0

I'm working on a low level sniffer based on libpcap. Everything works perfectly but the assert with pcap_set_rfmon() fails each time. I don't think that I made any mistake to get this result. I post a little snippet of the main function. If you have some ideas about a solution, it would be helpful. I tried with various NICs and dongles but on none of them, the monitor mode can be set.

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <pcap.h>

#define JUMBO_FRAMES_MTU 9000

#define BIGGER_THAN_ALL_MTUS    (64*1024)

#define ERR(msg) do { perror(msg); exit(EXIT_FAILURE); } while (0)

int main(int argc, char **argv)
{

    char errbuf[PCAP_ERRBUF_SIZE]; 

    pcap_t *handle; 

    if (argc < 2){
        ERR("usage : ./prog itf-name\n");
    }

    /* exiting if strlen of itf > 14 */
    if (strlen(argv[1]) > IFNAMSIZ){
        ERR("Interface name too long");
    }

    strncpy(opt_args->device, argv[1], strlen(argv[1]) + 1); 
    handle = pcap_create(opt_args->device, errbuf); 

    if (handle == NULL){
        (void)fprintf(stderr, "FATAL ERROR : couldn't create sock handle : %s\n", errbuf); 
        goto fatal_error; 
    }

    /* setting snaplen to 1500 */
    assert(pcap_set_snaplen(handle, ETHERNET_MTU) == 0); 

    assert(pcap_setnonblock(handle, -1, errbuf) != -1); 

    /* if we can't put the device in monitor mode, so we display a warning 
    but keep doing the capture */

    /* I have a warning here */
    if (pcap_can_set_rfmon(handle) != 1){
        (void)fprintf(stderr, "WARNING : device can't be set up in monitor mode : %s\n", 
            pcap_geterr(handle)); 
    } else{
        assert(pcap_set_rfmon(handle, 1) == 0); 
    }

    /* we need now to launch the session capture */
    if (pcap_activate(handle) < 0){

        (void)fprintf(stderr, "FATAL ERROR : couldn't activate PCAP sock : %s\n", 
            pcap_geterr(handle)); 

        goto fatal_error; 
    }

    /* pcap loop ... */

    pcap_close(handle);

    return 0;

fatal_error;

    pcap_close(handle);

    return 1;
}
Etienne Armangau
  • 13
  • 4
  • Don't use `assert()` to check whether pcap calls succeed. ***NEVER*** assume that they will work; ***ALWAYS*** do a check similar to the check you did for `pcap_can_set_rfmon()`. That way, if something fails, you'll get an error message that reports the error. Also, if a call can return multiple `PCAP_ERROR_` values, save the value and print it with `pcap_statustostr()`. That will help people - you, or somebody you ask for help - to determine what the problem is. – user16139739 Jun 27 '22 at 08:28
  • Hi ! Thanks you. I'll perform manual checks and look for return value of `pcap_geterr` and for `pcap_statusostr`. It seems weird because I have `CAP_NET_RAW` capabilitiy if I remember. – Etienne Armangau Jun 27 '22 at 09:18

0 Answers0