libpcap

问题 I am working on project using libpcap. Now, I need to know the direction of packet (inbound or outbound) once I got the packet in callback function. I am going to write the methods to compare IP and MAC address between client and these information extract from packet. Am I right? Could you please help me some comments or advices on this problem? Thank you for your time. 回答1: The source or target IP address is sufficient. If the source is local, it's outbound. If the target is local, it's

问题 To get incoming packet from a pcap file. I set "inbound" filter in pcap_compile() and here is partial code. pcap = pcap_open_offline("test.pcap", errbuf); if (pcap == NULL) { fprintf(stderr, "error reading pcap file: %s\n", errbuf); exit(1); } char filter_exp[] = "inbound"; struct bpf_program pgm; if (pcap_compile(pcap, &pgm, filter_exp, 0, PCAP_NETMASK_UNKNOWN) == -1) { printf("Bad filter - %s\n", pcap_geterr(pcap)); return 1; } if (pcap_setfilter(pcap, &pgm) == -1) { printf("Error setting

问题 Recently I am trying to filter the inbound packet from the pcap file by libpcap in C/C++. Here is partial code. pcap = pcap_open_offline(argv[0], errbuf); if (pcap == NULL) { fprintf(stderr, "error reading pcap file: %s\n", errbuf); exit(1); } char filter_exp[] = "inbound"; struct bpf_program pgm; if (pcap_compile(pcap, &pgm, filter_exp, 0, PCAP_NETMASK_UNKNOWN) == -1) { printf("Bad filter - %s\n", pcap_geterr(pcap)); return 1; } if (pcap_setfilter(pcap, &pgm) == -1) { printf("Error setting

问题 I am currently working on libpcap-python, I found it does not help(I don't know how) in modifying packet data. Is there any library which can be used to create network packet? 回答1: Did you have a look at scapy http://www.secdev.org/projects/scapy/ 来源： https://stackoverflow.com/questions/4251076/python-library-for-packet-creation-manipulation

问题 I'm writing python program to build mac-address cache using pcap. But pcap module for python has no good documentation. I have found this page http://pylibpcap.sourceforge.net/ with code example and it works fine. Can anybody modify this example to make it able to show the source mac-address for each packet? Or point me to the documentation where I can read about it ... updated Here is a code part where information about mac addresses were cut. def print_packet(pktlen, data, timestamp): if

问题 Is there anyway to get nanoseconds out of a pcap with existing python libraries? I have a nanoseconds pcap file that works just fine with Wireshark but the Python pcapy library will not even import the file. This functionality does exist in c libpcap (see: this thread) but has anyone ported it into Python? I took a look at the source code but it is over my head in changing pcapy to allow this. Nanoseconds are necessary for what I am doing and microseconds do not give me the necessary

问题 I am writing a program that uses libpcap to capture packets and reassemble a TCP stream. My program simply monitors the traffic and so I have no control over the reception and transmittal of packets. My program disregards all non TCP/IP traffic. I calculate the next expected sequence number from the ISN and then the successive SEQ numbers. I have it set up so that every TCP connection is uniquely identified by a tuple made up of the source IP, source port, dest IP, and dest port. Everything

问题 It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center. Closed 7 years ago . Is the below code correctly calculating the FCS value of wireless 802.11 frames? Because the value produced by the below code does not match the value shown by wireshark. const uint32_t crctable[] = { 0x00000000L

问题 While working with Linux pthreads and libpcap I noticed some weird behavior when using pcap_breakloop . My goal is the following: Opening a new thread that will run pcap_loop and deal with captured packets, while the main thread will do other stuff. When the a signal (SIGINT) is received, or when it's time to exit, a global variable will be set and the main thread will issue pcap_breakloop to end the second thread and then finish itself. The idea might still need some working, but the strange

问题 I am trying to view TCP payload information using libpcap. To do this I need to locate the payload's position in memory. I am using this Programming With Pcap guide to figure out the location of the request payload. When sniffing packets originating from a client that resides on the same machine as the service (loopback adapter) the IP Header length is 0. I cannot successfully find the location of the request payload. Is this to be expected when listening to loopback adapter? I am working on