tcpdump mailing list archives
Re: packet modification
From: John Fastabend <jfastabe () up edu>
Date: Mon, 3 Nov 2003 21:39:33 -0800 (PST)
Hi Kifah, I tried doing something similiar a little while ago and couldn't find any good ways to stop the packets from getting to the network stack. I found two possible ways, one was to catch them at the kernel level using a LKM(loadable kernel module), and the other was to use iptables to drop them and since libpcap captures them before iptables drops them you can retransmit the packets. I cant remember the name of the library to interact with iptables but if you need it email me offline and i'll look it up, i'm in class right now. And if you find a better way let me know. john fastabend On Sun, 2 Nov 2003, Kifah Abbad wrote:
Hi all, i am currently doing my thesis, and i have about 70 days to go. Well as part of my thesis i need to do something looking like this: I have 2 ipsec-bridges (openbsd 3.3) conntected together, both standing infront of 2 clients who wanna communicate.(clients are windows-xp) [client1]-----[ipsec-bridge-1]-------------[ipsec-bridge-2]----[client2] Now the scenario is: client-1 wants to communicate with client 2 (say open a telnet connection). for each packet happens the following on ipsec-bridge-1: 1. Capture all packets coming from Client1 to client2.(thats not making a copy of the packet, but actually grabbing it) 2.Add a string (security label, clearance) to each packet. ( let's say "securitystage1") 3. "shove" packet into the IPSEC tunnel (connected to ipsec-bridge-2) Now i have been trying to find a c-library or soution to get step 1 and 2 to work...which lead me to "libpcap"...but there are hardly any examples where the packets are actually captured and then changed (mnipulated). Most things i found are about generation of packets, or capturing "copies" of packets and watching the. (tcpdump). How would i realize this solution? any code examples? is there a good code-protal to search for such things? thanks - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
-- -- "Dependence on computers is apparently making a significant fraction of the population incurably stupid." -- Fritz Whittington - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- packet modification Kifah Abbad (Nov 02)
- Re: packet modification John Fastabend (Nov 03)
- Re: packet modification Craig Davison (Nov 03)
- Re[2]: packet modification Kifah Abbad (Nov 04)
- Re: Re[2]: packet modification Mario Lobo (Nov 04)
- Re: packet modification John Fastabend (Nov 03)