I need help to hook L2 packet from network. - Networking

This is a discussion on I need help to hook L2 packet from network. - Networking ; Hello all. I need help to hook Ethernet packet. The proprietary packet received from network. This is an IP packet with extended L2 header, i.e. the packet has two L2 header + l3 header + .... . I need to ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: I need help to hook L2 packet from network.

  1. I need help to hook L2 packet from network.

    Hello all.
    I need help to hook Ethernet packet.
    The proprietary packet received from network. This is an IP packet
    with extended L2 header, i.e. the packet has two L2 header + l3 header
    + .... . I need to hook this packet, remove extended l2 header and
    return packet to regular process. Could you help me and advise how can
    I do this. Is it possible with standard IP stack hooking process?

    TIA
    Michael

  2. Re: I need help to hook L2 packet from network.

    On Jul 2, 4:02*am, Michael wrote:
    > Hello all.
    > I need help to hook Ethernet packet.
    > The proprietary packet received from network. This is an IP packet
    > with extended L2 header, i.e. the packet has two L2 header + l3 header
    > + .... . I need to hook this packet, remove extended l2 header and
    > return packet to regular process. Could you help me and advise how can
    > I do this. Is it possible with standard IP stack hooking process?
    >
    > TIA
    > Michael


    I am assuming that you need to write (or modify) a program to do this
    on Linux. Also, by "hook" I assume you mean that you want to capture
    and process that ethernet packet (or frame to be precise).

    In that case, you can use SOCK_PACKET type of socket. You can create
    socket like this

    sd=socket(AF_INET, SOCK_PACKET, htons(ETH_P_ALL));

    This will enable sniffing on data link layer. But remember, that you
    are sniffing all L2 packets(ETH_P_ALL) on a given subnet and that
    packets are copied verbatim to userspace (with all headers). Hence if
    LAN is really busy, it can bring system down to its knees. You can use
    ETH_P_IP or ETH_P_ARP if you know these are the types you are
    interested (check linux/if_ether.h).

    Moreover, this type of socket does not support kernel buffering &
    filtering. So single read() will return only one ethernet frame.
    Search web for SOCK_PACKET and you will come across plenty of good
    tutorials.

    Cheers,
    Tejas Kokje


+ Reply to Thread