BestHub
Sign in
Code DAO
Code DAO
May 1, 2022 · Fundamentals

How to Build a Linux Packet Sniffer Using Raw Sockets and BPF

This article walks through creating a Linux packet sniffer that bypasses libpcap, explains PF_PACKET raw sockets, shows how to bind to a specific interface, enable promiscuous mode, attach a BPF filter compiled with tcpdump, and parse Ethernet and IP headers in a continuous receive loop.

BPFLinuxPF_PACKET
0 likes · 26 min read
How to Build a Linux Packet Sniffer Using Raw Sockets and BPF
ITPUB
ITPUB
Aug 16, 2016 · Fundamentals

Capture Ethernet Frames with Linux Raw Sockets (PF_PACKET)

This tutorial explains how to use Linux raw sockets (PF_PACKET) to send and receive link‑layer Ethernet frames, covering socket creation, protocol selection, sockaddr_ll structure, interface binding, promiscuous mode, and provides a complete C example that prints MAC and IP information for each captured packet.

LinuxPF_PACKETPacket Capture
0 likes · 12 min read
Capture Ethernet Frames with Linux Raw Sockets (PF_PACKET)