Engee documentation

RITM-ETH-RAW RX

Page in progress.

Receive raw data over Ethernet and return the data of the last received packet.

ritm eth raw rx

Description

The block is used to receive raw data over Ethernet. It returns the data of the last received packet.

Ports

Output

Size - number of bytes received
scalar

Details

Not more than the value of the Maximum message size parameters.

Data type

UInt32.

Data - array of received bytes
vector

Time, s - the time in seconds since the beginning of the UNIX era at which the packet was received
scalar

*Time, µs fractional part of time
scalar

Details

The number of microseconds elapsed since the beginning of a second.

Parameters

Ethernet Interface - Ethernet port to be used for receiving messages
Host-target (By default) | Ethernet 1 | Ethernet 2 | Ethernet 3 | Ethernet 4 | Ethernet 5 | Ethernet 6 | Ethernet 7 | Ethernet 8 | Ethernet 9

Details

The port numbers are indicated on the case of RITM.

Maximum message size - - maximum possible length of the received message
`1 (By default).

Unintelligible mode — --. switches the port to promiscuous mode, in which the network card accepts all packets regardless of to whom they are addressed
On (By default) | ``Disabled''.

Use filter - flag that allows you to enable filtering of received messages (for details, see ). Message filter in the RITM-ETH-RAW RX block)
Enabled (by default) | Disabled

Filter - menu for setting filters for received packets.
"ether src 00:2B:67:F9:4d:A1" (by default).

Calculation Step - calculation step in seconds for receiving Ethernet packets
`-1 (By default).

Details

For each calculation step, one packet is read from the operating system buffer. If there is more than one packet in the operating system buffer, one next packet will be read in the next calculation step.

Message filter in the RITM-ETH-RAW RX block

The PCAP library is used to receive packets. The Filter box of the RITM-ETH-RAW RX block is used to enter an expression that will be used to compile the library filters.

A PCAP filter is a string consisting of a set of primitives. The set of primitives determines which packets will be accepted. A primitive contains an identifier and one or more qualifiers.

Three types of qualifiers are defined:

  • type - the qualifier defines the type of the identifier name or number.

    Possible values are: host (host), net (network), port (port) or portrange (port range). In the absence of a qualifier, host is assumed by default.

  • dir - qualifier defines the direction of information transmission relative to the object defined by the identifier.

    Possible values: src (sender), dst (receiver), src and dst (sender and receiver), src or dst (sender or receiver). The value by default is src or dst.

  • proto - qualifier defines conformity to a certain protocol.

    Possible values: ether, fddi, ip, arp, rarp, decnet, lat, sca, moprc, mopdl, tcp and udp.

For example:

**ether src 0A:0A:0A:0A:0A:0A** — захват сообщений от отправителя с MAC: **0A:0A:0A:0A:0A:0A**.

**dst net 192.168.56.0/24** — захват сообщений предназначенных для сети **192.168.56.0/24**.

**host 192.168.56.3** — захват сообщений предназначенных либо отправленных устройством с адресом **192.168.56.3**.

**ip icmp** — захват ICMP пакетов.

In addition to object identifiers and qualifiers, filters can contain the keywords gateway, broadcast, multicast, less, greater, as well as arithmetic expressions. For example:

ip multicast — захват ip пакетов, содержащих адреса из класса D.
less 1000 — захват кадров, у которых размер менее 1000 байт.

Primitives can be composed using logical operations:

  • I - and (&);

  • NOT - not (!);

  • ILI - or (||).

host foo and not port ftp and not port ftp-data

Conditions can be combined using brackets:

not (host ip1 or ip2)

Additional example expressions:

not (host 192.168.56.3 or 192.168.56.2) - Для отбрасывания пакетов, принадлежащих устройствам с ip  адресами 192.168.56.3 или 192.168.56.2.

host 192.168.0.1 or host 192.168.0.2 and tcp port 22 – Для захвата или любого трафика, принадлежащего хосту 192.168.0.1, или трафика протокола TCP и использующего порт 22, принадлежащего хосту 192.168.0.2.

(host 192.168.0.1 or host 192.168.0.2) and tcp port 22 – Для захвата трафика протокола TCP и использующего порт 22, принадлежащего хосту 192.168.0.1 или хосту 192.168.0.2 (любому из них, или обоим сразу).

ip host 192.168.56.2 and not 192.168.56.3 - Захват всех пакетов, идущих от или к 192.168.56.2, кроме пакетов от или к 192.168.56.3

For more information on filter usage, see official PCAP documentation.