tcpdump mailing list archives
Re: "intercepting" packets with libpcap
From: Guy Harris <guy () alum mit edu>
Date: Fri, 17 Nov 2006 00:04:56 -0800
srinibas maharana wrote:
I am just trying to find out, whether it is possible to use libnet/libpcap or, any thing simillar, for redirecting an client application's data traffic meant for a server application running on a separate machine, to another application on the same machinerunning the client application ?
It's not possible to use libpcap for that. Libpcap is a passive tap, in that packets received by a machine will be supplied independently to libpcap and to the OS's networking stack, so a libpcap-based application can't modify those packets before they're seen by the networking stack, and packets sent by a machine will be sent to the network adapter and independently supplied to libpcap, so libpcap can't modify them before they're transmitted on the network.
This is by design. The mechanisms that libpcap uses were designed to1) allow passive tapping of the sort that tcpdump, Wireshark, snort, etc. do
and2) allow (at least on some OSes) the implementation of protocols in user mode if the OS's networking stack *doesn't* implement them.
Some OSes have completely separate mechanisms for that sort of packet rewriting. You'd have to investigate those yourself.
- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- [tcpdump-workers] srinibas maharana (Nov 15)
- Re: "intercepting" packets with libpcap Guy Harris (Nov 17)