Find the answer to your Linux question:
Results 1 to 2 of 2
Hi all! I am a novice in using libpcap library and I have been assigned work to capture SIP traffic using libpcap. However the system I am working on is ...
  1. 02-18-2011 #1
    appy20
    appy20 is offline
    Just Joined!
    Join Date
    Feb 2011
    Posts
    1

    Programming snag

    Hi all!
    I am a novice in using libpcap library and I have been assigned work to capture SIP traffic using libpcap. However the system I am working on is connected to a bridge and inspite of using filters the code seems to capture all other sorts of traffic. I am posting the code here hoping for some help.
    #include<pcap.h>
    #include<stdlib.h>
    #include<string.h>
    #define MAXBYTES2CAPTURE 2074

    void processPacket(u_char* arg,const struct pcap_pkthdr *pkthdr,const u_char *packet)
    {
    int i=0,*counter=(int*)arg;
    printf("\nPacket count = %d",++(*counter));
    printf("\nrecieved packet size = %d",pkthdr->len);
    printf("\npayload\n");
    for(i=0;i<pkthdr->len;i++)
    { if(isprint(packet[i]))
    printf("%c",packet[i]);
    else
    printf(". ");
    if(((i%16==0)&&(i!=0))||i==pkthdr->len-1)
    printf("\n");
    }
    return;
    }
    int main()
    {
    int i=0,count=0;
    pcap_t *desc=NULL;
    char device[] = "my_bridge";
    char filter_exp[] = "port 5060"; /* The filter expression */
    bpf_u_int32 mask; /* The netmask of our sniffing device */
    bpf_u_int32 net; /* The IP of our sniffing device */
    char errbuf[PCAP_ERRBUF_SIZE];
    struct bpf_program fp;
    memset(errbuf,0,PCAP_ERRBUF_SIZE);
    if (pcap_lookupnet(device, &net, &mask, errbuf) == -1) {
    fprintf(stderr, "Can't get netmask for device %s\n", device);
    net = 0;
    mask = 0;
    }
    printf("\nAfter looknet");
    printf("\nopening device %s",device);
    printf("\nnetmaskv %ud",mask);
    printf("\nnet %ud",net);
    desc=pcap_open_live(device,MAXBYTES2CAPTURE,1,512, errbuf);
    if (pcap_compile(desc, &fp, filter_exp, 1, net) == -1) {
    fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(desc));
    return(2);
    }
    else
    printf("\ncompile OK");
    if (pcap_setfilter(desc, &fp) == -1) {
    fprintf(stderr, "Couldn't install filter %s: %s\n", filter_exp, pcap_geterr(desc));
    return(2);
    }
    else printf("\nfilter ok");
    pcap_loop(desc,-1,processPacket,(u_char*)&count);
    return 0;
    }
    Reply With Quote Reply With Quote
  2. 02-27-2011 #2
    Rubberman
    Rubberman is offline
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, or in a galaxy far, far away.
    Posts
    8,974
    When you post code in these forums, PLEASE surround the code in code blocks, as in:
    Code:
    // This is some code.
    // As you can see, indents are now preserved... :-)
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

...