libpcap

Why is pcap_datalink() always returning 1 (Ethernet), even on wireless device?

ⅰ亾dé卋堺 提交于 2019-12-10 09:19:14
问题 I'm having an issue where by pcap_datalink() is always returning 1 . To my understanding this is LINKTYPE_ETHERNET . But, the device I am using is a wireless card and in my case en0 . This is stopping me from putting the card into monitor mode, and stopping my WLAN filters from working. I've tried to run this on both OSX and Linux with the same results. I also run as root. Here's the part of my code that's causing the problem. For the example, assume dev is set to en0 (wireless device on Mac)

How to perform scanning of wifi ap available nearby using pcap in c [closed]

非 Y 不嫁゛ 提交于 2019-12-10 00:34:49
问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 3 years ago . Basically I want a simple C code which illustrates capturing packet in promiscuous mode and extracts out ssid from them. Edit1 I am writing the code which I wrote to perform basic sniffing. #include <stdio.h> #include <pcap.h> int main(int argc, char *argv[]){ pcap_t *handle; struct pcap_pkthdr header; const u

pcap_loop and pcap_dispatch Difference

我怕爱的太早我们不能终老 提交于 2019-12-09 15:08:21
问题 What exactly is the difference between pcap_loop and pcap_dispatch? 回答1: The manual describes this amazingly well (I'm saying that with a straight face, promise). From man pcap_loop : pcap_loop() processes packets from a live capture or ``savefile'' until cnt packets are processed, the end of the ``savefile'' is reached when reading from a ``savefile'', pcap_breakloop() is called, or an error occurs. It does not return when live read timeouts occur. A value of -1 or 0 for cnt is equivalent to

How to manipulate packet and write to pcap file using pcap4j

时光总嘲笑我的痴心妄想 提交于 2019-12-08 13:09:30
问题 I want to get through a pcap file and go to each packet. Then get IP Address and manipulate it. In the end, I'm going to write it into a new pcap file. I use pcap4j version 1.6.4 and below is how I get the Source IP Address: String fname = "FileName"; String dumpFile = "newFileName"; PcapHandle h = Pcaps.openOffline(fname); PcapDumper dumper = h.dumpOpen(newFileName); Packet p = null; while ((p = h.getNextPacket()) != null) { IpV4Packet ip = p.get(IpV4Packet.class); Inet4Address srcAddr = ip

vector of packets in libpcap

我怕爱的太早我们不能终老 提交于 2019-12-08 12:00:32
问题 I'm working with libpcap in c / c + + and I have a problem when inserting pointers in a vector. This is my code: typedef vector <u_char *>vPack; ... vPack vect; ... if (pcap_dispatch (p, 0, &mycallback, (u_char *) &vect) < 0){ cout << "Error" << endl; pcap_perror (p, prestr); } .... void mycallback (u_char * args, const struct pcap_pkthdr *pkthdr, const u_char * packet){ u_char *pk; pk = (u_char *)packet; vPack *vec = (vPack *) args; vec[0].push_back(pk); } The problem is that the elements

How do you Identify the interface of a packet while listening to network traffic on all devices?

≯℡__Kan透↙ 提交于 2019-12-08 10:54:43
I am writing a python program that needs to listening to traffic on all networking devices and identify packets based on their incoming interface. To listen on all interfaces I started my capture without specify a device, but I am unable to denote the interface of a particular packet. How is this done? Matt Ball I assume that the MAC address is sufficient information for you. The first 6 octets of a packet is the destination MAC address, which is immediately followed by the 6 octets of source MAC address. Source 来源: https://stackoverflow.com/questions/5845719/how-do-you-identify-the-interface

pcap_open_dead to simulate full UDP packets capture

旧街凉风 提交于 2019-12-08 09:19:48
问题 Following up on my question about pcap file creation, I now would like to simulate the saving of a full UDP packet, including the Ethernet, IP and UDP headers. Which DLT_XXX type should I use? I believe pcap_dump() skips the Ethernet header when using pcap_open_dead(DLT_RAW, 65535). 回答1: If you want to simulate a full UDP-over-IP-over-Ethernet packet, you want DLT_EN10MB (the "10MB" in the name is historical; DLT_EN10MB really means "all types of Ethernet"). ( DLT_RAW is for packets where the

pcap_set_rfmon does not work?

♀尐吖头ヾ 提交于 2019-12-08 04:50:49
问题 I am trying to set my device to monitor mode, and i know its capable of being in monitor mode doing a "iwconfig wlan0 mode monitor" works, i run my code and i can capture packets from anywhere. The problem is that in libpcap it fails to set my device to monitor mode at all(without entering the above-mentioned command line).I can't capture any packets until i manually connect to a access point. pcap_t *handler = pcap_create("wlan0",errbuff); if(pcap_set_rfmon(handler,1)==0 ) { std::cout <<

Processing incorrect mac addresses from 802.11 frames with pcap

浪子不回头ぞ 提交于 2019-12-08 02:06:09
问题 I'm working throurgh a project with pcap and wireless. Following an example posted in response to oe of my earlier questions I am trying to extract the mac addresses from wireless frames. I have created structures for the radiotap header and a basic management frame. For some reason when it comes to trying to output the mac addresses I am printing out the wrong data. When I compare to wireshark I don't see why the radio tap data is printing out correctly but the mac addresses are not. I don't

How to use the “pcap_lookupdev()” in libpcap?

北城以北 提交于 2019-12-06 12:12:09
问题 The code cant find any device, I want to know what does pcap_lookupdev() do ? thanks #include <pcap.h> int main(int argc, char *argv[]) { pcap_t *handle; char *dev;// = "eth0"; char errbuf[PCAP_ERRBUF_SIZE]; dev = pcap_lookupdev(errbuf); if (dev == NULL) { fprintf(stderr, "Couldn't find default device: %s\n", errbuf); return(2); } printf("Device: %s\n", dev); return(0); handle = pcap_open_live(dev, BUFSIZ, 1, 1000, errbuf); if (handle == NULL) { fprintf(stderr, "Couldn't open device %s: %s\n"
订阅 libpcap