Find the answer to your Linux question:
Results 1 to 4 of 4
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Signing the packets with the application name


    When a linux application opens a socket to transfer packets I would like to intercept the socket call and insert the application name into these packets. I'm fairly acquainted with core networking principles; I just have no clue where to start if I want to write a software that can perform such task. Could anyone give me some pointers?

  2. #2
    Linux Guru Rubberman's Avatar
    Join Date
    Apr 2009
    Location
    I can be found either 40 miles west of Chicago, in Chicago, or in a galaxy far, far away.
    Posts
    14,038
    Each TCP/IP packet has a maximum size as well as a checksum to verify that it has been received correctly. So, you need to make sure your changes don't exceed that (approximately) 1500 byte size, and then you need to recompute the checksum to place in the header. In any case, this is not trivial stuff - I have implemented complete TCP stacks in the past for real-time operating systems and I have a shelf full of books for reference documentation.
    Sometimes, real fast is almost as good as real time.
    Just remember, Semper Gumbi - always be flexible!

  3. #3

    Smile

    Thank you for your answer Rubberman

    I am planing to insert the application names (coded names) in the TOS field of the IP packets.

    In an article the authors introduced an app that perform exactly what I have in mind, but for Windows systems. The app intercepts the socket calls, infer the application name and other information, then it insert the application name in the TOS field.

    This is the architecture of the app.


    1. The Call Interceptor is a layered service provider developed using Microsoft SPI which intercepts all socket calls and obtain the application information.
    2. The Control Center processes the received information from call interceptor and sends it to the labeling driver.
    3. The Labeling Driver maintains a dynamic table which contains all current connections and their application types. It intercepts the outgoing packets in NDIS level, signs it with the application name and then sends it to the network.



    I would like to develop a similar app for Linux,
    Attached Images Attached Images

  4. $spacer_open
    $spacer_close
  5. #4
    Any suggestion on how to program the above architecture in Linux?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •