tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

libpcap OSX problems

From: Mathew Rowley <mathew.rowley () gmail com>
Date: Wed, 29 Dec 2010 20:59:20 -0700
I have been debugging why libpcap is unable to sniff packets in pcaprub (of metasploit) and have found a few things.  
Maybe some of you can enlighten me.

1. With this sample source - if the timeout variable is 0 in pcap_open_live, capturing does not work. Setting to >0 
allows things to work.

2. It seems that the pcap_setnonblock will cause the pcap_handler to be called (although, I am not sure if I am using 
it correctly.)  Comment out:

pcap_setnonblock(pd, 1, error_buf);

in the sample source to re-create.


Does anyone know why these are happening - specifically #2, as #1 is a pretty simple fix.

SOURCE:

#include <pcap.h>

static void rbpcap_handler(u_char *user, const struct pcap_pkthdr *h, const u_char *bytes){
        printf("pcap handler\n");
}
int main(){
        char error_buf[10000];

        char iface[256] = "en1";
        pcap_t *pd;

        const u_char *packet;           // packet data
        const u_char *old_packet;               // packet data
        struct pcap_pkthdr header;      // sniffed header

        char* filter_exp = "icmp6";             // filter
        struct bpf_program fp;          // compiled filter

        bpf_u_int32 mask;                       // netmask
        bpf_u_int32 net;                        // ip

        u_char* user;

        if (pcap_lookupnet(iface, &net, &mask, error_buf) == -1) {
                printf("Can't get netmask for device %s\n", iface);
                return(-1);
        }

        pd = pcap_open_live(iface, 65000, 1, 1, error_buf);
        if(pd == NULL){
                printf("Error opening device(%s): %s\n", iface, error_buf);
                return(-1);
        }

        if (pcap_compile(pd, &fp, filter_exp, 0, mask) == -1) {
                printf("cant compile filter (%s): %s\n", filter_exp, pcap_geterr(pd));
                return(-1);
        }
        if (pcap_setfilter(pd, &fp) == -1) {
                printf("cant set filter (%s): %s\n", filter_exp, pcap_geterr(pd));
                return(-1);
        }

        //int pcap_dispatch(pcap_t *p, int cnt, pcap_handler callback, u_char *user);
        while(1 == 1){
                //pcap_setnonblock(pd, 1, error_buf);
                pcap_dispatch(pd, 100, rbpcap_handler, user);
        }

        pcap_close(pd);
        return(0);
}

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: