libpcap is the library that we are going to use to grab those network packets right as they come off of the network card.The capture can be used in network security tools to analyze raw traffic and detect malicious behaviours, networks scans or attacks, for sniffing, fingerprinting and other purposes. Packet Capture means to grab a copy of packets off of the wire before they are processed by the operating system.So what will you need for this is a Wireshark capture of the traffic, if you don’t want to capture anything at this moment for the purpose of this tutorial you can download a pcap file here, and some basic to medium C programming knowledge.īefore we start we should define two terms that might not be familiar to everyone, even though if you got to this tutorial you should be pretty familiar with both of them: This could be done very easily with Wireshark and a series of filters, but the purpose of this article is an educational one and a basis for understanding and developing greater and better things with libpcap. That gave me an idea for this article, more like a gentle introduction to libpcap and how to use it to analyze the type and number of packets you are getting in the network at a particular moment.
In the past I have taken some security courses, and during one of them we had as assignment to use lipcap to sniff and spoof the DNS inside a network. Analyse a tcpdump capture using libpcap in C
0 kommentar(er)
