Re: Forwarding sniffed packets

[Jose Nazario <jose () biocserver BIOC cwru edu>]

On Sun, 11 Nov 2001, Loki wrote:

> Anyone out there familiar with a tool that would allow one to sniff
> packets off the wire and forward them to a remote host after
> modification?

'after modifcation'? what kind? simply packet header rewrites to redirect
them? or encapsulation? or 'netsed' type stuff?

RMON and tunnelX (from a recent phrack issue, alpha level code that does
GRE encapsulation; look for 'things to do in ciscoland ...') came up in a
recent discussion on one of these lists on this very subject. routing
games are also possible (think centertrack).

its not that hard to build something like this from libpcap and libnet.

check the archives for the discussion, it was quite enlightening. tip:
dont forward everything, rather use pcap or some other filters. the
bandwidth hit will be noticed by almost any site if you forward all
traffic out.

____________________________
jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/