tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: question

From: "subramoni padmanabhan" <smoni77 () hotmail com>
Date: Wed, 09 Oct 2002 21:17:00 -0400
Hi,
My problem is that I have a program on machine A which sends UDP packets to itself. These packets are captured by a pcap application running on the same machine and in the function which is called by pcap_loop(each time it receives a packet matching the filter), I forward that packet to another machine over a UDP socket. If I use the option 4 in the link layer as suggested below, I will not be able to intercept packets sent by me to myself. What I need is a way to capture packets coming into my machine but not going out of my machine. Is there a way to achieve this? Thanks. 

moni.



From: Guy Harris <gharris () sonic net>
To: subramoni padmanabhan <smoni77 () hotmail com>
CC: tcpdump-workers () tcpdump org
Subject: Re: [tcpdump-workers] question
Date: Wed, 9 Oct 2002 01:05:57 -0700

On Wed, Oct 09, 2002 at 01:48:24AM -0400, subramoni padmanabhan wrote:
> I seem to have a very peculiar problem with the libpcap library. I am 
> using the pcap_loop function to capture any packets with a specific
> condition set and return to my program. I am using the "any" device. Once I 
> receive packets, I forward them to another machine on a UDP socket. The
> problem I am having is that when I send the packet out the UDP socket, I
> think the pcap_loop function is again capturing the packet and returning coz 
> it satisfies the condition.

Well, yes, libpcap *is* supposed to be able to capture packets sent by
the machine running the libpcap-based application.  The problem is
peculiar only in that it's peculiar to your program; most libpcap
applications are passive sniffers, and don't have that problem.

> This way I get copies of all packets which I try
> to send out. I, in turn, send these packets out only to be captured again > and returned. This goes into an infinite loop until some error occurs and my 
> program exits. How do I go about solving this? any ideas will be greatly
> appreciated.

It sounds as if you don't care about forwarding packets that the machine
on which the application is running sends.  If so, then, given that
you're capturing on the "any" device, then, as per the libpcap man page,
the link-layer header on the packets starts with a network-byte-order
"packet type" field, which has the values:

                           0    packet was sent to us by somebody
                                else

                           1    packet  was broadcast by somebody
                                else

                           2    packet  was  multicast,  but  not
                                broadcast, by somebody else

                           3    packet  was sent by somebody else
                                to somebody else

                           4    packet was sent by us

You could have the application just ignore packets with the value 4,
i.e. not forward them.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe 




Subramoni Padmanabhan
G-126, 700 woodland avenue
Lexington, Kentucky 40508
Phone : 859 323 9405


_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. http://www.hotmail.com 

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: