You want a simple raw socket, with no protocol set, i.e., int sock = socket(PF_INET, SOCK_RAW, 0); This will get all IP packets, after reassembly. Mal Hacker wrote: > > hello friends, > > now as i am mailing u so the basic reason is that i > have a problem and maybe anybody of u can suggest me > some good solution.... the main motive of mine is to > design a network sniffer...currently on a linux > platform and complete userlevel implementation....with > the basic motive of making it platform independent ... > but for now I can go with linux only. now what i > have gone thru is tcpdump/libpcap/linux socket filter/ > and have also read something about ipchains and some > related stuff..so here is my basic problem... a) is > there any system call (or a set of them) available > which gives me ip packets from network interface, by > that i mean : all ip packets with ethernet header > removed but reassembled (i.e. in anycase either for > tcp or udp i should not get fragmented packets). b) > secondly is there a way to do the same thing via > libpcap 'coz libpcap probably does'nt support ip > reassembly (as i know). and due to the same reason > tcpdump fails for fragmented packets. c) does > LSF(linux > dsocket filter) has a similar option ? All this with > the fact that i don't want to modify the existing > kernel code so as to make some modifications on the > raw socket BSD interface to provide such a option. > Also, you may say that ipchains or some other stuff > may support this, them if possible please guide me to > it coz i have not read about them. Other than libpcap > (user level filtering on linux) and of course LSF is > there any other filtering method which can be employed > to do the above task..... Also, the basic reason for > this is that i want to do some sort of in-kernel > filtering so that all the packets which i am reading > thru the interface are somewhat filtered on the basis > of some very basic criterieas...i.e. upto some ip > address and port number filtering.. thanks ...i may > not be too clear in what i am asking for..but > maybe..someone may be able to help... > thanks in advance > mal > > PS: I think I had sent this mail to this grp before > also but I think that was lost somewhere on the way as > it did'nt even got into my mailbox ...sorry if it a > repeat post.... > > ===== > > Image by FlamingText.com > > __________________________________________________ > Do You Yahoo!? > Get personalized email addresses from Yahoo! Mail - only $35 > a year! http://personal.mail.yahoo.com/ > - > : send the line "unsubscribe linux-net" in > the body of a message to majordomo@vger.kernel.org -- Casey Carter Casey@Carter.net ccarter@uiuc.edu AIM: cartec69 - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
