Scanning and packet sniffing software; specifically network mapper (nmap) and tcpdump are tools I now use almost daily
in some capacity. The underlying software of tcpdump - libpcap (packet
capture library) - I have on three occasions needed to leverage pcap
libs for various tasks. In the final part of the libpcap series the full
source listing of the pieces from part one and part two are cobbled together into a
single program. The Makefile is also constructed in addition
to a small barely functional packet injector program which shows
another side of libpcap; packets don't just have to be read they can be
written as well.
There are many a diagnostic program/system/framework/architecture out there to help the systems administrator/programmer/network administrator along with their day to day lives. Ultimately almost all of the good pieces of software that exist allow for easy interaction: that is send back a signal and/or a message. The problem: writing the original diagnostic scripts to begin with. In this text a look at writing shell scripts to check on conditions from many points of view - that is from the perspective of local checks only versus remotely executing checks using secure shell.
In the first part of the
libpcap series a rudimentry packet reader (or sniffer) was
built which could read and print tcp/ip traffic on a particular interface.
In the second text a look at some simple checks of the data itself, adding
options like interface selection, libpcap filter options
and verbosity levels. Some of the checks included are:
The filter options are eventually passed exactly like tcpdump
using the tcpdump argv vector copy.
libpcap I
Reading network data can be difficult. Tools and utilities such as
wireshark, tcpdump and nmap
exist that can aide in dealing with networks at multiple levels.
What if, however, one needed to integrate packet reading or writing
into their own code? The libpcap library exists for the
very purpose of dealing with network data a higher level than the
raw socket API.
In part one of a three part series a look at
writing a very simplistic packet reader utility which can
easily be used as the basis for integrating the functionality of
libpcap into an existing application.
Part One of the BIND version of DNS discussed and gave examples of a very simple single zone of authority DNS server. Part two of the series addresses:
A glance at DNS options is also done but not addressed to deeply this time around.
(based on last 2 months log reports)