ARP spoofing is a network attack method that aims to deceive the target host to achieve network attacks. The ARP protocol is a protocol used to obtain MAC addresses, so spoofers can use ARP spoofing to force their target hosts to send network traffic to attacker-controlled devices, thereby achieving network attacks. ARP spoofing attacks usually […]
Tag: pcap
18.3 NPCAP custom packet filtering
The NPCAP library is a library for network packet capture and analysis on Windows platforms. It is a fork of the WinPcap library, developed by the Nmap development team and used in the Nmap software. Like WinPcap, the NPCAP library provides APIs that allow developers to easily capture and process network packets in their applications. […]
Zero-copy mmap of libpcap
1. User space After creating fd through socket(AF_PACKET,…), establish the receiving queue //pcap-linux.c static int pcap_activate_linux(pcap_t *handle) {<!– –> … ret = setup_mmapped(handle, & amp;status); … } 1.1 Set the default ring bufer size static int setup_mmapped(pcap_t *handle, int *status) {<!– –> … \t//1. if (handle->opt.buffer_size == 0) {<!– –> /* by default request 2M […]
Scapy parses pcap files to extract images from HTTP traffic
Scapy parses pcap files to extract images from HTTP traffic Preface 1. Network environment example 2. Example of sniffing traffic 3. pcap file processing at last refer to ? Author: Gao Yuhan ? Time: 2023.9.17 10:25 ? Environment: Linux kali 5.15.0-kali3-amd64, Python 3.11.4, scapy 2.5.0 Things only get interesting once you get some data. Foreword […]
C language sends Ethernet messages by calling the npcap library
Written in front: C language sends Ethernet messages by calling the Npcap library, and the Mac address and protocol type can be customized. First of all, Npcap is a network packet capture SDK developed specifically for Windows. The SDK provides library files and system drivers that are called by applications. Through Npcap, we can get […]
send_pcap is sent from client to server
import os import random import socket import IPy import traceback import time import copy from scapy.all import sendp, PcapReader, wrpcap from scapy.layers.inet6 import IPv6 from decimal import Decimal def get_linux_client_eth2_mac(): “”” :return: “”” mac = os.popen(“/usr/bin/ifconfig | grep ‘HWaddr’ | awk ‘{print $5}'”).read() mac = mac. split(‘\ ‘)[2] return mac def split_tcp_stream(pcap, i, length): “”” […]
Parse pcap files and gradually understand the tcp/ip protocol stack
Preliminary understanding of tcp/ip protocol stack What is a protocol stack What are the functions of the protocol stack Simple implementation of the protocol stack – extracting five tuples Protocol stack is not a simple toy Fundamental core implementation file format definition parsing process Effect What is a protocol stack TCP/IP (Transmission Control Protocol/Internet Protocol) […]
How to automate suricata/snort/zeek analysis of PCAP packets
In the previous article, the installation of dalton was introduced here, as well as the manual analysis of pcap packets using various probes in dalton. When linked with other programs, manual analysis cannot meet the requirements. This article will introduce how to use the API provided by dalton to automate the analysis of data packets. […]
C language reads the content of the DHCP packet (pcap file)
Directory Design requirements designing process 1) Define pcap file header structure, timestamp structure, pcap packet header structure 2) Data link layer structure definition 3) Definition of IP packet header structure 4) UDP packet header structure definition 5) Definition of DHCP packet structure 6) Calculate the checksum field program source code Design Requirements Write a program […]
Restore from configuring Winpcap environment (dev c++) to running HTTP packet capture
1. Environment configuration: My environment: WindosXP virtual machine, Dev C++ What you need for this step: Development environment package: Link: https://pan.baidu.com/s/155x_BiCf-O0gNLk29_nTWw?pwd=winp Extraction code: winp Winpcap4.1.3 installation package Winpcap4.1.2 Developer Pack Dev c++ installation package WS2_32.lib Configuration steps: 1. Install Winpcap4.1.3 installation package 2. Open Dev c + +, Tools – “Compile Options -” Compiler Configuration […]