Tracing packet travel through the linux kernel

Tracing packet travel through the linux kernel

Post by Shashank Khanvilka » Sat, 28 Jun 2003 04:47:51


I wanted to
1. trace the the headers appended by different layers of the network
protocol stack in the linux kernel  and
2. trace through which protocol layers (e.g. TCP-IP- etc..) does the packet
pass as it go over the wire.

I know abt ethereal and ettercap, that can capture packets at the other end
and show all the headers..
(However since i am using tunneling, these tools are of little use to me,
and I will have to do some tricks to get them to work for me).
I will appreciate if someone knows of simpler methods (or tools) that i can
use for this purpose.

Also let me know if this is not the right newsgroup for such posts.



1. linux kernel 2.6 packet travel

Good morning, i'm a student who, for study purpose, is writing a simple
firewall in linux kernel.
While i've understood the travel an input packet does when enters the linux
kernel, i would like to know what functions are involved in output sending.

I put the hooks to my functions where i found already existing netfilter
hooks and this is the problem:

- while the number of packets traversing input and prerouting hooks is the
same, and all packets incoming pass through the hooks (in the simple case of
2 computer connected without forwarding), the number of packets that appear
in postrouting hook is much grater that the number of packets which i see in
output hooks!

Then i noticed that in ip_output.c, there are many netfilter hooks... and i
was wondering if i should put my hooks everywhere there is a netfilter hook.

First of all, anyway, I would like to count all packets locally generated by
my applications, such as ssh or telnet or ping or nmap, and verify that all
them pass through output AND postrouting hooks.

Thanks a lot to anyone who can tell me any suggestion about packet handling
in linux kernel.

PS: i am running kernel 2.6.11.

thanks in advance

Giacomo Strangolino.

2. Compiling Apache with ssl

3. Is it possible to trace where an e-mail travels?

4. BUG at exit.c:458

5. How to work out packet travel time over sockets...?

6. bk://

7. how many packet types can travel on Ethernet network?

8. ip_forward mysteriously changing

9. Is 64-bit Linux "true" 64 bit thru-and-thru??

10. Is there any 4.4BSD Kernel Travel Guide ???

11. Q: Problem forwading ICMP packets thru eth0 to ppp0

12. iptables not filtering packets thru bridge

13. ipfwadm won't forward masqueraded packets thru I/O rules