我的sniffer编码无法扑获从本机出去的IP层数据包, help!

rorot

linux 2.4.26, 没有使用libpcap, libnet库.

代码如下:
sock = socket (PF_PACKET, SOCK_RAW, htons(ETH_P_IP));
...
ifr.ifr_flags |= IFF_PROMISC;
...
readsz = read ( sock, (char*)packet, sizeof(packet) );
...

分析获取的包数据，有ICMP，TCP，UDP类型, 有别的机器的包，有发给我的包，但是没有从我的机器里出去的TCP, ICMP..包. 而libpcap可以扑捉到从本机出去的包...  请问是那儿出了问题?  谢谢

rorot

Maybe I had solved it, for which I altered ETH_P_IP to ETH_P_ALL (0x0003), then I captured what I wanted; Is there a better way? tks

rorot

There is a problem, I can capture all ICMP and TCP && UDP packets except ARP reply packet from my NIC when I received a ARP request packet, also I can't capture ARP request packet when it was broadcasted from my NIC.
  why ?  Any suggestions would be appreciated.

rorot

我发现原来是我的代码写错了，在抓包的时候，顺手把size <= 14+20+20的包给扔了，呵呵，这下正确了，打扰大家了...