I am writing a tool in C for logging data usage of different applications running on my Linux system. For this i had created a raw socket and then I bind it with "eth0" which is the name of my interface. But my problem is that, this sockets captures only incoming packets (ie: packets with destination MAC address as my system's MAC address). I can't find any packets that has source MAC address as my system's MAC address. So it means packets written by my own machine are not captured by the raw socket. But i want to capture packets in both directions for identifying uploaded and downloaded data size. Can anybody help?
int main()
{
int rs,len;
struct sockaddr_ll addr;
char buf[65535];
rs = socket(PF_PACKET,SOCK_RAW,htons(ETH_ALL));
setsockopt(rs,SOL_SOCKET,SO_BINDDEVICE,"eth0",4);
while(recvfrom(rs,buf,65535,&addr,&len) > 0){
//print packets
}
return 0;
}
I have found this while searching over your problem. I haven't tried this. May be this will work.
int v=0;
v = PACKET_MASK_ANY & ~(1<<PACKET_OUTGOING) & ~(1 << PACKET_LOOPBACK);
setsockopt( raw_sock, SOL_PACKET, PACKET_RECV_TYPE, &v, sizeof(v));