All geek questions in one place

Libpcap drops some packets from a specific IP address

I implement a package collector, but I suffered from package crashes.

My binary code can get most of the packets from a specific IP area. (Example 100.101.1.1, 100.101.2.1). But in a specific IP area, I cannot receive any packet. (Example 200.201.1.1, 200.201.2.1)

At that time, tcpdump can receive packets from any IP domain.

My pcap code snippet from my implementation is as follows:

struct bpf_program fp; pcap_t *pcd; char errbuf[PCAP_ERRBUF_SIZE]; bpf_u_int32 netp; char port[16], dev[16]; ...... pcd = pcap_open_live(dev, BUFSIZ, PROMISCUOUS, -1, errbuf); pcap_compile(pcd, &fp, port, 0, netp); pcap_setfilter(pcd, &fp); while(1){ packet = pcap_next(pcd, &hdr); }

Are there any ideas for me?

+4
source share
1 answer

Since you mentioned that you can get all the ip packets on an interface using tcpdump , I would think that the next line in your code is fine if you use the same interface name for the dev parameter that is used for tcpdump .

 pcap_open_live(dev, BUFSIZ, PROMISCUOUS, -1, errbuf);

The problem may be in the line,

 pcap_compile(pcd, &fp, port, 0, netp);

In the line above, the port variable is a filter string. Your package collector will only collect packages that pass this filter. If you do not use the appropriate filter parameters in the port line to also allow packets with IP addresses 200.201.xx , you will not record them.

0
source

Source: https://habr.com/ru/post/1492457/

More articles:


All Articles