Packet sniffing

i am new to network programming.i want an help regarding packet s开发者_开发百科niffing.i want to sniff ip ipsec and pptp packets. are they sniffed using same method (code) or they are sniffed using different method. i am using linux and language is c++. Thanks

Have a look at libpcap.

I would advise against writing your own sniffer or analyser unless you relish the thought of writing your own protocol dissector or have a special "real-time" requirement.

I suggest using tcpdump to capture the traffic you are interested in as a first step. E.g. assuming you have a local network 192.168.1.0/24 and have arranged for port mirroring to your intended capture PC you could try the following:

tcpdump -i eth0 -w output.pcap -s0 -n 'net 192.168.1.0/24'

Then write an analyser utility that kicks of tshark sub-processes that dissect the packets you are interested in; say for example the pptp traffic between two IP addresses 192.168.1.1 and 192.168.1.10. In this case, the following command invocation would dissect the packets and dump their payload as a text file for further processing in C++ or even better Python/Perl:

tshark -r output.pcap -R "pptp and (ip.src_host == 192.168.1.1 ip.dst_host == 192.168.1.10)" -T text

Naturally, you can run tshark as many times as necessary for your intended analysis on the same single output.pcap you created earlier. Each time passing a different filter according to your needs.

This technique, or a variation thereof, should get you 90% on the road to where you want to be in very few lines of code, and without having to get down and dirty with the specifics of standard protocols. The dissectors implemented with tshark will have been heavily tested and well debugged, saving you substantial time and headaches.