Comments on: How to code a Packet Sniffer in C with Libpcap on Linux

By: Arash

Arash — Fri, 18 Dec 2020 12:54:18 +0000

Hi
I’m using this code but the Source Port is not correct !
For example if I request to http server , the destination port is correct and it’s 80 but the source port is wrong
I checked it by wireshark
please help !

By: utsav patel

utsav patel — Tue, 06 Mar 2018 17:29:51 +0000

it’s give me an error like this “Couldn’t open device any : any: socket: Invalid argument” plz help me

By: Juan Mamani

Juan Mamani — Thu, 08 Feb 2018 19:30:56 +0000

Again! You did it man!
Really Thanks! I tested on Debian an is working. But previous installation of libcap for Debian.

All rocks!

By: Farhan

Farhan — Mon, 16 Oct 2017 14:54:04 +0000

hi
I want to capture only incoming packets, can you help me how to do that.

By: fleur

fleur — Tue, 28 Feb 2017 22:56:48 +0000

In reply to Silver Moon.

void ProcessPacket(unsigned char* buffer, int size)
{
//Get the IP Header part of this packet , excluding the ethernet header
struct iphdr *iph = (struct iphdr*)(buffer + sizeof(struct ethhdr));
++total;
switch (iph->protocol) //Check the Protocol and do accordingly…
{
case 1: //ICMP Protocol
++icmp;
print_icmp_packet( buffer , size);
break;

case 2: //IGMP Protocol
++igmp;
break;

case 6: //TCP Protocol
++tcp;
print_tcp_packet(buffer , size);
break;

case 17: //UDP Protocol
++udp;
print_udp_packet(buffer , size);
break;

default: //Some Other Protocol like ARP etc.
++others;
break;
}
printf(“TCP : %d UDP : %d ICMP : %d IGMP : %d Others : %d
Total : %d\r”, tcp , udp , icmp , igmp , others , total);
}

By: Will

Will — Wed, 21 Sep 2016 08:13:20 +0000

This code was very useful.
how can I dump the captured traffic in a pcap/pcap-ng file?

By: Huong Phan

Huong Phan — Fri, 05 Aug 2016 09:34:50 +0000

Thank for your help. It’s very useful :)

By: dima rabadi

dima rabadi — Mon, 24 Nov 2014 13:34:00 +0000

Hey, Thank you its really very helpful
But, why I can not capture the NTP packets, even it use UDP socket ??!
Any help please ?

By: Anonymous

Anonymous — Thu, 21 Aug 2014 18:51:00 +0000

Hi !
I’m on MacOS, and I got so many errors while compiling the program. Do someone tried to compile on MacOs? Do libraries need to be installed?
Thanks

By: Farzam

Farzam — Sat, 24 May 2014 05:25:00 +0000

How can i open the log file ? im simply getting the number of packets only

By: Dawit Girmai

Dawit Girmai — Thu, 21 Nov 2013 11:37:00 +0000

In reply to Dawit Girmai. in the above picture we have two parts 1). (the portion highlighted with blue) the http header that ends with rn rn and 2). raw html file; so how can we capture only http file ( ".....") without the http header file? thank you in advance!

By: Dawit Girmai

Dawit Girmai — Thu, 21 Nov 2013 08:17:00 +0000

Hello Silvermoon,
your post is really helpful, i thank you for ur help and what if i want to grap/capture only http file(only the raw …. thing) without the header file…?

By: Silver Moon

Silver Moon — Mon, 23 Sep 2013 04:36:00 +0000

In reply to Bystander.

search google for something like ip header protocol number

The list of protocols and their corresponding numbers can be found at this page
http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

By: Bystander

Bystander — Sun, 22 Sep 2013 21:14:00 +0000

I’m curious, I’ve been looking all over the net but to no avail. How did you know what the values of iphdr->protocol were? I’m trying to find a list of some sort for me to further document what protocols were being tracked but I can’t seem to find anything.

By: Chirag Modi

Chirag Modi — Wed, 21 Aug 2013 11:21:00 +0000

In reply to Silver Moon. Thanks for reply...

By: Silver Moon

Silver Moon — Wed, 21 Aug 2013 11:12:00 +0000

In reply to Chirag Modi. try to sniff the pseudo device "any". it should sniff on all available interfaces.

By: Chirag Modi

Chirag Modi — Wed, 21 Aug 2013 11:01:00 +0000

Dear,

I want to sniff network packets from multiple interfaces (e.g. eth0, VMnet, eth1 etc) at a time. For this purpose, this code (in current form) will not work. Is there any solution? or what modifications are needed in this code to do the same?

Please help me.

By: Silver Moon

Silver Moon — Fri, 26 Apr 2013 13:15:00 +0000

In reply to Jing Kang. thanks for pointing it out.

By: Silver Moon

Silver Moon — Fri, 26 Apr 2013 13:14:00 +0000

In reply to lonely-i. can you first try to sniff using wireshark ? does wireshark show the ipv6 packets ?

By: lonely-i

lonely-i — Fri, 26 Apr 2013 10:06:00 +0000

Hi Silver Moon. I’m programming a simple sinario with 2 nodes trying to connect via a gateway. node 1 sends a an IPv6 UDP socket to node 2, but gateway has to capture the socket and verifies its data before forwarding it. I tried to use your code but I cant’ see my socket as I send it :( Any help please??