if you r trying to capture packets and want some analysis, do use KDE based tool KSnuffle. it is downloadable from www.quaking.demon.co.uk/ksnuffle.html hope u will find it intersting Riaz Mahmood >From: Julián Muñoz <jmunoz@telefonica.net> >To: <lartc@mailman.ds9a.nl> >Subject: [LARTC] Capturing incoming packets >Date: Fri, 22 Mar 2002 12:39:56 +0000 (GMT) > > >I am investigating how to capture some packets from a network device (In >order to send them to IMQ). > >Looking at the kernel compilation options, I see it would be possible to >pick some packets and send them to a "netlink device". > >What I don't know is how to use this netlink device, and what is it >exactly, because the doc say it is going to disappear, and that we must >use "netlink sockets" > >Help? > > >Here some interesting info: > > >using CONFIG_IP_NF_QUEUE in the 2.4 Kernel: > >CONFIG_IP_NF_QUEUE: > >Netfilter has the ability to queue packets to user space: the >netlink device can be used to access them using this driver. > >If you want to compile it as a module, say M here and read >Documentation/modules.txt. If unsure, say `N'. > > > >net/ipv4/netfilter/ip_queue.c : > >/* > * This is a module which is used for queueing IPv4 packets and > * communicating with userspace via netlink. > * > * (C) 2000 James Morris, this code is GPL. > * > * 2000-03-27: Simplified code (thanks to Andi Kleen for clues). > * 2000-05-20: Fixed notifier problems (following Miguel Freitas' report). > * 2000-06-19: Fixed so nfmark is copied to metadata (reported by >Sebastian > * Zander). > * 2000-08-01: Added Nick Williams' MAC support. > * > > >man iptables: > >TARGETS > A firewall rule specifies criteria for a packet, and a > target. If the packet does not match, the next rule in > the chain is the examined; if it does match, then the next > rule is specified by the value of the target, which can be > the name of a user-defined chain or one of the special > values ACCEPT, DROP, QUEUE, or RETURN. > > ACCEPT means to let the packet through. DROP means to > drop the packet on the floor. QUEUE means to pass the > packet to userspace (if supported by the kernel). > > > > > >-- > > __o > _ \<_ > (_)/(_) > >Saludos de Julián >EA4ACL >-.- > >Foro Wireless Madrid >http://opennetworks.rg3.net > > > >_______________________________________________ >LARTC mailing list / LARTC@mailman.ds9a.nl >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com
