winpcap | Pull requests | Runtime Evironment library
kandi X-RAY | winpcap Summary
kandi X-RAY | winpcap Summary
The WinPcap packet capture library. Pull requests will be ignored. Please upload changes to https://code.wireshark.org/review/ .
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of winpcap
winpcap Key Features
winpcap Examples and Code Snippets
Community Discussions
Trending Discussions on winpcap
QUESTION
I am stumbling my way through writing a dissector for our custom protocol in Lua. While I have basic field extraction working, many of our fields have scale factors associated with them. I'd like to present the scaled value in addition to the raw extracted value.
It seems to me tree_item:add_packet_field is tailor-made for this purpose. Except I can't get it to work.
I found Mika's blog incredibly helpful, and followed his pattern for breaking my dissector into different files, etc. That's all working.
Given a packet type "my_packet", I have a 14-bit signed integer "AOA" that I can extract just fine
...ANSWER
Answered 2020-Jul-08 at 21:49Looking at the try_add_packet_field() source code, only certain FT_ types are supported, namely:
FT_BYTESFT_UINT_BYTESFT_OIDFT_REL_OIDFT_SYSTEM_IDFT_ABSOLUTE_TIMEFT_RELATIVE_TIME
None of the other FT_ types are supported [yet], including FT_UINT16, which is the one you're interested in here, i.e., anything else just needs to be done the old fashioned way.
If you'd like this to be implemented, I'd suggest filing a Wireshark enhancement bug request for this over at the Wireshark Bug Tracker.
QUESTION
With winpcap or libpcap I can find the port. But how do I know which app was listening to the port while the package was received? Thank in advance
...ANSWER
Answered 2020-May-07 at 00:58In general, that information cannot be derived purely from the pcap file.
IP, TCP, and UDP headers have addresses and port numbers, but they don't have anything indicating the application from which they're sent or to which they're being received.
That information would have to be determined on the machine running the application; the way that's done depends on the operating system.
QUESTION
Do you know how to create empty file pcap with winpcap dll? I buffer filtered packets in program memory and want to save when user click to export to .pcap file.
But when using pcap_open_offline(const char *fname, char *errbuf) can open file only if file exists. I tried fopen and other functions to create file previously (in binary mode too) but unsucessfully.
So how to get pcap_t handle pointer for pcap_dump_open(pcap_t *p, const char *fname) this way?
UPDATED: I try to use this code
...ANSWER
Answered 2020-Apr-07 at 18:21Do you know how to create empty file pcap with winpcap dll? I buffer filtered packets in program memory and want to save when user click to export to .pcap file.
...
So how to get pcap_t handle pointer for pcap_dump_open(pcap_t *p, const char *fname) this way?
pcap_dump_open() returns a pcap_dumper_t * handle for use when writing the file; a pcap_t * is used for capturing or reading, not writing.
What you need to do, if you want to write a pcap file, is use pcap_dump_open(). If you have a pcap_t * from which you're reading or capturing the filtered packets, you should use that pcap_t * in the call to pcap_dump_open().
QUESTION
I want to compile my libpcap and winpcap based programms, but I noticed that other users also have to install WinPCAP among my programm. How can I compile all necessary files into one programm?
...ANSWER
Answered 2020-Mar-11 at 17:55Short answer: You can't.
The long answer comes from some old wisdom in a WinPcap mailing list:
There is a way to make
packet.dllandwpcap.dllstatic: rebuild them as such. You just sacrifice the ability to do anything, since all the stuff inwpcap.dllrequirespacket.dll, and all the stuff inpacket.dllrequires the kernel driver. And the kernel driver won't exist without the full winpcap installation.It includes (among other things) a kernel driver that cannot be transformed to a static library.
There is no way on Windows to make a kernel driver part of a static library. (Or a
DLL, for that matter.) If the kernel driver is required, then it's hard to get anything done without it.
QUESTION
I am trying to install Net::Pcap (https://metacpan.org/pod/Net::Pcap) using protable edition of strawberry perl v5.28.1 ,below are my steps :
1.I installed npcap (winpcap for windows 10 ) from https://nmap.org/npcap/#download
2.I downloaded the npcap sdk from https://nmap.org/npcap/#download
3.I extracted the SDK zip folders to c:/WdpPack and verifes Include and Lib folders includes the header files and libraries
4.Then run the following command
...ANSWER
Answered 2020-Feb-06 at 15:39I was able to compile this by moving the SDK folders from C:\WdpPack to my C:\User folder. I am not so familiar with Windows, so I am not sure why this works, maybe something to do with permissions?
Update:
After running perl Makefile.PL, running gmake to compile the module fails with errors:
QUESTION
I am trying to create a simple web monitoring app with scapy(2.4.3), python 2.7 on a windows 10 machine. I also have winpcap(5.0.9983.830) isntalled
...ANSWER
Answered 2020-Jan-14 at 11:06Your interface is not called eth0 if you are using Windows.
You can use ipconfig /all to see all your network interfaces, and you can use the description value of the Ethernet interface as the interface name for Scapy.
So for example in my laptop it is:
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install winpcap
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
