Re: How does packet capture interact with

[Aaron Turner <synfinatic () gmail com>]

On Thu, Sep 24, 2009 at 7:04 AM, Robert Burgess
<burgess () systems cs cornell edu> wrote:
> > you somehow have to make sure that the kernel doesn't deal with packets
> > you want to take care of. If you don't, it will reset TCP connections
> > and reply with ICMP port unreachable messages to UDP datagrams etc.
>
> Yes, that is a problem; I was handling it by having the OS firewall
> (whatever it is) drop those packets I intend to handle.  In my application
> I can get away with leaving that firewall setup to an administrator so
> my code can be OS-independent.

As long as the destination IP address of the packets are not of the
firewall then you shouldn't need a host-based firewall to drop the
packets.

Also, I forgot to mention that on some platforms, libpcap supports
only sniffing packets going a certain direction (in our out the
interface).  You should use that API when possible as it will improve
performance a good deal.


-- 
Aaron Turner
http://synfin.net/
http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety.
    -- Benjamin Franklin
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.