packet-capture

问题 Is there a BPF expression that would only capture arp-reply packets? Currently, I am using Pcap4J and the following BPF expression: arp and dst host host and ether dst mac where host is the IP address of my device and mac is the MAC address of my primary network interface. Unfortunately, when packets are captured, this filter allows ARP broadcast requests to also be captured, so I have to take an extra step to check if the operation field of the ARP header is 2 and not 1. 回答1: Try this: (arp

问题 I'm trying to get the source and destination address from a packet. This is how i am reading the packet: private void debugPacket(ByteBuffer packet) { int buffer = packet.get(); int ipVersion = buffer >> 4; int headerLength = buffer & 0x0F; headerLength *= 4; buffer = packet.get(); //DSCP + EN int totalLength = packet.getChar(); //Total Length buffer = packet.getChar(); //Identification buffer = packet.getChar(); //Flags + Fragment Offset buffer = packet.get(); //Time to Live int protocol =

问题 I am writing a program that uses libpcap to capture packets and reassemble a TCP stream. My program simply monitors the traffic and so I have no control over the reception and transmittal of packets. My program disregards all non TCP/IP traffic. I calculate the next expected sequence number from the ISN and then the successive SEQ numbers. I have it set up so that every TCP connection is uniquely identified by a tuple made up of the source IP, source port, dest IP, and dest port. Everything

问题 We installed Java 11 on a server that is meant to monitor a network interface for traffic. After the initial installation ( yum install java-11-openjdk-devel.x86_64 ) the java command works properly for both root and a regular user. However, our Java application will not be running as root. We then ran: setcap cap_net_raw,cap_net_admin=eip /path/to/java It sets the capabilities, and running java -version as root works fine. But after running setcap , when I try to run java -version as a

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 6 months ago . Could anyone suggest a good packet sniffer class for c++? Looking for a easy insertable class I can use in my c++ program, nothing complicated. 回答1: You will never be able to intercept network traffic just by inserting a class into your project. Packet capture functionality requires kernel mode support, hence

问题 I want to get through a pcap file and go to each packet. Then get IP Address and manipulate it. In the end, I'm going to write it into a new pcap file. I use pcap4j version 1.6.4 and below is how I get the Source IP Address: String fname = "FileName"; String dumpFile = "newFileName"; PcapHandle h = Pcaps.openOffline(fname); PcapDumper dumper = h.dumpOpen(newFileName); Packet p = null; while ((p = h.getNextPacket()) != null) { IpV4Packet ip = p.get(IpV4Packet.class); Inet4Address srcAddr = ip

问题 During a normal browsing session I want to edit a specific javascript file before the browser receives since once it gets there it's impossible to edit. Is there are any tool for this? For what I need it I can't just save it and edit it on my disk. I'm ready to learn how to program it myself but if anyone can point out more or less what I have to do I'd be very grateful. I'd have to intercept the packets until I have the whole file while blocking the browser from receiving it any part of it,

问题 I'm very confused in when to use ntohs and ntohl. I know when you use ntohs for uint16_t and ntohl uint32_t. But what about those with unsigned int or those where a specific amount of bits is specified (e.g. u_int16_t doff:4;). Here is my working code to demostrate the issue: // Utility/Debugging method for dumping raw packet data void dump(const unsigned char *data, int length) { unsigned int i; static unsigned long pcount = 0; // Decode Packet Header struct ether_header *eth_header =

问题 I'm using rdpcap function of Scapy to read a PCAP file. I also use the module described in a link to HTTP support in Scapy which is needed in my case, as I have to retrieve all the HTTP requests and responses and their related packets. I noticed that parsing a large PCAP file the rdpcap function takes too much time to read it. Is there a solution to read a pcap file faster? 回答1: Scapy has another method sniff which you can use to read the pcap files too: def method_filter_HTTP(pkt): #Your

问题 I have this form that spawns a new thread and starts listening and waiting for UDP packets in a loop. What I need is to keep the UI updated with the number of bytes received. For that, I have setup an event which I'll raise as soon as a packet is received and pass the number of bytes received as an argument. Since I'm not running on the UI thread, I cannot simply update the UI directly. Here's what I'm currently doing: private void EVENTHANDLER_UpdateTransferProgress(long receivedBytes) { if