[Guy Harris <gharris@xxxxxxxxx>]

Neil Harwani wrote:
> 1. which language is ethereal written in ? i suppose in C

Yes.

> using
> winsock.h for windows and BSD Berkely sockets API in linux/unix ?

No.

It uses libpcap on UN*X (a term that encompasses "UNIX" in the sense of 
OSes that are derived from AT&T UNIX or that pass the Single UNIX 
Specification validation suite, and a bunch of other OSes that haven't, 
including Linux and various BSDs), and WinPcap (a driver for packet 
capture + a port of libpcap to use that driver) on Windows, to do packet 
capture.

It does *not* directly use sockets for packet capture (although on 
*some* OSes, such as Linux and Irix, the native packet capture mechanism 
happens to use a very special and non-portable type of socket; on other 
OSes, such as Solaris, the BSDs, Digital UNIX, HP-UX, and Windows with 
WinPcap, it doesn't use sockets at all).

> 2. i m working on a project to reduce bandwidth usage from client side
> ?

So do you mean you want to throttle the client so that it uses less 
bandwidth than is, in theory, available to it?

At what layer of software are you trying to do this?  And on what OS are 
you trying to do this?  From the "winsock" in your address, I suspect 
it's Windows.

> i have reached the stage where i can read packets raw at network
> layer using recv function. how do i now drop packets ? my idea is to
> drop packets at network layer and thus TCP will think there is
> congestion and reduce the speed of sending packets . is my logic
> right.

I'm not an expert on that sort of rate-limiting (and so I can't give you 
a detailed review of your design, or answer questions about the right 
way to do rate-limiting), but you might want to do a Google for 
"dummynet" and read some of the documents it turns up.  It was, at 
least, originally implemented in BSD, so the code probably won't be 
useful on Windows, and the mechanisms it uses might not all have 
equivalents on Windows, but it might still be useful to read.

Unfortunately, implementing something such as dummynet might be 
difficult to do on Windows - if nothing else, it'd involve kernel 
programming - and might even be impossible if there's no way to connect 
to the Windows networking stack at the places where you'd have to 
connect in order to do something such as that.

I *will*, however, note that network APIs generally don't have any 
mechanism to cause packets to be dropped at the network layer.  And, in 
any case, by the time you've read the packet it's probably too late to 
drop it - if the packet was also delivered to a TCP socket, TCP has 
already accepted it and might even have already acknowledged it.  I.e., 
I suspect the mechanism you were thinking of using isn't available.

In addition, I don't know whether dropping packets with the intent of 
provoking a particular behavior from TCP will produce the desired 
results.  When you provoke a system with a given input, the response 
might be more complicated than you expect - or desire.