ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i have sniffed all the packets of a network using a c program in fedora core 1. And i also know which port number is initiating the packets. Ofcourse if the port numbers are defined like 23 or 80 etc than i can say that it is initiating from a telnet application or a http application. But if the port numbers are not known than how can i know which application inititated the packets. Can anyone help me out here i am really in trouble. Or there is any other theory except port address to know which application is initiating the packets.
Using C it's a sinch, like ToniT said, lsof -i and cat /proc/net/tcp, although a little differently.
You can read in /proc/net/tcp using a standard file open command in C, and the formatting, in case it eludes you, is all defined in the proc man and info pages.
lsof -i, though, is really a spiffy one, I'd never used that before, if you want to capture it's functionality, simply open a pipe to it, popen, look it up in the man pages as well. Then just scan in it's output and format however you'd like.
Actually, what i want to do is know the applications that are initiating different packets (using the port numbers) and then giving those packets high priority which are generated by real time applications such as voice application or most specifically VOIP i.e voice over IP which need consistent bandwidth and minimal delay.
For the priority purpose i chose CBQ i.e. class based queueing. Also if you people can give me some information i.e. implementation specific about CBQ then i will be very grateful to you.
There is no high-level C interface for what you want.
The only way to get the information which program is sending the packets is to use netstat(1). The netstat program has a lot of functionality to figure this out coded in. Short of taking netstat and writing your own variant you cannot gain the information about the program without using it. Alternatively, you could write a kernel module to do what you want.
So if you see a packet then you have top loock at the address/port tuples and then call netstat to find the line corrosponding to these tuples.
There is an obvious race condition that the connection might end after you see a packet and before your call through netstat is through, or, worse, that the connection ended and a new one is already in place by the time you read the netstat output.
If this is security related, also take into account that programs can fake the string that appears in ps(1) so you need some /proc sniffing to figure out which executable on disk exactly this was called from.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.