Wireshark mailing list archives

Re: How to push packets into libpcap (Linux) ?


From: Ori Finkelman <orifinkelman () gmail com>
Date: Thu, 25 Feb 2010 18:25:44 +0200

*From*: Jaap Keuter <jaap.keuter@xxxxxxxxx <jaap.keuter@DOMAIN.HIDDEN>>
 *Date*: Fri, 19 Feb 2010 20:54:59 +0100

On Thu, 18 Feb 2010 17:12:31 +0200, Ori Finkelman <orifinkelman@xxxxxxxxx>
wrote:
Hi,
My Linux kernel module can sometimes drop packets on their way out (at
the IP layer).
However, I would like to be able to catch these packets in wireshark
even though I am dropping them.

Is there any way I can push an sk_buff directly into libpcap so I will
get it into wireshark ?

Thanks,
Ori

Hi,

Maybe ulogd from netfilter can help you here.
See: http://netfilter.org/projects/ulogd/index.html

Thanks,
Jaap

Thanks, but that's actually not what I need.
I am developing a netfilter module. I am catching packets at the IP
layer and in some cases my decision is to drop outgoing packets.
Naturally, when I am dropping packets at the IP post routing, they
never reach libpcap and are not recorded by wireshark.
This makes the lives of the testing people (and mine) difficult as we
can't see the full flow and we don't know for sure the reason for
problems etc.
What I am looking for is a way to take the packet I am going to drop
and hand it over to libpcapc (as an sk_buff) so that it will be
captured by wireshark.

Thanks,
Ori



-- 
Regards,
Ori
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread: