Hi, Here is a patch that add a netlink virtual interface. Through a hook in af_netlink.c every packets are duplicated and sent to that interface. Thus userspace sniffers can capture them. Dissectors are being developed for scapy [1] at the moment.
I'll be glad to hear about how to fix the coding mistakes. [1] http://www.secdev.org/projects/scapy/ -- Mathieu Geli
nldev.patch
Description: Binary data
