Your question, your audience. Choose who sees your identity—and your question—with question security.
Using libpcap/Jpcap to capture and send packets on Solaris - Part 1
Published on
10,990 Points
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11)
Library used:
1. Libpcap (http://www.tcpdump.org) Version 1.2
2. Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6
Prerequisite:
1. GCC
2. Make
Notes:
1. Verify if these software’s are installed by writing #gcc and #make at the command prompt.
2. See appendix to install these software.
Libpcap (version 1.2)
Installation
Download libpcap-1.2.0.tar.gz from http://www.tcpdump.org/#latest-release
Specific to Solaris 11 - Start
This section (Marked in italcs) can be skipped if OS is solaris 10.
In case of Solaris 11 the configuration doesn’t work properly so do the following.
1. config.h
Replace the following line
/* define if you have a cloning BPF device */
#define HAVE_CLONING_BPF 1
With
/* define if you have a cloning BPF device */
/* #undef HAVE_CLONING_BPF */
Replace the following line
/* #undef HAVE_DLPI_PASSIVE */
With
#define HAVE_DLPI_PASSIVE 1
Replace the following line
/* Define to 1 if you have the <netpacket/packet.h> header file. */
#define HAVE_NETPACKET_PACKET_H 1
With
/* Define to 1 if you have the <netpacket/packet.h> header file. */
/* #undef HAVE_NETPACKET_PACKET_H */
Replace the following line
/* Define to 1 if you have the <sys/bufmod.h> header file. */
/* #undef HAVE_SYS_BUFMOD_H */
With
/* Define to 1 if you have the <sys/bufmod.h> header file. */
#define HAVE_SYS_BUFMOD_H 1
2. MakeFile
Replace
INSTALL = /usr/bin/ginstall –c
With
INSTALL = ./install-sh -c
Replace the following lines
PSRC = pcap-bpf.c
FSRC = fad-getad.c
SSRC =
With
PSRC = pcap-dlpi.c
FSRC = fad-glifc.c
SSRC = dlpisubs.c
Specific to Solaris 11 - End
Upgrade or Update
If libpcap is already installed, then uninstall it before re-installing.
Verify if libpcap is correctly installed by running some sample tests.
Findalldevtest list all network interface device.
Verify that the shared object file is created and installed.
Setting the library path (Path were libpcap.so is present)
Exercise:
1. Write a program to capture packets for a given network interface card.
2. Write a program to broadcast packets through a given network interface card.
3. Verify packets using snoop –d <NetworkInterfaceName> command.
Common Errors:
1. Check LD_LIBRARY_PATH It should be set to where shared library is installed.
JPCap
Jpcap is a Java library for capturing and sending network packets. It internally uses libpcap/winpcap.
Installation
Download jpcap-0.6.zip (http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/download.html)
You can observe lots of errors, so lets configure Makefile. Set JAVA_HOME to correct path
Correct Option: Uncomment the following lines and comment out the respective other lines.
Save this file and again execute make
It will still have few more errors in Jpcap.c file.
Changes:
Solaris 10 and Solaris 11
1. Replace the word “ifr.ifr_ifrn.ifrn_name” with “ifr.ifr_name”
2. Replace the word “ifr.ifr_ifru.ifru_hwaddr.
Solaris 10 only
Post making these changes it will generate libjpcap.so file.
Verify that LD_LIBRARY_PATH is already set to /usr/local/lib.
Compile all the programs in sample directory and verify running each of them.
Exercise:
1. Write a program to capture packets for a given network interface card using Jpcap.
2. Write a program to broadcast packets through a given network interface card using jpcap.
Appendix:
Installation of Make and GCC
GCC
Verify if gcc is already installed
Append it to the path (Ex: /usr/sfw/bin)
Make
Verify if make is already installed
Append it to the path (Ex:/usr/ccs/bin)
Library used:
1. Libpcap (http://www.tcpdump.org) Version 1.2
2. Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6
Prerequisite:
1. GCC
2. Make
Notes:
1. Verify if these software’s are installed by writing #gcc and #make at the command prompt.
2. See appendix to install these software.
Libpcap (version 1.2)
Installation
Download libpcap-1.2.0.tar.gz from http://www.tcpdump.org/#latest-release
# gunzip libpcap-1.2.0rc1.tar.gz
# tar xf libpcap-1.2.0rc1.tar
# cd libpcap-1.2.0
# ./configure
Specific to Solaris 11 - Start
This section (Marked in italcs) can be skipped if OS is solaris 10.
In case of Solaris 11 the configuration doesn’t work properly so do the following.
1. config.h
Replace the following line
/* define if you have a cloning BPF device */
#define HAVE_CLONING_BPF 1
With
/* define if you have a cloning BPF device */
/* #undef HAVE_CLONING_BPF */
Replace the following line
/* #undef HAVE_DLPI_PASSIVE */
With
#define HAVE_DLPI_PASSIVE 1
Replace the following line
/* Define to 1 if you have the <netpacket/packet.h> header file. */
#define HAVE_NETPACKET_PACKET_H 1
With
/* Define to 1 if you have the <netpacket/packet.h> header file. */
/* #undef HAVE_NETPACKET_PACKET_H */
Replace the following line
/* Define to 1 if you have the <sys/bufmod.h> header file. */
/* #undef HAVE_SYS_BUFMOD_H */
With
/* Define to 1 if you have the <sys/bufmod.h> header file. */
#define HAVE_SYS_BUFMOD_H 1
2. MakeFile
Replace
INSTALL = /usr/bin/ginstall –c
With
INSTALL = ./install-sh -c
Replace the following lines
PSRC = pcap-bpf.c
FSRC = fad-getad.c
SSRC =
With
PSRC = pcap-dlpi.c
FSRC = fad-glifc.c
SSRC = dlpisubs.c
Specific to Solaris 11 - End
#make
Upgrade or Update
If libpcap is already installed, then uninstall it before re-installing.
#make uninstall
#make distclean
#make install
Verify if libpcap is correctly installed by running some sample tests.
# make tests
Findalldevtest list all network interface device.
# ./findalldevstest
# ./nonblocktest
Verify that the shared object file is created and installed.
# find /usr -name libpcap.so
/usr/local/lib/libpcap.so
Set LD_LIBRARY_PATH (Jpcap will link this shared object)
# echo LD_LIBRARY_PATH
Setting the library path (Path were libpcap.so is present)
# LD_LIBRARY_PATH=/usr/local/lib/
# export LD_LIBRARY_PATH
Exercise:
1. Write a program to capture packets for a given network interface card.
2. Write a program to broadcast packets through a given network interface card.
3. Verify packets using snoop –d <NetworkInterfaceName> command.
Common Errors:
1. Check LD_LIBRARY_PATH It should be set to where shared library is installed.
JPCap
Jpcap is a Java library for capturing and sending network packets. It internally uses libpcap/winpcap.
Installation
Download jpcap-0.6.zip (http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/download.html)
# unzip jpcap-0.6.zip
#cd src/c
#make
You can observe lots of errors, so lets configure Makefile. Set JAVA_HOME to correct path
# vi Makefile
Correct Option: Uncomment the following lines and comment out the respective other lines.
1. JAVA_DIR = $(JAVA_HOME)
2. JNI_INCLUDE2 = $(JAVA_DIR)/include/solaris
3. PCAP_INCLUDE = /usr/local/include/pcap
4. COMPILE_OPTION = -G
Save this file and again execute make
#make
It will still have few more errors in Jpcap.c file.
#vi Jpcap.c
Changes:
Solaris 10 and Solaris 11
1. Replace the word “ifr.ifr_ifrn.ifrn_name” with “ifr.ifr_name”
2. Replace the word “ifr.ifr_ifru.ifru_hwaddr.
Solaris 10 only
3. #define SIOCGIFHWADDR SIOCGIFADDR
Post making these changes it will generate libjpcap.so file.
# make
#cp libjpcap.so /usr/local/lib/
Verify that LD_LIBRARY_PATH is already set to /usr/local/lib.
#echo $LD_LIBRARY_PATH
Compile all the programs in sample directory and verify running each of them.
Exercise:
1. Write a program to capture packets for a given network interface card using Jpcap.
2. Write a program to broadcast packets through a given network interface card using jpcap.
Appendix:
Installation of Make and GCC
GCC
Verify if gcc is already installed
#find /usr -name gcc
#pkg install gcc-3
Append it to the path (Ex: /usr/sfw/bin)
#PATH=$PATH:/usr/sfw/bin
Make
Verify if make is already installed
# find /usr -name make
Append it to the path (Ex:/usr/ccs/bin)
# PATH=$PATH:/usr/ccs/bin
#echo $PATH and verify if gcc and make path are visible.
1 Comment
There were lots of questions floating around in various forums revolving around installation of libpcap / jpcap. The software is well documented for OS like Linux and windows, but no documentation for solaris and the Google was not enough so here is my attempt to provide installation guide for both libpcap and jpcap on solaris in particular.
In this article which is Part 1 is an installation guide with few exercise. In Part 2 of this article i will discuss Ethernet frame, packet capture/send over Ethernet with examples
Please feel free to ask any questions based on this article or in general issues regarding libpcap/jpcap. I would also appreciate comments by subject area experts in these software.
In this article which is Part 1 is an installation guide with few exercise. In Part 2 of this article i will discuss Ethernet frame, packet capture/send over Ethernet with examples
Please feel free to ask any questions based on this article or in general issues regarding libpcap/jpcap. I would also appreciate comments by subject area experts in these software.
Featured Post
Join & Write a Comment Already a member? Login.
Suggested Articles
| Title | Views | Activity |
|---|---|---|
| Expanding a Solaris File System Dynamically | 4,478 | |
| Live Patching for the Solaris 9 Operating System | 3,538 | |
| Java performance on Solaris - Managing CPUs | 3,648 | |
| Shell Scripting Basics | 2,020 |
Learn several ways to interact with files and get file information from the bash shell.
ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands.
Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Other articles by this author
Suggested Courses
Course of the Month10 days, 2 hours left to enroll
