LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 03-14-2005, 07:20 AM   #16
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,539

Rep: Reputation: 149Reputation: 149

You need to count the TCP header, too. It can be variable size (because of options). I recommend you to get a packet analyzer (like ethreal), dump a number of packets and view them in the program. You will be able to see everything and you can check your pgoram this way.
 
Old 03-15-2005, 04:00 AM   #17
gajaykrishnan
Member
 
Registered: Jul 2004
Posts: 65

Original Poster
Rep: Reputation: 15
so can i get the data using
(char*)(packet + sizeof(struct ether_header) + sizeof(struct tcphdr) + hlen*4
 
Old 03-15-2005, 05:03 PM   #18
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,539

Rep: Reputation: 149Reputation: 149
One ) is missing, but I think the formula is OK.
 
Old 03-24-2005, 03:15 AM   #19
gajaykrishnan
Member
 
Registered: Jul 2004
Posts: 65

Original Poster
Rep: Reputation: 15
Hi again,

Thanx a lot everything is working fine now. I have written the code for capturing packets and filtering those that contain GET requests in them. Its compiling and working.........

But when i combined it with other files of my project i gave the following compilation error

"Syntax error before numerical constant" inside line 206 and 213 of pcap.h

Have u ever experienced this....

Can u help me out......

Thanx ....
awaiting a reply......
 
Old 03-24-2005, 04:48 PM   #20
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,539

Rep: Reputation: 149Reputation: 149
Nope. Look what's in that lines. It may be that you have a define of the same name as in the header file etc.
 
Old 03-25-2005, 09:48 AM   #21
gajaykrishnan
Member
 
Registered: Jul 2004
Posts: 65

Original Poster
Rep: Reputation: 15
Thanx a lot.....
i finally figured it out............
it was a linking problem..............
The makefile did not contain the flags -lpthread and -lpcap that i needed.........

Also i made the mistake of including the definition of functions of class inside the .h file itself so that it wouldn't compile and finally leading to function undeclared error. I then splitted them into .cpp and .h files..........

Hey ...... but i am still suspicious about the output...... the message printed for a particular packet sometimes contains the message of the previous packet at the end.

So the latter packet is (message of new packet + message of older packet)......

Moreover each request is being catched twice...........

I tested them on "loopback" and "eth0" same output........

Do you know why,..............

Awaiting a reply........
Bye............
 
Old 03-26-2005, 03:45 PM   #22
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,539

Rep: Reputation: 149Reputation: 149
All is catched twice? That's not good. But I think it's a problem with your code - quite many people write such sniffers and they usually work. Hard to help without the code.
 
Old 04-19-2006, 03:35 AM   #23
venkatesh111
Member
 
Registered: Mar 2006
Posts: 34

Rep: Reputation: 15
hi krishnan,
hey i went through ur post i need to know how did u caputr the packets n how did u print them can u plz send me the code

thanks
in advance
 
Old 04-19-2006, 06:09 AM   #24
primo
Member
 
Registered: Jun 2005
Posts: 542

Rep: Reputation: 34
With TCP, which uses Path MTU discovery, you won't see that much fragmentation unless it's malicious traffic. Raw sockets on Linux may receive TCP packets (not necessarily true for other implementations). Quoting raw(7):
Quote:
If you really want to receive all IP packets use a packet(7) socket with the ETH_P_IP protocol. Note that packet sockets don't reassemble IP fragments, unlike raw sockets
Quote:
i dont know the value of BUFSIZ... i think it is there in some header file... i
didnt define it.
It's defined in <stdio.h> and it's usually 8192.

Quote:
But does that mean that i should know the size of the packet before i capture
it..
But how is that possible........All packets are not of fixed size... are they
??
No. A decent size is the interface MTU that you may get it with the SIOCGIFMTU ioctl(). See netdevice(7).

Quote:
And what happens if the size i specify is more or less than the actual size of
the packet.??
You must be careful to not use pointers beyond the end of captured data. Remember to skip the TCP/IP headers correctly. Multiply the TCP header (offset) length too.


Quote:
i want to run the program on a machine that is hosting a web server. This
program must be able to keep a log of all the pages in the site that have been
accessed by some one else. How do i do this using packet capture or is there
any other way out if it is not possible for me to read the log files of the web
server.
Another way is the linux kernel firewall (netfilter). There are many ways See libipq(3) and www.netfilter.org. There's the ULOG target too. See: http://iptables-tutorial.frozentux.n...tml/x4883.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Ethereal Packet capture Help sucram2g Linux - Networking 2 07-20-2005 01:35 PM
Capture whole packet at once (in Perl) Barca Programming 5 02-09-2005 03:16 AM
captured packet in ethereal anubhuti_k Linux - Networking 1 01-14-2005 07:31 AM
ICMP Packet capture SaTaN Programming 1 01-20-2004 12:38 AM
Network packet capture avaya Linux - Newbie 2 10-14-2002 10:37 PM


All times are GMT -5. The time now is 11:23 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration