Re: Question about pcap

[Eloy Paris <peloy () chapus net>]

Hi Nick,

On 09/29/2010 11:52 AM, Nick Echidna wrote:

> Hello,
> I'm developing a program using pcap. I manage to successfully sniff the
> desired packets but I was wondering something that the man page doesn't make
> clear.
>
> Is it possible to block any specific network traffic? For example, block
> traffic through a specific port, like a firewall does.

libpcap cannot block traffic, nor is that its intended purpose. 
libpcap's purpose is just to provide a portable way to do packet capture.

You can use packet capture filters to specify what packets are delivered 
to your libpcap-based application, but other applications running on the 
machine where the libpcap-based application is running will still see 
all the packets, and the kernel will forward received packets based on 
its routing table.

Packet filtering is typically done by the operating system kernel, 
although some operating systems that support divert sockets allow to do 
packet filtering in userspace.

If your program runs on Linux you should be able to use libiptc to 
configure Linux's netfilter, the Linux firewall. For other operating 
systems you'll have to find a way to interface with the firewalling 
facility.

Hope this helps.

Cheers,

Eloy Paris.-
netexpect.org
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.