packet-capture

问题 I'm creating application based on ToyVPN to capture tcp/udp packets. After i get outgoing packets in my apllication i would like to forward them to original destination. I have managed to get destination ip and port from headers but i have no idea how to communicate with remote server and then write response back to the source. I think this is possible because there is this app. Here is my first first attempt: private void runVpnConnection() throws Exception { configure(); FileInputStream in

问题 I'm creating application based on ToyVPN to capture tcp/udp packets. After i get outgoing packets in my apllication i would like to forward them to original destination. I have managed to get destination ip and port from headers but i have no idea how to communicate with remote server and then write response back to the source. I think this is possible because there is this app. Here is my first first attempt: private void runVpnConnection() throws Exception { configure(); FileInputStream in

来源： https://stackoverflow.com/questions/45890941/howto-intercept-tcp-packet-and-modify-in-the-fly

问题 I just upgraded my Samsung Note 8 phone to Android OS 9.0 When I go to advanced wifi settings, I choose to use Proxy mode manually. Host: 192.168.1.8 Port: 8888 On the computer I turned on the Fiddler software to catch the packets. However, I could not catch any packets coming out from the phone. Before that I was using Android OS 8.0. I can still capture the packet using Fiddler Does Google have better security on Android 9.0 回答1: Not sure about your exact set up. I can recommend the

问题 I just upgraded my Samsung Note 8 phone to Android OS 9.0 When I go to advanced wifi settings, I choose to use Proxy mode manually. Host: 192.168.1.8 Port: 8888 On the computer I turned on the Fiddler software to catch the packets. However, I could not catch any packets coming out from the phone. Before that I was using Android OS 8.0. I can still capture the packet using Fiddler Does Google have better security on Android 9.0 回答1: Not sure about your exact set up. I can recommend the

问题 The definition can be seen here. The candidate answer may be tcp and dst port 80 ,but can tcp and dst port 80 guarantee it's HTTP traffic and includes all HTTP traffic? It seems not,because some site can be visited by specifying a different port other than 80 this way: http://domain.name:8080 So my question is: what's the exact BPF for HTTP ? UPDATE Is there an implementation to verify whether a packet is a HTTP one in c already? 回答1: Simplest filter: tcp and dst port 80 Many ports (including

问题 I'm currently trying to use codes with libnetfilter_queue in userspace to modify packets that were queued in the NFQUEUE target in iptables. However I have little idea as to how to go about doing it. I have set it to copy the packet with NFQNL_COPY_PACKET, if I were to modify the copied packet would it be automatically send back to the kernal by the function nfq_set_verdict()? Additionally, I have previously worked with extracting packets from a pcap file, however I noticed that the data that

问题 I'm trying to figure out why REST calls sent from my handheld device (Windows CE / Compact Framework) are not making it to my server app (regular, full-fledged .NET app running on my PC). The handheld device and the PC are connected - I know that because I can see the handheld device in the PC's Windows Explorer, Windows Mobile Device Center verifies the connection between the two is valid, etc. I reach the breakpoint on my server app running on my PC when I pass the same REST call via

问题 I'm using the pcap C library to read packets. Currently, I use the following to check and see whether a flag in the struct tcphdr (this struct is defined in the netinet/tcp.h library) is set: struct tcphdr *tcp = .... if(tcp->th_flags & TH_SYN) { //SYN FLAG IS SET? } Will this always work for checking if a particular flag is set in the struct? Or is there a better way? Would greatly appreciate any advice/tips :) 回答1: That looks fine to me. TH_SYN is a single bit, so that expression will be

问题 I'm curious as to how I could figure out the API URL an Android application (any app I have installed) uses if it makes API calls to some online server (a RESTful service for example). I presume I have to capture packets on the device and maybe analyse them in Wireshark or something to find the URL? I'm fairly competent in Java/Android development, but a bit lost when it comes to any sort of network analysis business. 回答1: you can do this with help of WireShark. I am listing steps here