|
Home > Archive > Unix Programming > July 2005 > Capture raw socket
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Capture raw socket
|
|
| grobteam 2005-07-10, 8:48 pm |
| Hi,
It is not possible to capture udp raw socket except via libpcap or
something like that. I suppose libpcap puts the NIC in promicous mode
and sniff the network (someone can confirm this please). Secondly, can
someone know why this is impossible to receive udp raw socket? I mean
why the kernel has been implemented in this way, what are the
motivation?
Thank you
| |
| Barry Margolin 2005-07-11, 5:53 pm |
| In article <1121043975.361779.167620@g14g2000cwa.googlegroups.com>,
"grobteam" <grobteam@gmail.com> wrote:
> Hi,
>
> It is not possible to capture udp raw socket except via libpcap or
> something like that. I suppose libpcap puts the NIC in promicous mode
> and sniff the network (someone can confirm this please). Secondly, can
> someone know why this is impossible to receive udp raw socket? I mean
> why the kernel has been implemented in this way, what are the
> motivation?
You should be able to do this using libpcap. That's how tcpdump and
Ethereal work, I believe.
--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
| |
| grobteam 2005-07-22, 2:56 am |
|
Barry Margolin wrote:
> In article <1121043975.361779.167620@g14g2000cwa.googlegroups.com>,
> "grobteam" <grobteam@gmail.com> wrote:
>
>
> You should be able to do this using libpcap. That's how tcpdump and
> Ethereal work, I believe.
hum yeah but how libpcap do it? It is userspace too....
>
> --
> Barry Margolin, barmar@alum.mit.edu
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***
| |
| Barry Margolin 2005-07-22, 2:56 am |
| In article <1122001947.023248.227530@z14g2000cwz.googlegroups.com>,
"grobteam" <grobteam@gmail.com> wrote:
> Barry Margolin wrote:
>
> hum yeah but how libpcap do it? It is userspace too....
It's OS-dependent. Typically it's done is by opening a special device,
like /dev/bpf<number> or something in /proc/net. You can then perform
ioctls to enable promiscuous mode and configure a filter expression.
--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
| |
| grobteam 2005-07-22, 5:55 pm |
|
>
> It's OS-dependent. Typically it's done is by opening a special device,
> like /dev/bpf<number> or something in /proc/net. You can then perform
> ioctls to enable promiscuous mode and configure a filter expression.
Ok, so the only way is to put the NIC in promiscuous mode, I dont
understand this design choice but btw thank you I know now how to do it
| |
| Barry Margolin 2005-07-22, 8:48 pm |
| In article <1122044129.580493.201730@g44g2000cwa.googlegroups.com>,
"grobteam" <grobteam@gmail.com> wrote:
>
> Ok, so the only way is to put the NIC in promiscuous mode, I dont
> understand this design choice but btw thank you I know now how to do it
>
You only have to put the NIC in promiscuous mode if you want to see
traffic to other systems. If you're only interested in packets to or
from this system you don't need it. I was just giving examples of the
kinds of things you can do when you open these devices.
--
Barry Margolin, barmar@alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
|
|
|
|
|