tcpdump mailing list archives

Re: problem with relay server using pcap

From: Christian Kreibich <christian () whoop org>
Date: Wed, 11 Oct 2006 13:10:39 -0700

On Wed, 2006-10-11 at 20:03 +0200, Brocha Strous wrote:

I have 2 different implementations. The problem is only with a very
small number of users so its not server-wide. Possibly related to a
specific firm-ware version of a Zyxel router - are there any known
in-compatibility between pcap and this router?


Brocha, Michael has already mentioned the important bit -- your
pcap-based implementation will not stop the regular network stack of the
OS from handling the packets your server app is snooping. Depending on
local OS configurations, you will get parallel processing of the packet
in your app and in the kernel, which will surely cause all kinds of
unexpected behaviour.

Are you sure that a pcap-based approach is actually feasible for the
proxy-type application you are writing? At the very least you'll have to
ensure that a firewall of some sort prevents the local stacks from
seeing the affected packets.

Cheers,
Christian.
-- 
________________________________________________________________________
                                          http://www.cl.cam.ac.uk/~cpk25
                                                    http://www.whoop.org

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

usb sniffer setup packet Paolo Abeni (Oct 11)
- Re: usb sniffer setup packet ronnie sahlberg (Oct 11)
- Re: usb sniffer setup packet Guy Harris (Oct 11)
  - problem with relay server using pcap Brocha Strous (Oct 11)
    - Re: problem with relay server using pcap Michael Richardson (Oct 11)
    - Re: problem with relay server using pcap Brocha Strous (Oct 11)
    - Re: problem with relay server using pcap Guy Harris (Oct 11)
    - Re: problem with relay server using pcap Christian Kreibich (Oct 11)