[Wireshark-dev] request help for packet capture using libpcap

Tue, 06 May 2008 04:17:28 -0700 

Hello ,

I have been trying to write a small application using libpcap library.
Purpose is to capture some live network packets(say 100 packets) and store them 
in a file (pcap_savefile).

Please refer the attachment for the code.

As per my understanding the pcap_savefile should be in "pcap" format as this is 
the default file format for libpacp.
But when I pass this file to wireshark, it does not show any packet data.
Also the size of the pcap_savefile is just around 24 bytes for 100 packets.
So I was wondering whether the programm is actually capturing any network 
packet.

Could anyone please suggest how I can improve the programe and store the data 
in pcap format.

Thanks in advance.

Regards,
Atdev

Please do not print this email unless it is absolutely necessary. 

The information contained in this electronic message and any attachments to 
this message are intended for the exclusive use of the addressee(s) and may 
contain proprietary, confidential or privileged information. If you are not the 
intended recipient, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately and destroy all copies of this message and 
any attachments. 

WARNING: Computer viruses can be transmitted via email. The recipient should 
check this email and any attachments for the presence of viruses. The company 
accepts no liability for any damage caused by any virus transmitted by this 
email. 

www.wipro.com

#include <unistd.h>
#include <stdio.h>
#include <pcap.h>
#include <netinet/in.h>
#include <sys/socket.h>

#define IFSZ 16
#define FLTRSZ 120
#define MAXHOSTSZ 256
#define PCAP_SAVEFILE "./pcap_savefile"

void my_callback(u_char *args, const struct pcap_pkthdr * pkthdr, const u_char* 
packet){
printf("Welcome ... \n");
}

int main(){

pcap_t *p;               /* packet capture descriptor */
pcap_dumper_t *pd;       /* pointer to the dump file */
char filename[80];       /* name of savefile for dumping packet data */
int count = 20;          /* number of packets to capture */
pcap_if_t *alldevs;
char *err_str, *err_buf;
int n=0;
char * ifname1;

strcpy(filename,PCAP_SAVEFILE);

ifname1 = pcap_lookupdev(err_buf);
p =  pcap_open_live(ifname1, 65545, 0, 1000, err_buf);
pd = pcap_dump_open(p,filename);

pcap_loop(p,100,my_callback,(char *)pd);

pcap_dump_close(pd);
pcap_close(p);

return 0;
}
_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev

Reply via email to