LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 12-30-2005, 01:00 PM   #1
Micah
Member
 
Registered: Apr 2002
Location: OK, USA
Distribution: Slackware64
Posts: 181

Rep: Reputation: 36
Question Packet Captureing/Sniffing w/ BSD Sockets


I'm looking for resources to create a simple packet capturing app...

Platform = MacOSX (BSD Sockets)
Goal = Capture traffic to/from my PC
(looking for some specific info from port X via TCP in this case and then do something with it)

creating the socket is easy and processing is easy but how do i configure the socket to listen?

I think my problem is either in bind() or ioctl() but it is not an easy thing to search for... (lots of linux results and linux does things differently (I'll add that later =)

Note: I would like to stay away from 3rd party libraries.
 
Old 12-30-2005, 01:31 PM   #2
dmail
Member
 
Registered: Oct 2005
Posts: 970

Rep: Reputation: Disabled
BSD Sockets = berkley sockets which i believe besides a very few things is compatiable around most os's(including winsock as its based on bsd)
http://beej.us/guide/bgnet/output/html/index.html
<edit>
If there are any differences between linux and mac implementation of bsd I would appreciate a point in the right direction; as I'm currently making a cross platfrom app which used this.
cheers
</edit>

Last edited by dmail; 12-30-2005 at 01:44 PM.
 
Old 12-30-2005, 02:07 PM   #3
Micah
Member
 
Registered: Apr 2002
Location: OK, USA
Distribution: Slackware64
Posts: 181

Original Poster
Rep: Reputation: 36
Unfortunately the link doesn't help me much in this case... I will recheck the IOCTL() functions just in case...

Linux, Mac, Windows... Most functions are the same...
accept() connect() recv() recvfrom() etc...

There are a few differences but most are *nix to win...
(I'll post this just in case it may save you some time :-)
Code:
#ifndef WIN32
# define u_int unsigned int
# define SOCKET u_int /* could be an INT */
# define INVALID_SOCKET (SOCKET)(~0) /* -1 if INT */ 
# define SOCKET_ERROR (SOCKET)(~0) /* -1 if INT */
# define WSAGetLastError() errno
# define closesocket close
# define ioctlsocket ioctl
# define INADDR_NONE 0xffffffff
#else
# define socklen_t int
# define EAFNOSUPPORT WSAEAFNOSUPPORT
#endif
NOTE: I did not figure that out - I saw the same or similar techniques around the web a built upon them with the above. Basically, it allows you to code one style instead of #ifdef's through out the code.

As far as the differences from what I am doing... It looks like Linux and BSD use different includes and variables....

I was going to give an example, but can't find them ATM... Linux allows for a lower level (kernel I think) workings with the packets than BSD Sockets would allow. (I haven't checked windows yet)

I am not findng much information on how to use:
Code:
int s = socket(PF_INET, SOCK_RAW, IPPROTO_RAW);
Most informations deal with creating your own packet whereas I am just wanting to "sniff" or "capture" the packets. Or they just don't work... (also spent 20 min to figure out SOCK_RAW requires root credentials)
 
Old 12-30-2005, 02:11 PM   #4
dmail
Member
 
Registered: Oct 2005
Posts: 970

Rep: Reputation: Disabled
thanks for the reply, but it seems ive got most of them an ones which are not in a header are #ifdef, for the likes of close and closesocket.
Code:
#ifdef WINDOWS_BUILD
#pragma comment(lib, "WS2_32.lib")//link the lib
#include <winsock2.h>//and include winsock
#define MY_INVALID_SOCKET	INVALID_SOCKET
#define MY_SOCKET_ERROR		SOCKET_ERROR
#define MY_IPPROTO_TCP		IPPROTO_TCP
#define MY_SOCKET			SOCKET
#define MY_NO_ERROR			NO_ERROR
#endif //WINDOWS_BUILD

#if ( defined(UNIX_BUILD) || defined(MAC_BUILD) )
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <fcntl.h>
#define MY_INVALID_SOCKET	(-1)
#define MY_SOCKET_ERROR		MY_INVALID_SOCKET
#define MY_IPPROTO_TCP		0//this gives us the default in bsd
#define MY_SOCKET			int//unsigned in winsock
#define MY_NO_ERROR			0L
#endif //UNIX_BUILD || MAC_BUILD
 
Old 12-30-2005, 02:13 PM   #5
Micah
Member
 
Registered: Apr 2002
Location: OK, USA
Distribution: Slackware64
Posts: 181

Original Poster
Rep: Reputation: 36
Quick Update:
http://www.machacking.net/forums/ind...23&hl=sock_raw

Code:
int s = socket(PF_INET, SOCK_RAW, 0);
ok, ICMP works, but not TCP... =/

Last edited by Micah; 12-30-2005 at 02:22 PM.
 
Old 12-30-2005, 09:58 PM   #6
Micah
Member
 
Registered: Apr 2002
Location: OK, USA
Distribution: Slackware64
Posts: 181

Original Poster
Rep: Reputation: 36
Does anyone know how to get TCP/UDP to work with BSD Sockets? (even with Winsock) -- or perhaps where to go to ask =)
 
Old 12-31-2005, 01:24 AM   #7
primo
Member
 
Registered: Jun 2005
Posts: 542

Rep: Reputation: 34
On Linux >= 2.2 you use PF_PACKET, SOCK_PACKET otherwise. I suggest you browse the libpcap code, you may find the MacOS X specifics there
 
Old 12-31-2005, 10:02 PM   #8
Micah
Member
 
Registered: Apr 2002
Location: OK, USA
Distribution: Slackware64
Posts: 181

Original Poster
Rep: Reputation: 36
Quote:
Originally Posted by primo
On Linux >= 2.2 you use PF_PACKET, SOCK_PACKET otherwise. I suggest you browse the libpcap code, you may find the MacOS X specifics there
Linux is the greater of the 3 OSs in this respect... My primary targeted OSs for this is Mac and Windows then Linux for fun...

ya... think i must go through libpcap code... not my pref though =P

Thanks!
 
Old 12-31-2005, 10:04 PM   #9
Micah
Member
 
Registered: Apr 2002
Location: OK, USA
Distribution: Slackware64
Posts: 181

Original Poster
Rep: Reputation: 36
Cool

Quote:
Originally Posted by dmail
thanks for the reply, but it seems ive got most of them an ones which are not in a header are #ifdef, for the likes of close and closesocket.
Code:
#ifdef WINDOWS_BUILD
#pragma comment(lib, "WS2_32.lib")//link the lib
#include <winsock2.h>//and include winsock
#define MY_INVALID_SOCKET	INVALID_SOCKET
#define MY_SOCKET_ERROR		SOCKET_ERROR
#define MY_IPPROTO_TCP		IPPROTO_TCP
#define MY_SOCKET			SOCKET
#define MY_NO_ERROR			NO_ERROR
#endif //WINDOWS_BUILD

#if ( defined(UNIX_BUILD) || defined(MAC_BUILD) )
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>
#include <fcntl.h>
#define MY_INVALID_SOCKET	(-1)
#define MY_SOCKET_ERROR		MY_INVALID_SOCKET
#define MY_IPPROTO_TCP		0//this gives us the default in bsd
#define MY_SOCKET			int//unsigned in winsock
#define MY_NO_ERROR			0L
#endif //UNIX_BUILD || MAC_BUILD
Thanks! I do need to add the pragma... my winsock is in another file (I don't know why i seperated them to be honest... =)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem sniffing with raw sockets warned Programming 4 08-28-2004 02:10 PM
Problems with packet sniffing in promiscuous mode Yohhan Linux - Networking 1 05-07-2004 06:59 AM
Packet sniffing question. _TK_ Linux - Security 6 09-04-2003 10:14 AM
url packet sniffing? nibjb Linux - Networking 1 09-01-2003 10:34 PM
Setting up a sniffing environment to loot at packet transfered from my windows comp? Shurikn Linux - General 9 04-22-2003 03:21 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 12:55 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration