bpf packet capture and SOCK_STREAM socket redirects...
Julian Elischer
julian at elischer.org
Fri Mar 21 19:47:10 PDT 2008
Ok I have read this again,
I think you are trying to hijack a session before the intended
target can start it up... but you have some problems.
The original packets will continue on to the intended server so it
will respond as well. And when the session you have created
starts talking, that original server is going to start sending you
lots of resets. They MAY or MAY NOT (depending on the client OS)
reset your session.
We do something almost exactly like this sometimes, but we have a
mechanism to stop the original packets.
as long as the port is in promiscuous mode, you
should be able to jsut use ipfw add 100 fwd 127.0.0.1,1000 tcp from
any to any 80 in recv em0 setup
where em0 is your span NIC and your dummy server is listening on port
1000 on 127.0.0.1
It will respond faster than the remote server (assuming port 80 here)
and will supply a sequence number that the intended window will fail
to match.
you can force the interface into promiscuous mode in several ways..
including using netgraph and ifconfig.
More information about the freebsd-net
mailing list