Re: bpf packet capture and SOCK_STREAM socket redirects...

Ok I have read this again,

I think you are trying to hijack a session before the intended
target can start it up... but you have some problems.
The original packets will continue on to the intended server so it
will respond as well. And when the session you have created
starts talking, that original server is going to start sending you
lots of resets. They MAY or MAY NOT (depending on the client OS)
reset your session.

We do something almost exactly like this sometimes, but we have a mechanism to stop the original packets.

as long as the port is in promiscuous mode, you
should be able to jsut use ipfw add 100 fwd 127.0.0.1,1000 tcp from any to any 80 in recv em0 setup

where em0 is your span NIC and your dummy server is listening on port 1000 on 127.0.0.1

It will respond faster than the remote server (assuming port 80 here)
and will supply a sequence number that the intended window will fail
to match.

you can force the interface into promiscuous mode in several ways..
including using netgraph and ifconfig.
_______________________________________________
freebsd-net@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: remote web workplace server admin login problem
    ... You need to forward port 444 too. ... >> Microsoft SBS-MVP ... > I can also use it to connect to the servers console session. ... >>> tried it right after the server install and it worked and it won't ...
    (microsoft.public.windows.server.sbs)
  • Re: SSH connection thru corporate firewall to home sshd on Port 80
    ... > session and perhaps someone can explain this to me. ... > I have a FreeBSD server running sshd listening on port 80 at home. ... > internet to this SSHD:80 server (no firewall involved). ...
    (comp.security.ssh)
  • Can a session cookie be distinguished by IP:port?
    ... I have two browser windows of MSIE open with only one IEXPLORE.EXE ... I point one window at a server on port 8080 and the other at ... invalidating the server session on each. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: How does that tcp traffic work
    ... For each session the server fork() the request and give them a id ... For data arriving at port 80 the server check the process id ... For example, host A is a client, host B is a webserver ...
    (RedHat)
  • SMB 139 over PuTTY/SSH "network path was not found"
    ... I'm trying to get remote SMB port 139 tunneled through ... PuTTY/SSH to a server at work. ... Non-PuTTY/SSH session work fine. ...
    (comp.security.ssh)