i'm learning about networking on a site and there says there are 3 types of sending data:
unicast, multicast and broadcast
in the unicast case the IP layer encapsulates the IP destination(let's say "derp"). the interesting fact i've read about the unicast is that all machines within the same network will recieve the packet that is supposed to arrive at derp, but only derp will 'accept' the packet as the rest of the machines will drop it seeing the destination IP doesn't match with its IP.
so, i suppose kernel does check the ip matching which means it also drops the packet if it doesn't match.
what i'm interested in: "is it possible to catch the packets denied by kernel?" if yes, how?

Recommended Answers

I think you may need to look into packet sniffing... Though, there would be even more interesting detail you may like to read.

Jump to Post

All 4 Replies

I think you may need to look into packet sniffing... Though, there would be even more interesting detail you may like to read.

the problem is that the packets don't arrive to packet sniffers because they are discarded right away

This also depends on your network as well. Many modern switches provide layer 3 support as well; that is, they are IP aware. If they do, they will keep routing tables, and usually only forward it to one port. Some commericial switches have a specific port that all packets are forwarded to for packet sniffers to use.

As nmaillet said, it involves hardware at this point...

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.21 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.