LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   *BSD (http://www.linuxquestions.org/questions/%2Absd-17/)
-   -   want help in socket programming (http://www.linuxquestions.org/questions/%2Absd-17/want-help-in-socket-programming-91554/)

valib4u 09-11-2003 03:51 AM

want help in socket programming
 
Dear friends

i'm doing Intrusion Detection Systems(IDS) project in my university here in India. all we know Intrusion Detection needs to sniff all the packets on the network. but here i want to add some preventive measures wich needs capturing and handling packets just like a firewall.

i'm struct in this situation. i don't know how firewall catches and handle packets. i read many articles all are saying how to configure existing firewall in Linux.(i'm using readhat 9.0). but i want basic programming concepts behind this.

if anybody know it plz help me.

thanking u
Vali

nullpt 09-11-2003 06:33 AM

To sniff packets in your network, you should use a packet filter or an app that use an packet filter, like tcpdump.
tcpdump is a powerfull tool, try to use it.

Now, about your project you'll need to treat the information that you gather with the filter. Good luck with it.

valib4u 09-11-2003 11:17 PM

thank you very much

but i think tcpdump only gets a copy of actual packets.
can't we get the packet directly from the ehernet card?

actually what i want is .....

getting packet directly from ehternet card, and these packets will be analysed by my program and then my program will forward the packets as usuall.

just i want to change the actual flow of packets at the system level like that is happening in the firewall...

i think u got me.

i know actually it is not a part of Intrusion detection system (IDS). but i want to add this fuctionality to it.


All times are GMT -5. The time now is 06:23 PM.