Menu
I have a socket created with socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)), and I've set it into promiscuous mode using:
struct ifreq ifr;
strncpy((char*)ifr.ifr_name, interface, IF_NAMESIZE);
if(ioctl(sock, SIOCGIFINDEX, &ifr)<0) fail(2);
struct packet_mreq mr;
memset(&mr, 0, sizeof(mr));
mr.mr_ifindex = ifr.ifr_ifindex;
mr.mr_type = PACKET_MR_PROMISC;
if(setsockopt(sock, SOL_PACKET, PACKET_ADD_MEMBERSHIP, &mr, sizeof(mr)) < 0) fail(2);
The problem is that when I do a read() from the socket, it only returns data that's going from or coming to my computer.
How can I get it to read and process all packets on the network?
Wireshark shows all the packets fine, so I know it isn't my computer or NIC. ifconfig reports that it's PROMISC when it is running.
892
In particular, in multicast socket networking, an example of promiscuous traffic is when a socket configured to listen on a specific multicast address group A with a specific port P, noted A:P, receives traffic from A:P. but also from another multicast source.
In promiscuous mode, the NIC allows all frames through, so even frames intended for other machines or network devices can be read. But, in non-promiscuous mode, when the NIC receives a frame, it drops it unless it is addressed to its specific media access control address or is a broadcast or multicast addressed frame.
To turn on promiscuous mode, click on the CAPTURE OPTIONS dialog box and select it from the options. If everything goes according to plan, you'll now see all the network traffic in your network. However, many network interfaces aren't receptive to promiscuous mode, so don't be alarmed if it doesn't work for you.
Promiscuous mode is used to monitor(sniff) network traffic. Typically, promiscuous mode is used and implemented by a snoop program that captures all network traffic visible on all configured network adapters on a system.
Along with Rob Jones' suggestion, try a tool like Wireshark to make sure that you're receiving the packets that you expect at the interface. At least that will confirm (or deny) that you have a problem with your code.
Also need to make sure that the interface itself is set to promiscuous mode. If not then you can use the ioctl() to set it:
ifr.ifr_flags |= IFF_PROMISC;
if( ioctl(sock, SIOCSIFFLAGS, &ifr) != 0 )
{
// handle error here
}
While your application is running, make sure that ifconfig reports the PROMISC flag for that interface.
Note that this will need to be executed as a privileged user.
Tried out the code as presented. Works for me. Of course (due to the test on line 102) this will only print details for TCP traffic.
167
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
