How to read all traffic received on one network interface using Erlang
Mark Geib
mark.geib.44@REDACTED
Tue Aug 11 17:02:17 CEST 2020
A number of years ago I wrote a network sniffer to meet some specific requirements that tcpdump did not provide. I used
https://github.com/msantos/epcap.git
That app is still in production today, works well.
Mark.
> On Aug 11, 2020, at 6:12 AM, Papa Tana <papa.tana101@REDACTED> wrote:
>
> Hi All,
>
> Great day!
>
> I have one network interface, connected with a client:
>
> [client]------> [(eth0)::Me]
>
> Whenever I want to read all traffic I received on my (eth0) interface, I'm using tcpdump.
> # tcpdump -i eth0 -w file.pcap
>
> And only after that, I can pass the pcap file to Erlang as an Argument, and I can process/modify it:
> https://github.com/hokiespurs/velodyne-copter/wiki/PCAP-format <https://github.com/hokiespurs/velodyne-copter/wiki/PCAP-format>
>
> It's working, but as you can see, it's not real time :-/
>
> gen_tcp/gen_udp are not working because I would only capture all traffic matching ip address and udp port and for me only. But I want all traffic in my eth0 (traffic can be for other destination, not Me).
>
> I have checked
> https://github.com/msantos/procket <https://github.com/msantos/procket>
> https://github.com/msantos/pkt <https://github.com/msantos/pkt>
> https://erlang.org/doc/man/socket.html <https://erlang.org/doc/man/socket.html>
>
> they are great jobs, but seem to be encoding/decoding and need to specify protocol for socket:bind
>
> Can anyone advice please?
>
> Thanks,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20200811/89a0d181/attachment.htm>
More information about the erlang-questions
mailing list