Results 1 to 2 of 2
I have a web server running on a host and I want to intercept all packets(including IP/TCP header) sent by the webserver, so the packets are not sent out to ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 05-07-2013 #1
- Join Date
- May 2012
how to intercept(not only capture) outgoing packets from TCP programs
Originally, my plan is to use iptables to filter out the packets sent by the web server
and use libpcap to capture the packets. But I got to know the packet flow is:
Wire----NIC----libpcap----INPUT CHAIN---TCP STACK
Wire----NIC----libpcap----OUTPUT CHAIN---TCP STACK
this means for incoming packets, I can use libpcap and iptables to implement the interception: use libpcap to capture packets and iptables to prevent the packets from delivering to TCP stack. But for intercepting outgoing packets from web server, the combination of libpcap and iptables seems not to work. Because if I filter the outgoing packets, my libpcap can't capture these packets. If I don't use iptables to filter, although I can capture the packets using libpcap, the original packets will reach the Internet.
My target is to intercept all the packets(including TCP/IP header) sent from the webserver，are there any solutions? Can iptables be used to intercept packets? thanks!
Note: I'm not asking on how to modifying the packets TCP/IP header, I just let you know that why I want to intercept packets(including IP/TCP header). I'm asking on how to intercept packets.
- 10-20-2013 #2
- Join Date
- Oct 2013
Install wireshark and GUI for your distro. It will log all packets in and out in tcp udp or whatever.