want help in socket programming
i'm doing Intrusion Detection Systems(IDS) project in my university here in India. all we know Intrusion Detection needs to sniff all the packets on the network. but here i want to add some preventive measures wich needs capturing and handling packets just like a firewall.
i'm struct in this situation. i don't know how firewall catches and handle packets. i read many articles all are saying how to configure existing firewall in Linux.(i'm using readhat 9.0). but i want basic programming concepts behind this.
if anybody know it plz help me.
To sniff packets in your network, you should use a packet filter or an app that use an packet filter, like tcpdump.
tcpdump is a powerfull tool, try to use it.
Now, about your project you'll need to treat the information that you gather with the filter. Good luck with it.
thank you very much
but i think tcpdump only gets a copy of actual packets.
can't we get the packet directly from the ehernet card?
actually what i want is .....
getting packet directly from ehternet card, and these packets will be analysed by my program and then my program will forward the packets as usuall.
just i want to change the actual flow of packets at the system level like that is happening in the firewall...
i think u got me.
i know actually it is not a part of Intrusion detection system (IDS). but i want to add this fuctionality to it.
|All times are GMT -5. The time now is 10:36 PM.|