Ethereal-users: Re: [Ethereal-users] Where does ethereal hook into Linux 2.4

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxx>
Date: Fri, 12 Apr 2002 13:09:02 -0700
On Fri, Apr 12, 2002 at 12:01:00PM -0700, Richard Molen wrote:
> Where does ethereal (& presumably tcpdump) hook into the new Linux 
> kernel 2.4.16 using netfilter & iptables?

Nowhere.  They just call libpcap, and let *it* do the hooking. :-)

Now, the next question would then be "where does libpcap hook into the
new Linux kernel 2.4.16 using netfilter & iptables?"

The answer to that question is "the same place it hooks into any other
Linux 2.2[.x] or 2.4[.x] kernel - through a PF_PACKET socket."

The next question would be "where do PF_PACKETS tap into the network
data stream in a 2.4.16 system using netfilter & iptables?"

I don't know the answer offhand, and don't have time to search for it
(either in documentation or, as I fear would be required, the code); I'd
suggest asking on, say, the linux-net mailing list, if nobody else on
this list happens to know the answer.