como remover a interface NFLOG?

0

Estou tentando fazer um programa de detecção de pacotes em C, mas os códigos que estou tentando executar de várias fontes públicas não estão retornando tráfego do meu potenciômetro Ethernet 'em1', mas sempre lendo 'interface nflog'.

O código é o seguinte: -

/*************************************************** * file: testpcap1.c * Date: Thu Mar 08 17:14:36 MST 2001 * Author: Martin Casado * Location: LAX Airport (hehe) * * Simple single packet capture program *****************************************************/
include
include
include /* if this gives you an error try pcap/pcap.h */
include
include
include
include
include /* includes net/ethernet.h */

int main(int argc, char **argv) { int i; char dev; //char dev[] = "em1"; / Device to sniff on / char errbuf[PCAP_ERRBUF_SIZE]; pcap_t descr; const u_char packet; struct pcap_pkthdr hdr; / pcap.h */ struct ether_header eptr; / net/ethernet.h */

u_char *ptr; /* printing out hardware header info */

/* grab a device to peak into... */
dev = pcap_lookupdev(errbuf);

if(dev == NULL)
{
    printf("%s\n",errbuf);
    exit(1);
}

printf("DEV: %s\n",dev);

/* open the device for sniffing.

   pcap_t *pcap_open_live(char *device,int snaplen, int prmisc,int to_ms,
   char *ebuf)

   snaplen - maximum size of packets to capture in bytes
   promisc - set card in promiscuous mode?
   to_ms   - time to wait for packets in miliseconds before read
   times out
   errbuf  - if something happens, place error string here

   Note if you change "prmisc" param to anything other than zero, you will
   get all packets your device sees, whether they are intendeed for you or
   not!! Be sure you know the rules of the network you are running on
   before you set your card in promiscuous mode!!     */

descr = pcap_open_live(dev,BUFSIZ,0,-3,errbuf);

if(descr == NULL)
{
    printf("pcap_open_live(): %s\n",errbuf);
    exit(1);
}


/*
   grab a packet from descr (yay!)                    
   u_char *pcap_next(pcap_t *p,struct pcap_pkthdr *h) 
   so just pass in the descriptor we got from         
   our call to pcap_open_live and an allocated        
   struct pcap_pkthdr                                 */

packet = pcap_next(descr,&hdr);

if(packet == NULL)
{/* dinna work *sob* */
    printf("Didn't grab packet\n");
    exit(1);
}


/*  struct pcap_pkthdr {
    struct timeval ts;   time stamp 
    bpf_u_int32 caplen;  length of portion present 
    bpf_u_int32;         lebgth this packet (off wire) 
    }
 */

printf("Grabbed packet of length %d\n",hdr.len);
printf("Recieved at ..... %s\n",ctime((const time_t*)&hdr.ts.tv_sec)); 
printf("Ethernet address length is %d\n",ETHER_HDR_LEN);

/* lets start with the ether header... */
eptr = (struct ether_header *) packet;

/* Do a couple of checks to see what packet type we have..*/
if (ntohs (eptr->ether_type) == ETHERTYPE_IP)
{
    printf("Ethernet type hex:%x dec:%d is an IP packet\n",
            ntohs(eptr->ether_type),
            ntohs(eptr->ether_type));
}else  if (ntohs (eptr->ether_type) == ETHERTYPE_ARP)
{
    printf("Ethernet type hex:%x dec:%d is an ARP packet\n",
            ntohs(eptr->ether_type),
            ntohs(eptr->ether_type));
}else {
    printf("Ethernet type %x not IP", ntohs(eptr->ether_type));
    exit(1);
}

/* copied from Steven's UNP */
ptr = eptr->ether_dhost;
i = ETHER_ADDR_LEN;
printf(" Destination Address:  ");
do{
    printf("%s%x",(i == ETHER_ADDR_LEN) ? " " : ":",*ptr++);
}while(--i>0);
printf("\n");

ptr = eptr->ether_shost;
i = ETHER_ADDR_LEN;
printf(" Source Address:  ");
do{
    printf("%s%x",(i == ETHER_ADDR_LEN) ? " " : ":",*ptr++);
}while(--i>0);
printf("\n");

return 0;

}

e retorna a saída como: -

DEV : nflog

e depois continua piscando.

Qual pode ser o problema aqui?

Eu também tentei declarar o Dev como em1, mas a saída foi a seguinte: -

DEV: em1 Didn't grab packet

Tcpdump -D fornece a seguinte saída: -

tcpdump -D 1.nflog (Linux netfilter log (NFLOG) interface) 2.nfqueue (Linux netfilter queue (NFQUEUE) interface) 3.em1 4.usbmon1 (USB bus number 1) 5.usbmon2 (USB bus number 2) 6.usbmon3 (USB bus number 3) 7.usbmon4 (USB bus number 4) 8.any (Pseudo-device that captures on all interfaces) 9.lo
    
por Ravish 13.11.2015 / 10:37

1 resposta

0

What can be the issue here?

O problema é que você está confiando em pcap_lookup() para retornar o dispositivo no qual deseja capturar. Não há garantia de que isso será feito; você deve, em vez disso, fazer com que o usuário especifique o dispositivo.

    
por 14.11.2015 / 02:18