Re: [tcpdump-workers] Can libcap be used as a packet interceptor?
libpcap is only packet observer, it can not drop the packets. Prasanna Kumar.N, Software Engineer, IMImobile Plot 770, Rd. 44 Jubilee Hills, Hyderabad - 500033 M +91 916358 T +91 40 2355 5945 - Ext: 220 www.imimobile.com = This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify the sender immediately by e-mail and delete this e-mail from your system. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any attachment with this email. IMImobile, Plot No:770, Road No : 44, Jubilee Hills, Hyderabad, India, 500033. www.imimobile.com == This e-mail message has been scanned for Viruses and Content and cleared by Symantec Mail Security -Original Message- From: tcpdump-workers-ow...@lists.tcpdump.org [mailto:tcpdump-workers-ow...@lists.tcpdump.org] On Behalf Of WANGRUNGVICHAISRI, SHIVESH Sent: Wednesday, May 12, 2010 5:55 AM To: tcpdump-workers@lists.tcpdump.org Subject: [tcpdump-workers] Can libcap be used as a packet interceptor? Hi, If I want to write an application that prevents any TCP packets from being sent to a localhost web server, may I use libpcap for this purpose? To put the question differently, is libpcap: 1) an observer of the packet traffic (not what I'm looking for, since packets will still be sent to the localhost web server). 2) or does it actually sit in between all packet traffic? (this is what I'm looking for since I can then drop the packets that I want to drop). Thank you for your kind attention, S. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] Monotonic clock timestamp on packets
Hello, Do u want to calculate the time when the packet arrived. If u want to that time the pkthdr u have the timestructure have the time in seconds and microseconds. U can convert the time in seconds normal date-time format using loctime() api. Prasanna Kumar.N, Software Engineer, IMImobile Plot 770, Rd. 44 Jubilee Hills, Hyderabad - 500033 M +91 916358 T +91 40 2355 5945 - Ext: 220 www.imimobile.com = This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify the sender immediately by e-mail and delete this e-mail from your system. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any attachment with this email. IMImobile, Plot No:770, Road No : 44, Jubilee Hills, Hyderabad, India, 500033. www.imimobile.com == This e-mail message has been scanned for Viruses and Content and cleared by Symantec Mail Security -Original Message- From: tcpdump-workers-ow...@lists.tcpdump.org [mailto:tcpdump-workers-ow...@lists.tcpdump.org] On Behalf Of Thomas Habets Sent: Tuesday, May 04, 2010 3:40 PM To: tcpdump-workers@lists.tcpdump.org Subject: Re: [tcpdump-workers] Monotonic clock timestamp on packets On Tue, 4 May 2010, Guy Harris wrote: BTW, note that if you call clock_gettime(), there is *NO* guarantee that the time it returns has anything to do with the time the packe arrived; it tells you the time when it's called, not the time when the packet arrived. Exactly. That's why I asked if anyone has taken a look at it. Because calling it from the application at pcap_dispatch time would be useless. Just like calling it from libpcap an arbitrary time too late would be useless. So if the underlying systems don't provide a monotonic clock for packet arrival time then that's that. take a look at the code. Huh? I never said this. - typedef struct me_s { char name[] = { Thomas Habets }; char email[] = { tho...@habets.pp.se }; char kernel[]= { Linux }; char *pgpKey[] = { http://www.habets.pp.se/pubkey.txt; }; char pgp[] = { A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854 }; char coolcmd[] = { echo '. ./_. ./_'_;. ./_ }; } me_t; - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.