Ramsurrun Visham wrote:
But if I want to modify the packets in the normal flow, let's say manipulate their mac address, how do I go abt it.
Not with libpcap - it has its own packet flow, separate from the normal flow, and it cannot affect packets in the normal flow (i.e., in the normal receive path of the networking staff, passing through, for example, the IP input code).
Do you have any clue how I can interact directly with normal flow.
No, I don't. There might be some kind of tunnel mechanism available in Linux that would let you insert your own code into the normal flow of packets inside the networking stack.
I've heard abt the Libnet library. Can they do it?
If by libnet you mean
http://www.packetfactory.net/projects/libnet/
then, no - it uses the same mechanism(s) that libpcap does for sending packets, but it doesn't have any code that uses any mechanisms that are in the *middle* of the normal networking stack. It can send packets, but that's different from inserting them into the *receive* path of the OS's networking stack.
People who want to build applications that sit in the receive path of the networking stack, and modify packets before they're processed by the rest of the receive path, shouldn't look to libpcap/WinPcap for help; libpcap uses, and WinPcap provides (with its driver) and uses, a mechanism designed for tapping into the network stack and getting copies of packets that have been received and packets being sent, and (in WinPcap and the current CVS version of libpcap) for tapping into the *send* path of the networking stack and injecting packets into *that* path.
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
