Raw socket programming

Raw socket programming

Post by Andre » Sat, 13 May 2000 04:00:00



Hello, All!

I am trying to write a small snifer, but there is a small problem.
I have created a socket with such way:
    struct sockaddr sa;
    sock = socket(PF_INET, SOCK_PACKET, htons(ETH_P_ALL);
        // bind to specified interface
    memset(&sa, 0, sizeof(sa));
    sa.sa_family = AF_INET;
    strncpy(sa.sa_data, dev, sizeof(sa.sa_data));    // dev is something
like eth0, lo, etc.
    bind(sock, &sa, sizeof(sa));

How can I resolve if the packet is incoming to my host or
outgoing from my host without looking at ethernet and ip headers.

Any ideas, please.

Thanks.

Andrew

 
 
 

Raw socket programming

Post by Andrew Giert » Sat, 13 May 2000 04:00:00


 Andrew> Hello, All!
 Andrew> I am trying to write a small snifer, but there is a small problem.
 Andrew> I have created a socket with such way:
 Andrew>     struct sockaddr sa;
 Andrew>     sock = socket(PF_INET, SOCK_PACKET, htons(ETH_P_ALL);

SOCK_PACKET is a Linuxism, it doesn't exist on other flavours of
Unix. If you want information about it you'll be better off asking
in one of the Linux groups.

Your best bet is probably to look at the libpcap sources.

--
Andrew.

comp.unix.programmer FAQ: see <URL: http://www.erlenstar.demon.co.uk/unix/>
                           or <URL: http://www.whitefang.com/unix/>