LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Raw packet Capture on Debian (https://www.linuxquestions.org/questions/linux-networking-3/raw-packet-capture-on-debian-571829/)

Cy_Angel 07-24-2007 04:26 AM
Raw packet Capture on Debian
 
Hello,

I'm using debian at the moment on an arm microprocessor. I am trying to capture packets sent via the ethernet port, classify them using some code that I have, and then send the result out via the second ethernet port.

I came accross the pcap() function on my google searches as a good function to use, but unfortunately, there is no manual entry for pcap on my debian OS. I doubt that the kernel will recognise the function if i tried calling it in my code.

Also, do I need to get my code running as a stand-alone on the processor before it is able to interact with the ethernet for the packet capture and sending? I just need to be able to read the headers of the packets to be able to classify them.


Any help would be appreciated. I have been looking this up for a while.:Pengy:

gloomy 07-24-2007 01:00 PM
You probably want the libpcap library from tcpdump dot org before anything else. And study the API before you start to program with it.

I have no clue whatsoever what you meant with the second question.

Cy_Angel 07-25-2007 04:51 AM
Well, i just realised that i could use the socket for the packet capture instead. So I'll try to find code around for that. Anyone who could please offer some help, I would be greatful

For the second part of the comment, I meant: Did I need to strip the linux kernel and run the code I have directly on the machine without an OS, or can I read the packets with the code running normally on the linux OS.

gloomy 07-26-2007 01:28 AM
I think the libpcap library is a great tool for learning purposes and purposes well beyond learning; it is widely used by almost all common packet capturers (there are also bindings at least for Python and Perl etc.).

For what you describe (capturing packets, doing something with them and sending them out to another interface) there are existing tools, and as we are living in an open source world, studying the source code of others is often the best choice. These tools include the new tool of Martin Roesch, Daemonlogger,

http://www.snort.org/users/roesch/Si...monlogger.html

or Tcpreplay

http://tcpreplay.sourceforge.net/,

among others, both using the mentioned libpcap.

Sure: you can run the code just normally under the (normal) Linux OS.

Perhaps a new thread in the coding section can be more useful, when you have more specific questions.


All times are GMT -5. The time now is 05:26 AM.