Reputation: 155
Linux: How to send a whole packet to a specific port on another host?
I have captured a TCP packet using libpcap, and I want to send this whole packet(without modifying it) to a specific port on another host(which has another sniffer listening to that port).
Is there any way I can do this?
Thanks a lot!
Upvotes: 2
Views: 4984
Answers (3)
Reputation: 3134
I don't know whether you HAVE to use C or not, but even if you do, I would recommend building a prototype with Python/Scapy to begin with.
Using scapy, here are the steps:
- Read the pcap file using rdpcap().
- Grab the destination IP address and TCP destination port number (pkt.getlayer(IP).dst, pkt.getlayer(TCP).dport) and save it as a string in a format that you want (e.g. payload = "192.168.1.1:80").
- Change the packet's destination IP address and the destination port number so that it can be received by the other host that is listening on the particular port.
- Add the payload on top of the packet (pkt = pkt / payload)
- Send the packet (sendp(pkt, iface='eth0'))
- You will have to dissect the packet on the other host to grab the payload. Without knowing exactly what is on top of the TCP layer in the original packet, I can't give you an accurate code for this, but should be relatively straight forward.
This is all quite easy with Python/Scapy but I expect it to be much harder with C, having to manually calculate the correct offsets and checksums and things. Good luck, and I hope this helps.
Upvotes: 0
Reputation: 7255
netcat may work in this case although I think you may have to reconstruct the header, have not tried.
How to escape hex values in netcat
The other option is to use iptables to tee the packet to the other sniffer while still catching it in you package analyzer
http://www.bjou.de/blog/2008/05/howto-copyteeclone-network-traffic-using-iptables/
Another option is using a port mirror, this goes by a few differnt names depending on the switch being used but it allows you to set a port on a a switch to be essentially a hub.
I think your best bet if you can't get netcat to work is to use iptables and you can add filters to that even.
Upvotes: 1
Reputation: 25873
You didn't specify which programming language you're using and what you've tried so far.
Change the IP address field to the target IP and the TCP port field to the port you want. Don't forget to update both checksums.
If what you want is TCP forwarding, the Linux kernel already does this for you.
Upvotes: 1
Related Questions
- Is it possible to send TCP packet to a specific port with scapy's send function?
- Send TCP SYN packet with payload
- Linux. Can packets pass libpcap by?
- How to accept on a certain port with linux network code
- Linux: how to send TCP packet from specific port?
- Linux, can I specify port for outgoing udp packet?
- pCap capturing outgoing packets
- Send data packets from one linux server to other server (LINUX)
- ping a port with specific packet /my own packet
- How do I send UDP packet from a specific interface on Linux?