Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    how to intercept(not only capture) outgoing packets from TCP programs

    I have a web server running on a host and I want to intercept all packets(including IP/TCP header) sent by the webserver, so the packets are not sent out to the Internet by the web server directly.

    Originally, my plan is to use iptables to filter out the packets sent by the web server
    and use libpcap to capture the packets. But I got to know the packet flow is:

    Wire----NIC----libpcap----INPUT CHAIN---TCP STACK
    Wire----NIC----libpcap----OUTPUT CHAIN---TCP STACK

    this means for incoming packets, I can use libpcap and iptables to implement the interception: use libpcap to capture packets and iptables to prevent the packets from delivering to TCP stack. But for intercepting outgoing packets from web server, the combination of libpcap and iptables seems not to work. Because if I filter the outgoing packets, my libpcap can't capture these packets. If I don't use iptables to filter, although I can capture the packets using libpcap, the original packets will reach the Internet.

    My target is to intercept all the packets(including TCP/IP header) sent from the webserver,are there any solutions? Can iptables be used to intercept packets? thanks!

    Note: I'm not asking on how to modifying the packets TCP/IP header, I just let you know that why I want to intercept packets(including IP/TCP header). I'm asking on how to intercept packets.

  2. #2
    Install wireshark and GUI for your distro. It will log all packets in and out in tcp udp or whatever.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts