<

Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x

Using libpcap/Jpcap to capture and send packets on Solaris - Part 1

Published on
10,825 Points
4,825 Views
Last Modified:
Approved
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11)

Library used:
1.      Libpcap (http://www.tcpdump.org) Version 1.2
2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6
Prerequisite:
1.      GCC
2.      Make

Notes:

1. Verify if these software’s are installed by writing #gcc and #make at the command prompt.
2.  See appendix to install these software.
Libpcap (version 1.2)

Installation
Download libpcap-1.2.0.tar.gz from http://www.tcpdump.org/#latest-release 
# gunzip libpcap-1.2.0rc1.tar.gz

Open in new window

# tar xf libpcap-1.2.0rc1.tar

Open in new window

# cd libpcap-1.2.0

Open in new window

Configure it for your OS, few files will be generated
# ./configure  

Open in new window


Specific to Solaris 11 - Start

This section (Marked in italcs) can be skipped if OS is solaris 10.
In case of Solaris 11 the configuration doesn’t work properly so do the following.

1.      config.h
Replace the following line
/* define if you have a cloning BPF device */
#define HAVE_CLONING_BPF 1
With
/* define if you have a cloning BPF device */
/* #undef HAVE_CLONING_BPF */
Replace the following line
/* #undef HAVE_DLPI_PASSIVE */
With
#define HAVE_DLPI_PASSIVE 1

Replace the following line
/* Define to 1 if you have the <netpacket/packet.h> header file. */
#define HAVE_NETPACKET_PACKET_H 1
With
/* Define to 1 if you have the <netpacket/packet.h> header file. */
/* #undef HAVE_NETPACKET_PACKET_H */


Replace the following line
/* Define to 1 if you have the <sys/bufmod.h> header file. */
/* #undef HAVE_SYS_BUFMOD_H */
With
/* Define to 1 if you have the <sys/bufmod.h> header file. */
#define HAVE_SYS_BUFMOD_H 1

2. MakeFile
Replace
INSTALL = /usr/bin/ginstall –c
With
INSTALL = ./install-sh -c
Replace the following lines
PSRC =      pcap-bpf.c    
FSRC =  fad-getad.c
SSRC =  
With
PSRC =      pcap-dlpi.c    
FSRC =  fad-glifc.c
SSRC =  dlpisubs.c
Specific to Solaris 11 - End



#make 

Open in new window


Upgrade or Update

If libpcap is already installed, then uninstall it before re-installing.

#make uninstall 
#make distclean 

Open in new window

New Installation

#make install 

Open in new window


Verify if libpcap is correctly installed by running some sample tests.

# make tests

Open in new window


Findalldevtest list all network interface device.
# ./findalldevstest 

Open in new window

NonBlocktest will start listening to the first network interface device.
# ./nonblocktest

Open in new window


Verify that the shared object file is created and installed.

# find /usr -name libpcap.so   
/usr/local/lib/libpcap.so

Open in new window

Set LD_LIBRARY_PATH (Jpcap will link this shared object)

# echo LD_LIBRARY_PATH

Open in new window


Setting the library path (Path were libpcap.so is present)
# LD_LIBRARY_PATH=/usr/local/lib/
# export LD_LIBRARY_PATH

Open in new window


Exercise:

1.      Write a program to capture packets for a given network interface card.
2.      Write a program to broadcast packets through a given network interface card.
3.      Verify packets using snoop –d <NetworkInterfaceName> command.

Common Errors:
1.      Check LD_LIBRARY_PATH It should be set to where shared library is installed.


JPCap

Jpcap is a Java library for capturing and sending network packets. It internally uses libpcap/winpcap.

Installation
Download jpcap-0.6.zip (http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/download.html)
# unzip jpcap-0.6.zip 
#cd src/c 
#make 

Open in new window


You can observe lots of errors, so lets configure Makefile.  Set JAVA_HOME to correct path

# vi Makefile

Open in new window


Correct Option: Uncomment the following lines and comment out the respective other lines.

1.	JAVA_DIR = $(JAVA_HOME) 
2.	JNI_INCLUDE2 = $(JAVA_DIR)/include/solaris
3.	PCAP_INCLUDE = /usr/local/include/pcap
4.	COMPILE_OPTION = -G

Open in new window


Save this file and again execute make
#make

Open in new window


It will still have few more errors in Jpcap.c file.
#vi Jpcap.c 

Open in new window


Changes:

Solaris 10 and Solaris 11

1.      Replace the word “ifr.ifr_ifrn.ifrn_name” with “ifr.ifr_name”
2.      Replace the word “ifr.ifr_ifru.ifru_hwaddr.sa_data” with “ifr.ifr_ifru.ifru_enaddr”

Solaris 10 only

3.	#define SIOCGIFHWADDR  SIOCGIFADDR  

Open in new window



Post making these changes it will generate libjpcap.so file.

# make 

Open in new window

Move the shared library to /usr/local/lib
#cp libjpcap.so /usr/local/lib/

Open in new window


Verify that LD_LIBRARY_PATH is already set to /usr/local/lib.
#echo $LD_LIBRARY_PATH

Open in new window


Compile all the programs in sample directory and verify running each of them.

Exercise:

1.      Write a program to capture packets for a given network interface card using Jpcap.
2.      Write a program to broadcast packets through a given network interface card using jpcap.


Appendix:

Installation of Make and GCC

GCC
Verify if gcc is already installed
#find /usr -name gcc 

Open in new window

If it is not installed
#pkg install gcc-3

Open in new window


Append it to the path (Ex: /usr/sfw/bin)

#PATH=$PATH:/usr/sfw/bin

Open in new window


Make
Verify if make is already installed

# find /usr -name make

Open in new window


Append it to the path (Ex:/usr/ccs/bin)

# PATH=$PATH:/usr/ccs/bin
#echo $PATH and verify if gcc and make path are visible. 

Open in new window

0
Comment
1 Comment
 
LVL 3

Author Comment

by:Santosh Bhushan
There were lots of questions floating around in various forums revolving around installation of libpcap / jpcap. The software is well documented for OS like Linux and windows, but no documentation for solaris and the Google was not enough so here is my attempt to provide installation guide for both libpcap and jpcap on solaris in particular.

In this article which is Part 1 is an installation guide with few exercise. In Part 2 of this article i will discuss Ethernet frame, packet capture/send over Ethernet with examples

Please feel free to ask any questions based on this article or in general issues regarding libpcap/jpcap. I would also appreciate comments by subject area experts in these software.  
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Join & Write a Comment

This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Other articles by this author
Suggested Courses

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month