libpcap

问题 Is it possible to have libpcap remove a packet instead of just sniff it as it passes through? I'm wanting to intercept each packet and encapsulate it into a new packet along with measurement data, but both packets (mine and the original) both reach the destination. 回答1: It's not possible. You need to write a driver (for your operating system) to make the networking stack filter out packets. 回答2: The only way you could do this is by being the only physical path between the sender and receiver

问题 I'm using libpcap in C++ for reading packets from pcap files, e.g.: rc = pcap_next_ex((pcap_t*)handle, &header, (const unsigned char**)packet); I would like to parse the packets header (without the payload). For example, how can I parse a given packet in order to extract its source and destintation ip addresses? thanks 回答1: Checkout the code sample for libpcap http://www.tcpdump.org/pcap.html In the got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet); function you

问题 Because I would like to make some tests with the libpcap and a small C program, I am trying to pass a structure from main() to got_packet(). After reading the libpcap tutorial, I had found this: The prototype for pcap_loop() is below: int pcap_loop(pcap_t *p, int cnt, pcap_handler callback, u_char *user) The last argument is useful in some applications, but many times is simply set as NULL. Suppose we have arguments of our own that we wish to send to our callback function, in addition to the

问题 I found a traffic monitoring application for Android, Shark: http://sourceforge.net/projects/prueba-android/ which is based on JnetPcap and has a file with all the source files and the appropriate Android.mk files. I put the jni directory in the samples file of the Android-NDK and I tried to build it using ndk-build -C. During the compilation occurs some errors. Here is the error log I take: make: Entering directory `/home/thanasis/android-ndk-r5b/samples /jnetpcap_pure/jni' Compile thumb :

问题 i am running Fedora 27 and i am trying to install Reaver 1.4 here is the command. ./configure and the result. checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO

问题 I already know how to read a pcap file and get the packets it have.B ut how can I write the packets into a new pcap file? I need this to merge two pcap files into one. 回答1: As per my comment, libpcap/WinPcap is a library, not a program, so to use libpcap/WinPcap to merge capture files, you'd have to write your own code to do the merging, using libpcap/WinPcap to read the input files and write the output files. You could use an existing tool, such as tracemerge or Wireshark's mergecap, to

问题 Yesterday, I asked if my asynchronous use of libpcap was making me lose packets. Today, I looked further and it seems that the problem is not on the asynchronous use of libpcap, but on the use of pcap_next_ex . Occasionally (10 runs out of a 1000), pcap_next_ex will return before the pcap handle timeout expired, telling the program that there were no packets to be read (even though they are there). The following proof-of-concept reproduces the problem. It depends on libpcap, pthread, boost

问题 I'm trying to evaluate a tool called ohrwurm, which claims to be able to corrupt RTP traffic between two SIP endpoints. By reading its source code I don't believe it works, and would like other's opinions before I try it out. It's premise is simple: Assume endpoint A has IP address 192.168.0.11, and endpoint B has IP address 192.168.0.22. On a third box C on the same subnet as A and B execute the following commands in two SSH sessions: arpspoof 192.168.0.11 arpspoof 192.168.0.22 Execute

问题 I want to use pcap to capture packets and then send the captured packets to another host my source code snippets are like: for(;;){ pcap_packet = pcap_next(pcap_handler, &pcap_header); if(pcap_packet !=NULL) printf("capture a packet with length of %d\n", pcap_header.len); // send the packet as payload to the sender, excluding the Ethernet Header n = send(sd_proxy, pcap_packet+ETHERNET_HDR_LEN, pcap_header.len-ETHERNET_HDR_LEN, 0); if(n<0){ shutdown(connfd, SHUT_RDWR); close(connfd); break; }

问题 I have used the code from winpcap example to send pcap file(original code from winpcap documenation found at this link) It works fine to send a small pcap files but if I tried to send a large pcap file (larger than available memory size say 2 Gb) it will fail for sure. This code is used to allocate size of the file in memory in order to send it later caplen= ftell(capfile)- sizeof(struct pcap_file_header); ... /* Allocate a send queue */ squeue = pcap_sendqueue_alloc(caplen); The question is