Can't sniff packets using libpcap
 

Hello,
I'm trying to sniff packets on my non switched ethernet network using libpcap. The problem is that I can't sniff anything except for what is destined to the MAC address of the sniffing machine. I've set the NIC to promiscuous mode by setting the promisc flag to 1 in the pcap_open_live function.
"descr = pcap_open_live(dev,BUFSIZ,1,-1,errbuf)". That didn't help. So I tried setting it manually using ifconfig eth0 promisc. That didn't help either.

There's nothing wrong with the NIC or anything since tcpdump works like a charm. So I must be missing out on something!

Any suggestions??? Please help.


I'm using this example code I found.

/***************************************************
* file: testpcap1.c
* Date: Thu Mar 08 17:14:36 MST 2001
* Author: Martin Casado
* Location: LAX Airport (hehe)
*
* Simple single packet capture program
*****************************************************/
#include <stdio.h>
#include <stdlib.h>
#include <pcap.h> /* if this gives you an error try pcap/pcap.h */
#include <errno.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/if_ether.h> /* includes net/ethernet.h */

int main(int argc, char **argv)
{
int i;
char *dev;
char errbuf[PCAP_ERRBUF_SIZE];
pcap_t* descr;
const u_char *packet;
struct pcap_pkthdr hdr; /* pcap.h */
struct ether_header *eptr; /* net/ethernet.h */

u_char *ptr; /* printing out hardware header info */

/* grab a device to peak into... */
dev = pcap_lookupdev(errbuf);

if(dev == NULL)
{
printf("%s\n",errbuf);
exit(1);
}

printf("DEV: %s\n",dev);

descr = pcap_open_live(dev,BUFSIZ,1,-1,errbuf);

if(descr == NULL)
{
printf("pcap_open_live(): %s\n",errbuf);
exit(1);
}


/*
grab a packet from descr (yay!)
u_char *pcap_next(pcap_t *p,struct pcap_pkthdr *h)
so just pass in the descriptor we got from
our call to pcap_open_live and an allocated
struct pcap_pkthdr */

packet = pcap_next(descr,&hdr);

.....