lundi 13 avril 2015

usage of pcap_compile to set the filter with netmask as zero


Vote count:

0




I am implementing a sniffer with the help of winpcap. Now I am getting packets and updating UI with background worker. Now I am trying to apply a filter on the packets, so I decided to use pcap_compile() and pcap_setfilter() API's . But pcap_Compile() needs a netmask so I was using the following code



for(pIf=pIfList,i=0; i<num-1; pIf=pIf->next,i++);

 // Open the device.
if((pPcap= pcap_open(
    pIf->name,                  // name of the device
    65536,                      // portion of the packet to capture
    PCAP_OPENFLAG_PROMISCUOUS,  // promiscuous mode
    1000,                       // read timeout
    NULL,                       // authentication on the remote machine
    err                         // error buffer
    )) == NULL)
{
    printf("\nUnable to open the adapter. %s is not supported by WinPcap\n",pIf->name);
    //goto Exit;  //one function is nedded*/
}
gPcap = pPcap;

if (pIf->addresses != NULL)
    /* Retrieve the mask of the first address of the interface */
    net=((struct sockaddr_in *)(pIf->addresses->netmask))->sin_addr.S_un.S_addr;
  else
    /* If the interface is without an address we suppose to be in a C class network */
    net=0xffffffff; 


   //compile the filter
if (pcap_compile(gPcap, &fcode, "type ctl subtype rts", 0, net) < 0)
{
    fprintf(stderr,"\nUnable to compile the packet filter. Check the syntax.\n");
    /* Free the device list */
    pcap_freealldevs(alldevs);
    return -1;
}
//set the filter
if (pcap_setfilter(gPcap, &fcode) < 0)
{
    fprintf(stderr,"\nError setting the filter.\n");
    /* Free the device list */
    pcap_freealldevs(alldevs);
    return -1;
}


I am getting netmask value as zero. and I used different filter expressions like "type mgt", "type ctl",type data", " ip" etc.. but the filter action is not working, it is giving all the packets. I am not understanding why the filter is not working. could you suggest me?


I am using a following API to get the packets:



restart: 
status = pcap_next_ex( pPcap, &header, &pkt_data);
   {    
    if(status == 0)// Timeout elapsed 
        goto restart;
   }


The above code I am running in a infinite loop. could you suggest me why my filter is not working?


Thanks, sathish



asked 25 secs ago

sathish reddy s

1






usage of pcap_compile to set the filter with netmask as zero
Publié par à
Libellés : , ,

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)