tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Libpcap capturing point

From: Jorge Lanza <jlanza () tlmat unican es>
Date: Thu, 24 Jul 2003 19:49:12 +0200
Hi all.
We've been developing a virtual network device and now we are exporting it to the netfilter phylosophy. When capturing packets with libpcap (ethereal) we are not sure at which level the packet is got. I say so, cause when using netfilter we modify the packet information, and in ethereal the information displayed is the packet with the modifications (some private headers has been removed)
So there's our doubt. Where does libpcap capture the packet? Before or after the driver or after crossing all the ip stack? We want to see it as it's received from the network without any modifications, is it possible? 

Any help is welcomed.

TA


--------------------------------------------

Jorge Lanza Calderón
Departamento Ingeniería Comunicaciones
Grupo de Ingeniería Telemática
Universidad de Cantabria
Avda. de los Castros, s/n
39005 - Santander  (España)
Tel: +34 942 200914
Fax: +34 942 201488
mailto:jlanza () tlmat unican es
Web: http://www.tlmat.unican.es

--------------------------------------------

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: