The Internals of Libpcap: a Case Study
THE INTERNALS OF LIBPCAP: A CASE STUDY
BY: VIVEK GUPTA,
STUDENT, MS(IT), DA-IICT, GANDHINAGAR. PHONE: +919426330172 EMAIL: VIVEK_GUPTA@DA-IICT.ORG
KEYWORDS:
1. BSD: Berkeley Software Design.
2. TCP: Transmission Control Protocol
3. IP: Internet Protocol.
4. BPF: BSD Packet Filter.
5. DLPI: Data Link Provider Interface.
6. libpcap: Packet Capture Library.
7. JNI: Java Native Interface.
8. NIT: Network Interface Tap.
9. CSPF: CMU/Stanford Packet filter.
INTRODUCTION:
Packet capture is a fundamental mechanism in network management. It is used to support a wide range of network operational tasks, such as fault detection, protocol analysis, and security assessment. Libpcap is one of the most common and basic libraries available for the purpose of packet capture. Inspite of the fact that the library has existed for a considerably long time there is no document which explains the underlying concept about the working of this library. In this paper, I would be presenting the system level working of libpcap, i.e., concept as well as coding. The paper is intended to providing the reader with concepts, which will enhance his or her understanding about the packet capture library. The reader should be able to design and code library of the similar kind. This working is explained with reference to a network-monitoring tool. I have tried to explain the core concept as well as its application within the library in the paper.
Packet Capture in simple words means "to grab packets". In order to grab packets we need to access the primary facility provided by the operating system so that there is access to packets in their raw form. To make a network monitoring application we need to capture all the packets over the network. The packet capture library allows us to intercept any packet that is seen by the network interface. We need to put the interface on that network into a "promiscuous" mode, so that we can capture all packets on
BY: VIVEK GUPTA,
STUDENT, MS(IT), DA-IICT, GANDHINAGAR. PHONE: +919426330172 EMAIL: VIVEK_GUPTA@DA-IICT.ORG
KEYWORDS:
1. BSD: Berkeley Software Design.
2. TCP: Transmission Control Protocol
3. IP: Internet Protocol.
4. BPF: BSD Packet Filter.
5. DLPI: Data Link Provider Interface.
6. libpcap: Packet Capture Library.
7. JNI: Java Native Interface.
8. NIT: Network Interface Tap.
9. CSPF: CMU/Stanford Packet filter.
INTRODUCTION:
Packet capture is a fundamental mechanism in network management. It is used to support a wide range of network operational tasks, such as fault detection, protocol analysis, and security assessment. Libpcap is one of the most common and basic libraries available for the purpose of packet capture. Inspite of the fact that the library has existed for a considerably long time there is no document which explains the underlying concept about the working of this library. In this paper, I would be presenting the system level working of libpcap, i.e., concept as well as coding. The paper is intended to providing the reader with concepts, which will enhance his or her understanding about the packet capture library. The reader should be able to design and code library of the similar kind. This working is explained with reference to a network-monitoring tool. I have tried to explain the core concept as well as its application within the library in the paper.
Packet Capture in simple words means "to grab packets". In order to grab packets we need to access the primary facility provided by the operating system so that there is access to packets in their raw form. To make a network monitoring application we need to capture all the packets over the network. The packet capture library allows us to intercept any packet that is seen by the network interface. We need to put the interface on that network into a "promiscuous" mode, so that we can capture all packets on
References: [10]. Maurice .J. Bach , "Design and implementation of the UNIX operating system", pp 91, 323. 1996.