Packet Sniffing using Raw Sockets in Linux in C

Asked 28/10, 2009 at 15:0 Answered 3/11, 2009 at 12:51

Solved linux network-programming network-protocols packet-sniffers sniffing

I need to write a packet sniffer in Linux that detects HTTPS packet that are sent and save the url from the request. I found code for this in security-freak and ran it. This code runs and only sniffs the received packet but I need to get the sent packet in the sniffer. How do I get the sent packet in this code?

I can't use any library like libcap (forbidden). The code is :sniffer.c

Ringhals answered 28/10, 2009 at 15:0 Comment(0)

You should be using ETH_P_ALL instead of ETH_P_IP as the protocol. ETH_P_IP only listens for incoming IP packets.

Leslileslie answered 3/11, 2009 at 12:51 Comment(3)

If the goal is to see http packets, why not use ETH_P_IP? You don't need everything. – Wallack 3/11, 2009 at 13:42

The goal is to see outgoing http packets. ETH_IP_P only sees incoming packets. See thread: lkml.indiana.edu/hypermail/linux/kernel/9604.1/0603.html – Leslileslie 3/11, 2009 at 15:18

Where is the official documentation for these kind of macros? I have been searching all over the POSIX standard but I can't find nothing. Also Linux kernel doesn't say anything! – Mouthpiece 14/3, 2022 at 7:50

Why can't you use any library? Homework?

It's hard to answer without having examples from your code, for example how you set sll_pkttype.

The urlsnarf tool in the dnsiff suite could be worth a look.

Durga answered 28/10, 2009 at 15:36 Comment(0)

With appropriate libpcap or DNET usage You should be able to get all network traffic on the desired layer (protocol - 5) (also this outgoing). But You should know that already.

You need to go through the above libraries manuals and find the appropriate filtering.

Accipiter answered 28/10, 2009 at 15:11 Comment(3)

we cant use any library like libcap or dnet – Ringhals 28/10, 2009 at 15:12

Are you sure that your system allows detecting outgoing packets? You could use libpcap to determine if it's even possible. – Wallack 3/11, 2009 at 13:56

@Accipiter "I can't use any library like libcap (forbidden)." – Cnut 11/12, 2016 at 9:42

Recommended topics

Hot tags