All of lore.kernel.org
 help / color / mirror / Atom feed
* [LARTC] Capturing incoming packets
@ 2002-03-22 12:39 Julián Muñoz
  2002-03-22 14:16 ` Riaz Mahmood
  2002-03-22 14:44 ` Julián Muñoz
  0 siblings, 2 replies; 3+ messages in thread
From: Julián Muñoz @ 2002-03-22 12:39 UTC (permalink / raw)
  To: lartc


I am investigating how to capture some packets from a network device (In
order to send them to IMQ).

Looking at the kernel compilation options, I see it would be possible to
pick some packets and send them to a "netlink device".

What I don't know is how to use this netlink device, and what is it
exactly, because the doc say it is going to disappear, and that we must
use "netlink sockets"

Help?


Here some interesting info:


using CONFIG_IP_NF_QUEUE in the 2.4 Kernel:

CONFIG_IP_NF_QUEUE:

Netfilter has the ability to queue packets to user space: the
netlink device can be used to access them using this driver.

If you want to compile it as a module, say M here and read
Documentation/modules.txt.  If unsure, say `N'.



net/ipv4/netfilter/ip_queue.c :

/*
 * This is a module which is used for queueing IPv4 packets and
 * communicating with userspace via netlink.
 *
 * (C) 2000 James Morris, this code is GPL.
 *
 * 2000-03-27: Simplified code (thanks to Andi Kleen for clues).
 * 2000-05-20: Fixed notifier problems (following Miguel Freitas' report).
 * 2000-06-19: Fixed so nfmark is copied to metadata (reported by  Sebastian
 *             Zander).
 * 2000-08-01: Added Nick Williams' MAC support.
 *


man iptables:

TARGETS
       A firewall rule specifies criteria for  a  packet,  and  a
       target.   If  the  packet does not match, the next rule in
       the chain is the examined; if it does match, then the next
       rule is specified by the value of the target, which can be
       the name of a user-defined chain or  one  of  the  special
       values ACCEPT, DROP, QUEUE, or RETURN.

       ACCEPT  means  to  let  the packet through.  DROP means to
       drop the packet on the floor.  QUEUE  means  to  pass  the
       packet  to userspace (if supported by the kernel).





-- 

      __o
    _ \<_
   (_)/(_)

Saludos de Julián
EA4ACL
-.-

Foro Wireless Madrid
http://opennetworks.rg3.net



_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [LARTC] Capturing incoming packets
  2002-03-22 12:39 [LARTC] Capturing incoming packets Julián Muñoz
@ 2002-03-22 14:16 ` Riaz Mahmood
  2002-03-22 14:44 ` Julián Muñoz
  1 sibling, 0 replies; 3+ messages in thread
From: Riaz Mahmood @ 2002-03-22 14:16 UTC (permalink / raw)
  To: lartc


if you r trying to capture packets and want some analysis, do use KDE based 
tool KSnuffle. it is downloadable from

www.quaking.demon.co.uk/ksnuffle.html

hope u will find it intersting

Riaz Mahmood


>From: Julián Muñoz <jmunoz@telefonica.net>
>To: <lartc@mailman.ds9a.nl>
>Subject: [LARTC] Capturing incoming packets
>Date: Fri, 22 Mar 2002 12:39:56 +0000 (GMT)
>
>
>I am investigating how to capture some packets from a network device (In
>order to send them to IMQ).
>
>Looking at the kernel compilation options, I see it would be possible to
>pick some packets and send them to a "netlink device".
>
>What I don't know is how to use this netlink device, and what is it
>exactly, because the doc say it is going to disappear, and that we must
>use "netlink sockets"
>
>Help?
>
>
>Here some interesting info:
>
>
>using CONFIG_IP_NF_QUEUE in the 2.4 Kernel:
>
>CONFIG_IP_NF_QUEUE:
>
>Netfilter has the ability to queue packets to user space: the
>netlink device can be used to access them using this driver.
>
>If you want to compile it as a module, say M here and read
>Documentation/modules.txt.  If unsure, say `N'.
>
>
>
>net/ipv4/netfilter/ip_queue.c :
>
>/*
>  * This is a module which is used for queueing IPv4 packets and
>  * communicating with userspace via netlink.
>  *
>  * (C) 2000 James Morris, this code is GPL.
>  *
>  * 2000-03-27: Simplified code (thanks to Andi Kleen for clues).
>  * 2000-05-20: Fixed notifier problems (following Miguel Freitas' report).
>  * 2000-06-19: Fixed so nfmark is copied to metadata (reported by  
>Sebastian
>  *             Zander).
>  * 2000-08-01: Added Nick Williams' MAC support.
>  *
>
>
>man iptables:
>
>TARGETS
>        A firewall rule specifies criteria for  a  packet,  and  a
>        target.   If  the  packet does not match, the next rule in
>        the chain is the examined; if it does match, then the next
>        rule is specified by the value of the target, which can be
>        the name of a user-defined chain or  one  of  the  special
>        values ACCEPT, DROP, QUEUE, or RETURN.
>
>        ACCEPT  means  to  let  the packet through.  DROP means to
>        drop the packet on the floor.  QUEUE  means  to  pass  the
>        packet  to userspace (if supported by the kernel).
>
>
>
>
>
>--
>
>       __o
>     _ \<_
>    (_)/(_)
>
>Saludos de Julián
>EA4ACL
>-.-
>
>Foro Wireless Madrid
>http://opennetworks.rg3.net
>
>
>
>_______________________________________________
>LARTC mailing list / LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/




_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [LARTC] Capturing incoming packets
  2002-03-22 12:39 [LARTC] Capturing incoming packets Julián Muñoz
  2002-03-22 14:16 ` Riaz Mahmood
@ 2002-03-22 14:44 ` Julián Muñoz
  1 sibling, 0 replies; 3+ messages in thread
From: Julián Muñoz @ 2002-03-22 14:44 UTC (permalink / raw)
  To: lartc


Well, I didn't want to capture packets for analyse, but for enqueuing them
in another device,

but thanks, I also searched something better that tcpdump !!!!! :-)

:-))



On Fri, 22 Mar 2002, Riaz Mahmood wrote:

>
> if you r trying to capture packets and want some analysis, do use KDE based
> tool KSnuffle. it is downloadable from
>
> www.quaking.demon.co.uk/ksnuffle.html
>
> hope u will find it intersting
>
> Riaz Mahmood
>
>
> >From: Julián Muñoz <jmunoz@telefonica.net>
> >To: <lartc@mailman.ds9a.nl>
> >Subject: [LARTC] Capturing incoming packets
> >Date: Fri, 22 Mar 2002 12:39:56 +0000 (GMT)
> >
> >
> >I am investigating how to capture some packets from a network device (In
> >order to send them to IMQ).
> >
> >Looking at the kernel compilation options, I see it would be possible to
> >pick some packets and send them to a "netlink device".
> >
> >What I don't know is how to use this netlink device, and what is it
> >exactly, because the doc say it is going to disappear, and that we must
> >use "netlink sockets"
> >
> >Help?
> >
> >
> >Here some interesting info:
> >
> >
> >using CONFIG_IP_NF_QUEUE in the 2.4 Kernel:
> >
> >CONFIG_IP_NF_QUEUE:
> >
> >Netfilter has the ability to queue packets to user space: the
> >netlink device can be used to access them using this driver.
> >
> >If you want to compile it as a module, say M here and read
> >Documentation/modules.txt.  If unsure, say `N'.
> >
> >
> >
> >net/ipv4/netfilter/ip_queue.c :
> >
> >/*
> >  * This is a module which is used for queueing IPv4 packets and
> >  * communicating with userspace via netlink.
> >  *
> >  * (C) 2000 James Morris, this code is GPL.
> >  *
> >  * 2000-03-27: Simplified code (thanks to Andi Kleen for clues).
> >  * 2000-05-20: Fixed notifier problems (following Miguel Freitas' report).
> >  * 2000-06-19: Fixed so nfmark is copied to metadata (reported by
> >Sebastian
> >  *             Zander).
> >  * 2000-08-01: Added Nick Williams' MAC support.
> >  *
> >
> >
> >man iptables:
> >
> >TARGETS
> >        A firewall rule specifies criteria for  a  packet,  and  a
> >        target.   If  the  packet does not match, the next rule in
> >        the chain is the examined; if it does match, then the next
> >        rule is specified by the value of the target, which can be
> >        the name of a user-defined chain or  one  of  the  special
> >        values ACCEPT, DROP, QUEUE, or RETURN.
> >
> >        ACCEPT  means  to  let  the packet through.  DROP means to
> >        drop the packet on the floor.  QUEUE  means  to  pass  the
> >        packet  to userspace (if supported by the kernel).
> >
> >
> >
> >
> >
> >--
> >
> >       __o
> >     _ \<_
> >    (_)/(_)
> >
> >Saludos de Julián
> >EA4ACL
> >-.-
> >
> >Foro Wireless Madrid
> >http://opennetworks.rg3.net
> >
> >
> >
> >_______________________________________________
> >LARTC mailing list / LARTC@mailman.ds9a.nl
> >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>
>
>
> _________________________________________________________________
> Send and receive Hotmail on your mobile device: http://mobile.msn.com
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>

-- 

      __o
    _ \<_
   (_)/(_)

Saludos de Julián
EA4ACL
-.-

Foro Wireless Madrid
http://opennetworks.rg3.net


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2002-03-22 14:44 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-03-22 12:39 [LARTC] Capturing incoming packets Julián Muñoz
2002-03-22 14:16 ` Riaz Mahmood
2002-03-22 14:44 ` Julián Muñoz

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.