Using libpcap/Jpcap to capture and send packets on Solaris - Part 1
Published:
Browse All Articles > Using libpcap/Jpcap to capture and send packets on Solaris - Part 1
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11)
Library used:
1. Libpcap ( http://www.tcpdump.org) Version 1.2
2. Jpcap( http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6
Prerequisite:
1. GCC
2. Make
Notes:
1. Verify if these software’s are installed by writing #gcc and #make at the command prompt.
2. See appendix to install these software.
Libpcap (version 1.2)
Installation
Download libpcap-1.2.0.tar.gz from http://www.tcpdump.org/#latest-release
Specific to Solaris 11 - Start
This section (Marked in italcs) can be skipped if OS is solaris 10.
In case of Solaris 11 the configuration doesn’t work properly so do the following.
1. config.h
Replace the following line
/* define if you have a cloning BPF device */
#define HAVE_CLONING_BPF 1
With
/* define if you have a cloning BPF device */
/* #undef HAVE_CLONING_BPF */
Replace the following line
/* #undef HAVE_DLPI_PASSIVE */
With
#define HAVE_DLPI_PASSIVE 1
Replace the following line
/* Define to 1 if you have the <netpacket/packet.h> header file. */
#define HAVE_NETPACKET_PACKET_H 1
With
/* Define to 1 if you have the <netpacket/packet.h> header file. */
/* #undef HAVE_NETPACKET_PACKET_H */
Replace the following line
/* Define to 1 if you have the <sys/bufmod.h> header file. */
/* #undef HAVE_SYS_BUFMOD_H */
With
/* Define to 1 if you have the <sys/bufmod.h> header file. */
#define HAVE_SYS_BUFMOD_H 1
2. MakeFile
Replace
INSTALL = /usr/bin/ginstall –c
With
INSTALL = ./install-sh -c
Replace the following lines
PSRC = pcap-bpf.c
FSRC = fad-getad.c
SSRC =
With
PSRC = pcap-dlpi.c
FSRC = fad-glifc.c
SSRC = dlpisubs.c
Specific to Solaris 11 - End
Upgrade or Update
If libpcap is already installed, then uninstall it before re-installing.
Verify if libpcap is correctly installed by running some sample tests.
Findalldevtest list all network interface device.
Verify that the shared object file is created and installed.
Setting the library path (Path were libpcap.so is present)
Exercise:
1. Write a program to capture packets for a given network interface card.
2. Write a program to broadcast packets through a given network interface card.
3. Verify packets using snoop –d <NetworkInterfaceName> command.
Common Errors:
1. Check LD_LIBRARY_PATH It should be set to where shared library is installed.
JPCap
Jpcap is a Java library for capturing and sending network packets. It internally uses libpcap/winpcap.
Installation
Download jpcap-0.6.zip ( http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/download.html)
You can observe lots of errors, so lets configure Makefile. Set JAVA_HOME to correct path
Correct Option: Uncomment the following lines and comment out the respective other lines.
Save this file and again execute make
It will still have few more errors in Jpcap.c file.
Changes:
Solaris 10 and Solaris 11
1. Replace the word “ifr.ifr_ifrn.ifrn_name” with “ifr.ifr_name”
2. Replace the word “ifr.ifr_ifru.ifru_hwaddr.sa_data” with “ifr.ifr_ifru.ifru_enaddr”
Solaris 10 only
Post making these changes it will generate libjpcap.so file.
Verify that LD_LIBRARY_PATH is already set to /usr/local/lib.
Compile all the programs in sample directory and verify running each of them.
Exercise:
1. Write a program to capture packets for a given network interface card using Jpcap.
2. Write a program to broadcast packets through a given network interface card using jpcap.
Appendix:
Installation of Make and GCC
GCC
Verify if gcc is already installed
Append it to the path (Ex: /usr/sfw/bin)
Make
Verify if make is already installed
Append it to the path (Ex:/usr/ccs/bin)
Library used:
1. Libpcap ( http://www.tcpdump.org) Version 1.2
2. Jpcap( http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6
Prerequisite:
1. GCC
2. Make
Notes:
1. Verify if these software’s are installed by writing #gcc and #make at the command prompt.
2. See appendix to install these software.
Libpcap (version 1.2)
Installation
Download libpcap-1.2.0.tar.gz from http://www.tcpdump.org/#latest-release
# gunzip libpcap-1.2.0rc1.tar.gz
# tar xf libpcap-1.2.0rc1.tar
# cd libpcap-1.2.0
# ./configure
Specific to Solaris 11 - Start
This section (Marked in italcs) can be skipped if OS is solaris 10.
In case of Solaris 11 the configuration doesn’t work properly so do the following.
1. config.h
Replace the following line
/* define if you have a cloning BPF device */
#define HAVE_CLONING_BPF 1
With
/* define if you have a cloning BPF device */
/* #undef HAVE_CLONING_BPF */
Replace the following line
/* #undef HAVE_DLPI_PASSIVE */
With
#define HAVE_DLPI_PASSIVE 1
Replace the following line
/* Define to 1 if you have the <netpacket/packet.h> header file. */
#define HAVE_NETPACKET_PACKET_H 1
With
/* Define to 1 if you have the <netpacket/packet.h> header file. */
/* #undef HAVE_NETPACKET_PACKET_H */
Replace the following line
/* Define to 1 if you have the <sys/bufmod.h> header file. */
/* #undef HAVE_SYS_BUFMOD_H */
With
/* Define to 1 if you have the <sys/bufmod.h> header file. */
#define HAVE_SYS_BUFMOD_H 1
2. MakeFile
Replace
INSTALL = /usr/bin/ginstall –c
With
INSTALL = ./install-sh -c
Replace the following lines
PSRC = pcap-bpf.c
FSRC = fad-getad.c
SSRC =
With
PSRC = pcap-dlpi.c
FSRC = fad-glifc.c
SSRC = dlpisubs.c
Specific to Solaris 11 - End
#make
Upgrade or Update
If libpcap is already installed, then uninstall it before re-installing.
#make uninstall
#make distclean
#make install
Verify if libpcap is correctly installed by running some sample tests.
# make tests
Findalldevtest list all network interface device.
# ./findalldevstest
# ./nonblocktest
Verify that the shared object file is created and installed.
# find /usr -name libpcap.so
/usr/local/lib/libpcap.so
Set LD_LIBRARY_PATH (Jpcap will link this shared object)
# echo LD_LIBRARY_PATH
Setting the library path (Path were libpcap.so is present)
# LD_LIBRARY_PATH=/usr/local/lib/
# export LD_LIBRARY_PATH
Exercise:
1. Write a program to capture packets for a given network interface card.
2. Write a program to broadcast packets through a given network interface card.
3. Verify packets using snoop –d <NetworkInterfaceName> command.
Common Errors:
1. Check LD_LIBRARY_PATH It should be set to where shared library is installed.
JPCap
Jpcap is a Java library for capturing and sending network packets. It internally uses libpcap/winpcap.
Installation
Download jpcap-0.6.zip ( http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/download.html)
# unzip jpcap-0.6.zip
#cd src/c
#make
You can observe lots of errors, so lets configure Makefile. Set JAVA_HOME to correct path
# vi Makefile
Correct Option: Uncomment the following lines and comment out the respective other lines.
1. JAVA_DIR = $(JAVA_HOME)
2. JNI_INCLUDE2 = $(JAVA_DIR)/include/solaris
3. PCAP_INCLUDE = /usr/local/include/pcap
4. COMPILE_OPTION = -G
Save this file and again execute make
#make
It will still have few more errors in Jpcap.c file.
#vi Jpcap.c
Changes:
Solaris 10 and Solaris 11
1. Replace the word “ifr.ifr_ifrn.ifrn_name” with “ifr.ifr_name”
2. Replace the word “ifr.ifr_ifru.ifru_hwaddr.
Solaris 10 only
3. #define SIOCGIFHWADDR SIOCGIFADDR
Post making these changes it will generate libjpcap.so file.
# make
#cp libjpcap.so /usr/local/lib/
Verify that LD_LIBRARY_PATH is already set to /usr/local/lib.
#echo $LD_LIBRARY_PATH
Compile all the programs in sample directory and verify running each of them.
Exercise:
1. Write a program to capture packets for a given network interface card using Jpcap.
2. Write a program to broadcast packets through a given network interface card using jpcap.
Appendix:
Installation of Make and GCC
GCC
Verify if gcc is already installed
#find /usr -name gcc
#pkg install gcc-3
Append it to the path (Ex: /usr/sfw/bin)
#PATH=$PATH:/usr/sfw/bin
Make
Verify if make is already installed
# find /usr -name make
Append it to the path (Ex:/usr/ccs/bin)
# PATH=$PATH:/usr/ccs/bin
#echo $PATH and verify if gcc and make path are visible.
Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.
Comments (1)
Author
Commented:In this article which is Part 1 is an installation guide with few exercise. In Part 2 of this article i will discuss Ethernet frame, packet capture/send over Ethernet with examples
Please feel free to ask any questions based on this article or in general issues regarding libpcap/jpcap. I would also appreciate comments by subject area experts in these software.