Wireshark mailing list archives
Re: How to push packets into libpcap (Linux) ?
From: Ori Finkelman <orifinkelman () gmail com>
Date: Thu, 25 Feb 2010 18:25:44 +0200
*From*: Jaap Keuter <jaap.keuter@xxxxxxxxx <jaap.keuter@DOMAIN.HIDDEN>> *Date*: Fri, 19 Feb 2010 20:54:59 +0100
On Thu, 18 Feb 2010 17:12:31 +0200, Ori Finkelman <orifinkelman@xxxxxxxxx>
wrote:
Hi, My Linux kernel module can sometimes drop packets on their way out (at the IP layer). However, I would like to be able to catch these packets in wireshark even though I am dropping them. Is there any way I can push an sk_buff directly into libpcap so I will get it into wireshark ? Thanks, Ori
Hi,
Maybe ulogd from netfilter can help you here. See: http://netfilter.org/projects/ulogd/index.html
Thanks,Jaap
Thanks, but that's actually not what I need. I am developing a netfilter module. I am catching packets at the IP layer and in some cases my decision is to drop outgoing packets. Naturally, when I am dropping packets at the IP post routing, they never reach libpcap and are not recorded by wireshark. This makes the lives of the testing people (and mine) difficult as we can't see the full flow and we don't know for sure the reason for problems etc. What I am looking for is a way to take the packet I am going to drop and hand it over to libpcapc (as an sk_buff) so that it will be captured by wireshark. Thanks, Ori -- Regards, Ori
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- How to push packets into libpcap (Linux) ? Ori Finkelman (Feb 19)
- Re: How to push packets into libpcap (Linux) ? Jaap Keuter (Feb 19)
- <Possible follow-ups>
- Re: How to push packets into libpcap (Linux) ? Ori Finkelman (Feb 26)