[LARTC] Packet Interception
John Default
default at advaita.sytes.net
Fri Oct 12 14:10:29 CEST 2007
Hi.
Jayesh Agrawal wrote:
> Hello!
>
> In the earlier mail I think I was not clear... Actually the following
> is my requirements:
>
>
> 1) our requirement is to capture all packets originating/destined to a
> particular machine. This also includes ping packets to same
> machine/localhost. i.e. at machine A we want to also capture packets
> originating from say machine A and destined to machine A (these
> propably do not go to data link layer).
did you consider using iptables -j QUEUE ? maybe it would be possible
with that (even if you want to delay loopback packets).
http://www.crhc.uiuc.edu/~grier/projects/libipq.html
> 2) we want to experiment the behavior by adding delays to those
> packets, and that is why we want the actual packet and a copy of
> packet wont serve purpose.
but i saw warning that when you delay for too long, queue may fill up
and you start to loose packets.
> 3) we are open to listen at whatever layer (datalinke/network) and so
> how can we achieve this functionality.
>
you were right, loopback packets aren't seen in pcap, only thing going
through some interface
--
___________________________________
S pozdravom / Best regards
John Default
More information about the LARTC
mailing list