c - How do I identify the source of a UDP packet in an access point? -
i'm creating kind of access point.
i capture packets, of types, machine, in order prioritize them before forwarding them, according default quality of service (qos) classes.
by calling socket
eth_p_all
parameter , can incoming packets of protocol type:
if ((sockfd = socket(af_packet, sock_raw, htons(eth_p_all))) == error) { perror("socket"); exit(1); }
by using ethhdr
, iphdr
, tcphdr
, udphdr
structs can't retrieve information on application sent each packet.
however, both voip , snmp use udp, , don't know of 2 sent me udp package.
i'd know applications sending udp packets, may follow qos classes , forward packets (e.g. conversational voice) before others (e.g. e-mail).
in order recognize protocol, should use list of tcp , udp port numbers?
you cannot tell for sure application sent packet - sender knows this. if understand correctly, want detect protocol being used. have 2 possibilities:
assume application based on destination port set on tcp/udp packet - list of tcp/udp port numbers or
/etc/services
(if you're on linux/unix/osx/etc) might of help;analyse packet contents , match against known protocol signatures (like ids - see snort rules example). note may need form of conntrack make work reliably;
Comments
Post a Comment