Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
04-30-2005, 07:30 AM
|
#1
|
LQ Newbie
Registered: May 2003
Location: India
Distribution: Fedora Core 1
Posts: 17
Rep:
|
PCAP on LOOPBACK Device
hi
Since i dont have LAN i thought i can test my pcap program on the loopback device.
so the code looks like this
-----CODE-----CODE-----CODE-----CODE-----CODE-----CODE-----
#include<stdio.h>
#include<pcap.h>
int main(int argc,char *argv[])
{
char errbuf[PCAP_ERRBUF_SIZE];
char dev[]="lo"; // set the device to listen on lo
bpf_u_int32 mask;
bpf_u_int32 net;
pcap_t *handle;
const u_char *packet;
struct pcap_pkthdr header;
printf("Device = %s",dev);
handle=pcap_open_live(dev,BUFSIZ,1,0,errbuf);
packet=pcap_next(handle,&header);
if(packet==NULL){
printf("\nError Packet not caught ");
}
printf("Captured a Packet of Length %d ",header.len);
pcap_close(handle);
return 0;
}
-----OUTPUT-----OUTPUT-----OUTPUT-----OUTPUT-----OUTPUT----
[root@Funlover try]# ./test
Device = lo
Error Packet not caught
Captured a Packet of Length 5320019
-----OUTPUT-----OUTPUT-----OUTPUT-----OUTPUT-----OUTPUT----
so when i run this program(as root) on one terminal window , the program waits for a packet
And another terminal window i run a ping on 127.0.0.1.
Immediately program comes out from the call of "pcap_next"
(which i understand that it detected a packet| TCPDUMP running parallel,Listening on LO shows a )but the return value of pcap_next is NULL, which indicates the call was not sucessfull..
i tried listening on LO using TCPDUMP it works fine....
so what should i do catch the packet on the LOOPBACK device...
I am using Fedora Code 3.
Johnny
|
|
|
04-30-2005, 09:13 AM
|
#2
|
Member
Registered: Mar 2005
Location: singapore
Distribution: puppy and Ubuntu and ... erh ... redhat(sort of) :( ... + the venerable bsd and solaris ^_^
Posts: 658
Rep:
|
we may try this code :
Code:
#include<stdio.h>
#include<pcap.h>
int main(int argc,char *argv[])
{
int i=1;
char errbuf[PCAP_ERRBUF_SIZE];
char dev[]="lo"; // set the device to listen on lo
bpf_u_int32 mask;
bpf_u_int32 net;
pcap_t *handle;
const u_char *packet;
struct pcap_pkthdr header;
printf("\nOpen Device = %s\n\n",dev);
handle=pcap_open_live(dev,BUFSIZ,1,0,errbuf);
for ( ; ; )
{
printf("Sniff no. %d\n",i);
packet=(u_char *)pcap_next(handle,&header);
if (packet == NULL)
{
printf(" No Packet!!?? on sniff no. %d\n",i );
i++;
continue;
}else
if (packet != NULL)
{
/* possible to insert code here for printing out packet down here */
printf(" Captured a Packet of Length [%d] from Device [%s]\n",header.len,dev);
printf("\nClosing Dev handle\n",dev);
pcap_close(handle);
break;
}
}
printf("Exit Now!\n\n",dev);
return(0);
}
Last edited by alred; 04-30-2005 at 09:15 AM.
|
|
|
05-03-2005, 11:42 AM
|
#3
|
LQ Newbie
Registered: May 2003
Location: India
Distribution: Fedora Core 1
Posts: 17
Original Poster
Rep:
|
can u please explain on that....
hi
thanks for your post...
can you please explain on that
thank you
|
|
|
05-04-2005, 02:13 AM
|
#4
|
Member
Registered: Mar 2005
Location: singapore
Distribution: puppy and Ubuntu and ... erh ... redhat(sort of) :( ... + the venerable bsd and solaris ^_^
Posts: 658
Rep:
|
usually there's no need to test for null packet when we first call pcap_next() , infact i think pcap_next() itself call pcap_dispatch() with cnt parameter of 1 that is to process 1 count number of packet before returning.
i posted the code above just to experimenting with pcap_next() in a loop to find out on which count number of packet which is not null , apparently it is the second count that really contain something inside the packet.
if we want to sniff on packet recieve on any dev , we migth need to do it in a loop and don't check for null packet , we can either use " for ( ; ; )" loop or use pcap_loop() and write a callback function to do the looping and process our packet and no need to call pcap_next() .
there might be other ways to sniff packets ,
sorry can't give you an exact expert answer ,
you can try reading pcap manpage for pcap_dispatch() and pcap_next() and pcap_loop() .
hope that these helps
Last edited by alred; 05-04-2005 at 02:59 AM.
|
|
|
03-05-2009, 05:05 AM
|
#5
|
LQ Newbie
Registered: Mar 2009
Posts: 11
Rep:
|
Suggestion
Hai,
For better understanding hav a luk at LIBPCAP tutorial. Jus by googling
u can get many such tutorials.
Here is one :
|
|
|
All times are GMT -5. The time now is 04:09 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|