Reputation:

Drop packet with libpcap

Is it possible to have libpcap remove a packet instead of just sniff it as it passes through? I'm wanting to intercept each packet and encapsulate it into a new packet along with measurement data, but both packets (mine and the original) both reach the destination.

Upvotes: 2

Answers (5)

Athir Nuaimi

Reputation: 3234

As others mentioned, you can not use libpcap. libpcap is a passive listener. If you are on Linux, you can use a netfilter, which hooks into iptables. Here is an example of how to do that.

http://www.linuxjournal.com/article/7184

Upvotes: 0

Peter Le Bek

Reputation: 992

In response to Ben S, you can't remove packets off the air, but you can stop them reaching their destination - using ARP cache poisoning etc.

Upvotes: 0

ubiyubix

Reputation: 1066

No, libpcap cannot "remove a packet".

It's not quite clear what you want to achieve, but it looks like you want to receive data, add some additional information to it, and republish it. If you are working with a datagram protocol such as UDP, then you might be able to simply resend your augmented data to a different UDP port.

Upvotes: 1

Martin v. Löwis

Reputation: 127527

It's not possible. You need to write a driver (for your operating system) to make the networking stack filter out packets.

Upvotes: 2

Ben S

Reputation: 69382

The only way you could do this is by being the only physical path between the sender and receiver and turning off packet forwarding on the interceptor.

If you're capturing wireless traffic, there's nothing you can do. No software library can remove radio waves from the ambient air.

Upvotes: 1

Drop packet with libpcap

Answers (5)

Related Questions