[Click] ToHost and ToHostSniffers problem !

Eddie Kohler kohler at cs.ucla.edu
Tue Oct 26 12:22:29 EDT 2004 

yacine.djemaiel wrote:
> Adding this argument has resolved the problem but i would like
> to know, if it is possible, why IPPrint has displayed traffic
> while the ethernet header is stripped

Because the IPPrint element can handle packets without Ethernet headers. 
IPPrint requires only that a packet have an "Ethernet header annotation", such 
as that set by CheckIPHeader.


> and also, why
> ToHostSniffers doesn't work with userlevel ?.

Sniffers like tcpdump expect to read packets from *network devices*, not other 
user-level processes.  Making a version of ToHostSniffers that worked at 
userlevel would be a little involved.

Eddie


> 
> Thanks for your help
> 
> yacine
> 
> 
> 
>>Based on your earlier configuration:
>>
>>
>>  FromDevice(lo)
>>     -> Classifier(12/0800)
>>     -> Strip(14)
>>     -> CheckIPHeader()
>>     -> NewElement()
>>     -> ToDump(input.dump)  //or,  IPPrint
>>     -> IPPrint(PAYLOAD hex, OUTFILE dump-packets)
>>     -> Discard;
>>
>>
>>I think the problem is that you have not provided ToDump
> 
> with the correct 
> 
>>arguments.  ToDump needs to be told what encapsulation type
> 
> to store in its 
> 
>>file.  This encapsulation type defaults to ETHER (=
> 
> Ethernet).  But you've 
> 
>>stripped off the Ethernet header with Strip(14)!  That means
> 
> that ethereal or 
> 
>>tcpdump will misinterpret the resulting dump file, and it
> 
> will look like 
> 
>>garbage.  Try ToDump(input.dump, ENCAP IP).
>>
>>Eddie
>>
>>
>>
>>>Regards
>>>
>>>Yacine
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>>Yacine,
>>>>
>>>>ToHost is not supported on the userlevel click driver.
>>>>
>>>>Regards
>>>>
>>>>Beyers
>>>>
>>>>-----Original Message-----
>>>>From: click-bounces at amsterdam.lcs.mit.edu
>>>>[mailto:click-bounces at amsterdam.lcs.mit.edu]On Behalf Of
>>>
>>>yacine.djemaiel
>>>
>>>
>>>>Sent: Thursday, October 21, 2004 1:57 PM
>>>>To: click
>>>>Subject: [Click] ToHost and ToHostSniffers problem !
>>>>
>>>>
>>>>Hi all,
>>>>
>>>>I am trying to use ToHostSniffers or ToHost to be able to use
>>>>tcpdump to analyze traffic. When running click with a config
>>>>file including ToHost or   ToHostSniffers, i obtain the
>>>>following error message : unknown element class 'ToHost'/ 
>>>>'ToHostSniffers'.
>>>>Is those elements are not accomplished ?
>>>>
>>>>
>>>>
>>>>
>>>>Accédez au courrier électronique de La Poste :
>>>
>>>www.laposte.net ; 
>>>
>>>
>>>>3615 LAPOSTENET (0,34EUR/mn) ; tél : 08 92 68 13 50
> 
> (0,34EUR/mn)
> 
>>>>
>>>>
>>>>
>>>>_______________________________________________
>>>>click mailing list
>>>>click at amsterdam.lcs.mit.edu
>>>>https://amsterdam.lcs.mit.edu/mailman/listinfo/click
>>>>This is an email from CS Holdings. It is confidential to the
>>>
>>>ordinary user of the email address
>>>
>>>
>>>>to which it is addressed and may contain copyright and/or
>>>
>>>legally privileged information. No one
>>>
>>>
>>>>else may read, print, store, copy, forward or act in
>>>
>>>reliance upon all or any part of it or its 
>>>
>>>
>>>>attachments. If you received this email in error please
>>>
>>>notify its sender.
>>>
>>>
>>>Accédez au courrier électronique de La Poste :
> 
> www.laposte.net ; 
> 
>>>3615 LAPOSTENET (0,34€/mn) ; tél : 08 92 68 13 50 (0,34€/mn)
>>>
>>>
>>>
>>>
>>>_______________________________________________
>>>click mailing list
>>>click at amsterdam.lcs.mit.edu
>>>https://amsterdam.lcs.mit.edu/mailman/listinfo/click
>>
>>
> 
> Accédez au courrier électronique de La Poste : www.laposte.net ; 
> 3615 LAPOSTENET (0,34€/mn) ; tél : 08 92 68 13 50 (0,34€/mn)
> 
>

More information about the click mailing list