADDR_LEN 6 /* Ethernet header */ struct sniff_ethernet { u_char ether_dhost[ETHER_ADDR_LEN]; /* Destination host address */ u_char ether_shost[ETHER_ADDR_LEN]; /* Source host address */ u_short ether_type; /* IP? ARP? RARP? etc */ }; #define ETHERTYPE_IP 0x0800 /* IP */ /*...

pcap_dispatch() always returns 0 on Mac OSX for wifi interface

osx,pcap,libpcap,arp
I have few devices connected to wifi router, but pcap_dispatch() always returns 0 for wifi interface while live capturing on Mac OS X. The same code captures response in case of wired interface. Please clarify if I have missed any flag here.

Are Berkeley Packet Filter opcode values implementation defined?

kernel,libpcap,tcpdump,bpf
Are Berkeley Packet Filter opcode values implementation defined? I always thought of tcpdump/libpcap as authoritative in the BPF arena. I noticed that the linux kernel and tcpdump read BPF filters differently. The BPF mnemonics and behavior is the same, but the actual opcode values themselves seem different. I went looking...

How to merge two pcap files with libpcap?

pcap,libpcap,winpcap
I already know how to read a pcap file and get the packets it have.B ut how can I write the packets into a new pcap file? I need this to merge two pcap files into one.

Using libpcap to library sample dump files

sample,libpcap,bpf
Using libpcap has proven really easy, but, speed is always an issue with giant (in an arbitrary sense) .pcap dumps. Are there any common practices for just sampling a dump? Perhaps something that effectively says "Read every fifth frame" as the pcap filter, Or should I simply just do nothing...

Is it possible to check if an interface is activated in pcap?

c++,assert,pcap,libpcap
I am making a basic packet sniffer using pcap.h. While I was unit testing the function that called pcap_dispatch, I gave it non-activated interfaces and invalid interfaces. pcap_dispatch return -3, and as far as the man pages for pcap_dispatch goes, it should only return -2, -1, or more, but never...