Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
is it possible to use IP Tables as part of a network sniffer ? I'm looking into developing something that uses them in c but not sure yet.... what do you think ?
Im looking into using syslog. I've tried tcpdump, ettercap , ethereal and a handful of other network analysers , some were pretty good. But I'm really interested in creating my own network analyser. I set snort up on the computer but I havent gotten to try it yet. I thought snort was only an intusion detection system.
Loggin using iptables is not a very good idea, because it's not designed for this. Instead, you can write your own customized code using libpcap library. That's the one tcpdump uses. libpcap handlessniffing, writing packets to files and many interesting things.
Someone in IBM came up with a way to do it(1) but it involves using kernel modules (firewall hooks) and for some reason the /usr/src/ directroy does'nt have the linux directory. I've downloaded kernel-source for 2.4.18 but its going to take me a long time to work out how to program kernel modules and add and remove them.
Yeah I've been reading alot about libpcap, it looks good. Easy enough to pick up(compared to the kernel modules). Alot of the network analysers ive been looking at use it. I worked through a few tutorials (2) so i think i might just build my analyser using that....
I built a system using lipcap it went pretty good. I also tried out using ulogging with IP Tables, for analysis but I couldnt get it working yet though.
Finally I developed a system using the Log files from IP Tables. I set the logging options on the IP Table rules and was able to get the log info from /var/log/kern.log files. I then used java to open the file and analysis the info.. I have to say Java is the business....
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
