LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 03-24-2010, 09:59 AM   #1
TheLinuxer
LQ Newbie
 
Registered: Dec 2006
Posts: 2

Rep: Reputation: 0
"Didn't grab packet" Problem


Hi,

I download a simple program call testpcap1.c and successfully compile on Ubuntu. But when running, it outputs this:

DEV: eth0
Didn't grab packet

Please help.

> uname -a
Linux 2.6.28-18-generic #60-Ubuntu SMP Fri Mar 12 04:40:52 UTC 2010 i686 GNU/Linux
> ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:bb:38:05:c2:a1
inet addr:10.0.0.57 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::21b:38ff:fe05:a0c4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12925 errors:0 dropped:0 overruns:0 frame:0
TX packets:14219 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:10854790 (10.8 MB) TX bytes:2547313 (2.5 MB)
Interrupt:19
---------------------------
The program content is:
Code:
/***************************************************
* file:     testpcap1.c
* Date:     Thu Mar 08 17:14:36 MST 2001 
* Author:   Martin Casado
* Location: LAX Airport (hehe)
*
* Simple single packet capture program
*****************************************************/
#include <stdio.h>
#include <stdlib.h>
#include <pcap.h> /* if this gives you an error try pcap/pcap.h */
#include <errno.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/if_ether.h> /* includes net/ethernet.h */

int main(int argc, char **argv)
{
    int i;
    char *dev; 
    char errbuf[PCAP_ERRBUF_SIZE];
    pcap_t* descr;
    const u_char *packet;
    struct pcap_pkthdr hdr;     /* pcap.h */
    struct ether_header *eptr;  /* net/ethernet.h */

    u_char *ptr; /* printing out hardware header info */

    /* grab a device to peak into... */
    dev = pcap_lookupdev(errbuf);

    if(dev == NULL)
    {
        printf("%s\n",errbuf);
        exit(1);
    }

    printf("DEV: %s\n",dev);

    /* open the device for sniffing.

       pcap_t *pcap_open_live(char *device,int snaplen, int prmisc,int to_ms,
       char *ebuf)

       snaplen - maximum size of packets to capture in bytes
       promisc - set card in promiscuous mode?
       to_ms   - time to wait for packets in miliseconds before read
       times out
       errbuf  - if something happens, place error string here

       Note if you change "prmisc" param to anything other than zero, you will
       get all packets your device sees, whether they are intendeed for you or
       not!! Be sure you know the rules of the network you are running on
       before you set your card in promiscuous mode!!     */

    descr = pcap_open_live(dev,BUFSIZ,0,-1,errbuf);

    if(descr == NULL)
    {
        printf("pcap_open_live(): %s\n",errbuf);
        exit(1);
    }


    /*
       grab a packet from descr (yay!)                    
       u_char *pcap_next(pcap_t *p,struct pcap_pkthdr *h) 
       so just pass in the descriptor we got from         
       our call to pcap_open_live and an allocated        
       struct pcap_pkthdr                                 */

    packet = pcap_next(descr,&hdr);

    if(packet == NULL)
    {/* dinna work *sob* */
        printf("Didn't grab packet\n");
        exit(1);
    }

    /*  struct pcap_pkthdr {
        struct timeval ts;   time stamp 
        bpf_u_int32 caplen;  length of portion present 
        bpf_u_int32;         lebgth this packet (off wire) 
        }
     */

    printf("Grabbed packet of length %d\n",hdr.len);
    printf("Recieved at ..... %s\n",ctime((const time_t*)&hdr.ts.tv_sec)); 
    printf("Ethernet address length is %d\n",ETHER_HDR_LEN);

    /* lets start with the ether header... */
    eptr = (struct ether_header *) packet;

    /* Do a couple of checks to see what packet type we have..*/
    if (ntohs (eptr->ether_type) == ETHERTYPE_IP)
    {
        printf("Ethernet type hex:%x dec:%d is an IP packet\n",
                ntohs(eptr->ether_type),
                ntohs(eptr->ether_type));
    }else  if (ntohs (eptr->ether_type) == ETHERTYPE_ARP)
    {
        printf("Ethernet type hex:%x dec:%d is an ARP packet\n",
                ntohs(eptr->ether_type),
                ntohs(eptr->ether_type));
    }else {
        printf("Ethernet type %x not IP", ntohs(eptr->ether_type));
        exit(1);
    }

    /* copied from Steven's UNP */
    ptr = eptr->ether_dhost;
    i = ETHER_ADDR_LEN;
    printf(" Destination Address:  ");
    do{
        printf("%s%x",(i == ETHER_ADDR_LEN) ? " " : ":",*ptr++);
    }while(--i>0);
    printf("\n");

    ptr = eptr->ether_shost;
    i = ETHER_ADDR_LEN;
    printf(" Source Address:  ");
    do{
        printf("%s%x",(i == ETHER_ADDR_LEN) ? " " : ":",*ptr++);
    }while(--i>0);
    printf("\n");

    return 0;
}


-----------------------------------------------------

Last edited by TheLinuxer; 03-25-2010 at 07:05 PM.
 
Old 03-29-2010, 11:11 PM   #2
grail
Guru
 
Registered: Sep 2009
Location: Perth
Distribution: Manjaro
Posts: 7,689

Rep: Reputation: 1987Reputation: 1987Reputation: 1987Reputation: 1987Reputation: 1987Reputation: 1987Reputation: 1987Reputation: 1987Reputation: 1987Reputation: 1987Reputation: 1987
I am guessing this is not the output you were looking for?
What did you expect to see?
Do you understand how the code works?

A quick glance at the code says this is the offending section:

Quote:
packet = pcap_next(descr,&hdr);

if(packet == NULL)
{/* dinna work *sob* */
printf("Didn't grab packet\n");
exit(1);
}
So from this you would then need to review the code for pcap_next() as it returns obviously NULL
 
Old 03-30-2010, 11:26 AM   #3
theNbomr
LQ 5k Club
 
Registered: Aug 2005
Distribution: OpenSuse, Fedora, Redhat, Debian
Posts: 5,396
Blog Entries: 2

Rep: Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903Reputation: 903
You probably need to run your program with root privileges.
--- rod.
 
Old 04-27-2010, 05:26 AM   #4
jejegood
LQ Newbie
 
Registered: Apr 2010
Posts: 1

Rep: Reputation: 0
Did you find the answer ? if yes, can you share with us pliz ?
 
Old 07-15-2010, 09:27 AM   #5
yujiliang
LQ Newbie
 
Registered: Jul 2010
Location: Beijing,China
Posts: 4

Rep: Reputation: 1
I got the answer after these days studying sniffering...and libpcap. In fact there is no wrong at all, i guess, just because pcap_next() run too fast after the "descr" take control of the adpter. Before "descr" gets its first sweet packet, pcap_next() has already run over...---a hardware mater, i thought...
So just place a "sleep" before pcap_next() would make it OK.
like this:

Quote:
/*
grab a packet from descr (yay!)
u_char *pcap_next(pcap_t *p,struct pcap_pkthdr *h)
so just pass in the descriptor we got from
our call to pcap_open_live and an allocated
struct pcap_pkthdr */

sleep(1); /*a simple sleep make me good */

packet = pcap_next(descr,&hdr);

if(packet == NULL)
{/* dinna work *sob* */
printf("Didn't grab packet\n");
exit(1);
}

/* struct pcap_pkthdr {
struct timeval ts; time stamp
bpf_u_int32 caplen; length of portion present
bpf_u_int32; lebgth this packet (off wire)
}
*/
 
1 members found this post helpful.
Old 09-11-2010, 08:35 AM   #6
nightmare89
LQ Newbie
 
Registered: Sep 2010
Posts: 1

Rep: Reputation: 1
still not working with the sleep()////
any other method ??
 
1 members found this post helpful.
Old 09-28-2011, 05:13 PM   #7
snailexe
LQ Newbie
 
Registered: Sep 2011
Posts: 1

Rep: Reputation: Disabled
sleep() works

sleep() works. Thank you. Maybe we should mention it to the lpcap people, since it is potential issue..
 
Old 08-24-2012, 01:19 AM   #8
Vinothli
LQ Newbie
 
Registered: Aug 2012
Posts: 1

Rep: Reputation: 0
testpcap1.c

SLEEP is working fine...
This program is used for capturing one packet...
How to modify the program for capturing n number of packets
 
Old 03-26-2013, 10:20 AM   #9
alp40s
LQ Newbie
 
Registered: Mar 2013
Posts: 1

Rep: Reputation: Disabled
Quote:
Originally Posted by nightmare89 View Post
still not working with the sleep()////
any other method ??
try sleep(5). it will run
 
1 members found this post helpful.
Old 08-21-2014, 07:59 AM   #10
mohansadhu
LQ Newbie
 
Registered: Aug 2014
Posts: 1

Rep: Reputation: Disabled
Hello,

Any updates on this issue?
sleep is not working for me.
i am getting below error
"Didn't grab packet". Please help me.

Thanks in advance
 
Old 08-21-2014, 10:31 AM   #11
grail
Guru
 
Registered: Sep 2009
Location: Perth
Distribution: Manjaro
Posts: 7,689

Rep: Reputation: 1987Reputation: 1987Reputation: 1987Reputation: 1987Reputation: 1987Reputation: 1987Reputation: 1987Reputation: 1987Reputation: 1987Reputation: 1987Reputation: 1987
Please raise your own ticket and reference this one if relevant. A 4 year old ticket should not be resurrected.
 
Old 08-21-2014, 10:38 AM   #12
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 3,410
Blog Entries: 1

Rep: Reputation: 1115Reputation: 1115Reputation: 1115Reputation: 1115Reputation: 1115Reputation: 1115Reputation: 1115Reputation: 1115Reputation: 1115
I think he did a good job keeping the question in the right thread. It's on topic and 100% related. If someone answers him here, and later someone searches for it, they will be able to find the answer -- all in one convenient spot.

The only "Rule" about posting in a thread is this:

Quote:
When posting in an existing thread, ensure that what you're posting is on-topic and relevant to the thread
There are no rules listed about old threads. If there was a rule about old threads, then the "What programs would you like to see ported to linux" from 2003 would be closed.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Keep getting "Could not grab your mouse" error messag jacatone Linux - Newbie 14 07-29-2011 02:55 PM
"Firewall UDP Packet Source Port 53 Ruleset Bypass" fantasygoat Linux - Security 8 12-14-2009 03:16 PM
Using "index" to grab a value from a file name? unim21 Linux - Newbie 7 04-24-2009 09:04 AM
"FORWARD packet died" just started appearing glorsplitz Linux - Networking 0 06-05-2008 09:42 PM
Could someone explain wireless kernel message "TKIP: received packet without ExtIV" jschiwal Linux - Wireless Networking 2 12-17-2007 02:01 PM


All times are GMT -5. The time now is 01:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration