Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

How does a packet capturing facility work?

capturing facility packet
0
Posted

How does a packet capturing facility work?

0 CommentsAdd a Comment

1 Answer

0

The exact details are dependent on the operating system. However, the following will attempt to illustrate the usual technique used in various implementations: The user process opens a device or issues a system call which gives it a descriptor with which it can read packets off the wire. The kernel then passes the packets straight to the process. However, this wouldn’t work too well on a busy network or a slow machine. The user process has to read the packets as fast as they appear on the network. That’s where buffering and packet filtering come in. The kernel will buffer up to X bytes of packet data, and pass the packets one by one at the user’s request. If the amount exceeds a certain limit (resources are finite), the packets are dropped and are not placed in the buffer. Packet filters allow a process to dictate which packets it’s interested in. The usual way is to have a set of opcodes for routines to perform on the packet, reading values off it, and deciding whether or not it’s wan

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123