Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 12
Hi friends, I have a captured packet say a TCP packet. Now I want to send this packet to another IP address. I have modified the packet destination ip to ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2007
    Posts
    34

    Red face Sending a packet


    Hi friends,
    I have a captured packet say a TCP packet. Now I want to send this packet to another IP address. I have modified the packet destination ip to go to that address. How do I inject the prebuilt packet with the ethernet header onto the network interface?? Please help me...

  2. #2
    Linux User cyberinstru's Avatar
    Join Date
    Jan 2007
    Location
    India
    Posts
    362
    Hi,

    Use iptables QUEUE feature to queue the packet from stack to userspace, alter the packet as u wish, then put the packet back to the stack, with the verdict of what to be done to the packet (like ACCEPT, DROP or REJECT).

    When you queue the packets to userspace with QUEUE option, you need one application on the userspace to take up the packets. Or else, that packet will be dropped.

    You can use, libipq to write this spl application to take up packet on user space.

    Please refer to libipq and iptables - QUEUE

    http://www.cs.princeton.edu/~nakao/libipq.htm
    ---------------------------------
    Registered Linux User #440311
    HI2ARUN _AT_ GMAIL _DOT_ COM
    ---------------------------------

  3. #3
    Just Joined!
    Join Date
    Feb 2007
    Posts
    34

    Question Inject packet

    Quote Originally Posted by cyberinstru
    Hi,

    Use iptables QUEUE feature to queue the packet from stack to userspace, alter the packet as u wish, then put the packet back to the stack, with the verdict of what to be done to the packet (like ACCEPT, DROP or REJECT).

    When you queue the packets to userspace with QUEUE option, you need one application on the userspace to take up the packets. Or else, that packet will be dropped.

    You can use, libipq to write this spl application to take up packet on user space.

    Please refer to libipq and iptables - QUEUE

    http://www.cs.princeton.edu/~nakao/libipq.htm


    ...Hi, U did not get me...I already have a packet captured using pcap, and I need to inject this packet on to a network interface. Can u solve my problem??

  4. #4
    Linux User cyberinstru's Avatar
    Join Date
    Jan 2007
    Location
    India
    Posts
    362
    Hi, U did not get me...I already have a packet captured using pcap, and I need to inject this packet on to a network interface. Can u solve my problem??
    I think, I understood your problem. U have captured it using pcap. Simply capturing the packet using pcap will not stop the actual packet from leaving your box.

    This is my understanding of your problem, please correct me, if I am wrong:

    1. You want to capture the packet before it leaves your box
    2. Alter the packet
    3. Put it back to the stack so that it leaves your box with the changes u made.

    If this is the case, then using pcap will not solve your issue.

    Reason:
    By the time u start processing the captured packet, the packet wud have left ur box. And though u manage to send the packet with modifications, ur packet will be considered as a duplicate packet and will be rejected by the destination.
    ---------------------------------
    Registered Linux User #440311
    HI2ARUN _AT_ GMAIL _DOT_ COM
    ---------------------------------

  5. #5
    Just Joined!
    Join Date
    Feb 2007
    Posts
    34
    Hmmm...I think u r right. So can u please assist me in writing that script as I am a newbie to linux programming and I didn't get the QUEUE functionality in iptables so nicely.
    Thanx a lot.

  6. #6
    Just Joined!
    Join Date
    Feb 2007
    Posts
    34
    Hi friend, I read a bit about libipq and managed to execute a small example.
    Ok my friend please tell me one thing :

    "Is it necessary that ipq_set_verdict() works only on packets those have been sent to user space by the QUEUE target in the firewall...Does it work for packets constructed manually??"

    Thanx a lot!!

  7. #7
    Just Joined!
    Join Date
    Feb 2007
    Posts
    34
    Another question...
    "If we modify the packets in the user space...is it necessary to compute the checksum again?? If so how to tackle this?? " Thanx a lot!!

  8. #8
    Linux User cyberinstru's Avatar
    Join Date
    Jan 2007
    Location
    India
    Posts
    362
    If we modify the packets in the user space...is it necessary to compute the checksum again?? If so how to tackle this?? " T
    Yes, if you modify IP header, then u need to re-calculate IP checksum.

    Calculating IP checksum is pretty simple (taken from http://wiki.linux360.ro/wiki/Libipq_by_example).

    /* Checksum for IP header
    */
    unsigned short checksum(unsigned short *addr, int len)
    {
    int nleft=len;
    int sum=0;
    unsigned short *w=addr;
    unsigned short answer=0;

    while(nleft>1){
    sum+=*w++;
    nleft-=2;
    }
    if(nleft==1){
    *(unsigned char *)(&answer)=*(unsigned char *)w;
    sum+=answer;
    }
    sum=(sum>>16)+(sum&0xffff);
    sum+=(sum>>16);
    answer=~sum;
    return answer;
    }

    Please refer http://wiki.linux360.ro/wiki/Libipq_by_example
    ---------------------------------
    Registered Linux User #440311
    HI2ARUN _AT_ GMAIL _DOT_ COM
    ---------------------------------

  9. #9
    Linux User cyberinstru's Avatar
    Join Date
    Jan 2007
    Location
    India
    Posts
    362
    Is it necessary that ipq_set_verdict() works only on packets those have been sent to user space by the QUEUE target in the firewall...Does it work for packets constructed manually??"
    I think so... It shud not work on new packets constructed by u. Coz, for new packets u can inject it with the help of this IPQ.

    Whereas, when u queue it, it is taken off from the stack and it keeps track on the packet queued to the userspace. So it works only for the packets queued using IPT_QUEUE.

    Someone, please correct me, if I am wrong.
    ---------------------------------
    Registered Linux User #440311
    HI2ARUN _AT_ GMAIL _DOT_ COM
    ---------------------------------

  10. #10
    Just Joined!
    Join Date
    Feb 2007
    Posts
    34
    Hi, I verified what u said and found that ipq_set_verdict does not work on manually created packets as it already uses a handle created in ipq_create_handle.

    Any way I was thinking of using the write() call to inject manually created packets to the ethernet device.
    The problem I am now facing is how to get the ethernet device descriptor?? Will this work?? Please let me know...Thanx

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •