I would like to build a project to sniff fields in an ethernet connection (UDP or TCP) and to switch on a led (or to show the results on LCD) in case some conditions is meet.
For instance: assuming that in a net there are several packets from different sources (PCs), I would like to have a LED that switch on in case a packet from a given source is detected.
I'm wondering either if it exists already something like that (where?) or which kind of libraries I should use to write a sketch by my self.
I have already the ethernet shield (actually I have arduino ethernet) with the chip Wiznet W5100. I'm assuming that there is no problem in using something like the promiscuos mode (since it isn't forbidden explicitly). My question is if it exists some particular software library to sniff the fields of the packets (both in UDP and TCP), or if I have to use the standard ethernet library. In case of that do you have some reference where I can found some tutorial in using such library?
Thanks again,
As far as I know, the W5100 does not support promiscous mode and an Arduino is probably not fast enough for even a 10Mbit/s network connection to scan in that mode (getting all packets and inspect them). Get a cheap router with OpenWRT (or a similar distro) and do it in Linux (netfilter/iptables or tcpdump). Most of the devices have a LED you can control with simple shell commands. If you need to control more than an LED later, you might go for a model with a USB (or TTL serial) port and you're able to attach an Arduino there.
in any case, even just to learn something, I would like to investigate the possibility to use still direclty the arduino. I haven't problem with the speed, because I'm thinking just to a portable device to help in the understanding of the routing in a complex network, with test rate very very low (few packets per minute). About the promiscous mode: do you mean that even the UDP packets with "wrong" destination address are dropped by the wiznet? I was thinking that such kind of processing is done in higher level of the stack...
do you mean that even the UDP packets with "wrong" destination address are dropped by the wiznet?
Think lower - layer 1. Packets with the "wrong" MAC address are dropped by any NIC (unless it is in promiscuous mode). A "right" address is the NIC's own MAC, a broadcast destination, or a multicast destination MAC that the NIC is subscribed to (went a bit pedantic on that last one).
Note that "sniffer" applications have become nearly useless since the standard ethernet connection has become a jack into a "switch" (implemented on a chip.) The main characteristic of a switch (vs a "hub") is that packets are only sent to the socket that has the relevant hardware MAC address present...
Not only for those reasons, but compared to most NICs, this thing is a slug, a snail, a turtle. It would not be able to keep up with a 10BaseT network, much less 100BaseT or gigabit. All the other devices on the network would handily outrun it.
Note that "sniffer" applications have become nearly useless since the standard ethernet connection has become a jack into a "switch" (implemented on a chip.) The main characteristic of a switch (vs a "hub") is that packets are only sent to the socket that has the relevant hardware MAC address present...
Unless you happen to have control of the switch, and it's a managed switch. If so you can usually configure the switch to mirror all traffic to a particular port and put your sniffer there.
Unless you happen to have control of the switch, and it's a managed switch. If so you can usually configure the switch to mirror all traffic to a particular port and put your sniffer there.
Now that is a thought. As long it is managed, you could throttle the total bandwidth to 1M so the Arduino could keep up.
how about storing all the mac addresses in an array and individually view the data on each mac address... Should work? or would the router prevent cloning?