Packet Sniffing using Raw Sockets in Linux in C

linux network-programming network-protocols packet-sniffers sniffing

11,884

Solution 1

You should be using ETH_P_ALL instead of ETH_P_IP as the protocol. ETH_P_IP only listens for incoming IP packets.

Why can't you use any library? Homework?

It's hard to answer without having examples from your code, for example how you set sll_pkttype.

The urlsnarf tool in the dnsiff suite could be worth a look.

11,884

Author by

Favorite Languages : Java , Scala , Bash , C/C++ , Python Favorite IDE : IntelliJ IDEA , Netbeans Favorite Editor : VSCode , Vim

Updated on June 08, 2022

Sajad Bahmani almost 2 years

I need to write a packet sniffer in Linux that detects HTTPS packet that are sent and save the url from the request. I found code for this in security-freak and ran it. This code runs and only sniffs the received packet but I need to get the sent packet in the sniffer. How do I get the sent packet in this code?

I can't use any library like libcap (forbidden). The code is :sniffer.c
Sajad Bahmani over 14 years

we cant use any library like libcap or dnet
JXG over 14 years

If the goal is to see http packets, why not use ETH_P_IP? You don't need everything.
JXG over 14 years

Are you sure that your system allows detecting outgoing packets? You could use libpcap to determine if it's even possible.
gte525u over 14 years

The goal is to see outgoing http packets. ETH_IP_P only sees incoming packets. See thread: lkml.indiana.edu/hypermail/linux/kernel/9604.1/0603.html
karimvai over 7 years

@bua "I can't use any library like libcap (forbidden)."
71GA about 2 years

Where is the official documentation for these kind of macros? I have been searching all over the POSIX standard but I can't find nothing. Also Linux kernel doesn't say anything!