hi all,


Im writing a recorder software which uses raw sockets ( Multicast Packets).

actually wot im doin is that i join the network and collect the packets and write them to a file.

but im getting a copy of all the packets.

my need is that i must get only the packet of that particular multicats IP i need with the header.

1.is there any way thro ordinary sockets i can extract the header too.

2. or thro rawsockets can i get only the packets i need


i read that the kernel gives a copy of the packet to all th rawsockets qwhich are opened at the same time. is there any way to eliminate this so that only the packet the socket needs will be provided to it.


Thanx in Advance

yes,
you can get the packets you need in raw sockets.
you need to decapsulate the packet from its header
whether it is a protocol specific search ( you can get this by header length ) or message specific search .... from the decapsulated packet ... you can get that !!!

You may use filters (Berkeley Packet Filter) with libpcap. Try it out.

kshid,
the reason im using Raw sockets is that i need the header too.

decapsulating the payload alone wont help.

primo,
can u give me more details about libpcap. so where can i find a detailed manual about it.


Thanx Guys...

See http://www.tcpdump.org/

There's a tutorial here:
http://www.tcpdump.org/pcap.htm

Chances are that you have it installed, at least the library itself. If not, install libpcap-devel on RPM systems. See pcap(3) (run "man 3 pcap") and tcpdump(1) for examples of filter expressions.

I've just written a skeletton of what you have to do.
http://www.linuxquestions.org/questi...d.php?t=422434
It's really a skeleton, it doesn't replace man pcap or reading the source code of tcpdump