Solved

Reading and Dropping Packets

Posted on 2004-03-22
5
198 Views
Last Modified: 2010-04-15
Im trying to find the best(fastest) way to capture packets in promiscuous mode. I have been using pcap before but I am curious if there is something better for linux systems.

Since pcap reads pakets at layer 2 of the OSI model (im learning so correct me if Im wrong) I would also like to be able to drop/block packets that I determine I do not want passing up the network protocol stack. Can someone reccomend the information Ill need to read to be able to do this.

0
Comment
Question by:joele23
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 45

Accepted Solution

by:
Kent Olsen earned 43 total points
ID: 10651567
Hi joele23,

Newer versions of linux come with a package/feature called iptables.  They perform the kind of evaluation and blocking that you're describing.  Are you interested in using an already-existing product then give it a look.  If you want to build your own just to see how things work, download the linux source code and look at iptables.


Good Luck,
Kent
0
 
LVL 8

Assisted Solution

by:manish_regmi
manish_regmi earned 41 total points
ID: 10651584
hi,
 Are u interested in using netfilters. You need to write a kernel module which receives packets. you can do whatever to it.

see this link for more info.

http://www.linux-mag.com/2000-06/gear_01.html
0
 
LVL 45

Assisted Solution

by:sunnycoder
sunnycoder earned 41 total points
ID: 10664858
>I would also like to be able to drop/block packets that I determine I do not want passing up the
>network protocol stack.

Assume that you wish to drop packets from a pre-defined IP address while working at L2 .... problem is, your L2 is not supposed to know of an IP address !!! If you decide to bring that code into L2, you get tied to implementation and technology used. .... Note that dropping packet based on IP address at L2 is still possible ... afterall IP address is still present in the payload .... However, it might not be a good idea to read and parse IP header in L2 software

Ofcourse you can drop packets based on L2 identification at L2 ... e.g. use DLCI number if you are running FR or ATM addresses if you are running ATM
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An Outlet in Cocoa is a persistent reference to a GUI control; it connects a property (a variable) to a control.  For example, it is common to create an Outlet for the text field GUI control and change the text that appears in this field via that Ou…
Preface I don't like visual development tools that are supposed to write a program for me. Even if it is Xcode and I can use Interface Builder. Yes, it is a perfect tool and has helped me a lot, mainly, in the beginning, when my programs were small…
The goal of this video is to provide viewers with basic examples to understand and use structures in the C programming language.
The goal of this video is to provide viewers with basic examples to understand opening and writing to files in the C programming language.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question