packet-capture

Could anyone suggest a good packet sniffer class for c++? Looking for a easy insertable class I can use in my c++ program, nothing complicated. You will never be able to intercept network traffic just by inserting a class into your project. Packet capture functionality requires kernel mode support, hence you will at the very least need to have your application require or install libpcap/WinPcap, as Will Dean pointed out. Most modern Unix-like distributions include libpcap out of the box, in which case you could take a look at this very simple example: http://www.tcpdump.org/pcap.htm If you're

I have some network traffic captured pcap file and want to send its packets on NIC; is it possible? Is there any application to do this? You should be able to use some kind of replay application like this one (tcpreplay) . bit-twist can do this. just install it and inject your packet like this : # bittwist -i eth0 pcap-file.pcap There is a libpcap/winpcap library, that allows the programmer to send/receive packets and work directly with NDIS-level driver. http://www.winpcap.org Anand Yes there is a way - sending a packet to NIC means injecting it to an interface. You can do this with the help

I am trying to create a raw socket in Python that listens for UDP packets only: import socket s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_UDP) s.bind(('0.0.0.0', 1337)) while True: print s.recvfrom(65535) This needs to be run as root, and creates a raw socket on port 1337, which listens for UDP packets and prints them whenever they are received; no problems there. Now let's make a little client to test if this works: import socket c = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) c.connect(('127.0.0.1', 1337)) c.send('message 1') c.send('message 2') c.send('message 3')

Question for C only, C++ and vectors do not solve problem. I have such structure: typedef __packed struct Packet_s { U8 head; U16 len; U32 id; U8 data; U8 end; U16 crc; } Packet_t, *Packet_p; ( EDIT : U8 is uint8_t (unsigned char) and so on) For example, I've received packet(hex): 24 0B 00 07 00 00 00 AA 0D 16 1C where head = 0x24 len = 0x0B 0x00 id = 0x07 0x00 0x00 0x00 data = 0xAA end = 0x0D crc = 0x16 0x1C I can copy it from incoming buffer like this U8 Buffer[SIZE]; // receives all bytes here memcpy(&Packet, &Buffer, buffer_len); and work futher with it. Is it possible to use my structure

I'm using the pcap C library to read packets. Currently, I use the following to check and see whether a flag in the struct tcphdr (this struct is defined in the netinet/tcp.h library) is set: struct tcphdr *tcp = .... if(tcp->th_flags & TH_SYN) { //SYN FLAG IS SET? } Will this always work for checking if a particular flag is set in the struct? Or is there a better way? Would greatly appreciate any advice/tips :) That looks fine to me. TH_SYN is a single bit, so that expression will be true (nonzero) if that bit is set in th_flags . 来源： https://stackoverflow.com/questions/35388217/how-to-check

I have been looking at TLS recently, and I am unsure as to why it is so secure, but probably thanks to a misunderstanding of how it works. But if the entire handshake is recorded, either using a man in the middle attack or a packet sniffer on the target computer, then any of the remaining communication can be decrypted as you would have all the info that the client and the server used to generate the encryption keys. I doubt there would be such a hole in tls, but could anyone tell me how tls defends against this? The critical data sent by the client to the server in the TLS handshake is

Every time a video/audio streaming starts the Internet Download Manager (IDM) feels that there is a multimedia content on the page and allows you to download that multimedia content. I don't think it's possible to prevent IDM from grabbing video/audio but is there a way to fool IDM to get a wrong video instead or make it very hard for IDM to guess which is the real video/audio playing? EDIT: Actually My Question was from the server side point of view not the client running an IDM. So i guess the misunderstanding here is my fault. Many good answers here but not the one i was looking for bh