I have successfully installed wireshark on centos 6.4 I can run the command tshark it works perfectly fine. I want to run gdb so that I want to learn how it decodes tcp and udp packet as I am writing an application where I need to dissect these two types of packets. When I run libtool --mode=execute gdb tshark it run and stop at here (gdb) it not capturing anything. The reason I want to run it via gdb is to learn how both tcp and udp have been dissect as I dont want to reinvent the wheel.
I don't think it would be practical to learn tcp dissection through just gdb.
Why not directly examine the source code? It's available for download here. All dissector can be found under "epan/dissectors/".
You might specifically want to look at packet-tcp.c and packet-udp.c files, particularly the functions dissect_tcp() and dissect_udp() respectively. Also, a quick read through this tutorial for creating dissectors might help you understand the coding conventions of this project quickly.
Related
When I compare UDP socket communication between linux and QNX, I observed linux socket communication is much faster than in QNX. I written a test code to send 258MB of data to remote place using UDP sockets. Same code compiled for linux and QNX, and ran on their respective machines. I made application aware of retransmission. I observed retransmission is comparatively very less in linux than QNX. Please suggest if I need to use any QNX specific system calls, rather generic sendmsg/recvfrom.
I need to upgrade a Windows Kernel Mode Driver from IPV4 to IPV4/IPV6 but the existing kernel mode socket library which uses TDI does not support IPV6.
So I would like to change the socket library to "Winsock Kernel" http://msdn.microsoft.com/en-us/library/windows/hardware/ff571084(v=vs.85).aspx
Note: This is not winsock2.
I started making the necessary modifications to use WSK instead of Kernsock from Storagecraft but there is a lot to consider given that this driver code runs on both windows and linux.
I am wondering if there is a kernel mode socket wrapper around WSK available, preferably with BSD or winsock2 function API signatures. My searches do not yield anything.
Thanks.
I found one UDP code project which seems to provide most of what I need.
I thought I would post it here for anyone else who needs a WSK wrapper.
Project:
https://code.google.com/p/wskudp/
UDP Source:
https://code.google.com/p/wskudp/source/browse/#svn%2Ftrunk%2Fwskudp
TCP Source:
https://code.google.com/p/wskudp/source/browse/#svn%2Ftrunk%2Fwsktcp
Thanks to https://code.google.com/u/x86ddk/ for creating the project.
NOTE: I haven't tested this yet.
I am testing a thick client which is connected to a database, need to sniff traffic b/w tcp port on same machine
WireShark (formerly Ethereal) will work perfectly, if you're not familiar with it, it can be a little tricky on OSX, Windows it's no problem and Linux can be a headache. You can download it here http://www.wireshark.org/, and read a short-primer here - http://www.ipprimer.com/packets.cfm
Essentially there's a capture phase, and then you can work with the data – for your purposes you can live-capture and filter the output to the packets on the port/destination you care about, I've used it many-a-time to debug dodgy home networking, or problems at the office.
Beware if using MySQL and localhost for example, this is a key-word for MySQL and it will infact use the socket instead.. which makes things a matter more complicated, you can circumvent this problem by always making sure to use 127.0.0.1 if working with MySQL. (Perhaps other software uses this convention?)
You can try some tools like WireShark.
Assuming you're on Windows:
I'd split the client and server across two machines, either two real ones, or a VM with something VMWare. Then I'd use Wireshark.
I have written a small client server socket application. It is a proof of concept for some socket programming that I want to apply to a much bigger project.
For the moment I want to user wireshark to analyse the traffic that goes between them. They are both running on my local machine.
I have installed a loopback interface, and have tried to use wireshark with it.
No joy. Any ideas?
I have successfully analysed traffic between my machine and other machines no problems.
I have had a look here,
http://wiki.wireshark.org/CaptureSetup/Loopback
And I am not using the address 127.0.0.1 which they mention saying you can't capture traffic on 127.0.0.1
Thanks.
You might try creating a virtual machine to run your application and using wireshark on it.
Save yourself some grief and download Microsoft Network Monitor.
As good as Wireshark is on Unixen, Windows is a "special" case :)
Does someone know about a CPAN module on Win32 that captures network packets and edit them on the fly? As far as I know, the only Perl module on Win32 that deals with packets on the fly is Net::Pcap but it only support passive monitoring and not affet the TCP/IP stack.
Is there a such module could someone provide example /reference /documentation ?
As far as I know, libpcap allows you to read copies of incoming and outgoing packets, and some implementations allow you to inject a raw packet, but not rewrite a packet. You would basically have to drop the original packet (something libpcap cannot do) and then inject a new one in it's place.
Firewall apps that allow you to filter incoming and outgoing packets might be able to do something like this. However, since you're talking about Perl and Win32 your options are probably limited.
I think right answer is "implement proxy for this".
If it works in your scenario, try to implement proxy server. Listen on same port as your target service does and read all incoming traffic. If you need modification of packet, do it and pass all traffic to target service. Of course you have to implement both directions.
You can search for basic TCP deamon snippet in perl or maybe you can implement just module for existing proxy server for your service. Is it HTTP or what kind of traffic you need to handle?
I would suggest using Net::Pcap to capture traffic, then the Cygwin port of TCPReplay to modify and replay the traffic. Obviously a Linux setup would be more reliable since TCPreplay would work on it out of the box without requiring cygwin.