Hi,
My problem is that I have a program on machine A which sends UDP packets
to itself. These packets are captured by a pcap application running on the
same machine and in the function which is called by pcap_loop(each time it
receives a packet matching the filter), I forward that packet to another
machine over a UDP socket. If I use the option 4 in the link layer as
suggested below, I will not be able to intercept packets sent by me to
myself. What I need is a way to capture packets coming into my machine but
not going out of my machine. Is there a way to achieve this? Thanks.
moni.
>From: Guy Harris <[EMAIL PROTECTED]>
>To: subramoni padmanabhan <[EMAIL PROTECTED]>
>CC: [EMAIL PROTECTED]
>Subject: Re: [tcpdump-workers] question
>Date: Wed, 9 Oct 2002 01:05:57 -0700
>
>On Wed, Oct 09, 2002 at 01:48:24AM -0400, subramoni padmanabhan wrote:
> > I seem to have a very peculiar problem with the libpcap library. I
>am
> > using the pcap_loop function to capture any packets with a specific
> > condition set and return to my program. I am using the "any" device.
>Once I
> > receive packets, I forward them to another machine on a UDP socket. The
> > problem I am having is that when I send the packet out the UDP socket, I
> > think the pcap_loop function is again capturing the packet and returning
>coz
> > it satisfies the condition.
>
>Well, yes, libpcap *is* supposed to be able to capture packets sent by
>the machine running the libpcap-based application. The problem is
>peculiar only in that it's peculiar to your program; most libpcap
>applications are passive sniffers, and don't have that problem.
>
> > This way I get copies of all packets which I try
> > to send out. I, in turn, send these packets out only to be captured
>again
> > and returned. This goes into an infinite loop until some error occurs
>and my
> > program exits. How do I go about solving this? any ideas will be greatly
> > appreciated.
>
>It sounds as if you don't care about forwarding packets that the machine
>on which the application is running sends. If so, then, given that
>you're capturing on the "any" device, then, as per the libpcap man page,
>the link-layer header on the packets starts with a network-byte-order
>"packet type" field, which has the values:
>
> 0 packet was sent to us by somebody
> else
>
> 1 packet was broadcast by somebody
> else
>
> 2 packet was multicast, but not
> broadcast, by somebody else
>
> 3 packet was sent by somebody else
> to somebody else
>
> 4 packet was sent by us
>
>You could have the application just ignore packets with the value 4,
>i.e. not forward them.
>-
>This is the TCPDUMP workers list. It is archived at
>http://www.tcpdump.org/lists/workers/index.html
>To unsubscribe use
>mailto:[EMAIL PROTECTED]?body=unsubscribe
Subramoni Padmanabhan
G-126, 700 woodland avenue
Lexington, Kentucky 40508
Phone : 859 323 9405
_________________________________________________________________
Join the world�s largest e-mail service with MSN Hotmail.
http://www.hotmail.com
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
