Getting Started with libpcap

Now that we have libpcap installed, we can write our first network packet-capture tool. The example we are going to demonstrate is a simple tool for capturing Address Resolution Protocol (ARP) packets from a local network interface. A slightly more complex tool utilizing libpcap to capture and process TCP headers (SYNplescan) is discussed in Chapter 11.

Warning

Some of the operations we will undertake with libpcap work only if you are running as the root user. Therefore, tools written that use libpcap (as per the examples) commonly need to be run by the root user, or be SETUID root. Your tool should be careful of what it does with input and captured packets so that it is not vulnerable to buffer overflows and other security vulnerabilities. A well-written tool should generally drop privileges after functions requiring root privileges have been performed.

Get Network Security Tools now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Network Security Tools by Nitesh Dhanjani, Justin Clarke

Getting Started with libpcap

Warning

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly