| View previous topic :: View next topic |
| Author |
Message |
scap1784
Apprentice
Joined: 25 Dec 2002
Posts: 225
|
 Posted: Tue Jun 14, 2005 1:33 am Post subject: creating an invisible network monitor. |
 |
|
| The goal is the have two interfaces and have them in a bridging mode so that no ips are nessisary. I then want to be a to capture all packets and inject packets out both interfaces at the same time. This is so I can monitor the network and eventually create an intrusion dection and firewall application behind this. My question is how much of this do I need to write from scratch. i know the kernel offers bridging however I may or may not need to do a little kernel hacking for the rest. Does anyone know of anything I could use. Remember I do not want a tcp/ip stack for this application. I want to be able to stick this on the outgoing line of a network and monitor all connections this way... |
|
| Back to top |
|
 |
ansient
Guru
Joined: 22 Jan 2005
Posts: 445
Location: Argentina
|
| Posted: Tue Jun 14, 2005 1:56 am Post subject: |
|
|
| Set up a kernel network bridge and run ethereal... |
|
| Back to top |
|
|
scap1784
Apprentice
Joined: 25 Dec 2002
Posts: 225
|
| Posted: Tue Jun 14, 2005 2:10 am Post subject: |
|
|
well that would work except that I want to be able to evolve this into something much more. i.e. intrusion detection and firewall among other things. I am going to write the application specifics myself and was just trying to see what apis/kernel patches/modules were out there to help me accomplish this.
- Scap |
|
| Back to top |
|
|
c.graves
n00b
Joined: 03 Jan 2004
Posts: 24
Location: San Jose, California, USA
|
| Posted: Tue Jun 14, 2005 2:21 am Post subject: |
|
|
this may help
_________________
cheers,
-c |
|
| Back to top |
|
|
Daniel_walmsley
n00b
Joined: 28 Aug 2003
Posts: 42
Location: Palmerston north
|
| Posted: Tue Jun 14, 2005 2:33 am Post subject: |
|
|
| Bandwidthd might be the monitoring tool your after |
|
| Back to top |
|
|
scap1784
Apprentice
Joined: 25 Dec 2002
Posts: 225
|
| Posted: Tue Jun 14, 2005 2:34 am Post subject: |
|
|
| That is a good article however I still want to write my own application to do all of this so that I can try out different thing (injecting packets into certain tcp streams simulating certain attacks etc...) That will be useful for setting up the bridging interface. I guess what I really need is some way to access the network cards at a really low level before any kind of socket. I want all information that go to the nic and the ablity to send packets out of it that I form. This is not for any production setup this is more for experimentation in that is the reason I want to build it so that I have to ability to branch off and go in one direction if I find something to be interesting. |
|
| Back to top |
|
|
tetromino
Retired Dev
Joined: 02 Dec 2003
Posts: 215
|
| Posted: Tue Jun 14, 2005 2:59 am Post subject: |
|
|
If you merely want to write arbitrary IP packets to the wire, read man 7 raw
If, on the other hand, you also want to have some fun with ethernet frames (spoof MAC addresses, configure packet fragmentation, etc) you should check out Documentation/networking/pktgen.txt in your kernel source tree. And if that doesn't meet your needs, you will need to do some kernel hacking. |
|
| Back to top |
|
|
ansient
Guru
Joined: 22 Jan 2005
Posts: 445
Location: Argentina
|
| Posted: Tue Jun 14, 2005 3:16 am Post subject: |
|
|
| scap1784 wrote: | | well that would work except that I want to be able to evolve this into something much more. i.e. intrusion detection and firewall among other things. I am going to write the application specifics myself and was just trying to see what apis/kernel patches/modules were out there to help me accomplish this. |
Good luck firewalling without a tcp/ip stack... |
|
| Back to top |
|
|
|
Networking & Security
