Solved

Reading and Dropping Packets

Posted on 2004-03-22
5
192 Views
Last Modified: 2010-04-15
Im trying to find the best(fastest) way to capture packets in promiscuous mode. I have been using pcap before but I am curious if there is something better for linux systems.

Since pcap reads pakets at layer 2 of the OSI model (im learning so correct me if Im wrong) I would also like to be able to drop/block packets that I determine I do not want passing up the network protocol stack. Can someone reccomend the information Ill need to read to be able to do this.

0
Comment
Question by:joele23
5 Comments
 
LVL 45

Accepted Solution

by:
Kdo earned 43 total points
ID: 10651567
Hi joele23,

Newer versions of linux come with a package/feature called iptables.  They perform the kind of evaluation and blocking that you're describing.  Are you interested in using an already-existing product then give it a look.  If you want to build your own just to see how things work, download the linux source code and look at iptables.


Good Luck,
Kent
0
 
LVL 8

Assisted Solution

by:manish_regmi
manish_regmi earned 41 total points
ID: 10651584
hi,
 Are u interested in using netfilters. You need to write a kernel module which receives packets. you can do whatever to it.

see this link for more info.

http://www.linux-mag.com/2000-06/gear_01.html
0
 
LVL 45

Assisted Solution

by:sunnycoder
sunnycoder earned 41 total points
ID: 10664858
>I would also like to be able to drop/block packets that I determine I do not want passing up the
>network protocol stack.

Assume that you wish to drop packets from a pre-defined IP address while working at L2 .... problem is, your L2 is not supposed to know of an IP address !!! If you decide to bring that code into L2, you get tied to implementation and technology used. .... Note that dropping packet based on IP address at L2 is still possible ... afterall IP address is still present in the payload .... However, it might not be a good idea to read and parse IP header in L2 software

Ofcourse you can drop packets based on L2 identification at L2 ... e.g. use DLCI number if you are running FR or ATM addresses if you are running ATM
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This tutorial is posted by Aaron Wojnowski, administrator at SDKExpert.net.  To view more iPhone tutorials, visit www.sdkexpert.net. This is a very simple tutorial on finding the user's current location easily. In this tutorial, you will learn ho…
Summary: This tutorial covers some basics of pointer, pointer arithmetic and function pointer. What is a pointer: A pointer is a variable which holds an address. This address might be address of another variable/address of devices/address of fu…
The goal of this video is to provide viewers with basic examples to understand and use pointers in the C programming language.
The goal of this video is to provide viewers with basic examples to understand how to use strings and some functions related to them in the C programming language.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now