tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: question

From: Guy Harris <gharris () sonic net>
Date: Wed, 9 Oct 2002 01:05:57 -0700
On Wed, Oct 09, 2002 at 01:48:24AM -0400, subramoni padmanabhan wrote:

    I seem to have a very peculiar problem with the libpcap library. I am 
using the pcap_loop function to capture any packets with a specific 
condition set and return to my program. I am using the "any" device. Once I 
receive packets, I forward them to another machine on a UDP socket. The 
problem I am having is that when I send the packet out the UDP socket, I 
think the pcap_loop function is again capturing the packet and returning coz 
it satisfies the condition.


Well, yes, libpcap *is* supposed to be able to capture packets sent by
the machine running the libpcap-based application.  The problem is
peculiar only in that it's peculiar to your program; most libpcap
applications are passive sniffers, and don't have that problem.


This way I get copies of all packets which I try 
to send out. I, in turn, send these packets out only to be captured again 
and returned. This goes into an infinite loop until some error occurs and my 
program exits. How do I go about solving this? any ideas will be greatly 
appreciated.


It sounds as if you don't care about forwarding packets that the machine
on which the application is running sends.  If so, then, given that
you're capturing on the "any" device, then, as per the libpcap man page,
the link-layer header on the packets starts with a network-byte-order
"packet type" field, which has the values:

                           0    packet was sent to us by somebody
                                else

                           1    packet  was broadcast by somebody
                                else

                           2    packet  was  multicast,  but  not
                                broadcast, by somebody else

                           3    packet  was sent by somebody else
                                to somebody else

                           4    packet was sent by us

You could have the application just ignore packets with the value 4,
i.e. not forward them.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: