LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Programming (https://www.linuxquestions.org/questions/programming-9/)
-   -   "Didn't grab packet" Problem (https://www.linuxquestions.org/questions/programming-9/didnt-grab-packet-problem-797535/)

TheLinuxer 03-24-2010 08:59 AM
"Didn't grab packet" Problem
 
Hi,

I download a simple program call testpcap1.c and successfully compile on Ubuntu. But when running, it outputs this:

DEV: eth0
Didn't grab packet

Please help.

> uname -a
Linux 2.6.28-18-generic #60-Ubuntu SMP Fri Mar 12 04:40:52 UTC 2010 i686 GNU/Linux
> ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:bb:38:05:c2:a1
inet addr:10.0.0.57 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::21b:38ff:fe05:a0c4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12925 errors:0 dropped:0 overruns:0 frame:0
TX packets:14219 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:10854790 (10.8 MB) TX bytes:2547313 (2.5 MB)
Interrupt:19
---------------------------
The program content is:
Code:
/***************************************************
* file:    testpcap1.c
* Date:    Thu Mar 08 17:14:36 MST 2001
* Author:  Martin Casado
* Location: LAX Airport (hehe)
*
* Simple single packet capture program
*****************************************************/
#include <stdio.h>
#include <stdlib.h>
#include <pcap.h> /* if this gives you an error try pcap/pcap.h */
#include <errno.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netinet/if_ether.h> /* includes net/ethernet.h */

int main(int argc, char **argv)
{
    int i;
    char *dev;
    char errbuf[PCAP_ERRBUF_SIZE];
    pcap_t* descr;
    const u_char *packet;
    struct pcap_pkthdr hdr;    /* pcap.h */
    struct ether_header *eptr;  /* net/ethernet.h */

    u_char *ptr; /* printing out hardware header info */

    /* grab a device to peak into... */
    dev = pcap_lookupdev(errbuf);

    if(dev == NULL)
    {
        printf("%s\n",errbuf);
        exit(1);
    }

    printf("DEV: %s\n",dev);

    /* open the device for sniffing.

      pcap_t *pcap_open_live(char *device,int snaplen, int prmisc,int to_ms,
      char *ebuf)

      snaplen - maximum size of packets to capture in bytes
      promisc - set card in promiscuous mode?
      to_ms  - time to wait for packets in miliseconds before read
      times out
      errbuf  - if something happens, place error string here

      Note if you change "prmisc" param to anything other than zero, you will
      get all packets your device sees, whether they are intendeed for you or
      not!! Be sure you know the rules of the network you are running on
      before you set your card in promiscuous mode!!    */

    descr = pcap_open_live(dev,BUFSIZ,0,-1,errbuf);

    if(descr == NULL)
    {
        printf("pcap_open_live(): %s\n",errbuf);
        exit(1);
    }


    /*
      grab a packet from descr (yay!)                   
      u_char *pcap_next(pcap_t *p,struct pcap_pkthdr *h)
      so just pass in the descriptor we got from       
      our call to pcap_open_live and an allocated       
      struct pcap_pkthdr                                */

    packet = pcap_next(descr,&hdr);

    if(packet == NULL)
    {/* dinna work *sob* */
        printf("Didn't grab packet\n");
        exit(1);
    }

    /*  struct pcap_pkthdr {
        struct timeval ts;  time stamp
        bpf_u_int32 caplen;  length of portion present
        bpf_u_int32;        lebgth this packet (off wire)
        }
    */

    printf("Grabbed packet of length %d\n",hdr.len);
    printf("Recieved at ..... %s\n",ctime((const time_t*)&hdr.ts.tv_sec));
    printf("Ethernet address length is %d\n",ETHER_HDR_LEN);

    /* lets start with the ether header... */
    eptr = (struct ether_header *) packet;

    /* Do a couple of checks to see what packet type we have..*/
    if (ntohs (eptr->ether_type) == ETHERTYPE_IP)
    {
        printf("Ethernet type hex:%x dec:%d is an IP packet\n",
                ntohs(eptr->ether_type),
                ntohs(eptr->ether_type));
    }else  if (ntohs (eptr->ether_type) == ETHERTYPE_ARP)
    {
        printf("Ethernet type hex:%x dec:%d is an ARP packet\n",
                ntohs(eptr->ether_type),
                ntohs(eptr->ether_type));
    }else {
        printf("Ethernet type %x not IP", ntohs(eptr->ether_type));
        exit(1);
    }

    /* copied from Steven's UNP */
    ptr = eptr->ether_dhost;
    i = ETHER_ADDR_LEN;
    printf(" Destination Address:  ");
    do{
        printf("%s%x",(i == ETHER_ADDR_LEN) ? " " : ":",*ptr++);
    }while(--i>0);
    printf("\n");

    ptr = eptr->ether_shost;
    i = ETHER_ADDR_LEN;
    printf(" Source Address:  ");
    do{
        printf("%s%x",(i == ETHER_ADDR_LEN) ? " " : ":",*ptr++);
    }while(--i>0);
    printf("\n");

    return 0;
}


-----------------------------------------------------

grail 03-29-2010 10:11 PM
I am guessing this is not the output you were looking for?
What did you expect to see?
Do you understand how the code works?

A quick glance at the code says this is the offending section:

Quote:
packet = pcap_next(descr,&hdr);

if(packet == NULL)
{/* dinna work *sob* */
printf("Didn't grab packet\n");
exit(1);
}
So from this you would then need to review the code for pcap_next() as it returns obviously NULL

theNbomr 03-30-2010 10:26 AM
You probably need to run your program with root privileges.
--- rod.

jejegood 04-27-2010 04:26 AM
Did you find the answer ? if yes, can you share with us pliz ?

yujiliang 07-15-2010 08:27 AM
I got the answer after these days studying sniffering...and libpcap. In fact there is no wrong at all, i guess, just because pcap_next() run too fast after the "descr" take control of the adpter. Before "descr" gets its first sweet packet, pcap_next() has already run over...---a hardware mater, i thought...
So just place a "sleep" before pcap_next() would make it OK.
like this:

Quote:
/*
grab a packet from descr (yay!)
u_char *pcap_next(pcap_t *p,struct pcap_pkthdr *h)
so just pass in the descriptor we got from
our call to pcap_open_live and an allocated
struct pcap_pkthdr */

sleep(1); /*a simple sleep make me good:) */

packet = pcap_next(descr,&hdr);

if(packet == NULL)
{/* dinna work *sob* */
printf("Didn't grab packet\n");
exit(1);
}

/* struct pcap_pkthdr {
struct timeval ts; time stamp
bpf_u_int32 caplen; length of portion present
bpf_u_int32; lebgth this packet (off wire)
}
*/

nightmare89 09-11-2010 07:35 AM
still not working with the sleep()////
any other method ??

snailexe 09-28-2011 04:13 PM
sleep() works
 
sleep() works. Thank you. :) Maybe we should mention it to the lpcap people, since it is potential issue..

Vinothli 08-24-2012 12:19 AM
testpcap1.c
 
SLEEP is working fine...
This program is used for capturing one packet...
How to modify the program for capturing n number of packets

alp40s 03-26-2013 09:20 AM
Quote:
Originally Posted by nightmare89 (Post 4094282)
still not working with the sleep()////
any other method ??
try sleep(5). it will run

mohansadhu 08-21-2014 06:59 AM
Hello,

Any updates on this issue?
sleep is not working for me.
i am getting below error
"Didn't grab packet". Please help me.

Thanks in advance

grail 08-21-2014 09:31 AM
Please raise your own ticket and reference this one if relevant. A 4 year old ticket should not be resurrected.

szboardstretcher 08-21-2014 09:38 AM
I think he did a good job keeping the question in the right thread. It's on topic and 100% related. If someone answers him here, and later someone searches for it, they will be able to find the answer -- all in one convenient spot.

The only "Rule" about posting in a thread is this:

Quote:
When posting in an existing thread, ensure that what you're posting is on-topic and relevant to the thread
There are no rules listed about old threads. If there was a rule about old threads, then the "What programs would you like to see ported to linux" from 2003 would be closed.

AndersonPaschoalon 03-23-2016 08:13 PM
Quote:
Originally Posted by mohansadhu (Post 5224735)
Hello,

Any updates on this issue?
sleep is not working for me.
i am getting below error
"Didn't grab packet". Please help me.

Thanks in advance
Yeah, actually use sleep dont make much sense in my opinion.

Not the best solution, but an actual solution:
Code:
while(1)                                                               
{                                                                     
    packet = pcap_next(descr,&hdr);                               
    if(packet != NULL) break;                                     
}
It is working fine now.


All times are GMT -5. The time now is 10:59 PM.