Re: bpf packet capture and SOCK_STREAM socket redirects...

Hi Alireza Torabi!

On Thu, 20 Mar 2008 09:43:52 +0000; Alireza Torabi wrote about 'bpf packet capture and SOCK_STREAM socket redirects...':

Is it possible to redirect/send/divert a bpf packet capture of one
interface to a listening tcp socket on another interface of the same
machine?
Here is my problem:
I'm capturing packets on one interface but for some specific tcp
packets let's say from host A to host B on port P, I want to hijack
the packet and send it to a listening tcp socket on the other
interface and reply an "Access Denied" message.

I'd like to use the tcp socket on the other interface as it's not
possible to communicate over the interface that's doing the packet
capture and I don't want to invent the wheel by doing all the tcp/tcb
states hence using a tcp socket.

But if that's a middle of connection, how would you do? Kernel sockets assume
they've acted in a conversation from the very beginning SYN's, so if you
redirect such packet, socket will not understand it.

If you yopu want to simply close/reset connection, however, this can be done
somehow.

--
WBR, Vadim Goncharov. ICQ#166852181 mailto:vadim_nuclight@xxxxxxx
[Moderator of RU.ANTI-ECOLOGY][FreeBSD][http://antigreen.org][LJ:/nuclight]

_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • bpf packet capture and SOCK_STREAM socket redirects...
    ... Is it possible to redirect/send/divert a bpf packet capture of one ... interface to a listening tcp socket on another interface of the same ...
    (freebsd-net)
  • bpf packet capture and SOCK_STREAM socket redirects...
    ... Is it possible to redirect/send/divert a bpf packet capture of one ... interface to a listening tcp socket on another interface of the same ...
    (freebsd-questions)
  • Re: bpf packet capture and SOCK_STREAM socket redirects...
    ... I've got a data link capture of the packet ... Is it possible to do a bpf write of a packet that can be seen by the ... This means that the interface does it's normal work and the packet ... interface to a listening tcp socket on another interface of the same ...
    (freebsd-net)
  • RE: Intrusion Prevention requirements document
    ... The tools consider one interface as "client" and other ... Packet 1 is first sent out on client interface. ... > my previous company was Blade Software where I developed IDS Informer ... Up to 75% of cyber attacks are launched on shopping carts, ...
    (Pen-Test)
  • Re: Pix 515 VLAN NAT0 issues
    ... that ACL will be exempt from NAT. ... the packet at the time the PIX receives the packet. ... ACL applied to an inside interface would have the internal IPs as ... accepted as having a translation and satisfying the security policies. ...
    (comp.dcom.sys.cisco)