Hi Alan and netters... Based on the mail i sent before about tapping the network , i attempted to create a socket with AF_PACKET, SOCK_RAW (bcos SOCK_PACKET is obsolete) and then attempt to BIND it to the interface....thats where the problem is...It does not bind itself to the interface...and i see a couple of mails in the archive about this the end of last week ...Could someone give me pointers as to why this happens...or if someone has an application that uses this.it would be of great help. Thanks a lot -VJ
Hi Alan, Thanks for your help. From what u mentioned abt AF_PACKET and SOCK_* replacing the SOCK_PACKET i undrstand that the packet family must have some hook function in the kernel and this should work as a network tap. I tired to create a socket but it fails at bin. I am unable to figure out why...I woud appreciate if you could help. Thanks a lot VJ
> ethernet and everything else) . But i recently read in a couple of man > pages and in documentation that SOCK PACKET is going to be obsoleted( > SOCK PACKET is what LPF uses..) .And there are places in the document It became AF_PACKET, SOCK_* and a whole proper socket family. > anything else that replaces the functionality of Linux Paket Filters and > the SOCK packets. Some man pages advice referring to packet(4) which is > a filter but is veryhigh level filter which filters on Broadcast or > multicast and all packets to the machine .I am looking for a mechanism > that replaces this SOCK packet with about the same amount of > functionality. The filters btw work on any kind of socket. You can even push them onto things like mailserver or webserver tcp sockets. Very handy for anti DoS handlers
