packet-sniffers

问题 I am trying to create a simple web monitoring app with scapy(2.4.3), python 2.7 on a windows 10 machine. I also have winpcap(5.0.9983.830) installed. This is the code I am trying to run: def http_header(packet): print packet sniff(iface='eth0', prn=http_header) And this is the error it throws: raise ValueError("Unknown pypcap network interface %r" % pcap_name) ValueError: Unknown pypcap network interface 'eth0' I also installed .Microsoft Visual C++ Compiler for Python 2.7 just to be safe, as

问题 I uploaded a txt file to a server and captured the upload with Wireshark. The issue is that there is a segment that is extreamly long and right after that i get ack's from the server for lower sequences than i should. on line 865 my PC sends a segment with the length of 12240. I should get an ack that is bigger than 12240 and yet this is not the case. Wireshark capture image 回答1: Look at frame 862. The host 128.119.245.12 is advertising an MSS of 1360 bytes. So, the maximum size of TCP

问题 I am trying to filter HTTP Get request packets using scapy by using the Raw information of the packet for deciding which packet is a Get request and which isn't but I didn't find a way to decode the Raw section of the packet, something that looks like that (Not sure if that packet is a HTTP Get request): <Raw `load="\x17\x03\x03\x00m\xb8G\xdb\n\xff\x94s\x90y\xe3y\xfa\xa1\x81[-\x05\xf8'Jpq\xf3\x98\xa0\x04d\x08N\xf6\x08\x93\xb1\xd9\xed\xc4^;\xc15\xf2D\xa7\xb4_\x95\x8f\x14l5~[9\xb0\x9f^EI\xbb

问题 I need to receive incoming UDP packets using RAW socket, which is being opened using this code snippet: static int fd; char *iface; iface = "eth0"; if ( (fd = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_IP))) < 0 ) { perror("socket"); } if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, iface, strlen(iface)) < 0) { perror("bind"); exit(EXIT_FAILURE); } I send, say, 100 identical packets and try to receive and count them. I use recv(...) to do this. Only 93 packets are delivered, and then recv(...)

问题 After a new installation of Python2.7.14 and scapy(Version git-archive.dev254ab6d5a) i cant define my LAN-card as interface. As long iface=None the sniff function works fine. If i assign iface to a string, i get the following Error. For this Error i didn't found any posts on google:/. Code: #Import all necessary scapy functionality from ethernet Api from Lib.IHR_EthApi import * from Lib.IHR_GeneralApi import GeneralApi as SYS from scapy.all import * FullTrafficList = [] #show_interfaces()

问题 In this code with pyshark import pyshark cap = pyshark.FileCapture(filename) i = 0 for idx, packet in enumerate(cap): i += 1 print i print len(cap._packets) i and len(cap._packets) give two different results. Why is that? 回答1: A look at the source code reveals that _packets is a list containing packets and is only used internally: When iterating through a FileCapture object with keep_packets = True packets are getting added to this list. To get access to all packets in a FileCapture object

问题 What is the correct BPF filter for only recieving packets where the source MAC address is equal to the transmission MAC address? Looking at the documentation, it seems like the fields should be available through either wlan[21:12] or wlan.addr2 but I'm unable to get those to work. 回答1: According to the pcap-filter manpage, capture filters for tshark or Wireshark don't support comparing packet fields against each other . You can, however, do that with the display filter (top bar in Wireshark,

问题 I want to write a program to log all the URLs visited on a computer, but standalone, so not as a Fiddler2 extension. Are there any libraries out there that do this already that I could include in my application (which I was intending to write in C# .Net, but I'm flexible as long as it's for Windows)? If not are there any that could at least facilitate reading information from HTTP packets? I want to analyse the urls on the fly. Thanks. 回答1: For that, you would have to sniff the traffic on the

问题 I want to write a program to log all the URLs visited on a computer, but standalone, so not as a Fiddler2 extension. Are there any libraries out there that do this already that I could include in my application (which I was intending to write in C# .Net, but I'm flexible as long as it's for Windows)? If not are there any that could at least facilitate reading information from HTTP packets? I want to analyse the urls on the fly. Thanks. 回答1: For that, you would have to sniff the traffic on the

问题 I'm writing a packet sniffer as an exercise in learning .Net 4 socket development on in C#. My goal is to sniff IP packets coming in and out out my computer. My problem is that I'm getting error code 10022, invalid argument, on my call to SetSocketOption. I don't see where I have an invalid argument. I have some admin privs on my computer, but perhaps I don't have enough. It's my work computer and the IT department is pretty strict. With that said, if it was a permissions problem I would