PCAP on LOOPBACK Device
hi
Since i dont have LAN i thought i can test my pcap program on the loopback device. so the code looks like this -----CODE-----CODE-----CODE-----CODE-----CODE-----CODE----- #include<stdio.h> #include<pcap.h> int main(int argc,char *argv[]) { char errbuf[PCAP_ERRBUF_SIZE]; char dev[]="lo"; // set the device to listen on lo bpf_u_int32 mask; bpf_u_int32 net; pcap_t *handle; const u_char *packet; struct pcap_pkthdr header; printf("Device = %s",dev); handle=pcap_open_live(dev,BUFSIZ,1,0,errbuf); packet=pcap_next(handle,&header); if(packet==NULL){ printf("\nError Packet not caught "); } printf("Captured a Packet of Length %d ",header.len); pcap_close(handle); return 0; } -----OUTPUT-----OUTPUT-----OUTPUT-----OUTPUT-----OUTPUT---- [root@Funlover try]# ./test Device = lo Error Packet not caught Captured a Packet of Length 5320019 -----OUTPUT-----OUTPUT-----OUTPUT-----OUTPUT-----OUTPUT---- so when i run this program(as root) on one terminal window , the program waits for a packet And another terminal window i run a ping on 127.0.0.1. Immediately program comes out from the call of "pcap_next" (which i understand that it detected a packet| TCPDUMP running parallel,Listening on LO shows a )but the return value of pcap_next is NULL, which indicates the call was not sucessfull.. i tried listening on LO using TCPDUMP it works fine.... so what should i do catch the packet on the LOOPBACK device... I am using Fedora Code 3. Johnny |
we may try this code :
Code:
#include<stdio.h> |
can u please explain on that....
hi
thanks for your post... can you please explain on that thank you |
usually there's no need to test for null packet when we first call pcap_next() , infact i think pcap_next() itself call pcap_dispatch() with cnt parameter of 1 that is to process 1 count number of packet before returning.
i posted the code above just to experimenting with pcap_next() in a loop to find out on which count number of packet which is not null , apparently it is the second count that really contain something inside the packet. if we want to sniff on packet recieve on any dev , we migth need to do it in a loop and don't check for null packet , we can either use " for ( ; ; )" loop or use pcap_loop() and write a callback function to do the looping and process our packet and no need to call pcap_next() . there might be other ways to sniff packets , sorry can't give you an exact expert answer , you can try reading pcap manpage for pcap_dispatch() and pcap_next() and pcap_loop() . hope that these helps |
Suggestion
Hai,
For better understanding hav a luk at LIBPCAP tutorial. Jus by googling u can get many such tutorials. Here is one : |
All times are GMT -5. The time now is 10:31 PM. |