Link Layer (Sockets) Question

Mike_Cotrone · May 22, 2016, 7:46am

Is there a way I can access link-layer socket information yet by chance?

This is a wireshark link layer capture of the information that I would like to access for example:

Thanks!

Mike_Cotrone · May 22, 2016, 10:06pm

Looking at Libpcap so if you have any experience with OS X Declares using libpcap please let me know?

Thank you in advance

Mike_Cotrone · May 22, 2016, 10:27pm

[quote=267505:@jean-paul devulder]hi Mike,

using this tools ?[/quote]

I am looking for Xojo classes to perform these sniffer functions so after all of my research a plugin that wraps either this project or the libpcap project is going to be my solution for Xojo.

Andrew_Lambert · May 22, 2016, 11:52pm

I’ve been tinkering with wpcap which is a Windows port/fork of libpcap. I’m not sure whether it provides link-layer info, though. It looks like it only does the capturing and leaves dissection to the user.

Mike_Cotrone · May 23, 2016, 12:13am

Thanks Andrew! I am good with the dissection. Ill give it a try! Thanks

Mike_Cotrone · May 23, 2016, 12:43am

[quote=267520:@jean-paul devulder]Hi Mike,

Can you try this example:

look the readme file![/quote]
Thanks Jean-Paul I will give it a try! Thank you so much!

Mike_Cotrone · May 23, 2016, 1:03am

[quote=267520:@jean-paul devulder]Hi Mike,

Can you try this example:

look the readme file![/quote]

Interesting how you did that! It appears that some of the 0’s are being omitted (snipped) and some 00 are 0. Is there a way for me to control that?

IE. Wireshark Trace:

Xojo Sniffer Trace:
ffffffffffff0c1e26954804500e99f80064115126aa5e2effffafa23ab23ab0d589e7414d58423c2d555549443d476c6f62616c43616368655f3030304331453032363935343e3c2d53444b436c6173733d5574696c6974793e3c2d4d616b653d476c6f62616c43616368653e3c2d4

Thanks again JP!!!

Mike_Cotrone · May 23, 2016, 1:36am

Andrew have you seen this Exception? Im on OSX.

Thanks!

Andrew_Lambert · May 23, 2016, 2:03am

A FunctionNotFoundException means that a soft declare couldn’t be loaded at runtime (i.e. wpcap.dll wasn’t found)

Mike_Cotrone · May 23, 2016, 2:07am

Andrew knowing wpcap.dll is windows based does that limit my ability to use this only w/ Windows Platforms? I assume so, but wanted to check just in case.

Thanks!

Andrew_Lambert · May 23, 2016, 2:45am

The main wpcap API is supposed to be the same as libpcap, so it might be as simple as changing the lib name.

Mike_Cotrone · May 23, 2016, 2:45am

Thanks Andrew Will Try!

Mike_Cotrone · May 23, 2016, 11:42am

[quote=267546:@jean-paul devulder]Hi,

Please redownload

change output “0” to “00”

add Xcode project also[/quote]
Thank you JP!!! I so appreciate you work to help!

It works like a charm!!! THANK YOU!

Andrew_Lambert · May 30, 2016, 7:46am

In case you’re still interested I got libpcap working on Ubuntu and the same code using wpcap on Windows.