Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Non-*NIX Forums > Programming
User Name
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.


  Search this Thread
Old 07-27-2004, 01:17 PM   #1
LQ Newbie
Registered: Jun 2004
Location: nepal
Posts: 26

Rep: Reputation: 15
capturing ethernet packets

i am final year student of computer engineering and working on my major project. So i need some help from you people out there.

The problem is i am not getting myself able to capture ehternet packets.
May be giving some information about the library libcap can help me...
Old 07-27-2004, 01:19 PM   #2
Registered: Feb 2001
Location: Texas
Distribution: Slackware, Mandrake, LFS
Posts: 306

Rep: Reputation: 30
If you mean truly ethernet encapsulated traffic you're going to find it very difficult without specific tools designed for that. The reason being, anything linux and libpcap are seeing has been filtered by the ethernet card itself. It's physically stripping off the ethernet encapsulation(if I'm still read up enough on things) such that you can't see ethernet packets themselves, only what they contain.
Old 07-27-2004, 01:42 PM   #3
Registered: Mar 2003
Posts: 804

Rep: Reputation: 30
u need to open up a link layer raw socket, aka a packet socket. this will let you recieve packets at the link layer, with ethernet header attached. only thing u dont get is the ethernet CRC, which the driver/device strips after verifying. man packet, or read the docs for pcap if u want to be platform independent.
Old 08-01-2004, 11:41 PM   #4
Registered: Jul 2004
Location: Delhi
Distribution: FC3, RH 9.0
Posts: 39

Rep: Reputation: 16

Even i am working on the same. Possibly this info may help you.

[See this isn't true ethernet packet sniffing, just hooking to those packets which are in the kernel protocol stack.]

You can have a look at NetFilter, which provides hooks into the kernel n/w protocol stack, and from each hook packets can be retrieved and tampered, dropped, allowed to move as original through the stack etc.

You will have to make a module which registers the hooks, which can be at :
1. When a packet enters the linux box, whether for being forwarded or for destination.
2. when a packet is there for being forwarded over the network.
3. when packets are being injected from the linux box onto the ethernet.

There is lots of info avalable regarding this on net, search [sorry, i do not have a handy link]

Also, in the /usr/src/linux/net/ipv4/ there are c files being used particularly for packets that are coming into the linux box or going out , but following ipv4 protocol.

In ip_input.c there is a function ip_rcv() which handles ALL the packets destined for that particular machine, and function ip_local_deliver() for ALL the packets whether destined or being forwarded.

Try this out, may be it helps

Old 08-02-2004, 01:00 PM   #5
LQ Newbie
Registered: Jun 2004
Location: Nepal
Distribution: Slackware 10.2
Posts: 15

Rep: Reputation: 0
Network Programming...contd...

first of all i would like to thanks everybody. Actually i have not expected so much response from you people again i am so thankful to you.

my progress is little up now.
Here is the proposal on which i am working on

Bandwidth Management System
VoIP Prioritization and Browser Timer
The bandwidth management software is basically applicable for the effective use of the available bandwidth that is at the user end, which helps the client to manage the bandwidth effectively and to help them monitor the bandwidth consumed by all the customers and to have a control over the consumption of bandwidth by the individual customer at the client place, It also helps the client to monitor the user time and generate the bill for the client for the usage of the Internet and prioritize VoIP among the distributed client locations

As bandwidth is highly expensive, the client is a pretty much concerned with the use of the available bandwidth in an efficient and effective manner, by down sizing the pipe of available bandwidth and prioritize it for the VoIP among the client in different locations.

System Requirement Specification:

The Expected system is bound to have the following facility:
1.An end user oriented system that is efficient in managing Bandwidth.
2.Easy operation for the client with simple interactive user interface for clients comfort.
3.Simple design of the system architecture makes the system understandable even by the beginners.
4.No expert Computer Savvy is required for the operation of the system.
5.The system is to be on the stand alone machine within the Local Area network of the client premises.
6.The system is expected to have good security to avoid virus intrusion and eve’s droppers.
7.The system is expected to be effective and do the prioritization of different traffic in the network, and also should do the browser timing (as soon as a user starts browsing on a terminal at client’s place, the software should start the time calculation and when the user closes the browser, it would calculate the time of usage of the system and the amount the customer has to pay).
8.Linux is the preferred platform for its security and virus resistance for the application.
9.IP based control should be implemented, Bandwidth shaping for the client to better utilize the available Bandwidth, i.e. to get more out of the less Bandwidth (Save Money) by monitoring and regulating the use of bandwidth effectively by each user by restricting with an optimal Upload traffic (Up loading Attachments) to have the available bandwidth prioritized for the VoIP Traffic (Device).
10. The software should be able to control up-traffic and down traffic separately so that the up-traffic can be restricted for the browsing customers and not allow them to consume too much bandwidth while uploading attachment
(Size down the pipe)

Implementation Specification:
•The product had to be implemented on different location at the clients place having around some 10 client machines at each location.
•Voice will be between all these locations (A two way flow), from the clients locations among themselves.
•An IP based priority is used for implementing this, Priority may be set to the highest for the voice device (VoIP_Decive).
•Each location having the system implemented will have its own control, i.e. there is no any central thread of control for the application even though the clients at different locations share a common bandwidth pool.
•IP based control should be there, it can be live or private IP address.

for this proposal i made a theory or say concept

the first step of my theory is to sniff all the packets in the server i.e sniffing in promiscous mode

the second step is to identify the type of packet based on application layer protocol using transport layer(tcp udp), internet layer(ip) and datalink layer(ethernet) and prioritize them according to the bandwidth requirements.i.e high priority for high bandwidth requiring application packets

the final step is to implent CBQ.

that's all

i've already finished the sniffing phase
the rest is left
Old 08-02-2004, 01:46 PM   #6
Registered: Mar 2003
Posts: 804

Rep: Reputation: 30
look into ip tables, i think u can do all that stuff already. i remember there being another post on here with nearly exact same idea, and someone suggested some advanced ip tables feature that i can't remember the name of. but it was able to prioritize traffic based on header values... damn ican't remember what it was exactly, try searching in here.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Capturing packets from my WAN/Router {O_o} Linux - Security 4 10-12-2005 04:56 PM
VoIP Packets capturing in linux fastian Linux - Networking 1 03-25-2005 11:34 AM
Ethernet packets vs kernel speed alaios Linux - Networking 3 12-02-2004 02:10 AM
Ethernet packets vs kernel speed alaios Linux - Networking 1 12-01-2004 02:40 AM
Capturing packets in ethereal as non-root user? maxor Linux - Software 6 08-27-2003 03:05 PM > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 03:04 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration