AltSci Concepts

Computer Journal

Computer Journal

Packet Capture Dump with libpcap

by Joel R. Voss aka. Javantea
May 1-7, 2005

pcapdump 0.1 [sig]


TCP Dump and libpcap

Libpcap is a very simple library to get the data from packet capture files. TCP Dump is a program that captures data from interfaces. It can also print the data it captures in realtime or later. Wireshark is a GUI program that reads cap files (and can also capture data) and displays the information very well.

Wireshark has plenty of bugs and fails to do certain operations on large files. For example, a 1MB download over HTTP can be saved in Wireshark. But trying to save a 100 MB download over HTTP can cause Wireshark to crash. Instead of fixing this bug, I decided to write an HTTP dumper which uses far less memory than Wireshark to simply output the HTTP file. It currently is not working 100% because any broken packets or packets out of order will be accepted and outputted. The DNS dumper does work, dumping a list of dns requests from a cap file.


The pcapdump requires libpcap.


More detailed information coming soon.
Until then, look at the source code.

#include <pcap.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netdb.h>
#include <netinet/udp.h>

char errbuf[PCAP_ERRBUF_SIZE];
pcap_t *capture = pcap_open_offline(filename, errbuf);
if(capture == 0)
	printf("Couldn't open file %s.\n", filename);
struct pcap_pkthdr header;
const u_char *packet;
	packet = pcap_next(capture, &header);
	if(packet == 0) break;
	// Your code here.

} while(packet != 0);

pcapdump_http1 file.cap [filter blah yak yak yak]
pcapdump_dns1  file.cap [filter blah yak yak yak]

More detailed information coming soon.

Mod level: -1 0 1 2 3 4 5


Modded: 0
by tBhSyPbNDo on 06/26/11
Now I feel stuipd. That's cleared it up for me
Modded: 0
by jqVAnslI on 06/26/11
Smack-dab what I was lioonkg for—ty!
Modded: 0
by bXiLRtFwdphCl on 06/26/11
Haha. I woke up down today. You’ve cheeerd me up!
Modded: 0
by yslJlnLjfYnkYW on 06/27/11
That’s ralely shrewd! Good to see the logic set out so well.
Modded: 0
by ppyAkKQGlERDyBZOAm on 06/27/11
Good point. I hadn't tuohhgt about it quite that way. :)
Modded: 0
by XgmqnadoapG on 06/27/11
None can doubt the veracity of this actrile.
Modded: 0
by EFrxPNhPcrYtBCeCrYz on 01/03/12
TYVM you've soelvd all my problems
Modded: 0
by ETniKkJCnODIQ on 01/03/12
That's way the besetst answer so far!
Modded: 0
by ARbqqBbqdHATZqxnigJ on 01/03/12
Absolutely first rate and coeppr-bottomed, gentlemen!
Modded: 0
by GnuDJhFWEcBtUnB on 01/03/12
Holy sihznit, this is so cool thank you.
Modded: 0
by XAtjeXZtVlFG on 01/03/12
If time is money you've made me a wealtiher woman.
Modded: 0
by CqvFTKuVDwZRlFOW on 01/03/12
It's always a reeilf when someone with obvious expertise answers. Thanks!
Modded: 0
by DwacjsmznHRuz on 01/04/12
What a joy to find such clear thniknig. Thanks for posting!
Modded: 0
by VHlTdjPtBkA on 01/04/12
Umm, are you rellay just giving this info out for nothing?
Modded: 0
by nagznEYh on 01/04/12
I had no idea how to approach this bofere-now I'm locked and loaded.
Modded: 0
by YQqAVvZXdDG on 01/04/12
Your story was raelly informative, thanks!
Modded: 0
by HxxYNdKNQVIHjh on 12/18/12
ප ර ශ ව වල අයට න ප න න න ත රත ර සඟවන උප රක රමය තමය encryption ක යන න . ඒක edocning වලට වඩ ව නස .Encoding වලද , encode කරන න ප ව ච ච කළ ගණ තමය ක ර ය පට ප ට ය (algorithm) සලක බල encode කළ ත රත ර decode කරගන න ප ළ වන . නම ත encryption වලද , අද ළ ගණ තමය ක ර ය පට ප ට ද න ස ට යත ත ව න ප ර ශ වයකට ඒව decrypt කරගන න හ ක ය වක න හ .Google account එකට ප ව ස ම ද username සහ password යවන න encrypt කරල . Encryption ක ව වමත ව ව ධ ක ර encryption උපක රම ත ය නව . Google ප ව ච ච කරන න SSL encryption ක යන ක රමය.Google account එකට ප ව ස න ව ල ව browser එක address bar එක ද හ බලන න. HTTPS වල න න ද පටන ගන න ? සමහරව ට ඉබ බ ක ත ඇත එතන. :)එය න ක යන න අද ළ ව බ ප ට වත , සර වරයත අතර හ වම ර ව න දත ත ම ර න ට බ ල බ න න බ ක යන එක. :)
Post a comment
Your Name: Login



RSS Feed
Home | Login | Others