09-08-2021 09:44 AM - edited 09-08-2021 09:46 AM
Looking to see if there are any options for running a UDP sniffer tool that looks at all ethernet traffic on the wire, similar to NpCap on windows? The last time this question was asked to the community was 2014 and it seems the answer then was "there is no standardazed PCap option for any of them, for the first two because nobody has developed it..."
Now that NI Linux RT has been more fully developed and available across the product range, looking to see if any new solutions exist?
The problem we are trying to solve is that we have UDP network traffic on a cRIO ethernet port that we need to inspect and parse, however the destination IP address and port are not that of the cRIO. They are destined for other hardware on the network. This is being integrated into a legacy hardware system that uses an old network hub, and that hardware must currently be maintained as-is. Ideally, we would then be able to access these functions/libraries within a model or custom device in an NI VeriStand environment on the cRIO (but that is the next step).
Previous post for reference: Solved: Labview Real Time Ethernet Sniffer - NI Community
09-08-2021 11:14 AM
Follow-up: has anyone had any success getting the libpcap libraries from TCPDUMP working on a cRIO with ARM running Linux? It seems like it supports ARM v7 and Linux, but I don't know enough about the flavor of NI Linux on cRIO to know whether or not this might be possible. I currently have access to a cRIO 9063 (datasheet) for some testing.
09-08-2021 11:40 AM - edited 09-08-2021 11:47 AM
You shouldn't need to compile the libpcap library yourself. NI already did that for you and put the package in their package repository.
Make sure the cRIO is setup to access the internet and get a command line on your cRIO and try to type:
opkg install libpcap
What do you see?
Of course you still need to update the VIs to interface to libpcap.so instead of pcap.dll and check that there are no incompatibilities between the Windows and Unix version of the pcap library that may require you to set up different Call Library Nodes for both platforms.
09-08-2021 12:42 PM - edited 09-08-2021 12:42 PM
Is there a procedure for doing this thru NI-MAX instead of directly connected to internet/command line?
09-08-2021 01:40 PM
Most likely not! NI-Max only can install NI packages. That are typically LabVIEW libraries that add support for a LabVIEW feature to the RT controller. And if that libraries requires a shared library it will install that too.
But there is no NI LabVIEW Network capture library, and if there was it would likely not use the normal libpcap interface but something NI wrote themselves.
The opkg repository is a technology that is often used in embedded Linux controllers and while you can't just take any shared library from a different controller project and install it on your own there is a fairly well established build tool chain that creates these packages for a specific target. NI has precompiled many of these libraries and makes them downloadable from their package repository. If you do want to avoid trying to download the libpcap sources and cross compile them for your NI controller, you will have to connect the controller in some way to a network that has access to the internet and install it through opkg. After that you can disconnect the controller again.
09-08-2021 01:50 PM
Not having a way to install these without an internet connection seems like a real limiting factor.
There are still a lot of systems and applications that cannot be connected to internet. Let me see if I can find a workaround for that issue.
I would think you might be able to have your local (non-internet connected) computer act as the host that stores the files and then point the cRIO to that repo of files to install them from (or some other intranet location) rather than out across the web.
09-08-2021 02:38 PM
@ajf200 wrote:
I would think you might be able to have your local (non-internet connected) computer act as the host that stores the files and then point the cRIO to that repo of files to install them from (or some other intranet location) rather than out across the web.
Of course there is. It's Unix after all! First you need to determine the exact repository feed your opkg uses. This is important since there are different cRIO architectures (ZYNC ARM, some other ARM and x64) and also because it depends on the LabVIEW version you use on that cRIO (that is the same LabVIEW version that you use on your Windows computer to develop your cRIO application).
Once you have that you can go and download the necessary files to your local computer. Then you can add a repository feed to opgk on the cRIO that points to the network share on your computer where you put those files.
You will however need to do some work for that. And read manpages and other information about what commands to use with opkg to do all these things.
I never bothered with that so far. Simply took the cRIO, connected it temporarily to the internet facing network, downloaded the stuff and put it back into the private network. Much simpler and much more reliable.
11-25-2021 05:00 AM
Hi Rolf,
I'm trying to use the libpcap library on a cRIO device.
I installed the library with the help of opkg. No problem.
Now I want to use the function pcap_open_live on one network board. I receive the message : "eth1: You don't have permission to capture on that device (socket: Operation not permitted)"
I googled a lot but I cannot find a solution to this problem.
Do you have an idea?
Best regards.
Christophe
11-25-2021 06:34 AM - edited 11-25-2021 06:44 AM
Under Linux, and most other operating systems including Windows, opening a raw network socket is a privileged operation. This is because with a raw socket you can stuff the network with any packets you like including illegitimate ones that could be used to exploit socket vulnerabilities in devices and computers.
Under Linux, the process wanting to do that needs to have the CAP_NET_RAW capability (or be root which has all capabilities granted).
Windows works the same but here you have to have a device driver to do real promiscuous mode operation. A device driver runs in the kernel and can access any hardware it wants and the traditional WinPCap driver did not implement access protection. So under Windows applications using WinPCap or the newer NPCap in WinPCap mode do not have this limitation. But the NPCap driver allows to be installed with an Administrator only option, and then nobody but local Administrators can access it.
11-25-2021 09:05 AM
Thank you very much.
You gave me the solution.