ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Sorry to open an old thread but, umm....its not working for me. I typed
Code:
gcc test1.c -lpcap -o test1
It says cannot find lpcap. Any idea what the problem could be? Isnt this included in the libpcap library?
heres the code( a pretty basic one, coz I'm just starting out in pcap, and dont know what the hell I'm doing):
Code:
#include<stdio.h>
#include<pcap.h>
#include<stdlib.h>
int main()
{
char *dev, *error_openoffline, *fname, *gen_error;
pcap_t *desc;//declaring the decsriptor
pcap_dumper_t *pd;
struct pcap_pkthdr *header;//declaring packet header
u_char *sp;//packet data written to savefile
dev="eth1";//setting the device as eth1
fname="/home/lordofdreams/testcap/cap1";//location of saved file
desc=pcap_open_offline( fname, error_openoffline );
if( *(desc) == 'Null' )
{
printf("The session could not open as %s", error_openoffline );
exit(1);
}
pd=pcap_dump_open( desc, fname );
if( *(pd) == 'Null' )
{ gen_error=pcap_geterr( desc );
printf( "\nThe dump could not be opened as %s", gen_error );
exit(1);
}
pcap_dump( (u_char *) pd, header, sp);
printf("\nThe data is %h", sp );
pcap_dump_close( pd );
pcap_close( desc );
return 0;
}
The interesting thing is when I put the if conditions after pcap_open_offline and pcap_dump_open in comments, then only I get the error, else there's an error concerning the if conditions.
Could somebody please help? I've been scouring the net, but I'm unable to find anything. Do I need to install lpcap separately? I got a link to a page, which should have the source for lpcap
pcap_t *pcap_open_live(char *device,int snaplen, int prmisc,int to_ms,
char *ebuf)
snaplen - maximum size of packets to capture in bytes
promisc - set card in promiscuous mode?
to_ms - time to wait for packets in miliseconds before read
times out
errbuf - if something happens, place error string here
Note if you change "prmisc" param to anything other than zero, you will
get all packets your device sees, whether they are intendeed for you or
not!! Be sure you know the rules of the network you are running on
before you set your card in promiscuous mode!! */
/*
grab a packet from descr (yay!)
u_char *pcap_next(pcap_t *p,struct pcap_pkthdr *h)
so just pass in the descriptor we got from
our call to pcap_open_live and an allocated
struct pcap_pkthdr */
/* struct pcap_pkthdr {
struct timeval ts; time stamp
bpf_u_int32 caplen; length of portion present
bpf_u_int32; lebgth this packet (off wire)
}
*/
printf("Grabbed packet of length %d\n",hdr.len);
printf("Recieved at ..... %s\n",ctime((const time_t*)&hdr.ts.tv_sec));
printf("Ethernet address length is %d\n",ETHER_HDR_LEN);
/* lets start with the ether header... */
eptr = (struct ether_header *) packet;
/* Do a couple of checks to see what packet type we have..*/
if (ntohs (eptr->ether_type) == ETHERTYPE_IP)
{
printf("Ethernet type hex:%x dec:%d is an IP packet\n",
ntohs(eptr->ether_type),
ntohs(eptr->ether_type));
}else if (ntohs (eptr->ether_type) == ETHERTYPE_ARP)
{
printf("Ethernet type hex:%x dec:%d is an ARP packet\n",
ntohs(eptr->ether_type),
ntohs(eptr->ether_type));
}else {
printf("Ethernet type %x not IP", ntohs(eptr->ether_type));
exit(1);
}
/* THANK YOU RICHARD STEVENS!!! RIP*/
ptr = eptr->ether_dhost;
i = ETHER_ADDR_LEN;
printf(" Destination Address: ");
do{
printf("%s%x",(i == ETHER_ADDR_LEN) ? " " : ":",*ptr++);
}while(--i>0);
printf("\n");
gauthamk, thanks a lot for the reply . I'm using Debian 4.0. I'm pretty sure I've installed pcap properly, because I'm able to compile other programs by including pcap.h, even if I dont use its functions.However, could you tell me what lpcap is exactly? I've tried all sorts of permutations involving this term in google, but no satisfactory results so far.
I'll test the program you've given me on my machine, and let you know the results as soon as possible. Thanks a lot for the help again
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.