capturing ethernet packets
i am final year student of computer engineering and working on my major project. So i need some help from you people out there.
The problem is i am not getting myself able to capture ehternet packets.
May be giving some information about the library libcap can help me...
If you mean truly ethernet encapsulated traffic you're going to find it very difficult without specific tools designed for that. The reason being, anything linux and libpcap are seeing has been filtered by the ethernet card itself. It's physically stripping off the ethernet encapsulation(if I'm still read up enough on things) such that you can't see ethernet packets themselves, only what they contain.
u need to open up a link layer raw socket, aka a packet socket. this will let you recieve packets at the link layer, with ethernet header attached. only thing u dont get is the ethernet CRC, which the driver/device strips after verifying. man packet, or read the docs for pcap if u want to be platform independent.
Even i am working on the same. Possibly this info may help you.
[See this isn't true ethernet packet sniffing, just hooking to those packets which are in the kernel protocol stack.]
You can have a look at NetFilter, which provides hooks into the kernel n/w protocol stack, and from each hook packets can be retrieved and tampered, dropped, allowed to move as original through the stack etc.
You will have to make a module which registers the hooks, which can be at :
1. When a packet enters the linux box, whether for being forwarded or for destination.
2. when a packet is there for being forwarded over the network.
3. when packets are being injected from the linux box onto the ethernet.
There is lots of info avalable regarding this on net, search [sorry, i do not have a handy link]
Also, in the /usr/src/linux/net/ipv4/ there are c files being used particularly for packets that are coming into the linux box or going out , but following ipv4 protocol.
In ip_input.c there is a function ip_rcv() which handles ALL the packets destined for that particular machine, and function ip_local_deliver() for ALL the packets whether destined or being forwarded.
Try this out, may be it helps
first of all i would like to thanks everybody. Actually i have not expected so much response from you people again i am so thankful to you.
my progress is little up now.
Here is the proposal on which i am working on
Bandwidth Management System
VoIP Prioritization and Browser Timer
The bandwidth management software is basically applicable for the effective use of the available bandwidth that is at the user end, which helps the client to manage the bandwidth effectively and to help them monitor the bandwidth consumed by all the customers and to have a control over the consumption of bandwidth by the individual customer at the client place, It also helps the client to monitor the user time and generate the bill for the client for the usage of the Internet and prioritize VoIP among the distributed client locations
As bandwidth is highly expensive, the client is a pretty much concerned with the use of the available bandwidth in an efficient and effective manner, by down sizing the pipe of available bandwidth and prioritize it for the VoIP among the client in different locations.
System Requirement Specification:
The Expected system is bound to have the following facility:
1.An end user oriented system that is efficient in managing Bandwidth.
2.Easy operation for the client with simple interactive user interface for clients comfort.
3.Simple design of the system architecture makes the system understandable even by the beginners.
4.No expert Computer Savvy is required for the operation of the system.
5.The system is to be on the stand alone machine within the Local Area network of the client premises.
6.The system is expected to have good security to avoid virus intrusion and eve’s droppers.
7.The system is expected to be effective and do the prioritization of different traffic in the network, and also should do the browser timing (as soon as a user starts browsing on a terminal at client’s place, the software should start the time calculation and when the user closes the browser, it would calculate the time of usage of the system and the amount the customer has to pay).
8.Linux is the preferred platform for its security and virus resistance for the application.
9.IP based control should be implemented, Bandwidth shaping for the client to better utilize the available Bandwidth, i.e. to get more out of the less Bandwidth (Save Money) by monitoring and regulating the use of bandwidth effectively by each user by restricting with an optimal Upload traffic (Up loading Attachments) to have the available bandwidth prioritized for the VoIP Traffic (Device).
10. The software should be able to control up-traffic and down traffic separately so that the up-traffic can be restricted for the browsing customers and not allow them to consume too much bandwidth while uploading attachment
(Size down the pipe)
•The product had to be implemented on different location at the clients place having around some 10 client machines at each location.
•Voice will be between all these locations (A two way flow), from the clients locations among themselves.
•An IP based priority is used for implementing this, Priority may be set to the highest for the voice device (VoIP_Decive).
•Each location having the system implemented will have its own control, i.e. there is no any central thread of control for the application even though the clients at different locations share a common bandwidth pool.
•IP based control should be there, it can be live or private IP address.
for this proposal i made a theory or say concept
the first step of my theory is to sniff all the packets in the server i.e sniffing in promiscous mode
the second step is to identify the type of packet based on application layer protocol using transport layer(tcp udp), internet layer(ip) and datalink layer(ethernet) and prioritize them according to the bandwidth requirements.i.e high priority for high bandwidth requiring application packets
the final step is to implent CBQ.
i've already finished the sniffing phase
the rest is left
look into ip tables, i think u can do all that stuff already. i remember there being another post on here with nearly exact same idea, and someone suggested some advanced ip tables feature that i can't remember the name of. but it was able to prioritize traffic based on header values... damn ican't remember what it was exactly, try searching in here.
|All times are GMT -5. The time now is 02:29 AM.|