Packet Sniffing using Raw Sockets in Linux in C
Solution 1
You should be using ETH_P_ALL instead of ETH_P_IP as the protocol. ETH_P_IP only listens for incoming IP packets.
Solution 2
Why can't you use any library? Homework?
It's hard to answer without having examples from your code, for example how you set sll_pkttype
.
The urlsnarf tool in the dnsiff suite could be worth a look.
Sajad Bahmani
Favorite Languages : Java , Scala , Bash , C/C++ , Python Favorite IDE : IntelliJ IDEA , Netbeans Favorite Editor : VSCode , Vim
Updated on June 08, 2022Comments
-
Sajad Bahmani almost 2 years
I need to write a packet sniffer in Linux that detects HTTPS packet that are sent and save the url from the request. I found code for this in security-freak and ran it. This code runs and only sniffs the received packet but I need to get the sent packet in the sniffer. How do I get the sent packet in this code?
I can't use any library like libcap (forbidden). The code is :sniffer.c
-
Sajad Bahmani over 14 yearswe cant use any library like libcap or dnet
-
JXG over 14 yearsIf the goal is to see http packets, why not use ETH_P_IP? You don't need everything.
-
JXG over 14 yearsAre you sure that your system allows detecting outgoing packets? You could use libpcap to determine if it's even possible.
-
gte525u over 14 yearsThe goal is to see outgoing http packets. ETH_IP_P only sees incoming packets. See thread: lkml.indiana.edu/hypermail/linux/kernel/9604.1/0603.html
-
karimvai over 7 years@bua "I can't use any library like libcap (forbidden)."
-
71GA about 2 yearsWhere is the official documentation for these kind of macros? I have been searching all over the POSIX standard but I can't find nothing. Also Linux kernel doesn't say anything!