LinuxQuestions.org - PCAP on LOOPBACK Device

- Programming (https://www.linuxquestions.org/questions/programming-9/)

- - PCAP on LOOPBACK Device (https://www.linuxquestions.org/questions/programming-9/pcap-on-loopback-device-318681/)

PCAP on LOOPBACK Device

hi
Since i dont have LAN i thought i can test my pcap program on the loopback device.
so the code looks like this
-----CODE-----CODE-----CODE-----CODE-----CODE-----CODE-----
#include<stdio.h>
#include<pcap.h>
int main(int argc,char *argv[])
{
char errbuf[PCAP_ERRBUF_SIZE];
char dev[]="lo"; // set the device to listen on lo
bpf_u_int32 mask;
bpf_u_int32 net;
pcap_t *handle;
const u_char *packet;
struct pcap_pkthdr header;

printf("Device = %s",dev);
handle=pcap_open_live(dev,BUFSIZ,1,0,errbuf);
packet=pcap_next(handle,&header);
if(packet==NULL){
printf("\nError Packet not caught ");
}
printf("Captured a Packet of Length %d ",header.len);
pcap_close(handle);
return 0;
}
-----OUTPUT-----OUTPUT-----OUTPUT-----OUTPUT-----OUTPUT----
[root@Funlover try]# ./test
Device = lo
Error Packet not caught
Captured a Packet of Length 5320019
-----OUTPUT-----OUTPUT-----OUTPUT-----OUTPUT-----OUTPUT----

so when i run this program(as root) on one terminal window , the program waits for a packet
And another terminal window i run a ping on 127.0.0.1.

Immediately program comes out from the call of "pcap_next"
(which i understand that it detected a packet| TCPDUMP running parallel,Listening on LO shows a )but the return value of pcap_next is NULL, which indicates the call was not sucessfull..

i tried listening on LO using TCPDUMP it works fine....
so what should i do catch the packet on the LOOPBACK device...

I am using Fedora Code 3.

Johnny

we may try this code :

Code:

#include<stdio.h>

#include<pcap.h>

int main(int argc,char *argv[])

{

int i=1;

char errbuf[PCAP_ERRBUF_SIZE];

char dev[]="lo"; // set the device to listen on lo

bpf_u_int32 mask;

bpf_u_int32 net;

pcap_t *handle;

const u_char *packet;

struct pcap_pkthdr header;

    

printf("\nOpen Device = %s\n\n",dev);

    

handle=pcap_open_live(dev,BUFSIZ,1,0,errbuf);    

for ( ; ; )

    {

        printf("Sniff no. %d\n",i);

        packet=(u_char *)pcap_next(handle,&header); 

  if (packet == NULL)          

        {

            printf("      No Packet!!?? on sniff no. %d\n",i );

            i++;

            continue;

        }else

  if (packet != NULL)    

        {

            /*  possible to insert code here for printing out packet down here    */

            

            printf("      Captured a Packet of Length [%d] from Device [%s]\n",header.len,dev); 

            printf("\nClosing Dev handle\n",dev);  

            pcap_close(handle);

            break;

        }

    }

  printf("Exit Now!\n\n",dev);

  return(0); 

}

can u please explain on that....

hi
thanks for your post...
can you please explain on that
thank you

usually there's no need to test for null packet when we first call pcap_next() , infact i think pcap_next() itself call pcap_dispatch() with cnt parameter of 1 that is to process 1 count number of packet before returning.

i posted the code above just to experimenting with pcap_next() in a loop to find out on which count number of packet which is not null , apparently it is the second count that really contain something inside the packet.

if we want to sniff on packet recieve on any dev , we migth need to do it in a loop and don't check for null packet , we can either use " for ( ; ; )" loop or use pcap_loop() and write a callback function to do the looping and process our packet and no need to call pcap_next() .

there might be other ways to sniff packets ,
sorry can't give you an exact expert answer ,
you can try reading pcap manpage for pcap_dispatch() and pcap_next() and pcap_loop() .

hope that these helps

Hai,
For better understanding hav a luk at LIBPCAP tutorial. Jus by googling
u can get many such tutorials.

Here is one :