Ethereal-dev: Re: [Ethereal-dev] promiscuous socket.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Sat, 14 May 2005 12:58:10 -0700
Andrea G. Forte wrote:


...because not all systems use sockets for packet capture.


What else do they use?


The BSDs and AIX use BPF devices.
SunOS 5.x (the OS component of modern Solaris) and HP-UX use the raw DLPI interface. 

Digital/Tru64 UNIX uses packetfilter devices.


for example, PF_PACKET sockets in Linux (there's another way to turn
promiscuous mode on, which arranges that if the program exits without
turning promiscuous mode off, when the socket is closed promiscuous mode
is turned off automatically).


Are you referring to PACKET_MR_PROMISC by any chance?


Yes.


I just do not want to have libpcap to be a requirement in order to run my
sniffer. I want to keep it as small and simple as possible.
Then either it's going to be Linux-only or you're going to have to duplicate some or all of the capturing capabilities of libpcap.