Latest LQ Deal: Linux Power User Bundle
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 08-17-2010, 06:12 AM   #1
LQ Newbie
Registered: Apr 2010
Posts: 7

Rep: Reputation: 0
blocking outbound traffic in promisc mode


Is there a way to configure my interface to promisc mode and also make it not capture the "transmitted" packets. ?

I mean, i want the interface in Promisc mode but only for inbound traffic.

If there isnt any using ifconfig, can it be by configuring eth0 to promisc using ifconfig , and filtering outbound traffic from being captured using sockets or something ?
Old 08-18-2010, 05:38 PM   #2
Registered: May 2001
Posts: 29,361
Blog Entries: 55

Rep: Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547
Promiscuous mode (either the old or the new way) is one thing and capturing packets is another. While promiscuous mode implies you'll be actively capturing packets that doesn't need to be the case. Anyway, any libpcap-using application (tcpdump, ethereal, snort, p0f, you name it) can be configured to use a BPF (Berkeley Packet Filter) to limit or specify capturing only certain traffic. BPF follows rules you can find in 'man tcpdump'. For example 'tcp and not src host' would capture all TCP/IP traffic but not sent by host
Old 08-19-2010, 12:35 AM   #3
LQ Newbie
Registered: Apr 2010
Posts: 7

Original Poster
Rep: Reputation: 0
But in my case, there can be many hosts to which i'd be sending packets.

I am using sockets, and my application requires my box to act as a transparent packet capture and transport media. So the packets i get are not destined for me ( i have to transport em to otherside of the network using different medias other than ethernet).

And the packets i have to send neither have src = my ip / mac nor is the des = constant ip.

So in this particular case, how do i tell my program or interface to only give my socket the packets i am receiving, and not capture my transmitted packets when i use "recvfrom" on socket.
Old 08-19-2010, 08:50 PM   #4
LQ Guru
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 671Reputation: 671Reputation: 671Reputation: 671Reputation: 671Reputation: 671
Could you explain "different medias". Are these supported physical layers?

You seem to be describing a NAT bridge, so I don't understand why you are using an application in the first place and not ebtables.

If this is a programming question, it should be moved to the Programming forum.
Old 08-20-2010, 11:37 PM   #5
LQ Newbie
Registered: Apr 2010
Posts: 7

Original Poster
Rep: Reputation: 0
i couldnt find a of doing so through changing any settings. i looked and man pages for "packet" there is a field in saddrr_ll struct that tells about packet type (pkt_type i guess) which is marked as OUTGOING when kernel sends a packet. Hence if in promisc mode you get the transmitted packet . you can check this field to see if it was going out or really coming in.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
promisc mode nawuza Linux - Networking 1 09-24-2008 11:49 PM
promisc mode sulekha Linux - Networking 1 08-23-2008 06:56 AM
Blocking specific outbound traffic - iptables mistersnorfles Linux - Security 5 08-08-2007 03:14 PM
Can linux firewall traffic not necessarily intended for it (promisc mode)? tisource Linux - Security 2 11-16-2004 08:19 PM
eth0 in promisc mode sabeel_ansari Programming 2 06-21-2002 07:14 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 06:56 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration