packet capture - only capture outgoing traffic
137 views
Skip to first unread message
Pascal
Jul 8, 2023, 7:12:35 AM7/8/23
to ns-3-users
Hi all
I am wondering if it is possible to configure ns3 such that when EnablePcap() is called on some NetDevice that it can somehow determine the directionality of the traffic and use that to e.g., only write outgoing or only incoming traffic (on that specific device) to a pcap file.
This is perhaps a bit unusual, as some of that could be achieved with just filtering with e.g., wireshark in the resulting pcap, but that might get very time-intensive.
Let's assume a scenario where traffic is captured at nodes that are essentially just routers, having many outgoing and incoming interfaces. If I want to get some "big picture" view of all the traffic going through a specific router I call EnablePcap on all the NetDevices that "belong" to that router node.
What I'm getting then once I "merge" all the pcap files captured at all of the router's interfaces is essentially a situation where each packet occurs twice, as it was captured as incoming traffic on one interface and outgoing traffic on another.
Depending on the scenario, there might not be any way to just categorize an entire interface (and thus pcap file) as ougoing or incoming traffic and things get even more complicated if you have an entire topology of such nodes.
This is where it would be convenient to have some way to only write incoming or outgoing traffic into the pcap.
Is there anything that can be done in terms of configuration? Or do you see some other approach that might help tackle this?
Best & Thanks in advance,
Pascal
Tom Henderson
Jul 8, 2023, 11:20:08 AM7/8/23
to ns-3-...@googlegroups.com, Pascal
There is no way, generally, to
configure ns-3 to do what you ask, but small edits to the source
code might accomplish it.
Most traces are hooked to the
'promiscuous' trace in the NetDevice, such as this in
CsmaNetDevice:
//
// For all kinds of packetType we receive, we hit the promiscuous sniffer
// hook and pass a copy up to the promiscuous callback. Pass a copy to
// make sure that nobody messes with our packet.
//
m_promiscSnifferTrace(originalPacket);
// For all kinds of packetType we receive, we hit the promiscuous sniffer
// hook and pass a copy up to the promiscuous callback. Pass a copy to
// make sure that nobody messes with our packet.
//
m_promiscSnifferTrace(originalPacket);
Just above that, you can see that there
is some testing of the destination address:
else if (header.GetDestination() ==
m_address)
{
packetType = PACKET_HOST;
}
{
packetType = PACKET_HOST;
}
so, you can move the trace statement
inside there if you want to only capture packets that are
incoming, or write a similar check if you want the outgoing.
- Tom
--
Posting to this group should follow these guidelines https://www.nsnam.org/wiki/Ns-3-users-guidelines-for-posting
---
You received this message because you are subscribed to the Google Groups "ns-3-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ns-3-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ns-3-users/f3331f88-a637-473a-9dc4-5bbdc5d9a07en%40googlegroups.com.
Pascal
Jul 9, 2023, 5:49:14 AM7/9/23
to ns-3-users
Hi Tom
Thanks for your suggestion. I am specifically interested in NetDevices on p2p channels.
I have taken your approach and put in some exploratory logs into the PointToPointNetDevice:
// TODO: CLEANUP experimental
Ptr<Packet> localPacketClone = packet->Copy();
// clone here again, because header missing on
// packet otherwise in ProcessHeader() method
EthernetHeader header(false);
localPacketClone->RemoveHeader(header);
bool test = header.GetDestination() == m_address;
std::cout << "packet info: source - " << header.GetSource()
<< ", destination - " << header.GetDestination()
<< "'this' - " << m_address
<< ", dest=='this' - " << test << std::endl;
// TODO: CLEANUP experimental done
Ptr<Packet> localPacketClone = packet->Copy();
// clone here again, because header missing on
// packet otherwise in ProcessHeader() method
EthernetHeader header(false);
localPacketClone->RemoveHeader(header);
bool test = header.GetDestination() == m_address;
std::cout << "packet info: source - " << header.GetSource()
<< ", destination - " << header.GetDestination()
<< "'this' - " << m_address
<< ", dest=='this' - " << test << std::endl;
// TODO: CLEANUP experimental done
This basically tells me that the header.GetDestination does never actually equal m_address. Now that I think about it, that makes a lot of sense, because the final destination of any packet is never actually one of these router nodes, but rather some other node in the topology (i.e., none of the router nodes are ever directly addressed in any of the packet headers).
What this also tells me is that if I want to get this approach to work, I have to basically have a complete view of the topology and also some way to determine directionality within each p2pNetDevice, such that I can compare header.GetDestination() against some list of addresses. I suspect, this will be extremely difficult to achieve and probably is beyond the timeframe that I have to get this working.
I am wondering though. If I understand you correctly, the part that leads to a packet being "included" in a given interface's pcap output is the callbacks through m_promiscSnifferTrace() respecitvely m_snifferTrace(), is that correct?
If so, could I just remove those sniffer callbacks from either the ::Receive() or the ::Send() methods on the p2pNetDevice to only get incoming respectively outgoing traffic on these netDevices?
Best regards,
Pascal
Reply all
Reply to author
Forward
0 new messages