?
Solved

Reading and Dropping Packets

Posted on 2004-03-22
5
Medium Priority
?
203 Views
Last Modified: 2010-04-15
Im trying to find the best(fastest) way to capture packets in promiscuous mode. I have been using pcap before but I am curious if there is something better for linux systems.

Since pcap reads pakets at layer 2 of the OSI model (im learning so correct me if Im wrong) I would also like to be able to drop/block packets that I determine I do not want passing up the network protocol stack. Can someone reccomend the information Ill need to read to be able to do this.

0
Comment
Question by:joele23
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 46

Accepted Solution

by:
Kent Olsen earned 172 total points
ID: 10651567
Hi joele23,

Newer versions of linux come with a package/feature called iptables.  They perform the kind of evaluation and blocking that you're describing.  Are you interested in using an already-existing product then give it a look.  If you want to build your own just to see how things work, download the linux source code and look at iptables.


Good Luck,
Kent
0
 
LVL 8

Assisted Solution

by:manish_regmi
manish_regmi earned 164 total points
ID: 10651584
hi,
 Are u interested in using netfilters. You need to write a kernel module which receives packets. you can do whatever to it.

see this link for more info.

http://www.linux-mag.com/2000-06/gear_01.html
0
 
LVL 45

Assisted Solution

by:sunnycoder
sunnycoder earned 164 total points
ID: 10664858
>I would also like to be able to drop/block packets that I determine I do not want passing up the
>network protocol stack.

Assume that you wish to drop packets from a pre-defined IP address while working at L2 .... problem is, your L2 is not supposed to know of an IP address !!! If you decide to bring that code into L2, you get tied to implementation and technology used. .... Note that dropping packet based on IP address at L2 is still possible ... afterall IP address is still present in the payload .... However, it might not be a good idea to read and parse IP header in L2 software

Ofcourse you can drop packets based on L2 identification at L2 ... e.g. use DLCI number if you are running FR or ATM addresses if you are running ATM
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Summary: This tutorial covers some basics of pointer, pointer arithmetic and function pointer. What is a pointer: A pointer is a variable which holds an address. This address might be address of another variable/address of devices/address of fu…
Windows programmers of the C/C++ variety, how many of you realise that since Window 9x Microsoft has been lying to you about what constitutes Unicode (http://en.wikipedia.org/wiki/Unicode)? They will have you believe that Unicode requires you to use…
The goal of this video is to provide viewers with basic examples to understand and use structures in the C programming language.
The goal of this video is to provide viewers with basic examples to understand and use conditional statements in the C programming language.
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question