Find the answer to your Linux question:
Results 1 to 6 of 6
I want to modify packet header(IP header, TCP Header) before the host send them into the network. For example, if I'm using firefox for browsing, then I want to intercept ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2012
    Posts
    87

    how to modify packet header(IP header, TCP Header) before the host sen


    I want to modify packet header(IP header, TCP Header) before the host send them into the network.

    For example, if I'm using firefox for browsing, then I want to intercept all the packets from firefox and modify the IP/TCP header and then send them into the network.

    so basically, there are two requirements: 1 intercept all the packets from firefox(but not other programs). if this is not possible, is it possible to intercept the packets from a specific port or ip/port pair

    2 modify the IP/TCP header and then inject them into the network

    are there ways, APIs to achieve this? how about libpcap? are there similar source code snippets? I'm working with linux c

    thanks!

  2. #2
    Linux Newbie
    Join Date
    Nov 2009
    Posts
    229
    Hmmm....

    You could try building your own proxy and have firefox run through it. That way, you can re-package all that firefox sends. Be sure to use the "recvfrom" to get the messages so that you can save the inbound address for your replies to the sources.

    What do you want to modify in the headers?

    If it's source address-linked, you are going to hit routing problems.

    In order to create your own headers, I would imagine that you will need to use a "AF_PACKET" socket of type "SOCK_RAW". See man socket.

    If you are looking to keep your source point secret, google anonymous proxy.

    Cheers - VP

  3. #3
    Just Joined!
    Join Date
    May 2012
    Posts
    87
    are there any simple similar source codes of the proxy you mentioned?
    thanks!

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Newbie
    Join Date
    Nov 2009
    Posts
    229
    I think the most common proxy used by GNU/Linux folks is probably squid.

    I all depends on what you want to do with it. At the most basic level, you need a TCP Server bound to whatever port you want. Then, decide what model you want to use vis-a-vis incoming connections.

    Thread per connect, thread pool, child proc per connect. A lot depends on traffic volume.

    Once you have accepted the connection, open a new one to the target and pass on the original request. Route the responses back to the original connection. Then, either shut it off or persist it as required.

    Something like squid gives you an awful lot more functionality including caching, filtering and so on.

    Cheers - VP

  6. #5
    Just Joined!
    Join Date
    May 2012
    Posts
    87
    how about deep packet inspection?
    is DPI fast or not if it needs to intercept a lot of traffic

    Quote Originally Posted by voidpointer69 View Post
    I think the most common proxy used by GNU/Linux folks is probably squid.

    I all depends on what you want to do with it. At the most basic level, you need a TCP Server bound to whatever port you want. Then, decide what model you want to use vis-a-vis incoming connections.

    Thread per connect, thread pool, child proc per connect. A lot depends on traffic volume.

    Once you have accepted the connection, open a new one to the target and pass on the original request. Route the responses back to the original connection. Then, either shut it off or persist it as required.

    Something like squid gives you an awful lot more functionality including caching, filtering and so on.

    Cheers - VP

  7. #6
    Linux Newbie
    Join Date
    Nov 2009
    Posts
    229
    Well, it all takes time. Still no indication of what exactly are you trying to achieve.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •