Sniff all network interfaces

2
votes

I've written a program that uses sockets to capture packets on network interfaces. First I gather all IPs of my machine using gethostbyname, then bind a raw socket to each ip with SOCK_RAW, IPPROTO_IP and SIO_RCVALL options. A thread is executed for each IP that calls recv on the appropriate socket (one socket for each ip). This program works fine.

But I found a special address named INADDR_ANY. MSDN says SIO_RCVALL cannot be used with INADDR_ANY, it's here:

The socket also must be bound to an explicit local IPv4 or IPv6 interface, which means that you cannot bind to INADDR_ANY or in6addr_any.

Is it possible to monitor and capture all packets (packets related to the local computer and not packets of other computers) with one socket?

Thanks

1
socketsnetworkingsniffing
Is this pretty much the same as your previous question? stackoverflow.com/questions/5217827/inaddr-any-details Why didn't you just edit that?Bill the Lizard
It's not just the same! and do do you know answer of any of them?Hosi
Just keep in mind that a raw socket using type IPPROTO_IP will only collect IP traffic. It will not collect other network-level protocols, e.g., ICMP, IGMP, etc., or lower-level protocols, e.g., ARP. If you are trying to generate network statistics, you'll need to use something like the pcap library that will get everything from the network.Matt Davis

1 Answers

2
votes

INADDR_ANY means "I don't care which local address," not "All local addresses."

From MSDN:

If an application does not care what local address is assigned, specify the constant value INADDR_ANY for an IPv4 local address or the constant value in6addr_any for an IPv6 local address in the sa_data member of the name parameter. This allows the underlying service provider to use any appropriate network address, potentially simplifying application programming in the presence of multihomed hosts (that is, hosts that have more than one network interface and address).