akshar SNIFFER wrote:
I am developing a wireless sniffer using libpcap and Qt.
Then tcpdump-workers@xxxxxxxxxxx, not ethereal-dev, is the right list
for your question, as it's a libpcap question, not an Ethereal question.
here i want to know two things:
1.can we provide GUI to the applications developed using libpcap with Qt ?
Yes. However, you will have to figure out how to arrange that the
application be able to respond to user input while capturing packets.
On most UN*Xes, you could get a descriptor for the device/socket/etc.
from which libpcap reads (use "pcap_get_selectable()" if libpcap has it,
"pcap_fileno()" if it doesn't), and add that to the list of descriptors
on which to do a select in Qt's main loop with QSocketNotifier (even
though it is *not* a socket, that *should* work on UN*X). The handler
for the "activated()" signal for the QSocketNotifier should call
"pcap_dispatch()" to process all the packets that are available.
You would put the descriptor into non-blocking mode (use
"pcap_setnonblock()" if libpcap has it, and "fcntl()" if it doesn't).
In order to work around a bug in BPF on many flavors of BSD that causes
"select()" not to work properly, you should use QTimer to set a timer
that expires after the timeout used in "pcap_open()", and call
"pcap_dispatch()" in the "timeout()" handler.
Note that even *that* trick probably won't work on FreeBSD 4.3 or 4.4,
although it should work on earlier and later versions, and I think it
should work on other BSDs (NetBSD, OpenBSD, OS X, possibly BSD/OS).
"pcap_get_selectable()" returns -1 on those platforms. It also won't
work on Linux or FreeBSD with Endace DAG devices, because their driver
does not, as far as I know, support "select()", unfortunately.
An alternative might be to do the capturing and the GUI stuff in
separate threads. Note that this might not work on older BSDs due to
the aforementioned problem with BPF devices and select(), and due to the
userland thread packages in older BSDs using a "select()"-based main
loop. I have not thought about how that would be done; you're on your
own trying to figure out how to do that.
2.since winpcap internally using libpcap can we run this application in
Windows as well as in LINUX without any modifications ?
If you do the capturing and the GUI stuff in separate threads, you
*might* be able do it without modifications.
If you do it in the same loop, you might not be able to do it on Windows
at all. You can't get a descriptor for the device from which WinPcap
reads, as there *is* no such descriptor in any UNIXish sense. You might
be able to get a HANDLE that signals when packets are available, but you
can't get that to be tested in the Qt main loop, as far as I know, and
at least some versions of WinPcap don't return that handle reliably.
Note also that if by "wireless sniffer" you mean an application that can
do one or more of
1) capturing packets other than 802.11 data packets;
2) capturing packets with raw 802.11 headers rather than fake Ethernet
headers;
3) running the interface in monitor mode ("rfmon mode");
4) capturing reliably in promiscuous mode;
you won't be able to run that application on Windows *at all*:
http://www.ethereal.com/faq#q5.37
http://www.ethereal.com/faq#q5.41
http://www.ethereal.com/faq#q5.42
You might be able to do it on Linux, FreeBSD, or NetBSD on some devices:
http://www.ethereal.com/faq#q5.38
http://www.ethereal.com/faq#q5.39
http://www.ethereal.com/faq#q5.40
