Re: [LARTC] Capturing incoming packets

From: "Riaz Mahmood" <riazmahmood1@hotmail.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Capturing incoming packets
Date: Fri, 22 Mar 2002 14:16:07 +0000	[thread overview]
Message-ID: <marc-lartc-101680665328649@msgid-missing> (raw)
In-Reply-To: <marc-lartc-101680089922361@msgid-missing>

if you r trying to capture packets and want some analysis, do use KDE based 
tool KSnuffle. it is downloadable from

www.quaking.demon.co.uk/ksnuffle.html

hope u will find it intersting

Riaz Mahmood

>From: Julián Muñoz <jmunoz@telefonica.net>
>To: <lartc@mailman.ds9a.nl>
>Subject: [LARTC] Capturing incoming packets
>Date: Fri, 22 Mar 2002 12:39:56 +0000 (GMT)
>
>
>I am investigating how to capture some packets from a network device (In
>order to send them to IMQ).
>
>Looking at the kernel compilation options, I see it would be possible to
>pick some packets and send them to a "netlink device".
>
>What I don't know is how to use this netlink device, and what is it
>exactly, because the doc say it is going to disappear, and that we must
>use "netlink sockets"
>
>Help?
>
>
>Here some interesting info:
>
>
>using CONFIG_IP_NF_QUEUE in the 2.4 Kernel:
>
>CONFIG_IP_NF_QUEUE:
>
>Netfilter has the ability to queue packets to user space: the
>netlink device can be used to access them using this driver.
>
>If you want to compile it as a module, say M here and read
>Documentation/modules.txt.  If unsure, say `N'.
>
>
>
>net/ipv4/netfilter/ip_queue.c :
>
>/*
>  * This is a module which is used for queueing IPv4 packets and
>  * communicating with userspace via netlink.
>  *
>  * (C) 2000 James Morris, this code is GPL.
>  *
>  * 2000-03-27: Simplified code (thanks to Andi Kleen for clues).
>  * 2000-05-20: Fixed notifier problems (following Miguel Freitas' report).
>  * 2000-06-19: Fixed so nfmark is copied to metadata (reported by  
>Sebastian
>  *             Zander).
>  * 2000-08-01: Added Nick Williams' MAC support.
>  *
>
>
>man iptables:
>
>TARGETS
>        A firewall rule specifies criteria for  a  packet,  and  a
>        target.   If  the  packet does not match, the next rule in
>        the chain is the examined; if it does match, then the next
>        rule is specified by the value of the target, which can be
>        the name of a user-defined chain or  one  of  the  special
>        values ACCEPT, DROP, QUEUE, or RETURN.
>
>        ACCEPT  means  to  let  the packet through.  DROP means to
>        drop the packet on the floor.  QUEUE  means  to  pass  the
>        packet  to userspace (if supported by the kernel).
>
>
>
>
>
>--
>
>       __o
>     _ \<_
>    (_)/(_)
>
>Saludos de Julián
>EA4ACL
>-.-
>
>Foro Wireless Madrid
>http://opennetworks.rg3.net
>
>
>
>_______________________________________________
>LARTC mailing list / LARTC@mailman.ds9a.nl
>http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/