headers
Tobias Weber | 1 Apr 2009 10:42
Picon

Re: Privileges on Mac

On 01.04.2009, at 00:47, Guy Harris wrote:

> If you're talking about Authorization Services, they suggest using  
> set-UID programs

(that changed years ago, but no one uses the new way)

> A set-UID program that does what privileged stuff it needs to do  
> (opening a pcap_t,

(what I've seen is using libpcap in the helper tool only and remote  
controlling that from the GUI)

A pcap_t is too complex to pass from privileged to unpriviledged code.  
It's easy with a file descriptor, so it would be nice if libpcap could  
use one to make a pcap_t. Currently bpf_open(), and by extension  
pcap_open_live(), insists on calling open(2) directly.

> Wireshark already does that, for separation-of-privileges reasons  
> and for other reasons.

(it still requires changing permissions on the device for OS X)

PS list server silently stripped my attachement, so http://www.towb.de/tmp/auth.patch
Permalink | Reply | 1 comment |
headers
Shameem Ahamed | 1 Apr 2009 17:12
Picon
Favicon

IP Header Size is always 5


Hi All,

I was trying to create a function (for testing purpose) which displays the header information for
Ethernet, IP and TCP using a Linux machine. The problem i am having is, whenever i read any packet from the
saved pcap file, it displays the IP header size (ip->ip_hl) is 5 (some times less than 5).

Part of the code is given below

static int pack_count=1;        //Packet Count
struct ether_header *ethHeader; //Ethernet Header
struct ip *ipHeader;    //IP Header
struct tcphdr *tcpHeader;       //TCP Header
char *payload;  //Payload
unsigned int size_ip;   //Size of the IP Header
unsigned int size_tcp;  //Size of the TCP Header
char protoname[20];

ethHeader=(struct ether_header*)packet;
ipHeader=(struct ip*)(packet+ETHER_SIZE);

size_ip=ipHeader->ip_hl;
printf("Packet Count is: %d \n",pack_count);
pack_count++;

printf("=================IP Header Details ============== \n");
printf("IP Header Length is: %d \n",ipHeader->ip_hl);

Please help me.
(Continue reading)

Permalink | Reply | 5 comments |
headers
Sebastien Roy | 1 Apr 2009 17:22
Picon

Re: IP Header Size is always 5

On Wed, 2009-04-01 at 20:42 +0530, Shameem Ahamed wrote:
> I was trying to create a function (for testing purpose) which displays
> the header information for Ethernet, IP and TCP using a Linux machine.
> The problem i am having is, whenever i read any packet from the saved
> pcap file, it displays the IP header size (ip->ip_hl) is 5 (some times
> less than 5).

The header length field in an IPv4 header is the length of the header in
32-bit words (not in bytes).  See RFC 791.

-Seb
Permalink | Reply | 3 comments |
headers
Shameem Ahamed | 1 Apr 2009 17:32
Picon
Favicon

Re: IP Header Size is always 5


Hello Sebastian,

Thanks for the reply.

In that case also, we should be able to get the source and destination IP address from the below code

printf("Source IP: %s \n",inet_ntoa(ipHeader->ip_src));

For me it gives me Segmentation Fault.

Also, i am not able to access the tcp header details.

printf("Transport Protocaol Used : %s \n", prototoname(ipHeader->ip_p));
printf("Source IP: %s \n",inet_ntoa(ipHeader->ip_src));
//
tcpHeader=(struct tcphdr *)(packet +ETHER_SIZE+size_ip);

printf("====================TCP Header Details================\n");
size_tcp=tcpHeader->doff;
printf("TCP Header Size is: %d \n",size_tcp);

Regards,
Shameem

> Date: Wed, 1 Apr 2009 11:22:55 -0400
> From: Sebastien.Roy <at> Sun.COM
> Subject: Re: [tcpdump-workers] IP Header Size is always 5
> To: tcpdump-workers <at> lists.tcpdump.org
>
(Continue reading)

Permalink | Reply | 2 comments |
headers
chandrapal chahar | 1 Apr 2009 11:30
Picon
Favicon

tcp packet capturing

Hi,

I want to know how to capture only TCP(discard other packets) packets
flowing in the network. What modifications will I have to do in the coding
part ?

please reply as soon as possible

Thanking you
Chandrapal Chahar
Permalink | Reply | 2 comments |
headers
Aaron Turner | 1 Apr 2009 18:14
Picon

Re: tcp packet capturing

No code changes.  Just use a bpf filter (documented in the man page).

On Wed, Apr 1, 2009 at 2:30 AM, chandrapal chahar
<chandrapal_chahar <at> daiict.ac.in> wrote:
> Hi,
>
> I want to know how to capture only TCP(discard other packets) packets
> flowing in the network. What modifications will I have to do in the coding
> part ?

--

-- 
Aaron Turner
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little
temporary Safety,
deserve neither Liberty nor Safety.
    -- Benjamin Franklin
Permalink | Reply | 0 comments |
headers
Shameem Ahamed | 1 Apr 2009 18:03
Picon
Favicon

Re: tcp packet capturing


Hello Chandrapal,

You can apply filters.

If you want just tcp packets,

first set the filter expression to tcp, then compile the filter and lastly set the filter.

See the functions

pcap_compile

and 

pcap_setfilter

Shameem
> Date: Wed, 1 Apr 2009 15:00:52 +0530
> Subject: [tcpdump-workers] tcp packet capturing
> From: chandrapal_chahar <at> daiict.ac.in
> To: tcpdump-workers <at> lists.tcpdump.org
> CC: 200601189 <at> daiict.ac.in
> 
> Hi,
> 
> I want to know how to capture only TCP(discard other packets) packets
> flowing in the network. What modifications will I have to do in the coding
> part ?
>
(Continue reading)

Permalink | Reply | 0 comments |
headers
Shameem Ahamed | 1 Apr 2009 18:32
Picon
Favicon

Segmentatio Fault while retrieving source and destination IP from Ip header


Hi All,

I am getting segmentation fault error, while retrieving the source and destn ip from ip headers.

Code snippet is given below.

packet is the last argument to the Callback function used in pcap_loop

===========================================
struct ip *ipHeader;    //IP Header

ethHeader=(struct ether_header*)packet;
ipHeader=(struct ip*)(packet+ETHER_SIZE);

printf("IP Version is: %d \n",ipHeader->ip_v);

printf("Source IP: %s \n",inet_ntoa(ipHeader->ip_src));
============================================

Regards,
Shameem

_________________________________________________________________
Twice the fun—Share photos while you chat with Windows Live Messenger.
http://www.microsoft.com/india/windows/windowslive/messenger.aspx-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
(Continue reading)

Permalink | Reply | 1 comment |
headers
Aaron Turner | 1 Apr 2009 18:43
Picon

Re: Segmentatio Fault while retrieving source and

Use a debugger like gdb.

On Wed, Apr 1, 2009 at 9:32 AM, Shameem Ahamed
<shameem.ahamed <at> hotmail.com> wrote:
>
> Hi All,
>
>
> I am getting segmentation fault error, while retrieving the source and destn ip from ip headers.
>
>
> Code snippet is given below.
>
> packet is the last argument to the Callback function used in pcap_loop
>
>
> ===========================================
> struct ip *ipHeader;    //IP Header
>
> ethHeader=(struct ether_header*)packet;
> ipHeader=(struct ip*)(packet+ETHER_SIZE);
>
> printf("IP Version is: %d \n",ipHeader->ip_v);
>
> printf("Source IP: %s \n",inet_ntoa(ipHeader->ip_src));
> ============================================

--

-- 
Aaron Turner
http://synfin.net/
(Continue reading)

Permalink | Reply | 0 comments |
headers
Florian Weimer | 1 Apr 2009 19:21
Picon

Re: IP Header Size is always 5

* Shameem Ahamed:

> ipHeader=(struct ip*)(packet+ETHER_SIZE);

You should declare ipHeader on the stack, and memcpy into it from the
packet buffer.  You're likely running into an alignment issue.
Dealing with IP options will require some extra care.
Permalink | Reply | 0 comments |

Gmane