tcpdump mailing list archives
Re: question
From: "subramoni padmanabhan" <smoni77 () hotmail com>
Date: Wed, 09 Oct 2002 21:17:00 -0400
Hi,My problem is that I have a program on machine A which sends UDP packets to itself. These packets are captured by a pcap application running on the same machine and in the function which is called by pcap_loop(each time it receives a packet matching the filter), I forward that packet to another machine over a UDP socket. If I use the option 4 in the link layer as suggested below, I will not be able to intercept packets sent by me to myself. What I need is a way to capture packets coming into my machine but not going out of my machine. Is there a way to achieve this? Thanks.
moni.
From: Guy Harris <gharris () sonic net> To: subramoni padmanabhan <smoni77 () hotmail com> CC: tcpdump-workers () tcpdump org Subject: Re: [tcpdump-workers] question Date: Wed, 9 Oct 2002 01:05:57 -0700 On Wed, Oct 09, 2002 at 01:48:24AM -0400, subramoni padmanabhan wrote:> I seem to have a very peculiar problem with the libpcap library. I am> using the pcap_loop function to capture any packets with a specific> condition set and return to my program. I am using the "any" device. Once I> receive packets, I forward them to another machine on a UDP socket. The > problem I am having is that when I send the packet out the UDP socket, I> think the pcap_loop function is again capturing the packet and returning coz> it satisfies the condition. Well, yes, libpcap *is* supposed to be able to capture packets sent by the machine running the libpcap-based application. The problem is peculiar only in that it's peculiar to your program; most libpcap applications are passive sniffers, and don't have that problem. > This way I get copies of all packets which I try> to send out. I, in turn, send these packets out only to be captured again > and returned. This goes into an infinite loop until some error occurs and my> program exits. How do I go about solving this? any ideas will be greatly > appreciated. It sounds as if you don't care about forwarding packets that the machine on which the application is running sends. If so, then, given that you're capturing on the "any" device, then, as per the libpcap man page, the link-layer header on the packets starts with a network-byte-order "packet type" field, which has the values: 0 packet was sent to us by somebody else 1 packet was broadcast by somebody else 2 packet was multicast, but not broadcast, by somebody else 3 packet was sent by somebody else to somebody else 4 packet was sent by us You could have the application just ignore packets with the value 4, i.e. not forward them. - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.htmlTo unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Subramoni Padmanabhan G-126, 700 woodland avenue Lexington, Kentucky 40508 Phone : 859 323 9405 _________________________________________________________________Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com
- This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- question subramoni padmanabhan (Oct 08)
- Re: question Vishal Malhan` (Oct 09)
- Re: question Guy Harris (Oct 09)
- <Possible follow-ups>
- Re: question subramoni padmanabhan (Oct 09)
- question subramoni padmanabhan (Oct 10)
- question subramoni padmanabhan (Oct 14)
- question subramoni padmanabhan (Oct 15)
- Re: question Guy Harris (Oct 16)