1

I have written 2 modules which are netfilter hook based and work at the IP layer.

However I wan to now capture packets at the switch layer. Are there any hooks to capture at the switching layer.

Any references to code snippets would be appreciated.

Edit: What kind of Software does a managed switch like DELL switch run on. Isn't it Linux, then how does that software deal with Layer 2 Packets.

Thanks

RootPhoenix
  • 1,626
  • 1
  • 22
  • 40
  • 1
    http://ebtables.netfilter.org/ebtables-hacking/ebtables-hacking-HOWTO.html Although it may be out of date now. – nos Oct 05 '15 at 11:23

1 Answers1

1

You can use similar hooks to your IP netfilter hooks. The main thing you will need to change is the protocol family: instead of NFPROTO_IP you will use NFPROTO_BRIDGE.

Do be aware that these hooks will only work on bridged interfaces, not on regular layer 2 packets that are just coming into non-bridged interfaces.

Joel C
  • 2,958
  • 2
  • 15
  • 18
  • So that means I compulsorily have to create a bridge for sniffing Layer 2 packets. What kind of Software does a managed switch like DELL run on. Isn't it Linux, then how does that software deal with Layer 2 Packets. – RootPhoenix Oct 13 '15 at 16:39
  • If you're looking at the regular switches like the PowerConnect 6200 series, they're running a customized version of VxWorks. Some of their newer switches do run customized Linux, but because they do not need to run on general hardware they are likely still using ASICs (application specific integrated circuits) to run the ports themselves and using actual silicon to do any required packet manipulation and/or mirroring. – Joel C Oct 13 '15 at 18:51
  • Could you also please answer the following question as well, If that comes under your working knowledge. Thank You http://stackoverflow.com/questions/33081481/is-use-of-spinlock-variants-valid-in-network-processing – RootPhoenix Oct 14 '15 at 04:07