tcpdump mailing list archives

Re: packet modification

From: John Fastabend <jfastabe () up edu>
Date: Mon, 3 Nov 2003 21:39:33 -0800 (PST)

Hi Kifah,

I tried doing something similiar a little while ago and couldn't find any 
good ways to stop the packets from getting to the network stack.  I found 
two possible ways, one was to catch them at the kernel level using a 
LKM(loadable kernel module), and the other was to use  iptables to drop 
them and since libpcap captures them before iptables drops them you can 
retransmit the packets.  I cant remember the name of the library to 
interact with iptables but if you need it email me offline and i'll look 
it up, i'm in class right now.  And if you find a better way let me know.

john fastabend



 On Sun, 2 Nov 2003, Kifah Abbad wrote:

Hi all,

i am currently doing my thesis, and i have about 70 days to go.

Well as part of my thesis i need to do something looking like this:

I have 2 ipsec-bridges (openbsd 3.3) conntected together, both
standing infront of 2 clients who wanna communicate.(clients are
windows-xp)

[client1]-----[ipsec-bridge-1]-------------[ipsec-bridge-2]----[client2]

Now the scenario is: client-1 wants to communicate with client 2 (say
open a telnet connection).
for each packet happens the following on ipsec-bridge-1:

1. Capture all packets coming from Client1 to client2.(thats not
making a copy of the packet, but actually grabbing it)

2.Add a string (security label, clearance) to each packet. ( let's say
"securitystage1")

3. "shove" packet into the IPSEC tunnel (connected to ipsec-bridge-2) 


Now i have been trying to find a c-library or soution to get step 1
and 2 to work...which lead me to "libpcap"...but there are hardly any
examples where the packets are actually captured and then changed
(mnipulated). Most things i found are about generation of packets, or
capturing "copies" of packets and watching the. (tcpdump).

How would i realize this solution? any code examples? is there a good
code-protal to search for such things?

thanks

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe


-- 
--
"Dependence on computers is apparently making a significant fraction
of the population incurably stupid." -- Fritz Whittington

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe

Current thread:

packet modification Kifah Abbad (Nov 02)
- Re: packet modification John Fastabend (Nov 03)
  - Re: packet modification Craig Davison (Nov 03)
  - Re[2]: packet modification Kifah Abbad (Nov 04)
    - Re: Re[2]: packet modification Mario Lobo (Nov 04)