Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Don't you mean bpf? Google is your friend there, or a bookstore would be an even better friend. TCP/IP Illustrated, Volume 1: The Protocols has some very good information about bpf. Since it's used in just about every major networking monitoring or manipulation application there is a lot of information available on the web.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
By the way, it's Berkley Packet Filter.
Linux Questions doesn't exist for us to do your homework for you. If you're trying to get something setup and you're getting errors or need some advice, you will find tons of help here. If you want to sit there and give us your assignment and ask the LQ members to do your work for you, well that is not going to happen.
We will be very happy to help explain answers to specific questions. If you have something more specific than "tell me everything about ____" then we can help.
By the way, 10 days is tons of time to read. You could finish a small book in 10 days, or read dozens of websites. Do yourself a favor and do some reading so you know what questions to ask.
MY dissertation's to capture packets and analyse them under Linux(I use RedHat now),just like the TCPDUMP(I don't think mine is like it,it's huge for me,and I don't have enough time).
At the beginning,I read the books I think which would help me to finish my dissertation like :
TCP/IP Illustrated, Volume 1: The Protocols,
TCP/IP Illustrated,Volume 2:The Implementation(not finish)
UNIX Network Programming Volume 1(not finish)
Beginning LINUX Programming 2nd Edition
Linux Socket Programming by Example
Advanced Linux Programming
Advanced Programming in the UNIX Environment(not finish)
When I prepair to start my dissertation and want to use BPF,But I found the BPF's used under Unix not Linux,oh god.That means no BPF device in my Linux system,and is that means if I want to use it and I must firt install it(I have bpf.c, bpf.h, bpf_compat.h, bpf_filter.c, bpfdesc.h which from 4.4BSD-Lite.tar.gz)
Some guys suggest me to use the SOCK_RAW.But I know little about it.
So I want to use BPF to implement it though I am use Linux.Is that possible???
Or could I just add "pseudo-device bpfilter 4" to my kernel and recompile it?
Does it work?
Last edited by docterling; 05-20-2004 at 02:54 AM.
Now I know Linux also has "BPF",it call LPF(Linux Packet Filter:Ethertap),but the GENERIC kernel does not has in it,so I must recompile a new kernel,a alternative would be to use a raw socket to send data and
use libpcap to receive it,and I decide to use this to complete my dissertation.
Anyway thank you chort.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.