Questions tagged [pcap]

Question 1

I’ve recently completed a thesis on developing a Linux-based Ethernet packet replay program that achieves high precision using the SO_TXTIME kernel option. This program is designed to replicate ...

Question 2

I need to shuffle TCP sessions from pcap file to new file. How can I do it? The following scripts don't work for me. To mix up sessions in a pcap file using Tshark or Wireshark, you can use the ...

Question 3

I have a pcap file captured with tcpdump: tcpdump -w out.pcap -ni eno1 host 192.88.99.1 I can view the pcap: rful011@secmonprd13:~$ tcpdump -nr out.pcap -tttt | head reading from file andy.tcpd, link-...

Question 4

I'm trying to filter traffic by src ether host to see all devices with a specific MAC prefix. If this were like IP, it might filter with src ether host aa:bb:cc:00:00:00/24 to see OUI's matching aa:...

Question 5

I am working with lots of PCAP files and trying to convert them into .tsv files for tabular analysis. So I'm using tshark in a Ubuntu 22 VirtualBox machine to dissect each packet. I have a bash ...

Question 6

I am new to using snort and still learning in university. I am wondering after I find an intrusion how can I log it and save it as a pcap file? What would the syntax look like to do this? So I can ...

Question 7

I have an embedded linux USB host which refuses to detect a number of my USB devices. The host is running Ubutun 20.04LTS Nothing shows up in dmesg during a failed detection and afterward the USB port ...

Question 8

I'm using aircrack-ng to capture a handshake on a WPA2 access point. I would like to write the outfile in pcap format, but I keep getting errors. I've tried reinstalling aircrack-ng using versions ...

Question 9

I have a pcap file and need to send it to specific interface. How can I do it?

Question 10

Sounds dumb, but can you extract application name from a packet/pcap. For eg: If a packet destination is to chrome process, can you extract that information from packet?

Question 11

Object: to find the IP addresses of HTTP servers in a pcap file with a specific header string. Can or should the -l option to flush be used? One way: the following was done but am wondering if it can ...

Question 12

I am sorry if this is duplicate of https://serverfault.com/q/1076769/822163. I created that first and then realized the Linux and Unix stack exchange is the right place. Problem: When the tc HTB or ...

Question 13

In my docker container I run the following command to install the lib pcap: apt-get install -y libpcap-dev When I run apt list --installed I see this weird output: libpcap-dev/oldstable,now 1.8.1-6 ...

Question 14

I am porting a DOS application to linux and don't know a hell of a lot about linux. The application is a machine controller which uses ethernet as a high-speed serial port. Networking has nothing to ...

Question 15

https://www.tcpdump.org/index.html#documentation has manpages for pcap, tcpdump, and rpcapd, but I don't find what relation is between the three. Is pcap a C library for implementing a client of ...

Stack Exchange Network

Questions tagged [pcap]

Interest in High-Precision Linux Packet Replay Tool Using SO_TXTIME?

mixup TCP sessions in pcap file to new pcap file

Issues with BPF filters and 6to4 traffic

Can `tcpdump ether host` filter with a mask to get, for example, hosts with a specific OUI?

GeoIP not working when processing PCAP with tshark as su

How do I generate a Snort pcap file?

USB device shows nothing in dmesg when connected, disables port

Error: Invalid output format: IVS and PCAP format cannot be used together

How to send pcap file to ethernet

extract application name from rawpacket

TShark pcap filter command possibly simplified?

tc traffic shaping with HTB and CQB causes packet transmission gap inconsistencies

Installing the latest version of libpcap & libpcap-dev

Turning ethernet on/off

Is tcpdump a client of rpcpad and implemented in pcap?

Hot Network Questions