Reputation: 447
Sending packets in Netcat from an address without binding
I've set promiscuous mode with ifconfig eth0 promisc and in python I can send packets without binding doing this with raw sockets.
I've done the command nc -vs 192.168.11.1 -p 22 192.168.11.2 22 to see if I can send packets as another computer without having a bound address of that machine.
Is this feature possible in netcat or do you have to bind? Currently the machine has no address settings, but is in promiscuous mode so it can see all traffic.
UPDATE:
In python I created a hex string then use struct and send it out. I utilize ifconfig to set promiscuous mode (because I couldn't figure out how to do it in python) inside a bash script that then runs my python script, but once it's set it seems to just select eth0 automagically without me setting a thing.
I wasn't certain if netcat could do that or not and nothing in the utility seems to indicate this. I might just make a python script to make it work with raw sockets, if possible.
Upvotes: 1
Views: 2095
Answers (1)
Reputation: 15996
I don't think this is possible with netcat unless it also allows the use of raw sockets (bound to an interface).
Given that you have no address settings, it is instructive to look at your routing table:
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
$
e.g. Empty.
netcat uses TCP by default. For TCP sockets, you don't have to bind to a source interface, but if you don't, the kernel stack will look up the destination address in the kernel routing table to figure out which interface to send it out of. Since there is no addressing, the routing table is empty and the route lookup will fail. Thus TCP won't be able to send out its first SYN packet.
One possible workaround I considered was adding an appropriate static route, which should help send the initial SYN. But TCP still won't work, because when the SYN-ACK comes back from the hext-hop router, the next-hop router won't have an ARP entry for this machine, and won't be able to resolve one if the machine has IP address.
If all you care about is sending traffic, you might get away with UDP sockets and a static route, but even then the kernel stack may not allow it.
For your raw sockets in python, I assume you are binding to a local interface, which allows you to operate at a lower level and bypass the checks above.
Upvotes: 1
Related Questions
- Implementing netcat in bash
- Netcat - Execute Command and send return
- Test if netcat listener got a connection and run a command locally
- How can I automate sending and receiving TCP traffic using netcat in Bash?
- Linux. netcat + bash
- Netcat TCP Programming with Bash
- Netcat drops incoming packets
- Emulating netcat -e
- Using netcat to send a UDP packet without binding
- Binding on a port with netpipes/netcat