Re: "intercepting" packets with libpcap

[Guy Harris <guy () alum mit edu>]

srinibas maharana wrote:

>  I am just trying to find out, whether it is possible
> to use libnet/libpcap or, any thing simillar, for
> redirecting an client application's data traffic meant
> for a server application running on a separate
> machine, to another application on the same machine
> running the client application ? 

It's not possible to use libpcap for that.  Libpcap is a passive tap, in 
that packets received by a machine will be supplied independently to 
libpcap and to the OS's networking stack, so a libpcap-based application 
can't modify those packets before they're seen by the networking stack, 
and packets sent by a machine will be sent to the network adapter and 
independently supplied to libpcap, so libpcap can't modify them before 
they're transmitted on the network.

This is by design.  The mechanisms that libpcap uses were designed to

	1) allow passive tapping of the sort that tcpdump, Wireshark, snort, 
etc. do

and

	2) allow (at least on some OSes) the implementation of protocols in 
user mode if the OS's networking stack *doesn't* implement them.

Some OSes have completely separate mechanisms for that sort of packet 
rewriting.  You'd have to investigate those yourself.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.