NetworkPacketCapture

NetworkPacketCapture[]

creates a temporary interactive interface for capturing information on network packets transmitted or received through all network interfaces on your computer.

NetworkPacketCapture[service]

captures only packets associated with the specified network service.

NetworkPacketCapture[port]

captures only packets associated with the specified port.

NetworkPacketCapture[spec]

captures only packets matching the specification spec.

Details

  • In NetworkPacketCapture[service], possible forms for service include:
  • "name"an IANA named service (e.g. "HTTP")
    entityan entity of type "NetworkService"
  • Entities can be entered using free-form linguistics with .
  • In NetworkPacketCapture[ports], network ports can be specified as follows:
  • nsingle port number n
    nmin;;nmaxa range of ports from nmin to nmax
    {n1,n2,}a list of ports
  • In NetworkPacketCapture[spec], spec can be given in the form key->value, or as an association containing multiple keys and values. Possible keys include:
  • "IPAddress"source or destination IP address
    "SourceIPAddress"source IP address
    "DestinationIPAddress"destination IP address
    "IPAddressType"source or destination IP address type (e.g. "IPv4" or "IPv6")
    "SourceIPAddressType"source IP address type
    "DestinationIPAddressType"destination IP address type
    "Port"source or destination port
    "SourcePort"source port
    "DestinationPort"destination port
    "Interface"network interface (e.g. "en0")
    "PCAPFilter"raw PCAP filter specification as a string
  • IP addresses can be given as strings or IPAddress objects.
  • Possible values for the "Interface" key can be any element in $NetworkInterfaces, a list of these or All.
  • Any setting given for "PCAPFilter" overrides all other settings.
  • On Windows computers, SystemInstall["WinPcap"] may be needed before NetworkPacketCapture is used.
  • NetworkPacketCapture typically requires that the Wolfram kernel be run with elevated permissions (e.g. as root) on Linux and Mac.

Examples

open allclose all

Basic Examples  (2)

Start an interactive interface to capture network packets:

When complete, a dataset with packets is returned:

Record network activity from a specific service and show the first packet:

Record network activity from a specific port and show the first packet:

Record network activity from all interfaces and show the first packet:

Record network activity using a direct PCAP filter string and show the first packet:

Scope  (1)

Use multiple keys to filter on multiple conditions:

Wolfram Research (2018), NetworkPacketCapture, Wolfram Language function, https://reference.wolfram.com/language/ref/NetworkPacketCapture.html.

Text

Wolfram Research (2018), NetworkPacketCapture, Wolfram Language function, https://reference.wolfram.com/language/ref/NetworkPacketCapture.html.

CMS

Wolfram Language. 2018. "NetworkPacketCapture." Wolfram Language & System Documentation Center. Wolfram Research. https://reference.wolfram.com/language/ref/NetworkPacketCapture.html.

APA

Wolfram Language. (2018). NetworkPacketCapture. Wolfram Language & System Documentation Center. Retrieved from https://reference.wolfram.com/language/ref/NetworkPacketCapture.html

BibTeX

@misc{reference.wolfram_2024_networkpacketcapture, author="Wolfram Research", title="{NetworkPacketCapture}", year="2018", howpublished="\url{https://reference.wolfram.com/language/ref/NetworkPacketCapture.html}", note=[Accessed: 24-April-2024 ]}

BibLaTeX

@online{reference.wolfram_2024_networkpacketcapture, organization={Wolfram Research}, title={NetworkPacketCapture}, year={2018}, url={https://reference.wolfram.com/language/ref/NetworkPacketCapture.html}, note=[Accessed: 24-April-2024 ]}