Re: Reading packets at the TCP Layer.
From: Jean-Francois Dive (jef@linuxbe.org)Date: 10/02/02
- Previous message: Jean-Francois Dive: "Re: Hub vs. Tap vs. SpanPort"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: focus-ids@securityfocus.com From: Jean-Francois Dive <jef@linuxbe.org> Date: Wed, 02 Oct 2002 08:28:39 +1000
The TCP stack, as stated reside int the kernel and this, in all
common OS'es (ok hurd, blah blah..). I dont know exactly what
you want to achieve by modifying the packet at the TCP level
itself, but, you'll have to modify the TCP stack itself, and
make your game there. Have a look to net/ipv(4|6)/tcp_input.c
for exemple and there you are.Modifying in user space is not
possible as the only thing you can achieve is the modification
of the data before it enters the kernel level trough the socket.
JeF
Ali Saifullah Khan wrote:
Yes Mr. Marcelo, I am using a linux machine ! :-)
But your suggestion is still pertaining to the Datalink.
The Netfilter framework API works at the datalink level..not at the TCP
Layer. The packet capture is performed by pcap...which also works at the
datalink :).
My question is can you, and how do you if possible, perform monitoring at
the TCP level, via incorporation of the quest-specific code into the
running network stack via a loadable shared object module ? is it possible
to cryptographically insert hashes into incoming packets for possible
tracking later on ? then again, this is only possible if we can actually
perform reads at the TCP layer, which is the original basis of my
question.
- Previous message: Jean-Francois Dive: "Re: Hub vs. Tap vs. SpanPort"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
