Networking 229pcap_handle = pcap_open_live(device, 4096, 1, 0, errbuf);
if(pcap_handle == NULL)
pcap_fatal("pcap_open_live", errbuf);
Similar to the socket function and file open function, the pcap_open_live()
function opens a packet-capturing device, returning a handle to it. The argu-
ments for this function are the device to sniff, the maximum packet size, a
promiscuous flag, a timeout value, and a pointer to the error buffer. Since we
want to capture in promiscuous mode, the promiscuous flag is set to 1.
for(i=0; i < 3; i++) {
packet = pcap_next(pcap_handle, &header);
printf("Got a %d byte packet\n", header.len);
dump(packet, header.len);
}
pcap_close(pcap_handle);
}
Finally, the packet capture loop uses pcap_next() to grab the next packet.
This function is passed the pcap_handle and a pointer to a pcap_pkthdr struc-
ture so it can fill it with details of the capture. The function returns a pointer
to the packet and then prints the packet, getting the length from the capture
header. Then pcap_close() closes the capture interface.
When this program is compiled, the pcap libraries must be linked. This
can be done using the -l flag with GCC, as shown in the output below. The
pcap library has been installed on this system, so the library and include files
are already in standard locations the compiler knows about.
reader@hacking:~/booksrc $ gcc -o pcap_sniff pcap_sniff.c
/tmp/ccYgieqx.o: In function main': pcap_sniff.c:(.text+0x1c8): undefined reference topcap_lookupdev'
pcap_sniff.c:(.text+0x233): undefined reference to pcap_open_live' pcap_sniff.c:(.text+0x282): undefined reference topcap_next'
pcap_sniff.c:(.text+0x2c2): undefined reference to `pcap_close'
collect2: ld returned 1 exit status
reader@hacking:~/booksrc $ gcc -o pcap_sniff pcap_sniff.c -l pcap
reader@hacking:~/booksrc $ ./pcap_sniff
Fatal Error in pcap_lookupdev: no suitable device found
reader@hacking:~/booksrc $ sudo ./pcap_sniff
Sniffing on device eth0
Got a 82 byte packet
00 01 6c eb 1d 50 00 01 29 15 65 b6 08 00 45 10 | ..l..P..).e...E.
00 44 1e 39 40 00 40 06 46 20 c0 a8 2a 01 c0 a8 | .D.9@[email protected] .....
2a f9 8b 12 1e d2 ac 14 cf c7 e5 10 6c c9 80 18 | ...........l...
05 b4 54 1a 00 00 01 01 08 0a 26 b6 a7 76 02 3c | ..T.......&..v.<
37 1e 74 68 69 73 20 69 73 20 61 20 74 65 73 74 | 7.this is a test
0d 0a | ..
Got a 66 byte packet
00 01 29 15 65 b6 00 01 6c eb 1d 50 08 00 45 00 | ..).e...l..P..E.
00 34 3d 2c 40 00 40 06 27 4d c0 a8 2a f9 c0 a8 | .4=,@.@.'M.....
2a 01 1e d2 8b 12 e5 10 6c c9 ac 14 cf d7 80 10 | .......l.......