[ethereal-users] Re: [ethereal-dev] Need some advice and help getting started with real time packet monitoring

[Richard Sharpe <sharpe@xxxxxxxxxx>]

Hi,

At 01:08 AM 4/1/00 -0600, Nathan Good wrote:
>Hello. I am working on a project that involves monitoring certain UDP
>packets, and then responding to those in real time based on the data within
>them. I came across ethereal and libcap, but it looks like all the packet
>data is buffered and then analyzed. Realizing that I need help from the
>experts, I turn to you for advice.
>
>Here is what I have and what I want to do:
>Have:
>Linux box (Caldera 2.3 Open Linux)
>
>What I want to do:
>look at all UDP packets coming across wire in real time ( To be run all the
>time)
>If packet data contains such and such, capture this data to a C struct or
>something, and pass it to my client program for processing.

Ethereal cannot be used like that at the moment without lots of work.

However, back in December, I started coding libdencode, which was a library
of routines that decoded packets. It could do what you want, but it is in a
very incomplete state at the moment, but I will start working on it again
in the future.

However, I am burried in work at the moment so it will be a few months.

>Thats pretty much it. i am not sure if ethereal is the tool for this or if
>libcap is. If I am completely looking in the wrong direction, please let me
>know so. I am very new to packet stuff, so sample source or pointers to such
>would be very much appreciated.
>
>Thank you very much for your help,
>
>NSG
>
>

Regards
-------
Richard Sharpe, sharpe@xxxxxxxxxx, Master Linux Administrator :-),
Samba (Team member, www.samba.org), Ethereal (Team member, www.zing.org)
Co-author, SAMS Teach Yourself Samba in 24 Hours
Author: First Australian 5-day, intensive, hands-on Linux SysAdmin course
Author: First Australian 2-day, intensive, hands-on Samba course