Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > C Programming > Raw Ethernet Packet Capture

Reply
Thread Tools

Raw Ethernet Packet Capture

 
 
Richard Heathfield
Guest
Posts: n/a
 
      10-23-2007
Tor Rustad said:

> Richard Heathfield wrote:
>>
>> This can easily be fixed [...]

>
> Yes, which left on purpose as an exercise to OP.


Whoops! Sorry, Tor.

--
Richard Heathfield <http://www.cpax.org.uk>
Email: -http://www. +rjh@
Google users: <http://www.cpax.org.uk/prg/writings/googly.php>
"Usenet is a strange place" - dmr 29 July 1999
 
Reply With Quote
 
 
 
 
gustavo.samour@gmail.com
Guest
Posts: n/a
 
      10-23-2007

Thanks to everyone who posted! You pointed me in the right direction
with the unsigned/signed char issue... I felt like such a newbie
haha... As for the Wireshark issue:

> > But now I noticed some odd behavior. I'm sending some raw ethernet
> > packets from a Windows machine and sniffing them in my linux box. When
> > I only run my C program, those packets are not received for some
> > reason. But when I run both my program and the Wireshark capture
> > SIMULTANEOUSLY, I DO receive those packets coming from my Windows
> > machine. Any ideas? Is there some sort of flag I'm not setting in my
> > code that gets set in Wireshark?


Turns out, I wasn't far off.. there WAS a "flag" I wasn't setting.
It's called "promiscuous mode". By default, Network cards are not in
promiscuous mode which means they don't allow certain packets thru
(packets where the destination is not its MAC address or something
like that). When this mode is set, the network interface gets ALL
traffic, even packets not meant for it. So promiscuous mode was the
key. To set this mode in linux go to your shell and type a command
similar to this one:

>ifconfig eth0 promisc


Be sure to replace "eth0" with your own network interface in case it's
"wlan0" or something else. To remove promiscuous mode, type:

>ifconfig eth0 -promisc


Thanks again for all your help!

 
Reply With Quote
 
 
 
 
gustavo.samour@gmail.com
Guest
Posts: n/a
 
      10-23-2007
To set promiscuous mode within your C code, add code similar to the
following:

struct ifreq ethreq;
strncpy(ethreq.ifr_name,"eth0",IFNAMSIZ);
ioctl(sock, SIOCGIFFLAGS, &ethreq);
ethreq.ifr_flags |= IFF_PROMISC;
ioctl(sock, SIOCSIFFLAGS, &ethreq);

This snippet is taken from:

http://www.linuxjournal.com/article/4659

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
import packet.module without importing packet.__init__ ? Gelonida N Python 4 09-11-2011 02:17 PM
convert the ip packet to and from RS-232 packet Li Han Python 2 02-09-2009 02:43 PM
Security: rec'd packet not an ipsec packet ! mediumkuriboh Cisco 0 02-09-2009 12:14 AM
%PIX-4-402106: Rec'd packet not an IPSEC packet. lfnetworking Cisco 3 08-27-2006 05:30 AM
Can 803 (ISDN-ethernet) work ethernet-ethernet? Peter Cisco 2 12-11-2003 11:24 PM



Advertisments