tags:

views:

291

answers:

3
+2  Q: 

Drop packet with libpcap

Is it possible to have libpcap remove a packet instead of just sniff it as it passes through? I'm wanting to intercept each packet and encapsulate it into a new packet along with measurement data, but both packets (mine and the original) both reach the destination.

Many thanks

+1  A: 

The only way you could do this is by being the only physical path between the sender and receiver and turning off packet forwarding on the interceptor.

If you're capturing wireless traffic, there's nothing you can do. No software library can remove radio waves from the ambient air.

Ben S  2009-08-16 16:58:38
+1  A: 

It's not possible. You need to write a driver (for your operating system) to make the networking stack filter out packets.

Martin v. Löwis  2009-08-16 16:59:07
There are many linux kernel options to change the behavior of the network stack. For example, `echo 0 > /proc/sys/net/ipv4/ip_forward` turns off forwarding of packets that aren't addressed to this host.
Ben S  2009-08-16 17:01:12
@Ben: that's correct. However, I doubt that you can use such a configuration to implement what he wants.
Martin v. Löwis  2009-08-16 18:57:10
A: 

No, libpcap cannot "remove a packet".

It's not quite clear what you want to achieve, but it looks like you want to receive data, add some additional information to it, and republish it. If you are working with a datagram protocol such as UDP, then you might be able to simply resend your augmented data to a different UDP port.

bromfiets  2009-12-06 20:12:44

related questions

Encapsulating common logic (domain driven design, best practices)
Access levels of java class members
C++ lifetime management of encapsulated objects
How much low-level stuff to expose in an API?
Can I access private members from outside the class without using friends?
Creating method in implementation without defining in header
Do any other developers get yelled at for making every thing public?
What are the different types of encapsulation?
Encapsulation Principle
Encapsulation VS Inheritance - How to use a protected function?
When do you stop encapsulating?
C#: Partial Classes & Web Services: Seperating form and functionality
Encapsulating Java Preferences API
How do you get people to value abstraction and flexibility over "just getting it done"?
When would you use the "protected internal" access modifier?
Class design with vector as a private/public member ?
Why not use 'protected' or 'private' in PHP?
Subclassing a class with private members
How can I expose iterators without exposing the container used?
Is it a good (correct) way to encapsulate a collection?
Private vs. Public members in practice (how important is encapsulation?)
Why are Python's 'private' methods not actually private?
Python descriptor protocol analog in other languages?
Abstraction VS Information Hiding VS Encapsulation
When should you use 'friend' in C++?