Linux: How to send a whole packet to a specific port on another host?

问题

I have captured a TCP packet using libpcap, and I want to send this whole packet(without modifying it) to a specific port on another host(which has another sniffer listening to that port).

Is there any way I can do this?

Thanks a lot!

回答1:

You didn't specify which programming language you're using and what you've tried so far.

Change the IP address field to the target IP and the TCP port field to the port you want. Don't forget to update both checksums.

If what you want is TCP forwarding, the Linux kernel already does this for you.

回答2:

netcat may work in this case although I think you may have to reconstruct the header, have not tried.

How to escape hex values in netcat

The other option is to use iptables to tee the packet to the other sniffer while still catching it in you package analyzer

http://www.bjou.de/blog/2008/05/howto-copyteeclone-network-traffic-using-iptables/

Another option is using a port mirror, this goes by a few differnt names depending on the switch being used but it allows you to set a port on a a switch to be essentially a hub.

I think your best bet if you can't get netcat to work is to use iptables and you can add filters to that even.

回答3:

I don't know whether you HAVE to use C or not, but even if you do, I would recommend building a prototype with Python/Scapy to begin with.

Using scapy, here are the steps:

1. Read the pcap file using rdpcap().
2. Grab the destination IP address and TCP destination port number (pkt.getlayer(IP).dst, pkt.getlayer(TCP).dport) and save it as a string in a format that you want (e.g. payload = "192.168.1.1:80").
3. Change the packet's destination IP address and the destination port number so that it can be received by the other host that is listening on the particular port.
4. Add the payload on top of the packet (pkt = pkt / payload)
5. Send the packet (sendp(pkt, iface='eth0'))
6. You will have to dissect the packet on the other host to grab the payload. Without knowing exactly what is on top of the TCP layer in the original packet, I can't give you an accurate code for this, but should be relatively straight forward.

This is all quite easy with Python/Scapy but I expect it to be much harder with C, having to manually calculate the correct offsets and checksums and things. Good luck, and I hope this helps.

来源：https://stackoverflow.com/questions/14732586/linux-how-to-send-a-whole-packet-to-a-specific-port-on-another-host