aurgathor
join:2002-12-01
Bothell, WA | how can I rewrite TCP/IP packets
I have 2 PCs, say A and B. An application from A periodically sends some data to B. Of these, I want to change the content of certain packets. What's the easiest and best way to do that? I can set up a 3rd PC if needed.
TIA |
|
korstj
join:2000-08-26
San Diego, CA | Nice homework quiz. Good luck with all that. |
|
vpoko
Premium
join:2003-07-03
Jamaica Plain, MA
 ·Comcast
| reply to aurgathor
You need an "application-layer gateway", something that's capable of inspecting "layer 7" of the packet. These would be specific to individual protocols (HTTP, etc). It's not something you should attempt to home-brew unless you're an experienced programmer familiar with the TCP/IP stack. |
|
aurgathor
join:2002-12-01
Bothell, WA
 ·Verizon west (ex G..
| Inspecting a packet is easy, and I have numerous tools for that. It's the modification part that I'm having trouble with. Do you happen to know any concrete example that doesn't cost an arm and leg? As for programming, I think I'm somewhat experienced, but not with the TCP/IP stack.
As for the previous comment -- nope, it's neither a quiz, nor a homework. It's a pet project. |
|
aryoba
Premium,MVM
join:2002-08-22
| You may want to read up TCP/IP basic to lead you to TCP/IP programming. A good TCP/IP book is always the W. Richard Stevens' series the TCP/IP Illustrated; Volume 1 (The Protocols), Volume 2 (The Implementation), and Volume 3 (TCP for Transactions, HTTP, NNTP, and the UNIX Domain Protocols).
To supplement, read up also Stevens' books of Unix Network Programming; Volume 1: The Sockets Networking API, Volume 2: Interprocess Communications. |
|
jjoshua
Premium
join:2001-06-01
Scotch Plains, NJ | reply to aurgathor
Which part of the packet are you trying to modify? |
|
aurgathor
join:2002-12-01
Bothell, WA | The data. |
|
carp
join:2002-10-30
clubs: | reply to aurgathor
What about looking at the source for Linux? Router source code would be a good place to look too. Same with firewalls. |
|
jjoshua
Premium
join:2001-06-01
Scotch Plains, NJ | reply to aurgathor
So you need to write a simple program that proxies the data between A and B, changing the data as necessary.
Shouldn't be too hard to do. |
|
vpoko
Premium
join:2003-07-03
Jamaica Plain, MA
·Comcast
edit:
May 2nd, @08:49AM
| I imagine the tricky part is correcting the checksums in the TCP segment header. Also, I'd guess doing a byte-for-byte substitution is easier than inserting data into your packets (where you may have to fragment them).
Also, you obviously need to be doing this using an OS that gives you access to raw sockets, so WinXP SP2 is out. |
|
More Fiber
Premium
join:2005-09-26
West Chester, PA
·Bay Area Internet ..
| reply to aurgathor
If all you want to do the modify the "application" data, and not mess with TCP headers, then a simple socket program is all you need.
(oversimplified):
open a socket, listen for connections, when you get a connection, open the destination socket, read the data, modify it, write it to the destination socket. When the originator closes the connection, close your destination socket. Shouldn't be more than about 100 lines of C code and will work just fine on WinXP.
If you need more information, find a good tutorial on socket programming.
»beej.us/guide/bgnet/output/html/···net.html |
|
vpoko
Premium
join:2003-07-03
Jamaica Plain, MA
·Comcast
| More Fiber,
What about the 16 bit checksum in the TCP header? It's computed based on the IP header, TCP header, and TCP payload. If the payload changes and the checksum in the header isn't updated appropriately, won't the receiving computer think the packet is corrupted and drop it? |
|
chevyrulz0991
@comcast.net | reply to aurgathor
I have a question...Im taking a networking class right now in school...
Why would someone want to do this? the OP |
|
evilghost
join:2003-11-22
Springville, AL | reply to aurgathor
See tcprewrite/tcpreplay. I've used this before. »tcpreplay.synfin.net/trac/ |
|
More Fiber
Premium
join:2005-09-26
West Chester, PA
·Bay Area Internet ..
| reply to vpoko
Re: how can I rewrite TCP/IP packets
said by vpoko  :More Fiber, What about the 16 bit checksum in the TCP header? A socket application will never see the TCP header. It will be stripped from the inbound data and a new header created for the outbound data by the TCP stack. This is only suitable if the OP wants to manipulate the "application payload" and not the TCP frames themselves. |
|
aurgathor
join:2002-12-01
Bothell, WA | reply to chevyrulz0991
I guess it depends on where exactly the packet is manipulated. Of course, I'd like to do it with as little effort as possible. |
|
Exothermicus
join:2007-05-24
Denton, TX
| reply to aurgathor
The FTP module for netfilter/iptables does this for active FTP sessions to modify the data connection address and port information as it is sent. If the packets you want to modify are part of a custom protocol, you could simply write a similar module to rewrite the packets.
What is the desired effect of modifying the packet data?
Short of having a machine acting as a bridge / router between the communicating machines, your only alternative would be to use a filter module hooked into the TCP/IP stack on one or both machines that will do the deed as the packets are sent / received.
Exo |
|
Exothermicus
join:2007-05-24
Denton, TX
| In my prior post I assumed you wanted to do this in a transparent way. But if the data you are modifying can be redirected to another IP address / port. The above suggestions to simply write a sockets program to proxy the data is a simple solution.
The books by Stevens would be my recommended reading if you have not done sockets programming before. The techniques shown are targeted mainly at POSIX operating systems like Linux / Unix. But the sockets specific code only requires minor modification for use with Winsock on windows.
Exo |
|
aurgathor
join:2002-12-01
Bothell, WA
·Verizon west (ex G..
| I'll take look at those books, though I think this is mostly a Win32 network programming exercise. The platform for this would be NT (2K, XP, etc.) and I assume that the "FTP module for netfilter/iptables" you mentioned is for Linux, or perhaps for Unix.
Redirecting packets to a different IP is probably not a good option; of course if there's a "bridge" between the 2 PCs, that bridge can certainly do the necessary processing. |
|
