天道酬勤,学无止境

packet-mangling

Packet modification with netfilter queue?

I'm currently trying to use codes with libnetfilter_queue in userspace to modify packets that were queued in the NFQUEUE target in iptables. However I have little idea as to how to go about doing it. I have set it to copy the packet with NFQNL_COPY_PACKET, if I were to modify the copied packet would it be automatically send back to the kernal by the function nfq_set_verdict()? Additionally, I have previously worked with extracting packets from a pcap file, however I noticed that the data that I get from nfq_get_payload() seems to be very different. Does anyone know how to dissect the data?

2021-06-22 18:55:25    分类:问答    packet   packet-capture   packets   netfilter   packet-mangling

除 iptables 外的数据包处理实用程序? [关闭](Packet mangling utilities besides iptables? [closed])

问题 关闭。 此问题不符合 Stack Overflow 准则。 它目前不接受答案。 想改善这个问题吗? 更新问题,使其成为 Stack Overflow 的主题。 5年前关闭。 改进这个问题 我正在寻找一个 linux 实用程序,它可以根据一组规则更改网络数据包的有效负载。 理想情况下,我会使用iptables和netfilter内核模块,但它们不支持通用有效负载修改: iptables将更改各种标头字段(地址、端口、TOS 等),并且它可以匹配数据包中的任意字节,但是它显然无法更改数据包中的任意数据。 内核模块将是一个很大的优势,因为效率是一个问题,但我很高兴探索可以完成工作的任何其他选项。 谢谢你的想法! 久违的更新: 我们选择使用NFQUEUE模块,这是 Robert Gamble 建议的 QUEUE 模块的最新实现。 它看起来相当简单,具有安全优势,允许我们的代码在用户空间而不是内核空间中运行。 如果我们只是想改变有效载荷而不改变其大小,那么实现几乎是微不足道的。 在这种情况下,我们将定义一个 iptables 规则来为我们选择“有趣”的数据包并向它们发送一个NFQUEUE目标。 我们将编写一个回调函数来检查来自NFQUEUE的数据包,根据需要修改数据,并重新计算它们的 TCP 和 IP 标头中的校验和。 但是,我们的用例涉及向数据流中注入额外的字符。 这具有增加 TCP

2021-06-12 14:52:59    分类:技术分享    linux   networking   iptables   packet-mangling

Python端口转发/多路复用服务器(Python port forwarding/multiplexing server)

问题 我想让服务器侦听 UDP 端口 162(SNMP 陷阱),然后将此流量转发给多个客户端。 同样重要的是源端口和地址保持不变(地址欺骗)。 我想最好的工具是 Twisted 或 Scapy 或者可能是香草套接字,只是我在 Twisted 的文档中找不到关于源地址欺骗/伪造的任何内容。 有什么解决办法吗? 编辑:增加了赏金,我的 iptables 有什么解决方案吗? 回答1 我对 Twisted 或 scapy 不满意,但是使用 vanilla python 套接字执行此操作非常简单。 这样做的另一个好处是它会更加便携。 此代码适用于我的有限测试: #!/usr/bin/python from socket import * bufsize = 1024 # Modify to suit your needs targetHost = "somehost.yourdomain.com" listenPort = 1123 def forward(data, port): print "Forwarding: '%s' from port %s" % (data, port) sock = socket(AF_INET, SOCK_DGRAM) sock.bind(("localhost", port)) # Bind to the port data came in on

2021-06-10 18:28:43    分类:技术分享    python   networking   iptables   packet-mangling

Python port forwarding/multiplexing server

I would like to make server that listen on UDP port 162 (SNMP trap) and then forwards this traffic to multiple clients. Also important is that the source port & address stays same (address spoofing). I guess that best tool for this would be Twisted or Scapy or maybe vanilla sockets, only I can't find anything in the documentation for Twisted about source address spoofing/forging. Any solution for this? Edit:added bounty, mybe any solution with iptables?

2021-05-17 09:02:35    分类:问答    python   networking   iptables   packet-mangling

Packet mangling utilities besides iptables? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 5 years ago. Improve this question I'm looking for a linux utility that can alter the payloads of network packets based on a set of rules. Ideally, I'd use iptables and the netfilter kernel module, but they don't support generic payload mangling: iptables will alter various header fields (addresses, ports, TOS, etc), and it can match arbitrary bytes within a packet, but it apparently is unable to

2021-05-17 07:24:32    分类:问答    linux   networking   iptables   packet-mangling