32. All these days I've been working on my Project Report and ya I was done with that REGEX thing.
I successfully wrote a REGEX for the http GET request, that was "GET .*HTTP/(0.9|1.0|1.1)"
I still have ftp, Telnet, ssh, SMTP regexes to write !!
OK, now after sticking on the same stuff for two days, I finally found (Thanks Master) why iptables wasn't working on the monitoring ports !! It wasn't able to track the data the data passing by for other machines ( I mean promiscuous mode)
YES, iptables DOESNT WORK IN PROMISCUOUS mode !! Want to know why ???
the data is delivered to the skb from ip_input.c --> ip_rcv(), which has a piece of code which looks like
/* When the interface is in promisc. mode, drop all the crap
* that it receives, do not try to analyse it.
*/
if (skb->pkt_type == PACKET_OTHERHOST)
goto drop;
.
.
.
drop:
kfree_skb(skb);
--> NO skb for the packets of other host !!
*** The next task is to make a change in the above function and make it accept all the packets and then test the code...
I am working on it, lets see how it goes!
And ya REPORT IS DUEEEEEE... !
33. include/linux/if_packet.h
/* Packet types */
#define PACKET_HOST 0 /* To us */
#define PACKET_BROADCAST 1 /* To all */
#define PACKET_MULTICAST 2 /* To group */
#define PACKET_OTHERHOST 3 /* To someone else */
#define PACKET_OUTGOING 4 /* Outgoing of any type */
/* These ones are invisible by user level */
#define PACKET_LOOPBACK 5 /* MC/BRD frame looped back */
#define PACKET_FASTROUTE 6 /* Fastrouted frame */
Packet is made to be one of these types by the Device Driver
11/19/07 || 04:35
No comments:
Post a Comment