Can any one suggest me a packet blocking software ??
My requirement is to block packets within the LAN.(Internet does not come into picture).
Supposing CLIENT_A communicating to CLIENT_B in the same network(LAN).
I want a CLIENT_C (who is in the same network) to capture(I can use jpcap library's sniffer for this purpose) and block packets sent by CLIENT_A to CLIENT_B.
How do i block packets over LAN..?
Thank you in advance.
Regards, Veenit Shah
This kind of thing is normally done using a separate firewall (e.g. in a router or gateway box) or firewall software running on one or both of the client machines.
This is not the sort of thing that it is sensible to implement in Java.
EDIT - in response to this followup
I am aware that such a thing is not advisable in Java..but still ill have to implement it..so is there any means to do so..?
Let us assume that you are talking about implementing a client-side firewall on a Linux machine. I can think of two approaches:
You could use Process.execute() and friends to run the Linux iptables(8) admin utility which manipulates the OS kernel's network packet filters. This is the simplest Java-based approach. But it requires that your Java app runs as root.
You could reverse engineer what iptables(8) is doing to manipulate the packet filters and code the same functionality in Java. That would be more coding work, including implementing parts of the functionality in C via JNI or JNA. And your app needs to run as root.
But a far, far simpler approach is to simply run iptables(8) from the command line, or make your changes using the fancy GUI-based admin tools.
Note that in the scenarios above, the firewall itself is not implemented in Java. All you are doing is administering the firewall from a Java application. I cannot think of ANY way to actually do the filtering / blocking in Java that is even remotely practical.
If you are reading the packet on the network on Client C, Client B has already received it so it is too late to block it. If you are using switched ethernet, then Client C wouldn't even see the packet that was sent to B anyway.
The only way to do this is to have A communicate to B through C then C can decide if packets should be sent. This is called a firewall. Instead of writing one, you could use iptables on Linux to do this.
But to make use of this, you need to understand how the network works and I'm not sure you do at this point based on your question. So you will need to learn a lot about ethernet (assuming you are using ethernet) and the different networking layers. I'm not sure of a resource for this.
You may need some arp attack things to redirect packets from CLIENT-A to Client-C instead of CLIent-B.
I don't think this is a good idea.