LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Raw packet Capture on Debian
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 07-24-2007, 04:26 AM   #1
Cy_Angel
LQ Newbie
 
Registered: Jun 2007
Posts: 8

Rep: Reputation: 0
Question Raw packet Capture on Debian

Hello,

I'm using debian at the moment on an arm microprocessor. I am trying to capture packets sent via the ethernet port, classify them using some code that I have, and then send the result out via the second ethernet port.

I came accross the pcap() function on my google searches as a good function to use, but unfortunately, there is no manual entry for pcap on my debian OS. I doubt that the kernel will recognise the function if i tried calling it in my code.

Also, do I need to get my code running as a stand-alone on the processor before it is able to interact with the ethernet for the packet capture and sending? I just need to be able to read the headers of the packets to be able to classify them.


Any help would be appreciated. I have been looking this up for a while.
Last edited by Cy_Angel; 07-25-2007 at 05:03 AM.
 
Old 07-24-2007, 01:00 PM   #2
gloomy
Member
 
Registered: Jan 2006
Location: Finland
Distribution: Mainly Gentoo
Posts: 119

Rep: Reputation: 15
You probably want the libpcap library from tcpdump dot org before anything else. And study the API before you start to program with it.

I have no clue whatsoever what you meant with the second question.
 
Old 07-25-2007, 04:51 AM   #3
Cy_Angel
LQ Newbie
 
Registered: Jun 2007
Posts: 8

Original Poster
Rep: Reputation: 0
Well, i just realised that i could use the socket for the packet capture instead. So I'll try to find code around for that. Anyone who could please offer some help, I would be greatful

For the second part of the comment, I meant: Did I need to strip the linux kernel and run the code I have directly on the machine without an OS, or can I read the packets with the code running normally on the linux OS.
 
Old 07-26-2007, 01:28 AM   #4
gloomy
Member
 
Registered: Jan 2006
Location: Finland
Distribution: Mainly Gentoo
Posts: 119

Rep: Reputation: 15
I think the libpcap library is a great tool for learning purposes and purposes well beyond learning; it is widely used by almost all common packet capturers (there are also bindings at least for Python and Perl etc.).

For what you describe (capturing packets, doing something with them and sending them out to another interface) there are existing tools, and as we are living in an open source world, studying the source code of others is often the best choice. These tools include the new tool of Martin Roesch, Daemonlogger,

http://www.snort.org/users/roesch/Si...monlogger.html

or Tcpreplay

http://tcpreplay.sourceforge.net/,

among others, both using the mentioned libpcap.

Sure: you can run the code just normally under the (normal) Linux OS.

Perhaps a new thread in the coding section can be more useful, when you have more specific questions.
 
  


Reply

Tags
ethernet, packets, raw



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
raw socket/ip packet help shouup Programming 14 04-24-2006 04:54 PM
how do i read the data in the packet that i have captured after packet capture? gajaykrishnan Programming 23 04-19-2006 05:09 AM
raw packet sending & receiving sjcoder Programming 7 01-11-2006 04:07 AM
Raw Syn Packet with Data GodSendDeath Programming 4 04-06-2004 04:53 PM
Raw Packet Data vanibhat Linux - Security 1 08-01-2003 07:42 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:44 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration