I am simply trying to capture the packets on dev.str() interface and store it in a file which can later be used for analysis.
case 1: pcap_loop- when i used pcap_loop, it called pcap_dump function and printed this line "inside pcap_dump()" infinite times and finally crashed.
case 2: pcap_dispatch - when i used this pcap_dispatch, it always returned with 0 and never entered pcap_dump function.
what does this mean? I have no pcap_setfilter.
Please suggest on how can i solve this problem.
int main()
{
pthread_t thread;
pthread_create(&thread, NULL,(void* (*)(void*))capture, NULL);
return 0;
}
void classname::capture()
{
pcapDeviceHandle = pcap_open_live(dev.c_str(), SNAP_LEN, 0, 1000, errbuf);
pd = pcap_dump_open(pcapDeviceHandle, "filename.pcap");
//returnvalue=pcap_dispatch(pcapDeviceHandle, 4, pcap_dump, (unsigned char *) pd);
returnvalue=pcap_loop(pcapDeviceHandle, 4, pcap_dump, (unsigned char *) pd);
pcap_dump_close(pd);
pcap_close(pcapDeviceHandle);
}
void classname::pcap_dump(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
{
cout<<"inside pcapdump()"<<endl;
pcap_dump(args, header, packet);
cout<<"after pcapdump()"<<endl;
}
In the first case, pcap_dump is called recursively until the stack overflows:
void classname::pcap_dump(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
{
cout<<"inside pcapdump()"<<endl;
pcap_dump(args, header, packet); // <-- here classname::pcap_dump() calls itself
cout<<"after pcapdump()"<<endl;
}
In order to dump the packet somewhere, you must call the proper pcap_dump function. To do this add the correct scope, e.g.
void classname::pcap_dump(u_char *args, const struct pcap_pkthdr *header, const u_char *packet)
{
cout<<"inside pcapdump()"<<endl;
::pcap_dump(args, header, packet);
cout<<"after pcapdump()"<<endl;
}