Free packet software for linux

jNetPcap project is a Java wrapper around the Libpcap network packet capture library. The low-level API is exposed in Java, which allows kernel buffer tuning, flags, and other features.

All captured packet buffers are wrapped, not copied, in efficient java.nio.ByteBuffer and delivered to Java by reference. This allows not-in-memory copies of packet data and very efficient and fast delivery of packets. The software is released for various platforms with the appropriate native library bundled.

libpcap is a handy little library which provides a packet filtering mechanism based on the BSD packet filter (BPF).
Enhancements:
- Basic BPF filtering, Bluetooth, USB capturing on Linux, FreeBSD BIOCSDIRECTION ioctl, additional filter operations for 802.11 frame types, and support for filtering on MTP2 frame types were all added, and numerous other minor enhancements and bugfixes were made.

tcpdump is a handy little library which provides a packet filtering mechanism based on the BSD packet filter (BPF).

Most notably, tcpdump needs this to work, and there is also a perl module (still in beta) which can use this as well. In plain english, if you want to write your own network traffic analyzer, this is the place to start.

deja-packet transmits raw packets through a specified interface.

Usage: ./deja-packet -pcap < libpcap capture file > < interface name >
or: ./deja-packet -raw < raw packet file > < interface name >

Note: you must be root to successfully transmit packets with deja-packet due to the Linux security restrictions with raw sockets.

In the [-p]cap mode, deja-packet transmits selected packets from a libpcap capture file (such as one created by Ethereal/Wireshark, or tcpdump). In the [-r]aw mode, deja-packet transmits the raw contents of a file as one whole packet.

The [-p]cap mode is interactive: the user will be continuously prompted to select which packet from the libpcap capture file to transmit, until the “q” character is encountered, where the program will quit.

Example pcap mode:

$ sudo ./deja-packet -p icmp_ping.pcap eth0
Select packet number (1 to 6) for transmission or q for quit: 1
Successfully transmitted packet!
Select packet number (1 to 6) for transmission or q for quit: 2
Successfully transmitted packet!
Select packet number (1 to 6) for transmission or q for quit: 5
Successfully transmitted packet!
Select packet number (1 to 6) for transmission or q for quit: 6
Successfully transmitted packet!
Select packet number (1 to 6) for transmission or q for quit: q
$

In the [-r]aw mode, deja-packet exits immediately after the attempted transmission is complete (allows deja-packet to be easily used with a script).

Example raw mode:

$ sudo ./deja-packet -r samplepacket eth0
Successfully transmitted packet!
$

icmp_ping.pcap is included as a sample libpcap capture file.

To compile deja-packet, simply use the command “make”.

deja-packet remains Linux-only because it requires PF_PACKET sockets.

This project is released under the GNU General Public License version 2.

Net::DHCP::Packet is a Perl module with object methods to create a DHCP packet.

SYNOPSIS

use Net::DHCP::Packet;

my $p = new Net::DHCP::Packet->new(
Chaddr => 000BCDEF,
Xid => 0x9F0FD,
Ciaddr => 0.0.0.0,
Siaddr => 0.0.0.0,
Hops => 0);

Represents a DHCP packet as specified in RFC 1533, RFC 2132.

CONSTRUCTOR

This module only provides basic constructor. For "easy" constructors, you can use the Net::DHCP::Session module.

new( )

new( BUFFER )

new( ARG => VALUE, ARG => VALUE... )

Creates an Net::DHCP::Packet object, which can be used to send or receive DHCP network packets. BOOTP is not supported.

Without argument, a default empty packet is created.

$packet = Net::DHCP::Packet();

A BUFFER argument is interpreted as a binary buffer like one provided by the socket recv() function. if the packet is malformed, a fatal error is issued.

use IO::Socket::INET;
use Net::DHCP::Packet;

$sock = IO::Socket::INET->new(LocalPort => 67, Proto => "udp", Broadcast => 1)
or die "socket: $@";

while ($sock->recv($newmsg, 1024)) {
$packet = Net::DHCP::Packet->new($newmsg);
print $packet->toString();
}

To create a fresh new packet new() takes arguments as a key-value pairs :

ARGUMENT FIELD OCTETS DESCRIPTION
-------- ----- ------ -----------

Op op 1 Message op code / message type.
1 = BOOTREQUEST, 2 = BOOTREPLY
Htype htype 1 Hardware address type, see ARP section in "Assigned
Numbers" RFC; e.g., 1 = 10mb ethernet.
Hlen hlen 1 Hardware address length (e.g. 6 for 10mb
ethernet).
Hops hops 1 Client sets to zero, optionally used by relay agents
when booting via a relay agent.
Xid xid 4 Transaction ID, a random number chosen by the
client, used by the client and server to associate
messages and responses between a client and a
server.
Secs secs 2 Filled in by client, seconds elapsed since client
began address acquisition or renewal process.
Flags flags 2 Flags (see figure 2).
Ciaddr ciaddr 4 Client IP address; only filled in if client is in
BOUND, RENEW or REBINDING state and can respond
to ARP requests.
Yiaddr yiaddr 4 your (client) IP address.
Siaddr siaddr 4 IP address of next server to use in bootstrap;
returned in DHCPOFFER, DHCPACK by server.
Giaddr giaddr 4 Relay agent IP address, used in booting via a
relay agent.
Chaddr chaddr 16 Client hardware address.
Sname sname 64 Optional server host name, null terminated string.
File file 128 Boot file name, null terminated string; "generic"
name or null in DHCPDISCOVER, fully qualified
directory-path name in DHCPOFFER.
IsDhcp isDhcp 4 Controls whether the packet is BOOTP or DHCP.
DHCP conatains the "magic cookie" of 4 bytes.
0x63 0x82 0x53 0x63.
DHO_*code Optional parameters field. See the options
documents for a list of defined options.
See Net::DHCP::Constants.
Padding padding * Optional padding at the end of the packet

See below methods for values and syntax descrption.

Note: DHCP options are created in the same order as key-value pairs.

libpcapnav is a libpcap wrapper library that allows navigation to arbitrary locations in a tcpdump trace file between reads.
The API is intentionally much like that of the pcap library. You can navigate in trace files both in time and space: you can jump to a packet which is at appr. 2/3 of the trace, or you can jump as closely as possible to a packet with a given timestamp, and then read packets from there. In addition, the API provides convenience functions for manipulating timeval structures.
Like libpcap, this library handles things through an opaque handle struct. For trace file navigation and reading packets, this handle is enough. If you need to apply BPF filters or write packets to disk, you can access the familiar pcap handle that is used internally.
At the core of libpcapnav is the ability to resynchronize to the sequence of packets contained in a tcpdump trace file at arbitrary location of the file position indicator.
The algorithm is based on Vern Paxsons method from the the tcpslice tool, that basically works as follows: the point near which the file position indicator is to be synchronized with the packet sequence is undershot a little bit, as it is much easier to scan forwards to the desired location, once the packet sequence has been detected.
The file is scanned from that initial offset in single-byte steps, at each step assuming a libpcap packet header is present and sanity-checking the values read. Several checks analyze this potential header for sane timestamps, capture lengths etc. If the header appears valid, the next packet header is examined in a similar function, based upon the offset that the checked header provides.
If a sequence of three packets seems valid, the algorithm considers the file position pointer to be synchronized with the packet flow and scans as closely as possible to the desired location. If the synchronization point is supposed to be a packet with a given timestamp, some interpolation is done and the process repeated, until the packet closest to the desired timestamp has been found.x
Enhancements:
- This release introduces large file support and better build support on OS X.

nio provides a network IO framework.

nio is a C++ framework for writing Internet Protocol (IP) based software.

nio may be useful for:

- writing test software, testing embedded TCP/IP stacks
- writing didactic software demonstrating the features of the TCP/IP protocol suite

nio is packet oriented and uses the object oriented constructs of C++ for having easy access to every bit on a packet without getting lost in the details.

QUICKSTART

The nio based programs must be executed as root

INSTALL

- Unpack tarball
$ ./configure options
$ make install