We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

Problem using pcap packet sniffer

kamalkgarg
kamalkgarg asked
on
Medium Priority
405 Views
Last Modified: 2012-05-06
Hello,

I am studying the code of a packet sniffer which is using pcap_loop to receive the packet bytes.

The packet handler is pcap_cb.

The problem is,

It returns different value of  pkthdr->len  and  pkthdr->caplen.

pkthdr->caplen = 68, pkthdr->len = 161

This results in capturing only 68 bytes in buf.  However I have to receive the full 161 bytes of data.

Can anyone please suggest me what should I change in order to get all 161 bytes in buf.

Thanks & Regards,
Kamal





pcap_loop(device.dev_desc, -1, pcap_cb, (u_char *) &cb_data);
 
 
void pcap_cb(u_char *user, const struct pcap_pkthdr *pkthdr, const u_char *buf)
{
  struct packet_ptrs pptrs;
  struct pcap_callback_data *cb_data = (struct pcap_callback_data *) user;
  struct pcap_device *device = cb_data->device; 
  struct plugin_requests req;
  FILE *fp;
  int i;
  fp = fopen("/var/log/pmacct_logs.txt", "a+");  
 
  fprintf(fp, "pkthdr->caplen = %d, pkthdr->len = %d\n",pkthdr->caplen,pkthdr->len);
 
....

Open in new window

Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2009
Commented:
pkthdr->len is the total size of the packet.
pkthdr->caplen is the size that was captured.

If caplen = 68 < len, the most likely reason is that snaplen is still set to the default (68). Provide a higher snaplen value when you open the network device for capturing (using pcap_open_live).

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.