libpcap

How libpcap receive a packet from the driver?

久未见 提交于 2020-01-06 08:38:06
问题 Can someone please point me to a good starting place to learn how libpcap gets its packets from a network driver? My intend is to replace the receive function with a fast implementation. 回答1: The "receive function" is: the standard driver receive function, no different from what's used to receive packets and hand them to the regular networking stack; the "packet socket" part of the regular networking stack. Some Intel slides on DPDK seem to indicate that DPDK lets user-space code talk more

Linux下使用libpcap进行网络抓包并保存到文件(函数介绍)

自闭症网瘾萝莉.ら 提交于 2020-01-04 23:38:00
libpcap是一个抓取网络数据报文的C语言函数库,使用这个库可以非常方便的抓取网络上的报文,方便我们分析经过我们设备上的各种报文; 使用libcap库编译时都要在后面加上-lpcap选项 使用pcap探测获取网络接口 char * pcap_lookupdev(char * errbuf) 这个函数就是用来探测网络接口的,它会返回 第一个 合适的网络接口字符串指针,如果出错则在errbuf中返回,长度至少是PCAP_ERRBUF_SIZE。 #include <pcap.h> #include <stdio.h> #include <stdlib.h> int main() { char errBuf[PCAP_ERRBUF_SIZE], * devStr; devStr = pcap_lookupdev(errBuf); if (devStr) printf("success: device: %s\n", devStr); else { printf("error: %s\n", errBuf); exit(1); } return 0; } 注意这个函数是返回 第一个 合适的网络接口字符串,我的主机第一个合适的网络接口为 vibir0端口,在这个虚拟端口下没有办法抓到包,因而要找到指定的端口要要循环遍历端口后,进行选择特定网卡端口 char * get(){ pcap_if

Convert a RTP sequence payload in a .wav file

╄→гoц情女王★ 提交于 2020-01-04 02:27:05
问题 I have a text file with the payload (in hex) of about RTP packets of a VoIP conversation, does anyone know how to convert the text into a file. wav audio using c/c++? PS: I'm using GNU / Linux. Thanks 回答1: I do that same thing with Java. Here is a class I use for testing purposes to receive UDP RTP packets (uLaw) and save them to a WAV file. See the main method for an example of how to use it. public class UdpDataReceiver implements Runnable { private boolean isRunning = true; private int

How do you Identify the interface of a packet while listening to network traffic on all devices?

我的梦境 提交于 2020-01-02 20:09:11
问题 I am writing a python program that needs to listening to traffic on all networking devices and identify packets based on their incoming interface. To listen on all interfaces I started my capture without specify a device, but I am unable to denote the interface of a particular packet. How is this done? 回答1: I assume that the MAC address is sufficient information for you. The first 6 octets of a packet is the destination MAC address, which is immediately followed by the 6 octets of source MAC

Linux: How to send a whole packet to a specific port on another host?

有些话、适合烂在心里 提交于 2020-01-02 09:19:07
问题 I have captured a TCP packet using libpcap, and I want to send this whole packet(without modifying it) to a specific port on another host(which has another sniffer listening to that port). Is there any way I can do this? Thanks a lot! 回答1: You didn't specify which programming language you're using and what you've tried so far. Change the IP address field to the target IP and the TCP port field to the port you want. Don't forget to update both checksums. If what you want is TCP forwarding, the

Can I use pcap library for receiving ipv6 packets?

非 Y 不嫁゛ 提交于 2020-01-02 05:38:08
问题 I am trying to convert hping3 to hping6. hping3 uses Pcap library to receive IPv4 packets. But I need to receive IPv6 packets. 回答1: That is possible. libpcap is able to catch anything on the wire. 回答2: Example using ETHERTYPE_IPV6 : static u_int16_t ether_packet(u_char *args, const struct pcap_pkthdr *pkthdr, co nst u_char *p) { struct ether_header *eptr = (struct ether_header*)p; assert(pkthdr->caplen <= pkthdr->len); assert(pkthdr->caplen >= sizeof(struct ether_header)); return eptr->ether

Reconstructing data from PCAP sniff

自作多情 提交于 2019-12-31 09:30:12
问题 I am trying to sniff HTTP data through libpcap and get all the http contents (header+payload) after processing the TCP payload. As per my discussion at Writing an http sniffer (or any other application level sniffer) , I am facing problems due to fragmentation - I need to reconstruct the whole stream (or defragment it) to get a complete HTTP packet, and this is where I need some help. Thanks in anticipation !! 回答1: It's really pretty simple. Just take the ethernet frames that you get from

How to check if flag in TCP struct is set?

房东的猫 提交于 2019-12-31 06:52:06
问题 I'm using the pcap C library to read packets. Currently, I use the following to check and see whether a flag in the struct tcphdr (this struct is defined in the netinet/tcp.h library) is set: struct tcphdr *tcp = .... if(tcp->th_flags & TH_SYN) { //SYN FLAG IS SET? } Will this always work for checking if a particular flag is set in the struct? Or is there a better way? Would greatly appreciate any advice/tips :) 回答1: That looks fine to me. TH_SYN is a single bit, so that expression will be

libpcap抓取数据包

时光总嘲笑我的痴心妄想 提交于 2019-12-26 21:22:51
libpcap是数据包捕获函数库。该库提供的C函数接口可用于需要捕获经过网络接口数据包的系统开发上。libpcap提供的接口函数主要实现和封装了与数据包截获有关的过程。这个库为不同的平台提供了一致的编程接口,在安装了libpcap的平台上,以libpcap为接口写的程序,能够自由的跨平台使用。 linux下libpcap的安装:sudo apt-get install libpcap-dev linux下gcc编译程序:gcc my_pcap.c -lpcap 执行程序的时候如果报错: no suitable device found,以管理员权限运行程序即可,sudo ./my_pcap libpcap的抓包框架: 头文件: #include <pcap.h> 在/usr/local/include/pcap目录下 1.查找网络设备 char *pcap_lookupdev(char *errbuf) 该函数用于返回可被 pcap_open_live()或pcap_lookupnet()函数调用的网络设备名(一个字符串指针)。如果函数出错,则返回NULL,同时errbuf中存放相关的错误消息。 2.获得指定网络设备的网络号和掩码 int pcap_lookupnet(char *device, bpf_u_int32 *netp, bpf_u_int32 *maskp, char

Why are some Beacon Frames dropped

喜欢而已 提交于 2019-12-25 03:55:09
问题 Why am I not capturing all Beacon Frames? Are they being dropped by AP? I'm using libpcap in Linux for capturing Beacon Frames and parsing the timestamp. I use the timestamps to compute the interval between captured Beacon Frames. Most of the time the interval is what it should be, namely 102.4ms. However, every 5-6 packets show an interval of a multiple of 102.4ms, this can be 204, 306 and up to 800ms. I don't know if this is due to AP not sending those Beacon Frames or my pcap not capturing
订阅 libpcap