2007-05-10
AltSci Concepts

Computer Journal

Computer Journal
back

Packet Capture Dump with libpcap


by Joel R. Voss aka. Javantea
jvoss@altsci.com
jvoss@myuw.net
May 1-7, 2005

pcapdump 0.1 [sig]

DESCRIPTION

TCP Dump and libpcap
Wireshark

Libpcap is a very simple library to get the data from packet capture files. TCP Dump is a program that captures data from interfaces. It can also print the data it captures in realtime or later. Wireshark is a GUI program that reads cap files (and can also capture data) and displays the information very well.

Wireshark has plenty of bugs and fails to do certain operations on large files. For example, a 1MB download over HTTP can be saved in Wireshark. But trying to save a 100 MB download over HTTP can cause Wireshark to crash. Instead of fixing this bug, I decided to write an HTTP dumper which uses far less memory than Wireshark to simply output the HTTP file. It currently is not working 100% because any broken packets or packets out of order will be accepted and outputted. The DNS dumper does work, dumping a list of dns requests from a cap file.

REQUIREMENTS

The pcapdump requires libpcap.

METHODS

More detailed information coming soon.
Until then, look at the source code.

#include <pcap.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <netdb.h>
#include <netinet/udp.h>

char errbuf[PCAP_ERRBUF_SIZE];
pcap_t *capture = pcap_open_offline(filename, errbuf);
if(capture == 0)
{
	printf("Couldn't open file %s.\n", filename);
	perror("pcap_open_offline");
}
struct pcap_pkthdr header;
const u_char *packet;
do
{
	packet = pcap_next(capture, &header);
	if(packet == 0) break;
	// Your code here.

} while(packet != 0);



USAGE
pcapdump_http1 file.cap [filter blah yak yak yak]
pcapdump_dns1  file.cap [filter blah yak yak yak]

More detailed information coming soon.

Mod level: -1 0 1 2 3 4 5

Comments:

Modded: 0
REOruNyNxqxSAHh
by tBhSyPbNDo on 06/26/11
Now I feel stuipd. That's cleared it up for me
Modded: 0
FtAoPFZqeBhgEJPinI
by jqVAnslI on 06/26/11
Smack-dab what I was lioonkg for—ty!
Modded: 0
euhRziTcbpliqpQi
by bXiLRtFwdphCl on 06/26/11
Haha. I woke up down today. You’ve cheeerd me up!
Modded: 0
gPYQYaWJscAoaDEvtkN
by yslJlnLjfYnkYW on 06/27/11
That’s ralely shrewd! Good to see the logic set out so well.
Modded: 0
XnmOIzChLFVqDwbSkZ
by ppyAkKQGlERDyBZOAm on 06/27/11
Good point. I hadn't tuohhgt about it quite that way. :)
Modded: 0
yEgeEtHVQheFo
by XgmqnadoapG on 06/27/11
None can doubt the veracity of this actrile.
Modded: 0
SmymihhPQqOcTCv
by EFrxPNhPcrYtBCeCrYz on 01/03/12
TYVM you've soelvd all my problems
Modded: 0
QUtJJMlHRKMRHml
by ETniKkJCnODIQ on 01/03/12
That's way the besetst answer so far!
Modded: 0
qYCgclSqtJxfFUJ
by ARbqqBbqdHATZqxnigJ on 01/03/12
Absolutely first rate and coeppr-bottomed, gentlemen!
Modded: 0
pqQSlmNAaPW
by GnuDJhFWEcBtUnB on 01/03/12
Holy sihznit, this is so cool thank you.
Modded: 0
ufZClpihHCM
by XAtjeXZtVlFG on 01/03/12
If time is money you've made me a wealtiher woman.
Modded: 0
lHNBQImZYUFzPX
by CqvFTKuVDwZRlFOW on 01/03/12
It's always a reeilf when someone with obvious expertise answers. Thanks!
Modded: 0
ohJKoTMvMyBUcxbC
by DwacjsmznHRuz on 01/04/12
What a joy to find such clear thniknig. Thanks for posting!
Modded: 0
rgZzLFDZvFTiADZ
by VHlTdjPtBkA on 01/04/12
Umm, are you rellay just giving this info out for nothing?
Modded: 0
fAPQXCJgOjzPeyNYlvk
by nagznEYh on 01/04/12
I had no idea how to approach this bofere-now I'm locked and loaded.
Modded: 0
sdgMZLNUONpmvRGncyT
by YQqAVvZXdDG on 01/04/12
Your story was raelly informative, thanks!
Modded: 0
kwNrSRJaqGPdgVNqXM
by HxxYNdKNQVIHjh on 12/18/12
ප ර ශ ව වල අයට න ප න න න ත රත ර සඟවන උප රක රමය තමය encryption ක යන න . ඒක edocning වලට වඩ ව නස .Encoding වලද , encode කරන න ප ව ච ච කළ ගණ තමය ක ර ය පට ප ට ය (algorithm) සලක බල encode කළ ත රත ර decode කරගන න ප ළ වන . නම ත encryption වලද , අද ළ ගණ තමය ක ර ය පට ප ට ද න ස ට යත ත ව න ප ර ශ වයකට ඒව decrypt කරගන න හ ක ය වක න හ .Google account එකට ප ව ස ම ද username සහ password යවන න encrypt කරල . Encryption ක ව වමත ව ව ධ ක ර encryption උපක රම ත ය නව . Google ප ව ච ච කරන න SSL encryption ක යන ක රමය.Google account එකට ප ව ස න ව ල ව browser එක address bar එක ද හ බලන න. HTTPS වල න න ද පටන ගන න ? සමහරව ට ඉබ බ ක ත ඇත එතන. :)එය න ක යන න අද ළ ව බ ප ට වත , සර වරයත අතර හ වම ර ව න දත ත ම ර න ට බ ල බ න න බ ක යන එක. :)
Post a comment
Your Name: Login

Subject:

Comment:

RSS Feed
Home | Login | Others