tcpdump mailing list archives
subscribe
From: "S&E" <scutcs.lihang () gmail com>
Date: Fri, 27 Aug 2010 03:00:05 +0800
Hello,
I'm a Computer Science student from South China Univ. of Tech.Recently I have been coding with libpcap,of
course to get some packet I am interested in.My Program works well in my Ubuntu 10.04LTS.But,when I cross-compiling my
program into the router system which has a mipsel-linux architecture,(if you know that,the name of the system is
Openwrt,a open source router operation system.)it can not works
well with the BPF(BSD PACKET FILTER).
When I use the code below ,it can work and capture many packets.
{char *filter_string="";
pcap_compile(pcap_handle, &bpf_filter, filter_string, 0, net_mask);
pcap_setfilter(pcap_handle, &bpf_filter);}
But ,when I assign a filter_string,whatever it is(not empty) ,my program can't capture any packets.
I have tried to use tcpdump to generate the bpf code in the router and a PC OS,they'r different as below.
1:In Ubuntu 10.04 with cpu = intel T7250.
sudo ./tcpdump -d host www.163.com
(000) ldh [12]
(001) jeq #0x800 jt 2 jf 7
(002) ld [26]
(003) jeq #0x79c3b2ee jt 15 jf 4
(004) jeq #0x79c3b2ef jt 15 jf 5
(005) ld [30]
(006) jeq #0x79c3b2ee jt 15 jf 14
(007) jeq #0x806 jt 9 jf 8
(008) jeq #0x8035 jt 9 jf 16
(009) ld [28]
(010) jeq #0x79c3b2ee jt 15 jf 11
(011) jeq #0x79c3b2ef jt 15 jf 12
(012) ld [38]
(013) jeq #0x79c3b2ee jt 15 jf 14
(014) jeq #0x79c3b2ef jt 15 jf 16
(015) ret #96
(016) ret #0
2:In windows with cpu=ubuntu T7250
tcpdump: listening on \Device\PssdkLoopback
(000) ldh [12]
(001) jeq #0x800 jt 2 jf 7
(002) ld [26]
(003) jeq #0x79c3b2ef jt 15 jf 4
(004) jeq #0x79c3b2ee jt 15 jf 5
(005) ld [30]
(006) jeq #0x79c3b2ef jt 15 jf 14
(007) jeq #0x806 jt 9 jf 8
(008) jeq #0x8035 jt 9 jf 16
(009) ld [28]
(010) jeq #0x79c3b2ef jt 15 jf 11
(011) jeq #0x79c3b2ee jt 15 jf 12
(012) ld [38]
(013) jeq #0x79c3b2ef jt 15 jf 14
(014) jeq #0x79c3b2ee jt 15 jf 16
(015) ret #96
(016) ret #0
3:In my router which has a mipsel-linux architecture and it seems to be a Broadcom platform.
root@OpenWrt:/lihang# ./tcpdump -d host www.163.com
tcpdump: WARNING: eth0: no IPv4 address assigned
(000) ldh [12]
(001) jeq #0x800 jt 2 jf 7
(002) ld [26]
(003) jeq #0x79c3b2ee jt 15 jf 4
(004) jeq #0x79c3b2ef jt 15 jf 5
(005) ld [30]
(006) jeq #0x79c3b2ee jt 15 jf 14
(007) jeq #0x806 jt 9 jf 8
(008) jeq #0x8035 jt 9 jf 16
(009) ld [28]
(010) jeq #0x79c3b2ee jt 15 jf 11
(011) jeq #0x79c3b2ef jt 15 jf 12
(012) ld [38]
(013) jeq #0x79c3b2ee jt 15 jf 14
(014) jeq #0x79c3b2ef jt 15 jf 16
(015) ret #68
(016) ret #0
Attention! the (015) is different for 68 and 96,else the code generate in the windows and ubuntu are all the same.BUT
they both have some differencies,for example,the (003)code ,the differ for the last bit.
So, do you know how this problem come?
thanks,
a student with poor English..
------------------
致
礼!
李航
E-mail:182393740 () qq com 华南理工大学计算机科学与工程学院
or lhebe () 163 com
or scutcs.lihang () gmail com 2007级计算机科学与技术联合班
QQ:182393740-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- subscribe S&E (Aug 26)