Re: sending raw packet using pcap

[Guy Harris <guy () alum mit edu>]

On Mon, Nov 10, 2003 at 04:32:51PM -0500, Chris sun wrote:
> The only thing I did is modified pcap_bpf.c file and change the call
> to ope() from O_RDONLY to O_RDWR.  than call write(pd->fd, .....) to
> write data into pcap. 
> I am running my test in RH linux 7.2,

If you're not running a system that uses BPF (BSD, including Mac OS X,
or AIX if configured for BPF), modifying the "pcap-bpf.c" has no effect.

In particular, it's "pcap-linux.c", not "pcap-bpf.c", that handles
capture on Linux.

In addition, the way you send packets on a descriptor used by libpcap is
platform-dependent (which is why libpcap should have a send-packet
interface; we will probably add one at some point, but there's no
schedule for it at this time).  On Linux, you're supposed to construct
(at least with modern Linuxes with a 2.2 or later kernel) a "struct
sockaddr_ll" and use "sendto()" when sending on a PF_PACKET/SOCK_RAW
socket.

However, you might want to look at libnet, which includes support for
sending packets on some platforms, including, as I remember, Linux:

        http://www.packetfactory.net/projects/libnet/
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe