•  28-08-2022
  •  | 
  •  

Question

I'm trying to do a little sniffer using pcap in C like explained here My problem is that pcap_loop absolutly catch no packets and/or does nothing, my callback function is never called. my guess was the time out value but even if i set it to 20 (ms), nothing changes. It hope it s only a simple error i can't see, but i'll let you guys try to figure it out, cause it's been messing my brain too much !!

Thanks

Nikko

Edit : i choose wlan0 as interface and it works with the program given at the link My main :

int main(int argc, char* argv[]) {

// interface & err buff
char *dev, errbuff[PCAP_ERRBUF_SIZE];
int i = 0,inum= -1;
// it filters out only packet from this machin
char filter_exp[] = "ip host localhost"; 
struct bpf_program fp;  /* compiled filter program (expression) */
/* typedef, no need for struct ... */
bpf_u_int32 mask;
bpf_u_int32 net;

int num_packets = 10;

// 1.0+ API pcap version
pcap_if_t * alldevs;    
pcap_if_t * pdev;
pcap_t * handle;
// 1st argument interface
if(argc == 2) {
    dev = argv[1];
    printf("Chosen interface : %s\n",dev);
}



//+1.0 api version
if(pcap_findalldevs(&alldevs,errbuff)){
    fprintf(stderr,"findalldev failed to retrieve interface\n %s",errbuff);
    return(2);
}
if(alldevs == NULL){
    fprintf(stderr,"Retrieved interface is null\n");
    return(2);
}
// select all interfaces
for(pdev = alldevs; pdev != NULL;pdev = pdev->next) {
    printf("Device %d : ",++i);
    print_pcap_if_t(pdev);
    //print_pcap_addr(pdev->addresses);

}
printf("Enter the interface number (1-%d):",i);
scanf("%d", &inum);
if(inum < 1 || inum > i){
    fprintf(stderr,"Device %d not in list.\n",i);
    return(2);
}
/* Jump to the selected adapter */
for(pdev=alldevs, i=0; i< inum - 1 ;pdev=pdev->next, i++);
printf("\n-------------------------------------------------\n");    

//printf("Chosen device : %s",pdev->name);
//print_pcap_if_t(pdev);    

/* activate device */   
printf("activating\n");
handle = pcap_open_live(pdev->name,SNAP_LEN,1,1000,errbuff);
if(handle == NULL){
    fprintf(stderr,"Could not open device for sniffing");
    return(2);
}

/* compile filter */
if(pcap_compile(handle,&fp,filter_exp,0,net) == -1) {
    fprintf(stderr,"Could not compile filtering rules");
    return(EXIT_FAILURE);
}

/* apply filter */
if(pcap_setfilter(handle,&fp) == -1) {
    fprintf(stderr,"Could not set filtering rules");
    return(EXIT_FAILURE);
}

printf("Waiting for packets to come in your hands");
fflush(stdout);

pcap_loop(handle,num_packets,got_packet,NULL);

pcap_freecode(&fp);
pcap_close(handle);

pcap_freealldevs(alldevs);
return(0);

}

Was it helpful?

Solution

ip host localhost

"localhost" is the name for the IP address 127.0.0.1; it is not the IP address of your machine on the Internet, it's a special IP address used to send IPv4 packets from your machine to itself (e.g., "ftp localhost" if you want to test the FTP server on your machine by connecting to it from a command prompt on your machine).

Traffic to or from other hosts will not come from, or be sent, to, 127.0.0.1.

If your machine has the IP address 10.0.1.2, for example, try "ip host 10.0.1.2".

OTHER TIPS

Ok i found the problem : my filter "ip host localhost" aws the reason. I changed it to "ip" and there it was =)

I dont really understand though. What i do is i launch the program, and just refresh a web page after that. So my first request is a GET or stg, with source = localhost , no ? And the response will contains my address also in the destination field. According to man page :

host HOST True if either the IPv4/v6 source or destination of the packet is HOST.

Would it be that it does no translation of "localhost" when setting the filter ?

Anyway , i hope it could help some others...

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top