hello friends, now as i am mailing u so the basic reason is that i have a problem and maybe anybody of u can suggest me some good solution.... the main motive of mine is to design a network sniffer...currently on a linux platform and complete userlevel implementation....with the basic motive of making it platform independent ... but for now I can go with linux only. now what i have gone thru is tcpdump/libpcap/linux socket filter/ and have also read something about ipchains and some related stuff..so here is my basic problem... a) is there any system call (or a set of them) available which gives me ip packets from network interface, by that i mean : all ip packets with ethernet header removed but reassembled (i.e. in anycase either for tcp or udp i should not get fragmented packets). b) secondly is there a way to do the same thing via libpcap 'coz libpcap probably does'nt support ip reassembly (as i know). and due to the same reason tcpdump fails for fragmented packets. c) does LSF(linux dsocket filter) has a similar option ? All this with the fact that i don't want to modify the existing kernel code so as to make some modifications on the raw socket BSD interface to provide such a option. Also, you may say that ipchains or some other stuff may support this, them if possible please guide me to it coz i have not read about them. Other than libpcap (user level filtering on linux) and of course LSF is there any other filtering method which can be employed to do the above task..... Also, the basic reason for this is that i want to do some sort of in-kernel filtering so that all the packets which i am reading thru the interface are somewhat filtered on the basis of some very basic criterieas...i.e. upto some ip address and port number filtering.. thanks ...i may not be too clear in what i am asking for..but maybe..someone may be able to help... thanks in advance mal PS: I think I had sent this mail to this grp before also but I think that was lost somewhere on the way as it did'nt even got into my mailbox ...sorry if it a repeat post.... ===== Image by FlamingText.com __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
