tcpdump mailing list archives
Re: Question about pcap
From: Eloy Paris <peloy () chapus net>
Date: Wed, 29 Sep 2010 16:46:50 -0400
Hi Nick, On 09/29/2010 11:52 AM, Nick Echidna wrote:
Hello, I'm developing a program using pcap. I manage to successfully sniff the desired packets but I was wondering something that the man page doesn't make clear. Is it possible to block any specific network traffic? For example, block traffic through a specific port, like a firewall does.
libpcap cannot block traffic, nor is that its intended purpose. libpcap's purpose is just to provide a portable way to do packet capture.
You can use packet capture filters to specify what packets are delivered to your libpcap-based application, but other applications running on the machine where the libpcap-based application is running will still see all the packets, and the kernel will forward received packets based on its routing table.
Packet filtering is typically done by the operating system kernel, although some operating systems that support divert sockets allow to do packet filtering in userspace.
If your program runs on Linux you should be able to use libiptc to configure Linux's netfilter, the Linux firewall. For other operating systems you'll have to find a way to interface with the firewalling facility.
Hope this helps. Cheers, Eloy Paris.- netexpect.org - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Question about pcap Nick Echidna (Sep 29)
- Re: Question about pcap Eloy Paris (Sep 29)
- Re: Question about pcap dragorn (Sep 29)