Ethereal-users: [ethereal-users] Packet capture with libpcap

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Steve Frampton <frampton@xxxxxxxxxxx>
Date: Thu, 17 Feb 2000 17:41:11 +0900 (JST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello:

This isn't really an ethereal issue but as there are likely several
libpcap users here I'd like to ask some questions regarding packet
capture.

I'm trying to write a very simple packet capture program, just so I can
get an idea of how all this works, and also for potential use in a future
project.  I just want to log port 80 and port 443 data to a MySQL database
for future processing.

Basically, I've looked over the code in tcpdump for an idea of how to
interface with libpcap.  My simple program, however, stalls on the
pcap_loop() function.  My handler function does nothing except printf("We
made it!") but it is never executed.

Here's a code snippet:

int main(void) {
  char *device = NULL;       // For network device name
  pcap_handler test_handler; // A function to handle the output
  static pcap_t *pd;         // A packet capture descriptor
  u_char *pcap_userdata;     // Packet data
  char ebuf[PCAP_ERRBUF_SIZE]; // For error messages
  
  if (!(device = pcap_lookupdev(ebuf)))
    error("%s", ebuf);
 
  if (!(pd = pcap_open_live(device, snaplen, 1, 1000, ebuf)))
    error("%s", ebuf);
 
  if (pcap_loop(pd, 0, test_handler, pcap_userdata) < 0) {
    error(pcap_geterr(pd));
  }
 
  pcap_close(pd);

  return 0;
}

(I've also tried -1, and 1 for the # of packets parameter to pcap_loop()
but nothing changes.)

Also, if I forget to run this program as root, pcap_open_live() fails (as
expected), but the call to error() displays a bunch of garbage on my tty,
putting in into a funny state and I have to kill the window (yet, a
printf("%s\n",ebuf) prints out a valid message:  "Socket: operation not
permitted").  Just wondering why this might be.

Advice greatly appreciated.

- --------------< LINUX: The choice of a GNU generation. >--------------
Steve Frampton    <frampton@xxxxxxxxxxx>    Japan Communications, Inc.
Software Developer/Systems Administrator    http://www.j-com.co.jp/
GNU Privacy Guard ID: D055EBC5  (see http://www.gnupg.org for details)
GNU-PG Fingerprint: EEFB F03D 29B6 07E8 AF73  EF6A 9A72 F1F5 D055 EBC5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE4q7QqmnLx9dBV68URAlo9AJ9jbvsSJa+rjwgzpttErShytey3ZACfYAjI
U0JewY4iYEVf1aHprXyaKlY=
=lAnX
-----END PGP SIGNATURE-----