[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-vlan
Subject:    [VLAN] Sniffing & Decoding 802.1q packets
From:       Peter Baker <Peter () FinAck ! com>
Date:       2000-12-14 6:06:10
[Download RAW message or body]

I have a need to take data from a switch as 802.1q packets and then
perform some simple logging of this data.

Please excuse my c coding, I am very bad at it.

The idea is this.  Deploy a linux box and install a little
application that is sniffing data from a trunk port (using a half
duplex tap) and then do some reporting on the sniffed data.

My question is this:  What (if anything) needs to be done to
a off the shelf linux distribution to decode 802.1q packets
and then generate the following data points from the stream
(and of course write an application<grin>): 

VLAN ID, SRC & DST IP addr, L4 info and size of packets


Here is the high level design idea.

Create a process that is promiscuse to a eth intf and then
decode ethernet frames, taking the first 64B and then
sending the 64B's to a file.

Send process/app takes and decodes the 64B's into the aformentioned
report.  Send to syslog.

I would like to aggregate two intf on one box so the first process would
be running twice.


Here are my questions.  Hopefully someone can point out my failings in
logic and c coding :)

1) Can I get all that I want in the first 64 bytes?

2) Can an application suck data off a intf (socket?) and understand a
packet enough to take the first 64 and write to a file?

3) Can the sucker do this without tweaking kernel, includes etc?  Use
standard distribution?

4) What does the second app need to do to understand enough about the
64bytes to decode it and produce the syslog stream?  Use hacked
includes (from the patch)? 

5) Any suggestions, examples or guidance on this mess?

Thanks so much!  I thank everyone who may write back in advance.

Please forgive the spelling :)

-Peter

_______________________________________________
VLAN mailing list  -  VLAN@Scry.WANfear.com
http://www.WANfear.com/mailman/listinfo/vlan
VLAN Page:  http://scry.wanfear.com/~greear/vlan.html

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic