LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-17-2010, 05:12 AM   #1
salimbaba
LQ Newbie
 
Registered: Apr 2010
Posts: 7

Rep: Reputation: 0
blocking outbound traffic in promisc mode


hi,

Is there a way to configure my interface to promisc mode and also make it not capture the "transmitted" packets. ?

I mean, i want the interface in Promisc mode but only for inbound traffic.

If there isnt any using ifconfig, can it be by configuring eth0 to promisc using ifconfig , and filtering outbound traffic from being captured using sockets or something ?
 
Old 08-18-2010, 04:38 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,310
Blog Entries: 54

Rep: Reputation: 2858Reputation: 2858Reputation: 2858Reputation: 2858Reputation: 2858Reputation: 2858Reputation: 2858Reputation: 2858Reputation: 2858Reputation: 2858Reputation: 2858
Promiscuous mode (either the old or the new way) is one thing and capturing packets is another. While promiscuous mode implies you'll be actively capturing packets that doesn't need to be the case. Anyway, any libpcap-using application (tcpdump, ethereal, snort, p0f, you name it) can be configured to use a BPF (Berkeley Packet Filter) to limit or specify capturing only certain traffic. BPF follows rules you can find in 'man tcpdump'. For example 'tcp and not src host 192.168.1.100' would capture all TCP/IP traffic but not sent by host 192.168.1.100.
 
Old 08-18-2010, 11:35 PM   #3
salimbaba
LQ Newbie
 
Registered: Apr 2010
Posts: 7

Original Poster
Rep: Reputation: 0
But in my case, there can be many hosts to which i'd be sending packets.

I am using sockets, and my application requires my box to act as a transparent packet capture and transport media. So the packets i get are not destined for me ( i have to transport em to otherside of the network using different medias other than ethernet).

And the packets i have to send neither have src = my ip / mac nor is the des = constant ip.

So in this particular case, how do i tell my program or interface to only give my socket the packets i am receiving, and not capture my transmitted packets when i use "recvfrom" on socket.
 
Old 08-19-2010, 07:50 PM   #4
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Could you explain "different medias". Are these supported physical layers?

You seem to be describing a NAT bridge, so I don't understand why you are using an application in the first place and not ebtables.

If this is a programming question, it should be moved to the Programming forum.
 
Old 08-20-2010, 10:37 PM   #5
salimbaba
LQ Newbie
 
Registered: Apr 2010
Posts: 7

Original Poster
Rep: Reputation: 0
i couldnt find a of doing so through changing any settings. i looked and man pages for "packet" there is a field in saddrr_ll struct that tells about packet type (pkt_type i guess) which is marked as OUTGOING when kernel sends a packet. Hence if in promisc mode you get the transmitted packet . you can check this field to see if it was going out or really coming in.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
promisc mode nawuza Linux - Networking 1 09-24-2008 10:49 PM
promisc mode sulekha Linux - Networking 1 08-23-2008 05:56 AM
Blocking specific outbound traffic - iptables mistersnorfles Linux - Security 5 08-08-2007 02:14 PM
Can linux firewall traffic not necessarily intended for it (promisc mode)? tisource Linux - Security 2 11-16-2004 07:19 PM
eth0 in promisc mode sabeel_ansari Programming 2 06-21-2002 06:14 AM


All times are GMT -5. The time now is 09:54 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration