Originally we were directed to use libpcap to do this, but we have just been informed by one of the university technicians that it is not possible to use libpcap with the current installation (Arch linux).
First thing I would advise is get a straight answer from the course tutor. If the technician means libpcap is not available, fine, you ought to be able to compile it. If the technician means they've (Arch, or the university) removed promiscuous mode drivers from the Linux kernel, there isn't a whole lot you can do. Either way, check what you're hearing.
Should you still need to do this, what's wrong with reading the libpcap source for guidance? pcap_loop
is the function you're looking for, which calls read_op
from a pcap_t
struct. grep -irn "read_op = " *
reveals several possible readers at the low level in libpcap:
grep -irn "read_op = " *
pcap-bpf.c:2231: p->read_op = pcap_read_bpf;
pcap-bt-linux.c:172: handle->read_op = bt_read_linux;
pcap.c:243: p->read_op = (read_op_t)pcap_not_initialized;
pcap-can-linux.c:99: handle->read_op = can_read_linux;
pcap-dag.c:795: handle->read_op = dag_read;
pcap-dlpi.c:759: p->read_op = pcap_read_dlpi;
pcap-libdlpi.c:217: p->read_op = pcap_read_libdlpi;
pcap-linux.c:1198: handle->read_op = pcap_read_linux;
pcap-linux.c:3167: handle->read_op = pcap_read_linux_mmap;
pcap-netfilter-linux.c:338: handle->read_op = nflog_read_linux;
pcap-nit.c:315: p->read_op = pcap_read_nit;
pcap-pf.c:486: p->read_op = pcap_read_pf;
pcap-septel.c:213: handle->read_op = septel_read;
pcap-sita.c:941: handle->read_op = pcap_read_acn;
pcap-snf.c:236: p->read_op = snf_read;
pcap-snit.c:394: p->read_op = pcap_read_snit;
pcap-snoop.c:381: p->read_op = pcap_read_snoop;
pcap-usb-linux.c:341: handle->read_op = usb_read_linux_mmap;
pcap-usb-linux.c:355: handle->read_op = usb_read_linux_bin;
pcap-usb-linux.c:390: handle->read_op = usb_read_linux;
pcap-win32.c:687: p->read_op = pcap_read_win32_dag;
pcap-win32.c:694: p->read_op = pcap_read_win32_npf;
savefile.c:323: p->read_op = pcap_offline_read;
Which one your system uses probably depends on the result of configure
, but any of those would act as great starting points for working out how it works. Don't be afraid to take apart big projects like this - somebody else said "google is your friend". Well I think grep
is your friend.