[Re: [Re: Cant see syn packets!]]

Ramkumar Chinchani chinchani@usa.net
8 Jul 2001 19:11:42 EDT 

Thanks for the code module. It was helpful.
Sorry for the multiple pesters, but your approach seems to be a little fl=
awed
in the sense that, when I print out the source and destination ports of t=
he
tcp header (following as (*skb)->h.th->source, it gives me a weird value
(different from
what netstat -a shows)

Thanks again.



vecna@s0ftpj.org wrote:
> On Sun, Jul 08, 2001 at 04:25:35PM -0400, Ramkumar Chinchani wrote:
> ~ =

> ~ Thanks for pointing out the incorrect semantics. But I still cannot s=
ee
any
> ~ SYN packets even though I am printing out the TCP header info for eve=
ry
packet
> ~ that comes in.
> ~ =

> ~ Is there any way I can insert a hook to find out if an incoming packe=
t
has
> ~ formed a new connection. I did look at ip_conntrack and it does seem =
to
say if
> ~ a packet if previously unseen forms a new connection. How good is thi=
s?
> ~ =

> ~ Thanks again.
> ~ =

> =

> sorry but I'm too drunked for learn english, on attach you find my modu=
le
that
> show syn, I've made it on 3 miunts deleting one my old work.
> =

> from kern.log:
> =

> Jul  9 00:05:42 claudio kernel: loading test synshow module
> Jul  9 00:06:06 claudio kernel: syn wow!
> Jul  9 00:06:38 claudio last message repeated 20 times
> Jul  9 00:07:44 claudio last message repeated 36 times
> Jul  9 00:08:41 claudio last message repeated 23 times
> Jul  9 00:09:46 claudio last message repeated 30 times
> Jul  9 00:10:30 claudio last message repeated 14 times
> Jul  9 00:11:12 claudio last message repeated 12 times
> Jul  9 00:12:31 claudio last message repeated 8 times
> Jul  9 00:13:43 claudio last message repeated 21 times
> =

> =

> sorry if I don't help you on correct mode but I give you this module,
> I'm very tired.
> =

> =

> bye
> =

> for compile gcc -c -O6 -fomit-frame-pointer synshow.c
-I/usr/src/linux/include
> =


> --------------------------------------------- =

>	Attachment: text/x-csrc; charset=3Dus-ascii =

>	MIME Type: text/x-csrc =

> --------------------------------------------- =