PCAP tools for practical traffic monitoring in LAN

Speaker : Ludovic Noirie
Nokia Bell Labs France
Date: 20/10/2021
Time: 10:45 am - 12:00 pm
Location: Paris-Rennes Room (EIT Digital)


Dear all, 

The Internet Measurement reading group will meet again on October 20th

In this session Ludovic Noirie (Nokia Bell Labs France) will talk about « PCAP tools for practical traffic monitoring in LAN ».

I encourage you to join us at 10:45 for a virtual coffee break, so that the talk begins at 11:00.
Pcap (Packet CAPture) is an API for network monitoring in network, essentially in LANs (Ethernet, WiFi). It is mainly use for passive monitoring (packet capture) but it can also be used for active monitoring (packet injection). There are implementations for Linux (libpcap), Apple (libpcap) and Windows (WinPcap, Npcap and Win10Pcap) systems. Pcap is used by tcpdump, tshark and Wireshark software, but you can make your own software using it. In this session of Internet Measurement Reading Group, we will present how it works, how it can be used with Node.js (cap and pcap modules) and Python (Scapy), with some application uses cases. For the applications use cases, we will explain how we used Pcap for IoT device type identification and how we are using Pcap in our current IoT Network Monitoring project.



pcap file format: https://wiki.wireshark.org/Development/LibpcapFileFormat

Node.js modules:
– node_pcap (pcap): https://www.npmjs.com/package/pcap
– cap: https://www.npmjs.com/package/cap

Python module:
– scapy: https://scapy.readthedocs.io/en/latest/

Application example:
Nesrine Ammar, Ludovic Noirie, Sébastien Tixeuil, “Autonomous IoT Device Identification Prototype,” best demo paper at Network Traffic Measurement and Analysis Conference 2019, Jun 2019, Paris

Participer à la réunion Zoom

ID de réunion : 944 2309 7955
Code secret : 257601