tcpdump mailing list archives
Re: sending raw packet using pcap
From: Guy Harris <guy () alum mit edu>
Date: Mon, 10 Nov 2003 22:03:45 -0800
On Mon, Nov 10, 2003 at 04:32:51PM -0500, Chris sun wrote:
The only thing I did is modified pcap_bpf.c file and change the call to ope() from O_RDONLY to O_RDWR. than call write(pd->fd, .....) to write data into pcap. I am running my test in RH linux 7.2,
If you're not running a system that uses BPF (BSD, including Mac OS X, or AIX if configured for BPF), modifying the "pcap-bpf.c" has no effect. In particular, it's "pcap-linux.c", not "pcap-bpf.c", that handles capture on Linux. In addition, the way you send packets on a descriptor used by libpcap is platform-dependent (which is why libpcap should have a send-packet interface; we will probably add one at some point, but there's no schedule for it at this time). On Linux, you're supposed to construct (at least with modern Linuxes with a 2.2 or later kernel) a "struct sockaddr_ll" and use "sendto()" when sending on a PF_PACKET/SOCK_RAW socket. However, you might want to look at libnet, which includes support for sending packets on some platforms, including, as I remember, Linux: http://www.packetfactory.net/projects/libnet/ - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- sending raw packet using pcap Chris sun (Nov 10)
- Message not available
- Re: sending raw packet using pcap Chris sun (Nov 10)
- Message not available
- Re: sending raw packet using pcap Guy Harris (Nov 10)
- Re: sending raw packet using pcap Chris sun (Nov 12)
- Re: sending raw packet using pcap Chris sun (Nov 12)