I am investigating how to capture some packets from a network device (In
order to send them to IMQ).
Looking at the kernel compilation options, I see it would be possible to
pick some packets and send them to a "netlink device".
What I don''t know is how to use this netlink device, and what is it
exactly, because the doc say it is going to disappear, and that we must
use "netlink sockets"
Help?
Here some interesting info:
using CONFIG_IP_NF_QUEUE in the 2.4 Kernel:
CONFIG_IP_NF_QUEUE:
Netfilter has the ability to queue packets to user space: the
netlink device can be used to access them using this driver.
If you want to compile it as a module, say M here and read
Documentation/modules.txt. If unsure, say `N''.
net/ipv4/netfilter/ip_queue.c :
/*
* This is a module which is used for queueing IPv4 packets and
* communicating with userspace via netlink.
*
* (C) 2000 James Morris, this code is GPL.
*
* 2000-03-27: Simplified code (thanks to Andi Kleen for clues).
* 2000-05-20: Fixed notifier problems (following Miguel Freitas''
report).
* 2000-06-19: Fixed so nfmark is copied to metadata (reported by Sebastian
* Zander).
* 2000-08-01: Added Nick Williams'' MAC support.
*
man iptables:
TARGETS
A firewall rule specifies criteria for a packet, and a
target. If the packet does not match, the next rule in
the chain is the examined; if it does match, then the next
rule is specified by the value of the target, which can be
the name of a user-defined chain or one of the special
values ACCEPT, DROP, QUEUE, or RETURN.
ACCEPT means to let the packet through. DROP means to
drop the packet on the floor. QUEUE means to pass the
packet to userspace (if supported by the kernel).
--
__o
_ \<_
(_)/(_)
Saludos de Julián
EA4ACL
-.-
Foro Wireless Madrid
http://opennetworks.rg3.net
if you r trying to capture packets and want some analysis, do use KDE based tool KSnuffle. it is downloadable from www.quaking.demon.co.uk/ksnuffle.html hope u will find it intersting Riaz Mahmood>From: Julián Muñoz <jmunoz@telefonica.net> >To: <lartc@mailman.ds9a.nl> >Subject: [LARTC] Capturing incoming packets >Date: Fri, 22 Mar 2002 12:39:56 +0000 (GMT) > > >I am investigating how to capture some packets from a network device (In >order to send them to IMQ). > >Looking at the kernel compilation options, I see it would be possible to >pick some packets and send them to a "netlink device". > >What I don''t know is how to use this netlink device, and what is it >exactly, because the doc say it is going to disappear, and that we must >use "netlink sockets" > >Help? > > >Here some interesting info: > > >using CONFIG_IP_NF_QUEUE in the 2.4 Kernel: > >CONFIG_IP_NF_QUEUE: > >Netfilter has the ability to queue packets to user space: the >netlink device can be used to access them using this driver. > >If you want to compile it as a module, say M here and read >Documentation/modules.txt. If unsure, say `N''. > > > >net/ipv4/netfilter/ip_queue.c : > >/* > * This is a module which is used for queueing IPv4 packets and > * communicating with userspace via netlink. > * > * (C) 2000 James Morris, this code is GPL. > * > * 2000-03-27: Simplified code (thanks to Andi Kleen for clues). > * 2000-05-20: Fixed notifier problems (following Miguel Freitas'' report). > * 2000-06-19: Fixed so nfmark is copied to metadata (reported by >Sebastian > * Zander). > * 2000-08-01: Added Nick Williams'' MAC support. > * > > >man iptables: > >TARGETS > A firewall rule specifies criteria for a packet, and a > target. If the packet does not match, the next rule in > the chain is the examined; if it does match, then the next > rule is specified by the value of the target, which can be > the name of a user-defined chain or one of the special > values ACCEPT, DROP, QUEUE, or RETURN. > > ACCEPT means to let the packet through. DROP means to > drop the packet on the floor. QUEUE means to pass the > packet to userspace (if supported by the kernel). > > > > > >-- > > __o > _ \<_ > (_)/(_) > >Saludos de Julián >EA4ACL >-.- > >Foro Wireless Madrid >http://opennetworks.rg3.net > > > >_______________________________________________ >LARTC mailing list / LARTC@mailman.ds9a.nl >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/_________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com
Well, I didn''t want to capture packets for analyse, but for enqueuing them in another device, but thanks, I also searched something better that tcpdump !!!!! :-) :-)) On Fri, 22 Mar 2002, Riaz Mahmood wrote:> > if you r trying to capture packets and want some analysis, do use KDE based > tool KSnuffle. it is downloadable from > > www.quaking.demon.co.uk/ksnuffle.html > > hope u will find it intersting > > Riaz Mahmood > > > >From: Julián Muñoz <jmunoz@telefonica.net> > >To: <lartc@mailman.ds9a.nl> > >Subject: [LARTC] Capturing incoming packets > >Date: Fri, 22 Mar 2002 12:39:56 +0000 (GMT) > > > > > >I am investigating how to capture some packets from a network device (In > >order to send them to IMQ). > > > >Looking at the kernel compilation options, I see it would be possible to > >pick some packets and send them to a "netlink device". > > > >What I don''t know is how to use this netlink device, and what is it > >exactly, because the doc say it is going to disappear, and that we must > >use "netlink sockets" > > > >Help? > > > > > >Here some interesting info: > > > > > >using CONFIG_IP_NF_QUEUE in the 2.4 Kernel: > > > >CONFIG_IP_NF_QUEUE: > > > >Netfilter has the ability to queue packets to user space: the > >netlink device can be used to access them using this driver. > > > >If you want to compile it as a module, say M here and read > >Documentation/modules.txt. If unsure, say `N''. > > > > > > > >net/ipv4/netfilter/ip_queue.c : > > > >/* > > * This is a module which is used for queueing IPv4 packets and > > * communicating with userspace via netlink. > > * > > * (C) 2000 James Morris, this code is GPL. > > * > > * 2000-03-27: Simplified code (thanks to Andi Kleen for clues). > > * 2000-05-20: Fixed notifier problems (following Miguel Freitas'' report). > > * 2000-06-19: Fixed so nfmark is copied to metadata (reported by > >Sebastian > > * Zander). > > * 2000-08-01: Added Nick Williams'' MAC support. > > * > > > > > >man iptables: > > > >TARGETS > > A firewall rule specifies criteria for a packet, and a > > target. If the packet does not match, the next rule in > > the chain is the examined; if it does match, then the next > > rule is specified by the value of the target, which can be > > the name of a user-defined chain or one of the special > > values ACCEPT, DROP, QUEUE, or RETURN. > > > > ACCEPT means to let the packet through. DROP means to > > drop the packet on the floor. QUEUE means to pass the > > packet to userspace (if supported by the kernel). > > > > > > > > > > > >-- > > > > __o > > _ \<_ > > (_)/(_) > > > >Saludos de Julián > >EA4ACL > >-.- > > > >Foro Wireless Madrid > >http://opennetworks.rg3.net > > > > > > > >_______________________________________________ > >LARTC mailing list / LARTC@mailman.ds9a.nl > >http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > > > _________________________________________________________________ > Send and receive Hotmail on your mobile device: http://mobile.msn.com > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >-- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.- Foro Wireless Madrid http://opennetworks.rg3.net