Pcap.h Sniffing


 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Pcap.h Sniffing
# 1  
Old 04-17-2008
Pcap.h Sniffing

Can someone please help me figure out how to use pcap.h to sniff packets between only 2 computers whose mac addresses are know?

Thanks
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Programming

PCAP -> PFRING

Hi I have a program that captures packets with the libpcap library by calling the pcap-functions, e.g. pcap_next(...). I would like to use PF_RING for the program and therefore I would have to adjust the calling functions to pfring_open(...) pfring_recv(...) I'm pretty knew in network... (0 Replies)
Discussion started by: Freaky123
0 Replies

2. Shell Programming and Scripting

Sampling pcap file

Hi, I have a standard pcap file created using tcpdump. The file looks like 06:49:36.487629 IP 202.1.175.252 > 71.126.222.64: ICMP echo request, id 52765, seq 1280, length 40 06:49:36.489552 IP 192.120.148.227 > 71.126.222.64: ICMP echo request, id 512, seq 1280, length 40 06:49:36.491812 IP... (8 Replies)
Discussion started by: sajal.bhatia
8 Replies

3. Programming

Packet capturing using pcap

Hi, i am using a linux CentOS machine. I have 2 real network interfaces eth0, eth1 and 2 virtual interfaces tap0 and tap1. I am using PCAP library to capture the packets on theses interfaces. If i specify the interface as "any", i cannot find a way to know from which interface the packet... (1 Reply)
Discussion started by: rahulnitk2004
1 Replies

4. Programming

Memory sniffing in linux

I am trying to create an application that will be able to sniff memory of other applications. I am not completely new to systems programming but I am not sure how to go about this task. I understand that accomplishing this mainly require these steps. 1: Get a list of processes 2: Find the... (2 Replies)
Discussion started by: mosey
2 Replies

5. What is on Your Mind?

Wired keyboard sniffing

Are we safe using the everyday wired keyboard? Although this concept is old, I had never seen an actual implementation on the matter until a few days ago. (Four ways of sniffing the electromagnetic emanations of wired keyboards currently on the market in up to 20 meters.) Check the videos at:... (2 Replies)
Discussion started by: redoubtable
2 Replies

6. Programming

Pcap.h Sniffing

Can someone please help me figure out how to use pcap.h to sniff packets between only 2 computers whose mac addresses are know? Thanks (0 Replies)
Discussion started by: papabearcares
0 Replies

7. Programming

pcap.h

I cant use pcap.h include file. How can I do so? :confused: (8 Replies)
Discussion started by: Pervez Sajjad
8 Replies

8. IP Networking

Sniffing an established port

Hi All, On a solaris box A port B in which port B is established and receiving data. My question is how do i listen on that established port , how can i get the data received at box A: port B through my application I had searched the forum for the same, but i am unable to retrieve the... (5 Replies)
Discussion started by: matrixmadhan
5 Replies

9. Programming

Compiling Pcap.c

I don't know if this is the correct forum to post this but hopefully someone can atleast point me in the right direction if they can't help me. I am trying to install the Net::Pcap module for perl from Tim Potter version .04. I have installed gcc 2.95.3 on my Solaris 8 box. I am sure it's just... (6 Replies)
Discussion started by: TioTony
6 Replies
Login or Register to Ask a Question
PCAP_COMPILE(3PCAP)													       PCAP_COMPILE(3PCAP)

NAME
pcap_compile - compile a filter expression SYNOPSIS
#include <pcap/pcap.h> int pcap_compile(pcap_t *p, struct bpf_program *fp, const char *str, int optimize, bpf_u_int32 netmask); DESCRIPTION
pcap_compile() is used to compile the string str into a filter program. See pcap-filter(7) for the syntax of that string. program is a pointer to a bpf_program struct and is filled in by pcap_compile(). optimize controls whether optimization on the resulting code is per- formed. netmask specifies the IPv4 netmask of the network on which packets are being captured; it is used only when checking for IPv4 broadcast addresses in the filter program. If the netmask of the network on which packets are being captured isn't known to the program, or if packets are being captured on the Linux "any" pseudo-interface that can capture on more than one network, a value of PCAP_NET- MASK_UNKNOWN can be supplied; tests for IPv4 broadcast addresses will fail to compile, but all other tests in the filter program will be OK. RETURN VALUE
pcap_compile() returns 0 on success and -1 on failure. If -1 is returned, pcap_geterr() or pcap_perror() may be called with p as an argu- ment to fetch or display the error text. SEE ALSO
pcap(3PCAP), pcap_setfilter(3PCAP), pcap_freecode(3PCAP), pcap_geterr(3PCAP), pcap-filter(7) 5 April 2008 PCAP_COMPILE(3PCAP)