Re: scan_sys_class_net bug in pcap-linux.c

[Paul Sheer <paulsheer () gmail com>]

Thanks,

There are two other problems I am having:


Firstly,

I would like to capture on all interfaces, but I would also like to know,
with each packet, what interface it arrived on and left out of.

This information is contained within the Linux kernel skbuff.

But pcap does not see it.

I also want to see both source and destination hardware addresses of the
Ethernet packet (if it is Ethernet).

I guess this feature requires kernel changes.


The second problem is that tcpdump seems to have no way of listening on all
interfaces. So if you are trying to track SCTP packets that use two
separate interfaces, it seems you have to use wireshark instead.


Best wishes.

-paul



On Wed, Dec 5, 2012 at 4:46 PM, Guy Harris <guy () alum mit edu> wrote:

> On Dec 3, 2012, at 10:33 AM, Paul Sheer <paulsheer () gmail com> wrote:
>
> > works for me
>
> Ok, good.
>
> Thanks for noting the "subsystem in older kernels" issue - looking for
> ifindex is a better idea; in addition to dating back to 2.6.0, it's also
> more strongly associated with being a network interface.
>
> (What we really want is a way to ask for everything on which you can do
> SIOCGIFINDEX and use the result of that ioctl in a bind() call on a
> PF_PACKET socket, i.e. everything that you can capture on using a PF_PACKET
> socket.  I guess asking for everything under /sys/class/net that has an
> ifindex property is one way of doing that; perhaps there's another way to
> do that with netlink sockets.)
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers