Geek asks and answers

Sniffer with libpcap on Mac OS X in C

I tried to create my own sniffer (FOR FUN ONLY) and I work on Mac. I use libpcap, which is a very good sniffing library. So, I used this simple sniffer that sniffs 5 packages: (It is written in C)

#include <pcap.h>
#include "hacking.h"

void pcap_fatal(const char *failed_in, const char *errbuf) {
     printf("Fatal Error in %s: %s\n", failed_in, errbuf);
     exit(1);
}

int main() {
    struct pcap_pkthdr header;
    const u_char *packet;
    char errbuf[PCAP_ERRBUF_SIZE];
    char *device;
    pcap_t *pcap_handle;
    int i;

device = pcap_lookupdev(errbuf);
if(device == NULL)
    pcap_fatal("pcap_lookupdev", errbuf);

printf("Sniffing on device %s\n", device);

pcap_handle = pcap_open_live(device, 4096, 1, 0, errbuf);
if(pcap_handle == NULL)
    pcap_fatal("pcap_open_live", errbuf);

for(i=0; i < 5; i++) {
    packet = pcap_next(pcap_handle, &header);
    printf("Got a %d byte packet\n", header.len);
    dump(packet, header.len);
}

pcap_close(pcap_handle);

}

If you're interested, yes, I took it from a book (Hacking: The Art of Exploitation) and changed it a bit. The problem is that if I run this on Linux, it works fine, no problem. But if I run it on a Mac, it won’t work, and it won’t capture any package.

Can any of you help? Thanks in advance!

+5
source share
3 answers

"Fatal Error in pcap_lookupdev", , Sascha , : . , sudo , , /dev/bpf * ( sudo). , " " en0 ", , , , " Sniffing on device en0 ", pcap_lookupdev() .

"Fatal Error in pcap_open_live", , - , pcap_lookupdev() .

"Fatal Error in", , , , , Petesh, 0 . - 0, pcap_loop(), pcap_dispatch(), pcap_next() pcap_next_ex() , ; , Linux Solaris, , , * BSD OS X, . - 1000, ; tcpdump, .

+1

Petesh: . manpage ( "man pcap" ).

:

BSD ( Mac OS X):

          You must have read access to /dev/bpf* on systems that don't have a cloning
          BPF device, or to /dev/bpf on systems that do.  On BSDs with a devfs  (this
          includes  Mac OS X), this might involve more than just having somebody with
          super-user access setting the ownership or permissions on the BPF devices -
          it  might  involve  configuring  devfs  to set the ownership or permissions
          every time the system is booted, if the system even supports  that;  if  it
          doesn't  support  that,  you might have to find some other way to make that
          happen at boot time.
0

10.8.4 to_ms (- ) , .

. .

,

0

More articles:


All Articles