Questions tagged [pcap]
The pcap tag has no usage guidance.
38
questions
0
votes
1
answer
16
views
Use tshark and return binary of packet in the STDOUT
As part of a project, I need to retrieve network packets on a network interface using -i.
tshark -i eth0
I need to retrieve the binary format of the packages, however I would like if possible not to ...
Youen lb
0
votes
1
answer
71
views
Running soft AP and bridge mode on laptop for legacy connections, connection fails
Recently, I’ve resumed playing Mario Kart DS, an old (2005) Nintendo game available on the Nintendo DS console, including playing online. The online service has been closed by Nintendo for a long time ...
- 141
1
vote
0
answers
83
views
kali linux filter by protocol wireshark's pcaps
I spent the last 2h looking for a way to quikly filter pcaps, it seems that it is possible using cmd/bat on windows but I can't find anything for kali linux.
I have a way too big pcap and I want to ...
- 11
1
vote
1
answer
355
views
Black hole output interface for tcpreplay
I'm using a command line like this to replay a huge PCAP file at high speed - I'm benchmarking various aspects of tcpreplay:
sudo tcpreplay --mbps=1000 --intf1=docker0 linuxbig_log.pcap
As I don't ...
- 124
1
vote
1
answer
1k
views
How to use ciscodump?
In wireshark, there is this option called Cisco remote capture: ciscodump, which, from my understanding, should enable to do a tcpdump on a cisco router (for example) via SSH and get back the results ...
- 11
1
vote
0
answers
677
views
Generate alert from pcap file with Snort
I'm learning to use snort by myself and I can't figure out if I'm generating alerts from a file well.
The rules i have in local.rules are:
alert icmp any any -> any any (msg:"Testing ICMP"...
0
votes
1
answer
507
views
Wireshark - exports what it recognises as a jpeg but the jpeg doesn't open
I have a JPEG GET request in my PCAP as below but when I export it, it's not a valid JPEG file
Any advice as to what I'm doing wrong?
- 493
1
vote
0
answers
605
views
ALFA wifi network card Monitor Mode on Mac OS
I recently bought an ALFA AWUSO36EAC and I want to use it for packet injection and monitor mode on Mac OS. I was told that this is a better page to ask about Network Card related questions. I have ...
- 111
0
votes
1
answer
4k
views
tshark how to count the number of returned packets
I am using tshark and i need to findout how many of my 10,0000 packets contain a HTTP URI
Therefore, i have written the line of code that goes as followes:
tshark -r tsharklab.pcap -Y "http....
- 3
0
votes
1
answer
380
views
TLS handshake to microsoft.com hangs
Two Linux machines (Ubuntu 20.04 & 18.04.4 running on vSphere) behind NAT are not able to complete the TLS handshake to https://microsoft.com and https://mcr.microsoft.com, while they are able to ...
0
votes
1
answer
241
views
What are the specific requirements for libpcap directional capture support?
I'm using libpcap on Linux to capture network traffic from a wireless adapter (2.4 GHz). The pcap_setdirection seems to allow you to setup the capture device so that it ignores traffic originating ...
- 212
0
votes
1
answer
706
views
make a difference between pcap files
I have two pcap files and I want to make the difference between them. And store the difference in another pcap file.
I tried diff command but it's not suitable with the binary files and I used also ...
- 21
1
vote
1
answer
384
views
tcpdump: "packet exceeded snapshot"
I am using tcpdump to look into some pcap files, but in the output, I see the following error, instead of getting the header information:
packet exceeded snapshot
I googled it, but I couldn't find ...
- 121
1
vote
1
answer
258
views
Weird TCP re-transmission
My question is why a TCP flow make a re-transmission when a network has enough link bandwidth.
For finding a cause, I used a wireshark. I got the below captured at a host side (10.0.0.1)
25434 50....
- 133
1
vote
1
answer
2k
views
How to stream captured packets via UDP? tcpdump or other tool
I want to capture traffic or router and send it to remote host via tzcp or other udp proto.
How to stream captured packets via UDP? tcpdump or other tool
Use case:
Linux box connected to internet ...
- 389