I want to build a network protocol analyzer, but I really don't know where to start. Obviously, I don't want the code in hand, I can think it up myself -- but the problem is a little more specific - where do I look at to get the IPs passing in and out? Like, do I need to communicate with the router or look for an operating system-related layer? I'm on Ubuntu 10.04 LTS (Lucid Lynx)...
And I know about things like WireShark and DarkStat -- using them is not what I want. I want something a little more customized for my needs, so can anyone help me out?
[EDIT: I don't want existing software. I'm doing something for my personal use]
Ya, I guess you got it right there, but will Java be enough for accessing it? Like, CAN I do it in Java? How I'll do it is a separate journey altogether :D but can I do it?
Maybe someone who knows for sure can chime in; I don't think Java supports promiscuous sockets. If that's true, you'd have to come up with a native library and a JNI wrapper if you still wanted to use Java to analyze the traffic. For example, jNetPcap.