LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page please help me (socket progamming in C)
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 06-22-2009, 05:13 AM   #1
kannansubash
LQ Newbie
 
Registered: Jun 2009
Location: India
Posts: 3

Rep: Reputation: 0
please help me (socket progamming in C)

I am currently working on a project related to packet sniffing which has been implemented using the concept of raw sockets. I am using C language.
I am able to decode the following details from the packets received from a local network,like:
source and Destination Mac Address
source and Destination IP Address
source and Destination port no

But I am having trouble in decoding the domain name when an user in the local network is logging onto internet.For eg. if a user in the local network is trying to log on to web using his browser say if he has logged on to www.google.com then from the packet I need to get the following details

source Mac Address from which user had logged on
source IP Address from which user had logged on
domain name
 
Old 06-23-2009, 10:03 AM   #2
jhannah
LQ Newbie
 
Registered: Jun 2009
Posts: 5

Rep: Reputation: 0
I'm afraid it isn't usually that simple. To accomplish this, you would need to look for a few different things.

Namely, when a user connects to www.google.com in their browser, the browser will attempt to resolve the name to an IP address using DNS. Provided the machine doesn't have a cached value for the domain in question, the machine will send out a DNS request to it's configured DNS server and await a reply. This request is simply a UDP packet sent to port 53 so it too is something you can glean out of a traffic capture.

That being said, HTTP does actually pass the page requested by the user's browser in the GET request it makes. This will be the "Host:" attribute you see in the packet and is likely the easiest way to determine what domain the user was attempting to connect to.

Once you have determined the packet you are interested in looking at, you can pull the source MAC address out of the Ethernet header and the source IP address from the IP header.

Does that answer your question or help?

Jon Hannah
Sr. Network Engineer
jhannah@hostmysite.com
HostMySite.com
Last edited by jhannah; 06-24-2009 at 09:10 AM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't connect to UNIX socket /var/run/clamav/clamd.socket ganick Linux - Server 8 08-01-2008 01:22 PM
plz help regarding TCP/IP socket progamming in LINUX kernel omkarlagu Programming 0 01-20-2006 08:03 AM
cannot read data at server socket, though client socket sends it jacques83 Linux - Networking 0 11-15-2005 01:58 PM
Unable to connect to UNIX socket /tmp/.esd/socket error while using grip dr_zayus69 Linux - Software 4 08-23-2005 07:28 PM
Graphic progamming under Linux so_o Programming 9 09-16-2003 06:38 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:39 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration