On 03/13/2006 01:28 AM, Santosh wrote: > I need a clarification regarding Libpcap library. What I am doing is instead > of writing the packets on to ethernet interface, I am writing on to the Unix > socket. > I am using Libnet library for building and injecting the packets. I have > modified the Libnet library for supporting Unix sockets. For capturing the > packets on unix sockets I am thinking of using Libpcap library.
The concept of "capturing" on UNIX-domain sockets doesn't really make much sense. One doesn't use libpcap to capture on an Internet-domain socket; one captures on an interface. Traffic from multiple Internet-domain sockets, as well as non-socket-based traffic (e.g. ICMP messages), is multiplexed over an interface by necessity, since the interface is the egress for network traffic from the host. The interface thus provides the observation point for capturing to occur. There is no parallel with UNIX-domain sockets. There is no API I know of for a third party to observe UNIX-domain datagrams as they traverse from socket to socket. In short, I don't understand what you are trying to achieve. If you want to monitor stream-based UNIX-domain socket activity, the only way I know of is to act as a proxy between your client and server. If you want to write a traffic log from your server or client, and wish simply to use libpcap format, well, what's the point? There are no IP or other protocol headers on UNIX-domain messages, so it's not as if you will then be able to use other existing tools to analyze the traffic, since your messages aren't IP packets. -- Jefferson Ogata <[EMAIL PROTECTED]> NOAA Computer Incident Response Team (N-CIRT) <[EMAIL PROTECTED]> "Never try to retrieve anything from a bear."--National Park Service - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
