Jayanna, Jay wrote:
Hi,
I�m developing a plug-in to sniff local data on remote machines. I am
using ethereal-0.10.11 on a linux (2.4.21) machine.
I have created a plugin on the remote machines that send the local
traffic on that machine over TCP to a server, which receives the
packets. I have written another plug-in at the server end that
receives the packet & puts it on to the ethereal stack for it to
sniff. I kickoff a server thread as soon as I register my plugin. The
server thread basically creates a socket, binds to a port & listens
for connections. Whenever it accepts a connection, it kicks off
another thread which receives the data from the client.
I am able to send the packets from the client & receive it at the
server. I use �w option on the server to store the packets that I
receive. I am able to view the packets in ethereal when I open the
saved file. But if I try to capture, ethereal quits. The error I get is:
bind: Address already in use
** ERROR **: file capture_sync.c: line 625 (sync_pipe_input_cb):
should not be reached
Aborting�
Aborted (core dumped)
When I do gdb on the core file, it doesn�t give any file names.
I looked into the capture_sync.c code & saw that it was forking off a
child that did the actual capturing. I have a feeling that this child
is killing all my threads & hence aborting. I am not sure though. It
would be of great help if anyone has any ideas as to why this is
happening.
First of all, in 0.10.12 were some critical bug fixes in the capturing
engine, so I would encourage you to use the latest sources for development.
I don't understand what you mean by a plugin here.
You'll find two diagrams about the capturing engine at:
http://anonsvn.ethereal.com/viewcvs/viewcvs.py/trunk/docbook/edg_graphics/ethereal-capture-sync.png?rev=12450&view=markup
http://anonsvn.ethereal.com/viewcvs/viewcvs.py/trunk/docbook/edg_graphics/ethereal-capture_internals.png?rev=12446&view=markup
which might be helpful to understand capturing.
Regards, ULFL
