regarding sniffing...

From: Mal Hacker (
Date: Mon May 28 2001 - 08:05:17 EST

hello friends,
now as i am mailing u so the basic reason is that i
have a problem and maybe
anybody of u can suggest me some good solution....
the main motive of mine is to design a network
on a linux platform and complete userlevel
the basic motive of making it platform independent ...
but for now
I can go with linux only.
now what i have gone thru is tcpdump/libpcap/linux
socket filter/ and have also
read something about ipchains and some related here is my basic problem...
a) is there any system call (or a set of them)
available which gives me
ip packets from network interface, by that i mean :
all ip packets with ethernet header removed but
reassembled (i.e. in anycase
                either for tcp or udp i should not get
fragmented packets).
b) secondly is there a way to do the same thing via
libpcap 'coz libpcap probably
does'nt support ip reassembly (as i know). and due to
the same reason tcpdump
fails for fragmented packets.
c) does LSF(linux dsocket filter) has a similar option
All this with the fact that i don't want to modify the
existing kernel code
so as to make some modifications on the raw socket BSD
interface to provide such a option.
Also, you may say that ipchains or some other stuff
may support this, them if
possible please guide me to it coz i have not read
about them.
Other than libpcap (user level filtering on linux) and
of course LSF is there
any other filtering method which can be employed to do
the above task.....
Also, the basic reason for this is that i want to do
some sort of in-kernel
filtering so that all the packets which i am reading
thru the interface are
somewhat filtered on the basis of some very basic
criterieas...i.e. upto some
ip address and port number filtering..
thanks ...i may not be too clear in what i am asking
for..but maybe..someone may
be able to help...

thanks in advance


