Comments on: How to code Packet Sniffer in C with Sockets on Linux

By: Rohit Pradhan

Rohit Pradhan — Sat, 18 Sep 2021 04:34:48 +0000

Is there an equivalent code for this project in C++?

By: Khupmalsawm Singson

Khupmalsawm Singson — Wed, 21 Oct 2020 21:30:40 +0000

In reply to yifabao. Its interesting and i would like to know more

By: yifabao

yifabao — Sun, 27 May 2018 10:00:38 +0000

Thank you for your code,it help me to understand TCP well!

By: Juan Mamani

Juan Mamani — Thu, 08 Feb 2018 18:44:05 +0000

Really thanks for sharing source code!

By: Paulo

Paulo — Wed, 04 Oct 2017 13:01:21 +0000

I made some changes in order to fit into my needs. :)

It worked like a charm.

Thank you very much.

By: suraj kumar

suraj kumar — Mon, 24 Apr 2017 08:00:52 +0000

HOW TO EXTRACT THE WEBSITE ADDRESS FROM SOURCE AND DESTINATION ADDRESS??

i got the output as:

***********************TCP Packet*************************

DATA Dump
IP Header
45 28 00 34 4A 58 40 00 37 06 AA 9C 75 12 ED 1D E(.4JX@.7…u…
C0 A8 2B CF ..+.
TCP Header
00 50 DB D1 41 1B 77 D0 67 BB EC C6 80 10 01 1F .P..A.w.g…\80…
E6 16 00 00 01 01 08 0A 0F 9D 5C DD 00 09 EA CC ……….\…..
Data Payload

By: Veerendra

Veerendra — Fri, 16 Dec 2016 12:32:26 +0000

In reply to Mayank.

this might helpful to you :) written in python –>https://github.com/veerendra2/wifi-deauth-attack

By: fleur

fleur — Mon, 10 Oct 2016 07:50:52 +0000

In reply to aysh.

Hi
do you have a report or conception of this sniffer!!
please help me

By: Anand KR

Anand KR — Fri, 29 Jul 2016 07:28:13 +0000

Hi,

How can we extract “ethernet header” information from the captured packets.
I am surprised to see that you are casting the buffer to iphdr struct directly, so in that case what about the ethernet header part of the frame.

Kindly explain the same. I am new to networking.

Thanks in advance.

By: shalu

shalu — Tue, 19 Apr 2016 04:54:58 +0000

the code is working fine but the problem is nothing will display in log file. :(

By: Kate

Kate — Sat, 02 Apr 2016 12:44:44 +0000

Don’t cast malloc :) And have your code handle the case where malloc returns NULL. I’d probably use void * for the function’s buffer argument on line 59 (leaving the array as unsigned char), and size_t for its size. Also if you re-order your source, you can avoid needing to write explicit prototypes. Line 218, unsigned int is the wrong type for %d. And unsigned short is the wrong type for iphdrlen; use size_t there, too.

Think of using the appropriate type as an example of abstraction; here you’re abstracting the meaning of your variable from the implementation requirements for whatever type the struct used. Likewise for your buffer argument being void *.

By: Kutlan Turan

Kutlan Turan — Tue, 19 Aug 2014 11:43:00 +0000

how can ı decode this collected packets? have you got any suggession? ı mean for example ı got packets of sıp or text sended how can ı decode this?

By: aysh

aysh — Wed, 19 Mar 2014 13:52:00 +0000

Hi moon..I used ur coding for my project …the coding was gud..the nly problem s aftr compiling I got nly starting..nd nthng was displayed in log.txt..its empty ..wt shld I do to get the right output…pls help me

By: Sovietmade

Sovietmade — Fri, 19 Jul 2013 11:58:00 +0000

Gr8 post,man,thanks a lot!!!

By: Anand

Anand — Thu, 30 May 2013 08:45:00 +0000

I tried to use the raw sockets to capture the packets from wlan0 and p2p0 (wireless interfaces) but I faced following issue:
1) The packet was of following format
——…….
In the capture we used read option to get the packet being sent out and received at the wlan0 interface.

2) The issues happens when sending the packet out, the ethernet frame is not completely shown in the dump printed by using the read.
The first 8 bytes of the ethernet header (same as LLC+SNAP header size) are missing from the capture.

I also checked same packet at wireshark and it was properly captured.

3) On RX side the packet is properly received as per the dump.

Please let me know in which direction I can proceed to check the same.

By: Silver Moon

Silver Moon — Fri, 15 Feb 2013 07:19:00 +0000

In reply to Sumit. what does the program output in the terminal ?

By: Mayank

Mayank — Wed, 22 Aug 2012 13:41:20 +0000

Please provide a link for wireless sniffer in Linux for capturing 802.11 packets

By: M.USMAN

M.USMAN — Thu, 26 Jul 2012 21:12:49 +0000

In reply to Silver Moon.

HI,
i did make a sniffer with the help of signals, i am thinking way wrong about signals and my concepts are not clear that time when i post my question here any ways here it is…

http://dl.dropbox.com/u/63897671/sniffer.c

By: Silver Moon

Silver Moon — Wed, 13 Jun 2012 11:51:39 +0000

In reply to kostya.

you have to use either IPPROTO_TCP , IPPROTO_UDP or IPPROTO_ICMP
you cannot use IPPROTO_IP since its a dummy protocol (value is 0)

if you need to capture all types of packets then use the more generic sniffer as explained here :
http://www.binarytides.com/blog/packet-sniffer-code-in-c-using-linux-sockets-bsd-part-2/

By: kostya

kostya — Sun, 03 Jun 2012 15:15:04 +0000

great code!
can you explain me some thing? I’m just beginner in socket programming.
You use construction as socket(AF_INET , SOCK_RAW , IPPROTO_TMP). i don’t understand it. we get defferent packets (as UDP, TCP) which is above ip-level. Why you don’t use parameter IPPROTO_IP?