This question might sound fool, because I know there are bunch of frameworks that does it for you. What I want is actually get in touch with low level C API deeply and able to write a program that sits on computer and intercepts packets between local machine and outer spaces. I tried to figure it out by looking at open source code (i.e. tcpdump) but it's quite difficult for me to find out which file actually performs network sniffing. Any suggestions would be appreciated !
Asked
Active
Viewed 320 times
2
-
linux/unix based, sorry for not mentioning OS – REALFREE Sep 22 '11 at 19:48
-
found some good tutorial for this if anyone needs :) http://yuba.stanford.edu/~casado/pcap/section1.html – REALFREE Sep 22 '11 at 19:53
2 Answers
1
If you're using a UNIX based system[*] then the simplest mechanism is libpcap, which is part of the tcpdump project.
Your process will need root privileges to be able to access the network interface (as would also be the case with raw sockets).
Usually you'll end up having to decode ethernet frames, IP headers, etc yourself, although for most protocols this isn't that hard.
[*] It is actually available for Win32 as well, but I've not used it under Windows myself.
Alnitak
- 334,560
- 70
- 407
- 495
-
yes, unless you've got an OS which has finer grained permissions that allows specific user accounts to access normally privileged API calls. – Alnitak Sep 23 '11 at 09:39