wiresharkpacketpcapss7
How to apply abort filter on PCAP?
I am using pcap4j for reading packets in Java. I want to generate an alert on receiving a packet with abort. For now I am unable to apply a filter for abort. I have attached code below.
PcapHandle handle;
Pcap pcap;
handle =
Pcaps.openOffline("D://nm_postpaid_testing.pcap",TimestampPrecision.NANO);
//handle.setFilter("tcap.reason == 11", BpfCompileMode.OPTIMIZE);
System.out.println("Starting output: ");
PcapPacket packet = null;
String filter = "pcap abort 11";
handle.setFilter(filter, BpfCompileMode.OPTIMIZE);
PacketListener listener = new PacketListener() {
@Override
public void gotPacket(PcapPacket pp) {
System.out.println("/////////////START////////////////");
System.out.println(Arrays.toString(pp.getRawData()));
SctpDecoder sctpDecoder = new SctpDecoder();
//sctpDecoder.decode(pp.getRawData(), "IP", "*", true, "DECODE:TCAP");
System.out.println("///////////////END//////////////\n");
}
};
handle.loop(4, listener);
Solution
The filtering that can be done by pcap libraries (libpcap/WinPcap/Npcap) is very limited; it can't test for anything as complicated as a TCAP abort. You'd have to dissect the packets in detail, either by writing your own code or by somehow using Wireshark/TShark/sharkd's code, to determine whether the packet you have is a TCP abort.
- Capturing mobile phone traffic on Wireshark
- Compiling Wireshark packet dissector
- How to test which version of TLS my .NET client is using?
- How to filter by IP address in Wireshark?
- Does winpcap and sharppcap support the pcap-ng format
- Wireshark - Unused Setup Header
- Wireshark: Filter by Multicast in GUI
- Filter by process/PID in Wireshark
- whatsapp sniffing ssl traffic with wireshark
- Why Wireshark display filter does not show http packets?
- Purebasic Windows TCP filter specific package easiest way?
- Different Datagram Length Field In IP Headers
- Lua conditional evaluation of new language operators
- Comma separated IP addresses in TShark output
- Error "cannot open display" when starting wireshark on Ubuntu command line
- Replay IHeartRadio station URL in Python
- Scapy fails to send ipv6 packets
- Capturing Network Router Traffic with Wireshark
- text2pcap is not detecting the below format
- Wireshark HTTP2 Prior Knowledge HTTP Request not showing
- wireshark - pcap timestamp date format
- Writing a protocol dissector with Lua does not autocomplete the Proto class
- How to access a previously extracted field in a chained Lua dissector?
- How to force Wireshark's all_field_infos() function gather all the fields?
- How can i export file from wireshark to display not in hex format
- Strange base64 python decoding
- Merging/appending multiple pcap files to an existing one without overwriting
- Converting pcap format from LINKTYPE_LINUX_SSL to LINKTYPE_ETHERNET
- Jitter values for TCP Streams in Wireshark?
- Facing Issue while writing data to a pcap file using C language