?
Solved

Reading and Dropping Packets

Posted on 2004-03-22
5
Medium Priority
?
199 Views
Last Modified: 2010-04-15
Im trying to find the best(fastest) way to capture packets in promiscuous mode. I have been using pcap before but I am curious if there is something better for linux systems.

Since pcap reads pakets at layer 2 of the OSI model (im learning so correct me if Im wrong) I would also like to be able to drop/block packets that I determine I do not want passing up the network protocol stack. Can someone reccomend the information Ill need to read to be able to do this.

0
Comment
Question by:joele23
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 46

Accepted Solution

by:
Kent Olsen earned 172 total points
ID: 10651567
Hi joele23,

Newer versions of linux come with a package/feature called iptables.  They perform the kind of evaluation and blocking that you're describing.  Are you interested in using an already-existing product then give it a look.  If you want to build your own just to see how things work, download the linux source code and look at iptables.


Good Luck,
Kent
0
 
LVL 8

Assisted Solution

by:manish_regmi
manish_regmi earned 164 total points
ID: 10651584
hi,
 Are u interested in using netfilters. You need to write a kernel module which receives packets. you can do whatever to it.

see this link for more info.

http://www.linux-mag.com/2000-06/gear_01.html
0
 
LVL 45

Assisted Solution

by:sunnycoder
sunnycoder earned 164 total points
ID: 10664858
>I would also like to be able to drop/block packets that I determine I do not want passing up the
>network protocol stack.

Assume that you wish to drop packets from a pre-defined IP address while working at L2 .... problem is, your L2 is not supposed to know of an IP address !!! If you decide to bring that code into L2, you get tied to implementation and technology used. .... Note that dropping packet based on IP address at L2 is still possible ... afterall IP address is still present in the payload .... However, it might not be a good idea to read and parse IP header in L2 software

Ofcourse you can drop packets based on L2 identification at L2 ... e.g. use DLCI number if you are running FR or ATM addresses if you are running ATM
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface I don't like visual development tools that are supposed to write a program for me. Even if it is Xcode and I can use Interface Builder. Yes, it is a perfect tool and has helped me a lot, mainly, in the beginning, when my programs were small…
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
Video by: Grant
The goal of this video is to provide viewers with basic examples to understand and use while-loops in the C programming language.
The goal of this video is to provide viewers with basic examples to understand how to create, access, and change arrays in the C programming language.
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question