In this project, we should write system module and syscall for Linux which could find some information about network packets of the system. The problem was that a syscall or a module couldn't capture the packets. That's because the period of time that packets are placed in the system is too little and each time we ran the syscall, there were no packet there. Another reason for that could be the permission that the syscall didn't have. So we capture packets and save them in a newly defined list of instances of sk_buff which we defined for our use and this list will save in the instance of e1000_adapter because we can find all of them in our syscall or system module using instances of net_devices. Some fact that we have found is that a new sk_buff needs to be allocated and there are some functions to do that like alloc_skb(), dev_alloc_skb() and e1000_alloc_rx_skb() and because we could find all instances of e1000, we searched for the last one in the source of Linux and we found that a function named e1000_copybreak() is using that to create sk_buff. After a little more search on the e1000.h and e1000_main.c files, we found more information about creating and setting sk_buff and finally, we found the function "e1000_receive_skb" that creates skb after each packet recieves. So we get a copy for ourself in that function and with this trick, our syscall and module worked fine.