doubts about how to detect an specific kind of tcp/ip packets.
Jorge Pereira
jpereiran at gmail.com
Thu Sep 18 13:36:01 PDT 2014
Hi Alan,
thanks for replying! so, i need to listening some network interfaces
and do something always when arrive packets of ICMP from specific
source address. eg: execute some shell-script.
--
Jorge Pereira
On Thu, Sep 18, 2014 at 5:27 PM, Alan Goodman
<notifications at yescomputersolutions.com> wrote:
> Might be useful to start with what you are trying to achieve and why you are
> trying to achieve it.
>
> You are fairly thin on details, for real time analysis something along the
> lines of tcpdump -i eth0 will dump to terminal all currently flowing
> packets, use with grep to filter packets of interest, or better yet
> construct a filter expression, ie tcpdump -i eth0 tcp port 443.
>
> I dont know what you class as 'light weight' but the above tcpdump example
> isnt showing in top processes on a server I have access to that's pushing
> over 900mbit (of non port 443 traffic).
>
> Alan
>
>
> On 18/09/14 20:43, Jorge Pereira wrote:
>>
>> Hi folks,
>>
>> I'm writing a software, that needs to detect and do something
>> always when arrive some specific kind of tcp packet. below i'll try to
>> explain using a "pseudo code".
>>
>> <pseudocode>
>> ifaces = listen (eth0, eth1)
>>
>> busy_loop() {
>> pkt = get_packet(ifaces);
>> if (pkt.header == ARP && pkt.src == client.src || pkt.header ==
>> 47 /* Tunnel GRE */ && pkt.src == client.src ) {
>> if (check_client (pkt))
>> do_something();
>> }
>> }
>> </pseudocode>
>>
>> kernel or userland? daemon maybe... needs to be "light", I would like
>> to get some suggestions about the best way/practice to do this, maybe
>> could be possible the using libn3, libpcap. if someone knows any
>> project/code that i can use as a base, tell me! :)
>> --
>> Jorge Pereira
>> --
>> To unsubscribe from this list: send the line "unsubscribe lartc" in
>> the body of a message to majordomo at vger.kernel.org
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
>
More information about the libnl
mailing list