> -----Original Message----- > From: lartc-bounces@xxxxxxxxxxxxxxx [mailto:lartc-bounces@xxxxxxxxxxxxxxx] > On Behalf Of ramsurrunv@xxxxxxxxxxxx > Sent: Sunday, June 04, 2006 12:32 PM > To: Martin A. Brown > Cc: lartc@xxxxxxxxxxxxxxx; ramsurrunv@xxxxxxxxxxxx > Subject: RE: Not understanding network setup!! > > Hi Martin, > > > How many times (or how quickly) do you need to do this? I have a > > somewhat simple-minded solution for you, but it doesn't scale, and > > may not actually solve you problem(s). > > I actually need this for as long as the machine communicates with other > PCs. > > > If you are looking at inbound traffic to one of your servers, that > > can be a bit trickier. > > I have to capture those three packets for each and every TCP stream that > is initiated. Also, I'm looking only for outbound communication, i.e > emanating from the PC on which I'm trying to catch the packets. So the ACK > packet will be generated on the PC itself. But the problem how do I > capture that particular ACK packet and not the other ACK packets during > data transfer phase, w/o keeping track of IP address/port no. pairs. The way I would do this is write a small userspace capturing tool that runs as a daemon all the time and watches the packets as they traverse the machine. I have written a small libpcap based program which does something similar. You are free to use whatever code you need from it as long as the code will not be included in anything that is resold: http://eliot.kayandee.net/traflog.php This program simply counts traffic on a per-MAC and per-IP basis. It also provides both MAC->IP and IP->MAC lookup tables. It should be fairly trivial (as in no more than a days worth of work) to modify it to suit your needs. Eliot Gable Certified Wireless Network Administrator (CWNA) Certified Wireless Security Professional (CWSP) Cisco Certified Network Associate (CCNA) CompTIA Security+ Certified CompTIA Network+ Certified Network and System Engineer Great Lakes Internet, Inc. 112 North Howard Croswell, MI 48422 (810) 679-3395 (877) 558-8324 Now offering Broadband Wireless Internet access in Croswell, Lexington, Brown City, Yale, Worth Township, and Sandusky. Call for details. _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
