views:

1011

answers:

3

I need to write packet sniffer in Linux that detect http packet that send and save the url that request . I see code in security-freak

and run related code . This code run and only sniff received packet but I need send packet to sniff . In this code how to detect sent packet ?

I can't use any library like libcap or ... (forbidden)
the code is :sniffer.c

A: 

With appropriate libpcap or DNET usage You should be able to get all network traffic on the desired layer (protocol - 5) (also this outgoing). But You should know that already.

You need to go through the above libraries manuals and find the appropriate filtering.

bua
we cant use any library like libcap or dnet
SjB
Are you sure that your system allows detecting outgoing packets? You could use libpcap to determine if it's even possible.
JXG
A: 

Why can't you use any library? Homework?

It's hard to answer without having examples from your code, for example how you set sll_pkttype.

The urlsnarf tool in the dnsiff suite could be worth a look.

Anders Lindahl
post edited and attach my code
SjB
+1  A: 

You should be using ETH_P_ALL instead of ETH_P_IP as the protocol. ETH_P_IP only listens for incoming IP packets.

gte525u
If the goal is to see http packets, why not use ETH_P_IP? You don't need everything.
JXG
The goal is to see outgoing http packets. ETH_IP_P only sees incoming packets. See thread: http://lkml.indiana.edu/hypermail/linux/kernel/9604.1/0603.html
gte525u