I am trying to have libpcap work for a FreeBSD 4.9-STABLE on i386, but can not manage to get any packet captured...
I tried by linking with the following versions : 0.8.1 from the ports 0.7 from the base system
The NIC card is the "bge0" interface, aka a gigabit-ethernet card with a Broadcom chipset. It is running in 100mbps-full-duplex mode.
Using the following simple program, the pcap_next() call never returns, altough it is listening on port 25 and there is a mail server running with some traffic. When running the program, the interface is getting in promiscuous mode.
I'm seeking for any tip to go further on that. What i do not really understand is that tcpdump is able to capture the packets i am looking for...
Thanks a lot in advance for any help
Greg
#include <pcap.h>
#include <stdio.h>
int main()
{
pcap_t *handle; /* Session handle */
char *dev; /* The device to sniff on */
char errbuf[PCAP_ERRBUF_SIZE]; /* Error string */
struct bpf_program filter; /* The compiled filter */
char filter_app[] = "port 25"; /* The filter expression */
bpf_u_int32 mask; /* Our netmask */
bpf_u_int32 net; /* Our IP */
struct pcap_pkthdr header; /* The header that pcap gives us */
const u_char *packet; /* The actual packet */
/* Define the device */
dev = pcap_lookupdev(errbuf);
printf("DEV: %s\n",dev);
/* Find the properties for the device */
pcap_lookupnet(dev, &net, &mask, errbuf);
/* Open the session in promiscuous mode */
handle = pcap_open_live(dev, BUFSIZ, 1, 0, errbuf);
/* Compile and apply the filter */
pcap_compile(handle, &filter, filter_app, 0, net);
pcap_setfilter(handle, &filter);
/* Grab a packet */
printf("Waiting for packet...\n");
packet = pcap_next(handle, &header);
printf("Got packet !\n");
/* Print its length */
printf("Jacked a packet with length of [%d]\n", header.len);
/* And close the session */
pcap_close(handle);
return(0);
}
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]
