Thread: Sniffing Only Packets that don't belong to my machine

  1. #1
    Registered User
    Join Date
    Jan 2012

    Sniffing Only Packets that don't belong to my machine

    Hi, I want to sniff only those packets that do not belong to my machine.

    I rephrase it as:
    Suppose my machine has 2 ether-net ports. Having IP addresses as A.A.A.A and B.B.B.B

    Moreover, I want to use my machine like a router, you can assume. I want to sniff only the traffic that doesn't belong to my machine. i.e. the traffic whose source != A.A.A.A or source != B.B.B.B or destination != A.A.A.A or destination != B.B.B.B

    Is there any efficient way to do this because, I need to deal with Gbps of traffic.

  2. #2
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    The edge of the known universe
    libpcap and a few rules perhaps?
    Programming with pcap
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  3. #3
    Registered User ledow's Avatar
    Join Date
    Dec 2011
    For what purpose? Gbps of traffic isn't a problem - if your network ports can supply it, you can sniff it on any modern machine, but it very much depends on what you're doing. Writing every packet to disk? That needs storage capable of keeping up with Gbps of writes. Analysing each packet? Shouldn't be a problem on a fast-enough computer if you're just acting as a passthrough. Picking out only certain streams - again, shouldn't be a problem, much less system resources required but you need to know how to extract just the streams you wanted. Logging only basic statistics and endpoints? Existing proxy software can do just that with no programming required. Intending to modify the packets in-flight? That needs whole new swathes of code.

    I'd be very surprised if what you want doesn't already exist out there, to be honest. Hell, I've set up dozens of machines (sometimes nothing more than abandoned desktops) to be an intermediate transparent DNS and Squid proxy/cache for 100's of client machines on their default gateway - and they do a lot more hard work than just looking at the packets.

    Hell, set up Wireshark on a linux PC with bridged network cards and set up rules to ignore the local MAC. Takes about ten minutes and does exactly what you describe.

    The really, really nagging question at the back of my mind, though, is: Why would you need to do this programmatically and not use existing software that's designed for the purpose? Some kind of nefarious interference?

    - Compiler warnings are like "Bridge Out Ahead" warnings. DON'T just ignore them.
    - A compiler error is something SO stupid that the compiler genuinely can't carry on with its job. A compiler warning is the compiler saying "Well, that's bloody stupid but if you WANT to ignore me..." and carrying on.
    - The best debugging tool in the world is a bunch of printf()'s for everything important around the bits you think might be wrong.

  4. #4
    Registered User
    Join Date
    Jan 2012
    It's not like that, it is some how like a proxy server.

    Well thanks for the help. I think simple raw sockets with recvfrom() can handle greater amount of data rate ....

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Packet Sniffing error [Wireshark etc]
    By C_ntua in forum Windows Programming
    Replies: 1
    Last Post: 06-22-2010, 03:54 PM
  2. how to recieve all packets coming to machine??
    By shady_Dev in forum Networking/Device Communication
    Replies: 6
    Last Post: 03-29-2008, 10:21 AM
  3. Replies: 4
    Last Post: 01-18-2008, 07:05 PM
  4. All Cell Phones Are Belong To Us
    By RoD in forum A Brief History of
    Replies: 40
    Last Post: 06-24-2004, 05:36 PM
  5. All you bases are belong to us
    By gnu-ehacks in forum A Brief History of
    Replies: 1
    Last Post: 02-05-2002, 10:59 PM