LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 04-30-2005, 06:30 AM   #1
johnnyde
LQ Newbie
 
Registered: May 2003
Location: India
Distribution: Fedora Core 1
Posts: 17

Rep: Reputation: 0
PCAP on LOOPBACK Device


hi
Since i dont have LAN i thought i can test my pcap program on the loopback device.
so the code looks like this
-----CODE-----CODE-----CODE-----CODE-----CODE-----CODE-----
#include<stdio.h>
#include<pcap.h>
int main(int argc,char *argv[])
{
char errbuf[PCAP_ERRBUF_SIZE];
char dev[]="lo"; // set the device to listen on lo
bpf_u_int32 mask;
bpf_u_int32 net;
pcap_t *handle;
const u_char *packet;
struct pcap_pkthdr header;

printf("Device = %s",dev);
handle=pcap_open_live(dev,BUFSIZ,1,0,errbuf);
packet=pcap_next(handle,&header);
if(packet==NULL){
printf("\nError Packet not caught ");
}
printf("Captured a Packet of Length %d ",header.len);
pcap_close(handle);
return 0;
}
-----OUTPUT-----OUTPUT-----OUTPUT-----OUTPUT-----OUTPUT----
[root@Funlover try]# ./test
Device = lo
Error Packet not caught
Captured a Packet of Length 5320019
-----OUTPUT-----OUTPUT-----OUTPUT-----OUTPUT-----OUTPUT----

so when i run this program(as root) on one terminal window , the program waits for a packet
And another terminal window i run a ping on 127.0.0.1.

Immediately program comes out from the call of "pcap_next"
(which i understand that it detected a packet| TCPDUMP running parallel,Listening on LO shows a )but the return value of pcap_next is NULL, which indicates the call was not sucessfull..

i tried listening on LO using TCPDUMP it works fine....
so what should i do catch the packet on the LOOPBACK device...

I am using Fedora Code 3.

Johnny
 
Old 04-30-2005, 08:13 AM   #2
alred
Member
 
Registered: Mar 2005
Location: singapore
Distribution: puppy and Ubuntu and ... erh ... redhat(sort of) :( ... + the venerable bsd and solaris ^_^
Posts: 658
Blog Entries: 8

Rep: Reputation: 31
we may try this code :

Code:
#include<stdio.h>
#include<pcap.h>
int main(int argc,char *argv[])
{
int i=1;
char errbuf[PCAP_ERRBUF_SIZE];
char dev[]="lo"; // set the device to listen on lo
bpf_u_int32 mask;
bpf_u_int32 net;
pcap_t *handle;
const u_char *packet;
struct pcap_pkthdr header;
    
printf("\nOpen Device = %s\n\n",dev);
    
handle=pcap_open_live(dev,BUFSIZ,1,0,errbuf);    
for ( ; ; )
    {
        printf("Sniff no. %d\n",i);
        packet=(u_char *)pcap_next(handle,&header); 
  if (packet == NULL)           
        {
            printf("      No Packet!!?? on sniff no. %d\n",i );
            i++;
            continue;
        }else
  if (packet != NULL)     
        {
            /*   possible to insert code here for printing out packet down here    */
            
            printf("      Captured a Packet of Length [%d] from Device [%s]\n",header.len,dev); 
            printf("\nClosing Dev handle\n",dev);  
            pcap_close(handle);
            break;
        }
     }
   printf("Exit Now!\n\n",dev);
   return(0); 
}

Last edited by alred; 04-30-2005 at 08:15 AM.
 
Old 05-03-2005, 10:42 AM   #3
johnnyde
LQ Newbie
 
Registered: May 2003
Location: India
Distribution: Fedora Core 1
Posts: 17

Original Poster
Rep: Reputation: 0
can u please explain on that....

hi
thanks for your post...
can you please explain on that
thank you
 
Old 05-04-2005, 01:13 AM   #4
alred
Member
 
Registered: Mar 2005
Location: singapore
Distribution: puppy and Ubuntu and ... erh ... redhat(sort of) :( ... + the venerable bsd and solaris ^_^
Posts: 658
Blog Entries: 8

Rep: Reputation: 31
usually there's no need to test for null packet when we first call pcap_next() , infact i think pcap_next() itself call pcap_dispatch() with cnt parameter of 1 that is to process 1 count number of packet before returning.

i posted the code above just to experimenting with pcap_next() in a loop to find out on which count number of packet which is not null , apparently it is the second count that really contain something inside the packet.

if we want to sniff on packet recieve on any dev , we migth need to do it in a loop and don't check for null packet , we can either use " for ( ; ; )" loop or use pcap_loop() and write a callback function to do the looping and process our packet and no need to call pcap_next() .

there might be other ways to sniff packets ,
sorry can't give you an exact expert answer ,
you can try reading pcap manpage for pcap_dispatch() and pcap_next() and pcap_loop() .

hope that these helps

Last edited by alred; 05-04-2005 at 01:59 AM.
 
Old 03-05-2009, 04:05 AM   #5
kalps
LQ Newbie
 
Registered: Mar 2009
Posts: 11

Rep: Reputation: 0
Suggestion

Hai,
For better understanding hav a luk at LIBPCAP tutorial. Jus by googling
u can get many such tutorials.

Here is one :
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem when opening device `any' in pcap barisdemiray Programming 0 10-09-2004 03:39 PM
loopback device praveenv Linux - Newbie 2 08-23-2004 07:27 AM
writing a loopback device ebh1 Linux - Newbie 2 03-12-2004 05:12 PM
loopback device in 2.5.47 broken markus1982 Linux - General 3 11-13-2002 11:52 AM
Sound feedback from loopback device? justiceisblind Linux - Newbie 0 03-30-2002 12:04 AM


All times are GMT -5. The time now is 06:05 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration