I could not compile a c program that uses libpcap
#include<pcap.h>
main(int argc, char **argv){
..
..

/* Open the capture file */
if ((fp = pcap_open_offline(argv[1], errbuf)) == NULL)
..
}
when i compile
/tmp/cc9Z2hEW.o(.text+0x59): In function `main':
: undefined reference to `pcap_open_offline'
/tmp/cc9Z2hEW.o(.text+0xa0): In function `main':
: undefined reference to `pcap_loop'
/tmp/cc9Z2hEW.o(.text+0xae): In function `main':
: undefined reference to `pcap_close'
collect2: ld returned 1 exit status

libpcap was installed while installing tcpdump

i am writing a program that sniff all the packets in the network.i know in pcap.c has got ready functions.But i am not able to add the pcap.h header file.I have already installed the libpcap package but still problem.
let me know that how did u inclde pcap.h in u r program.Hi i am using 2.6.17 kernel and ubuntu 6.10

Hello uma,

I hope u have installed libpcap.Yesterday i was also getting the same errors i found the solution.When u r compiling the program compile this way "gcc filename -o 001 -lpcap".This should work,this works for me.

thanku gautam, its working.

when i am compiling a program
..
fp= pcap_open(source, 1514 /*snaplen*/, PCAP_OPENFLAG_PROMISCUOUS /*flags*/, 20 /*read timeout*/, NULL /* remote authentication */,errbuf)
..
..
tcptop.c:60: error: `PCAP_OPENFLAG_PROMISCUOUS' undeclared
tcptop.c:86: error: `MODE_STAT' undeclared (first use in this function)
tcptop.c:91: error: `PUCHAR' undeclared (first use in this function)
tcptop.c: In function `dispatcher_handler':
tcptop.c:100: error: `LARGE_INTEGER' undeclared (first use in this function)
tcptop.c:100: error: syntax error before "Bps"
tcptop.c:108: error: `Bps' undeclared (first use in this function)
tcptop.c:108: error: `LONGLONG' undeclared (first use in this function)
tcptop.c:108: error: syntax error before ')' token
tcptop.c:119: error: `Pps' undeclared (first use in this function)
tcptop.c:119: error: syntax error before ')' token
tcptop.c:122: warning: assignment makes pointer from integer without a cast
tcptop.c:147:2: warning: no newline at end of file

plz tell me where r those constants,
can u plz post ur test program

by the way, i am mahesh(not just uma) thank u

Hello mahesh here is test program .


/***Packet Capture With libpcap and other Low Level Network Tricks**/

#include <pcap.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <arpa/inet.h>
#include <netinet/in.h>
#include <netinet/ether.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <sys/socket.h>

char ethlen, iplen, tcplen;
void handler(char *, const struct pcap_pkthdr *, const u_char *);

int main(int argc, char **argv)
{
int buffsize = 65535;
int promisc = 1;
int timeout = 1000;

char pcap_err[PCAP_ERRBUF_SIZE];
u_char buffer[255];
char *dev;
struct in_addr net, mask;
pcap_t *pcap_nic;
struct bpf_program filter;

ethlen = sizeof(struct ether_header);
iplen = sizeof(struct iphdr);
tcplen = sizeof(struct tcphdr);

printf("ethlen: %i\niplen: %i\ntcplen: %i\n",
ethlen, iplen, tcplen);

if(!(dev = pcap_lookupdev(pcap_err)))
{
perror(pcap_err);
exit(-1);
}

printf("Dev: %s\n\n", dev);

if((pcap_nic = pcap_open_live(dev, buffsize, promisc, timeout, pcap_err))
== NULL)
{
perror(pcap_err);
exit(-1);
}

if(pcap_lookupnet(dev, &net.s_addr, &mask.s_addr, pcap_err) == -1)
{
perror(pcap_err);
exit(-1);
}
printf("net: %s\tmask: %s\n\n", inet_ntoa(net), inet_ntoa(mask));

if(pcap_compile(pcap_nic, &filter, "tcp src port 80", 0, net.s_addr) == -1)
{
perror(pcap_err);
exit(-1);
}

if(pcap_setfilter(pcap_nic, &filter) == -1)
{
perror(pcap_err);
exit(-1);
}

pcap_loop(pcap_nic, -1, (pcap_handler)handler, buffer);
}

void handler(char *usr, const struct pcap_pkthdr *header, const u_char *pkt)
{
struct ether_header *ethheader;
struct iphdr *ipheader;
struct tcphdr *tcpheader;
struct in_addr source, dest;

ethheader = (struct ether_header *)pkt;
ipheader = (struct iphdr *)(pkt + ethlen);
tcpheader = (struct tcphdr *)(pkt + ethlen + iplen);

if(tcpheader->syn && tcpheader->ack)
{
source.s_addr = ipheader->saddr;
dest.s_addr = ipheader->daddr;

printf("From: %s \t%i\t", inet_ntoa(source), ntohs(tcpheader->source));
printf("To: %s \t%i\n", inet_ntoa(dest), ntohs(tcpheader->dest));
printf("\tLength: %i", ntohs(ipheader->tot_len));
printf("\n");
printf("Flags: ");
if(tcpheader->urg)
printf("URG");
if(tcpheader->ack)
printf("ACK ");
if(tcpheader->psh)
printf("PSH ");
if(tcpheader->rst)
printf("RST ");
if(tcpheader->syn)
printf("SYN ");
if(tcpheader->fin)
printf("FIN ");
printf("\n\n");
}

return;
}

compile as follows.

gcc filename -o 1 -lpcap

To run the program

./1

hi gautam,
ur program has a problem.
when i run it is displaying like below

from: 251.212.59.93 19059 To: 116.92.213.191 22
Length: 17664
Flags: URGACK SYN

but my ip is 59.93.116.92, observe last two bytes in from feild and first two bytes in to feild.
so there is some fault event the port no are different when i compared with tcpdump output

#include <stdio.h>
#include <errno.h>
#include <unistd.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <linux/in.h>
#include <linux/if_ether.h>
#include <linux/if_packet.h>
#include<string.h>
#include<stdlib.h>

int main(int argc, char **argv) {
int sock, n;
unsigned i;
char buffer[2048];
unsigned char *iphead, *ethhead;
char msg [] ="hello";
int len=0,n1;
len=strlen(msg)+1;
struct sockaddr_ll *ll;
if ( (sock=socket(PF_PACKET, SOCK_RAW,htons(ETH_P_IP)))<0) { //ETH_P_IP internet protocol packet

perror("socket");
exit(1);
}

/* n1= sendto(sock,msg,len,0,NULL,NULL);
if(n1<0)
{
printf("error in sending\n");
perror("sendto():");
}*/

// printf("sending item is =%d\n",n1);
while (1) {

printf("----------------------------------\n");
n = recvfrom(sock,buffer,2048,0,0,NULL);
printf("%d bytes read\n",n);

/* Check to see if the packet contains at least
* complete Ethernet (14), IP (20) and TCP/UDP
* (8) headers.

*/
printf("len=%d\n",len++);
sleep(1);
if (n<42) {
perror("recvfrom():");
printf("Incomplete packet (errno is %d)\n",
errno);
close(sock);
exit(0);
}

ethhead = buffer;
printf("Source MAC address: "
"%02x:%02x:%02x:%02x:%02x:%02x\n",
ethhead[0],ethhead[1],ethhead[2],
ethhead[3],ethhead[4],ethhead[5]);
printf("Destination MAC address: "
"%02x:%02x:%02x:%02x:%02x:%02x\n",
ethhead[6],ethhead[7],ethhead[8],
ethhead[9],ethhead[10],ethhead[11]);

iphead = buffer+14; /* Skip Ethernet header */
if (*iphead==0x45) { /* Double check for IPv4
* and no options present */
printf("Source host %d.%d.%d.%d\n",
iphead[12],iphead[13],
iphead[14],iphead[15]);
printf("Dest host %d.%d.%d.%d\n",
iphead[16],iphead[17],
iphead[18],iphead[19]);
printf("%d\n",iphead[21]);

printf("%d\n",iphead[23]);
printf("Source port=%d\n,Dest port= %d\n,",
(iphead[20]<<8)+iphead[21],
(iphead[22]<<8)+iphead[23]);
// printf("Layer-4 protocol %d\n",iphead[9]);

// printf("source MAC address is" );
//for (i = 1; i <= 6; i++)
// {
// printf("%x ",buffer[i]);

//}
printf("\n");



}
}

}


also visit this link u will lot of information about packet capturing.
http://www.cet.nau.edu/~mc8/Socket/T.../section2.html

plz give ur mail id

Hello all,


I need to write a sniffer program in c that display the contents of the captured packet(data).

that is what i am trying for

can u send me if u have done

Hello mahesh,

Have u done the above assignment ?.If so send me the program .I think displaying the contents of the packet is quite difficulty.The program which i had send u few days back displays only the headers details ,Not the contents .But I hope using pcap package we can display the contents.Just study this thread which is similar to our problem.
http://www.linuxquestions.org/questi...d.php?t=293022

Hello mahesh,
Try this program .This will display some packet contents.



#define _BSD_SOURCE 1
#include <pcap.h>
#include <stdio.h>
#include <stdlib.h>
#include <ctype.h>
#include <errno.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <net/if.h>
#include <netinet/if_ether.h>
#include <netinet/tcp.h>
/* default snap length */
#define SNAP_LEN 65535

/* Ethernet header */
struct sniff_ethernet {
u_char ether_dhost[ETHER_ADDR_LEN]; /* destination host address */
u_char ether_shost[ETHER_ADDR_LEN]; /* source host address */
u_short ether_type; /* IP? ARP? RARP? etc */
};
/* IP header */
struct sniff_ip {
int ip_hl:4, /* header length */
ip_v:4; /* version */
u_char ip_tos; /* type of service */
u_short ip_len; /* total length */
u_short ip_id; /* identification */
u_short ip_off; /* fragment offset field */
u_char ip_ttl; /* time to live */
u_char ip_p; /* protocol */
u_short ip_sum; /* checksum */
struct in_addr ip_src,ip_dst; /* source and dest address */
};

/* TCP header */
struct sniff_tcp {
u_short th_sport; /* source port */
u_short th_dport; /* destination port */
tcp_seq th_seq; /* sequence number */
tcp_seq th_ack; /* acknowledgement number */
int th_x2:4, /* (unused) */
th_off:4; /* data offset */
u_char th_flags;
u_short th_win; /* window */
u_short th_sum; /* checksum */
u_short th_urp; /* urgent pointer */
};

void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet);
void print_payload(const u_char *payload, int len);

/*
* dissect/print packet
*/
void got_packet(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
{

static int count = 1; /* packet counter */
/* define pointers to packet headers */
const struct sniff_ethernet *ethernet; /* ethernet header */
const struct sniff_ip *ip; /* IP header */
const struct sniff_tcp *tcp; /* TCP header */
const char *payload; /* payload */
int i;
/* ethernet headers are always exactly 14 bytes */
int size_ethernet = 14;
int size_ip;
int size_tcp;
int size_payload;

printf("\nPacket number %d:\n", count);
count++;
/* define ethernet header */
ethernet = (struct sniff_ethernet*)(packet);
printf("SOURCE MAC address\n");
for(i=0;i<6;i++)
{
printf("%x:",ethernet->ether_dhost[i]);

}

printf("\n");
printf("DESTINATION MAC address\n");
for(i=0;i<6;i++)
{
printf("%x:",ethernet->ether_shost[i]);
}
printf("\n");
/* define/compute ip header offset */
ip = (struct sniff_ip*)(packet + size_ethernet);
size_ip = ip->ip_hl*4;

if (size_ip < 20) {
printf(" * Invalid IP header length: %u bytes\n", size_ip);
return;
}

/* print source and destination IP addresses */
printf(" From: %s\n", inet_ntoa(ip->ip_src));
printf(" To: %s\n", inet_ntoa(ip->ip_dst));

/* determine protocol */
switch(ip->ip_p) {
case IPPROTO_TCP:
printf(" Protocol: TCP\n");
break;
case IPPROTO_UDP:
printf(" Protocol: UDP\n");
break;
case IPPROTO_ICMP:
printf(" Protocol: ICMP\n");
break;
case IPPROTO_IP:
printf(" Protocol: IP\n");
break;
default:
printf(" Protocol: unknown\n");
break;
}
/* define/compute tcp header offset */
tcp = (struct sniff_tcp*)(packet + size_ethernet + size_ip);
size_tcp = tcp->th_off*4;

/*if (size_tcp < 20) {
printf(" * Invalid TCP header length: %u bytes\n", size_tcp);
return;
}*/
printf(" Src port: %d\n", ntohs(tcp->th_sport));
printf(" Dst port: %d\n", ntohs(tcp->th_dport));

/* define/compute tcp payload (segment) offset */
payload = (u_char *)(packet + size_ethernet + size_ip + size_tcp);

/* compute tcp payload (segment) size */
size_payload = ntohs(ip->ip_len) - (size_ip + size_tcp);

/* XXX - printf below will not handle binary data (assumes null term) */
printf(" Payload (%d bytes): %s\n", size_payload, payload);

/* deal with printing binary payload data */
printf(" Payload (%d bytes): ", size_payload);
print_payload(payload, size_payload);
printf("\n");

return;
}

/*
* print packet payload data, handling any binary data
*/
void print_payload(const u_char *payload, int len)
{

int i;
const u_char *ch;

ch = payload;
for(i = 0; i < len; i++) {
if (isascii(*ch))
printf("%c", *ch);
else
printf(".");
ch++;
}

return;
}
int main()
{

char *dev = "/dev/eth0"; /* capture device */
char errbuf[PCAP_ERRBUF_SIZE]; /* error buffer */
pcap_t *descr; /* sniff handler */
struct bpf_program fp; /* compiled program */
bpf_u_int32 maskp; /* subnet mask */
bpf_u_int32 netp; /* ip */
char filter_app[] = "ip"; /* filter expression */
int numOfPackets = 10; /* number of packets to capture */

/* set our capture device */
dev = pcap_lookupdev(errbuf);
pcap_lookupnet(dev, &netp, &maskp, errbuf);

/* print capture info */
printf("Device: [%s]\n", dev);
printf("Number of packets: [%d]\n", numOfPackets);
printf("Filter expression: [%s]\n", filter_app);
/* open capture device */
descr = pcap_open_live(dev, SNAP_LEN, 1, 0, errbuf);
if (descr == NULL) {
printf("pcap_open_live failed: %s\n", errbuf);
exit(EXIT_FAILURE);
}
/* apply the rules */
if (pcap_compile(descr, &fp, filter_app, 0, netp) == -1) {
printf("pcap_compile failed\n");
exit(EXIT_FAILURE);
}
if (pcap_setfilter(descr, &fp) == -1) {
printf("pcap_setfilter failed\n");
exit(EXIT_FAILURE);
}
/* now we can set our callback function */
pcap_loop(descr, numOfPackets, got_packet, NULL);
pcap_close(descr);

printf("\nCapture complete.\n");


return 0;
}

compilation

cc -8a.c -lpcap

To run
./a.out

Hai uma mahesh, gautham,

Can u say how can i send a tcp packet.I have heard of pcap_sendpacket().But i am not aware how to send the packet using it.

My prob is how to construct the tcp packet.


Anyhelp is appreciated