I need to write a packet sniffer in Linux that detects HTTPS packet that are sent and save the url from the request. I found code for this in security-freak and ran it. This code runs and only sniffs the received packet but I need to get the sent packet in the sniffer. How do I get the sent packet in this code?
I can't use any library like libcap (forbidden). The code is :sniffer.c
Raw sockets allow new IPv4 protocols to be implemented in user space. A raw socket receives or sends the raw datagram not including link level headers. The IPv4 layer generates an IP header when sending a packet unless the IP_HDRINCL socket option is enabled on the socket.
Wireshark can't capture raw socket only when protocol is TCP - Stack Overflow. Stack Overflow for Teams – Start collaborating and sharing organizational knowledge.
The raw socket interface provides direct access to lower layer protocols, such as the Internet Protocol (IP) and Internet Control Message Protocol (ICMP or ICMPv6). You can use raw sockets to test new protocol implementations.
You should be using ETH_P_ALL instead of ETH_P_IP as the protocol. ETH_P_IP only listens for incoming IP packets.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With