• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 204
  • Last Modified:

Reading and Dropping Packets

Im trying to find the best(fastest) way to capture packets in promiscuous mode. I have been using pcap before but I am curious if there is something better for linux systems.

Since pcap reads pakets at layer 2 of the OSI model (im learning so correct me if Im wrong) I would also like to be able to drop/block packets that I determine I do not want passing up the network protocol stack. Can someone reccomend the information Ill need to read to be able to do this.

0
joele23
Asked:
joele23
3 Solutions
 
Kent OlsenData Warehouse Architect / DBACommented:
Hi joele23,

Newer versions of linux come with a package/feature called iptables.  They perform the kind of evaluation and blocking that you're describing.  Are you interested in using an already-existing product then give it a look.  If you want to build your own just to see how things work, download the linux source code and look at iptables.


Good Luck,
Kent
0
 
manish_regmiCommented:
hi,
 Are u interested in using netfilters. You need to write a kernel module which receives packets. you can do whatever to it.

see this link for more info.

http://www.linux-mag.com/2000-06/gear_01.html
0
 
sunnycoderCommented:
>I would also like to be able to drop/block packets that I determine I do not want passing up the
>network protocol stack.

Assume that you wish to drop packets from a pre-defined IP address while working at L2 .... problem is, your L2 is not supposed to know of an IP address !!! If you decide to bring that code into L2, you get tied to implementation and technology used. .... Note that dropping packet based on IP address at L2 is still possible ... afterall IP address is still present in the payload .... However, it might not be a good idea to read and parse IP header in L2 software

Ofcourse you can drop packets based on L2 identification at L2 ... e.g. use DLCI number if you are running FR or ATM addresses if you are running ATM
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now