Well, I didn't want to capture packets for analyse, but for enqueuing them in another device, but thanks, I also searched something better that tcpdump !!!!! :-) :-)) On Fri, 22 Mar 2002, Riaz Mahmood wrote: > > if you r trying to capture packets and want some analysis, do use KDE bas= ed > tool KSnuffle. it is downloadable from > > www.quaking.demon.co.uk/ksnuffle.html > > hope u will find it intersting > > Riaz Mahmood > > > >From: Juli=E1n Mu=F1oz <jmunoz@telefonica.net> > >To: <lartc@mailman.ds9a.nl> > >Subject: [LARTC] Capturing incoming packets > >Date: Fri, 22 Mar 2002 12:39:56 +0000 (GMT) > > > > > >I am investigating how to capture some packets from a network device (In > >order to send them to IMQ). > > > >Looking at the kernel compilation options, I see it would be possible to > >pick some packets and send them to a "netlink device". > > > >What I don't know is how to use this netlink device, and what is it > >exactly, because the doc say it is going to disappear, and that we must > >use "netlink sockets" > > > >Help? > > > > > >Here some interesting info: > > > > > >using CONFIG_IP_NF_QUEUE in the 2.4 Kernel: > > > >CONFIG_IP_NF_QUEUE: > > > >Netfilter has the ability to queue packets to user space: the > >netlink device can be used to access them using this driver. > > > >If you want to compile it as a module, say M here and read > >Documentation/modules.txt. If unsure, say `N'. > > > > > > > >net/ipv4/netfilter/ip_queue.c : > > > >/* > > * This is a module which is used for queueing IPv4 packets and > > * communicating with userspace via netlink. > > * > > * (C) 2000 James Morris, this code is GPL. > > * > > * 2000-03-27: Simplified code (thanks to Andi Kleen for clues). > > * 2000-05-20: Fixed notifier problems (following Miguel Freitas' repor= t). > > * 2000-06-19: Fixed so nfmark is copied to metadata (reported by > >Sebastian > > * Zander). > > * 2000-08-01: Added Nick Williams' MAC support. > > * > > > > > >man iptables: > > > >TARGETS > > A firewall rule specifies criteria for a packet, and a > > target. If the packet does not match, the next rule in > > the chain is the examined; if it does match, then the next > > rule is specified by the value of the target, which can be > > the name of a user-defined chain or one of the special > > values ACCEPT, DROP, QUEUE, or RETURN. > > > > ACCEPT means to let the packet through. DROP means to > > drop the packet on the floor. QUEUE means to pass the > > packet to userspace (if supported by the kernel). > > > > > > > > > > > >-- > > > > __o > > _ \<_ > > (_)/(_) > > > >Saludos de Juli=E1n > >EA4ACL > >-.- > > > >Foro Wireless Madrid > >http://opennetworks.rg3.net > > > > > > > >_______________________________________________ > >LARTC mailing list / LARTC@mailman.ds9a.nl > >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > > > _________________________________________________________________ > Send and receive Hotmail on your mobile device: http://mobile.msn.com > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > --=20 __o _ \<_ (_)/(_) Saludos de Juli=E1n EA4ACL -.- Foro Wireless Madrid http://opennetworks.rg3.net
