Home > Archive > Unix Programming > July 2005 > Re: Capture raw socket
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Re: Capture raw socket
|
|
| grobteam 2005-07-24, 8:53 pm |
|
Barry Margolin wrote:
> In article <1121043975.361779.167620@g14g2000cwa.googlegroups.com>,
> "grobteam" <grobteam@gmail.com> wrote:
>
>
> You should be able to do this using libpcap. That's how tcpdump and
> Ethereal work, I believe.
hum yeah but how libpcap do it? It is userspace too....
>
> --
> Barry Margolin, barmar@alum.mit.edu
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***
| |
| Barry Margolin 2005-07-24, 8:53 pm |
| In article <1122001947.023248.227530@z14g2000cwz.googlegroups.com>,
"grobteam" <grobteam@gmail.com> wrote:
> Barry Margolin wrote:
>
> hum yeah but how libpcap do it? It is userspace too....
It's OS-dependent. Typically it's done is by opening a special device,
like /dev/bpf<number> or something in /proc/net. You can then perform
ioctls to enable promiscuous mode and configure a filter expression.
--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
| |
| Barry Margolin 2005-07-24, 8:53 pm |
| In article <1122044129.580493.201730@g44g2000cwa.googlegroups.com>,
"grobteam" <grobteam@gmail.com> wrote:
>
> Ok, so the only way is to put the NIC in promiscuous mode, I dont
> understand this design choice but btw thank you I know now how to do it
> :)
You only have to put the NIC in promiscuous mode if you want to see
traffic to other systems. If you're only interested in packets to or
from this system you don't need it. I was just giving examples of the
kinds of things you can do when you open these devices.
--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
|
|
|
|
|