Professional Documents
Culture Documents
Pcap File Capture
Pcap File Capture
Libpcap is an open source library that provides a high level interface to net-
work packet capture systems. It was created in 1994 by McCanne, Leres and
Jacobson – researchers at the Lawrence Berkeley National Labora- tory from
the University of California at Berkeley as part of a research project to
investigate and improve TCP and Internet gateway performance.
Wireshark :
Small scale
- Analysis of existing software
- Design and testing of new protocols
Large scale
-Traffic analysis and statistics
-capacity planning
- creation and implementation of traffic policy
Network attack and attack prevention
-verify security policy
-capture of credentials
Consideration of captured packets:
Minimize the effect of capture on the network traffic
Your capture device can only capture traffic that reaches its network
interface
The normal host interface behavior is to filter that doesnot match an
interface address
Ntohs() :
The ntohs function takes a 16-bit number in TCP/IP network byte order (the
AF_INET or AF_INET6 address family) and returns a 16-bit number in host byte
order.
pcap_loop()
processes packets from a live capture or ``savefile'' until cnt packets are
processed, the end of the ``savefile'' is reached when reading from a
``savefile'‘.