regarding sniffing...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

hello friends,
now as i am mailing u so the basic reason is that i
have a problem and maybe
anybody of u can suggest me some good solution....
 
the main motive of mine is to design a network
sniffer...currently
on a linux platform and complete userlevel
implementation....with
the basic motive of making it platform independent ...
but for now
I can go with linux only.
 
now what i have gone thru is tcpdump/libpcap/linux
socket filter/ and have also
read something about ipchains and some related
stuff..so here is my basic problem...
 
 
a) is there any system call (or a set of them)
available which gives me
ip packets from network interface, by that i mean :
 
all ip packets with ethernet header removed but
reassembled (i.e. in anycase
                either for tcp or udp i should not get
fragmented packets).
 
b) secondly is there a way to do the same thing via
libpcap 'coz libpcap probably
does'nt support ip reassembly (as i know). and due to
the same reason tcpdump
fails for fragmented packets.
 
c) does LSF(linux dsocket filter) has a similar option
?
 
All this with the fact that i don't want to modify the
existing kernel code
so as to make some modifications on the raw socket BSD
interface to provide such a option.
Also, you may say that ipchains or some other stuff
may support this, them if
possible please guide me to it coz i have not read
about them.
 
Other than libpcap (user level filtering on linux) and
of course LSF is there
any other filtering method which can be employed to do
the above task.....
 
Also, the basic reason for this is that i want to do
some sort of in-kernel
filtering so that all the packets which i am reading
thru the interface are
somewhat filtered on the basis of some very basic
criterieas...i.e. upto some
ip address and port number filtering..
 
thanks ...i may not be too clear in what i am asking
for..but maybe..someone may
be able to help...
 

thanks in advance
mal

=====

Image by FlamingText.com

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux