Ethereal-dev: Re: [Ethereal-dev] promiscuous socket.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Andrea G. Forte" <andreaf@xxxxxxxxxxxxxxx>
Date: Sat, 14 May 2005 15:05:16 -0400 (EDT)
>> I don't know using a socket for capturing, we use the libpcap/Winpcap
>> library for it, which is far more protable ...
>
>
> ...because not all systems use sockets for packet capture.

What else do they use?

>
> Even on those systems that do, you can't do promiscuous captures on
>arbitrary sockets, only on the sockets intended for use in, among other
>things, packet capture, and you don't explicitly turn IFF_PROMISC on
>with,
>for example, PF_PACKET sockets in Linux (there's another way to turn
>promiscuous mode on, which arranges that if the program exits without
>turning promiscuous mode off, when the socket is closed promiscuous mode
>is turned off automatically).
>

Are you referring to PACKET_MR_PROMISC by any chance? This is what I am
currently using. The IFF_PROMISC is depricated.
Is there another way to put sockets in promiscuous mode without having to
use a RAW socket (it requires root privileges)?

> So libpcap/WinPcap is almost always, if not always, the best choice for
>doing packet sniffing - it's more portable, and, even for applications
>where somebody doesn't care about portability (or doesn't *think* they
>care, even though they might, at some point in the future, want to or
>have
>to make the application work on another platform), it incorporates many
>"best practices" for using the various capture mechanism on various
>platforms.
>

I just do not want to have libpcap to be a requirement in order to run my
sniffer. I want to keep it as small and simple as possible.
Perhaps I might consider WinPcap if I want to come out with a version for
Windows.

Thank you,
Andrea