Penetration Testing mailing list archives
Re: Forwarding sniffed packets
From: Jose Nazario <jose () biocserver BIOC cwru edu>
Date: Mon, 12 Nov 2001 13:07:16 -0500 (EST)
On Sun, 11 Nov 2001, Loki wrote:
Anyone out there familiar with a tool that would allow one to sniff packets off the wire and forward them to a remote host after modification?
'after modifcation'? what kind? simply packet header rewrites to redirect them? or encapsulation? or 'netsed' type stuff? RMON and tunnelX (from a recent phrack issue, alpha level code that does GRE encapsulation; look for 'things to do in ciscoland ...') came up in a recent discussion on one of these lists on this very subject. routing games are also possible (think centertrack). its not that hard to build something like this from libpcap and libnet. check the archives for the discussion, it was quite enlightening. tip: dont forward everything, rather use pcap or some other filters. the bandwidth hit will be noticed by almost any site if you forward all traffic out. ____________________________ jose nazario jose () cwru edu PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Forwarding sniffed packets Loki (Nov 12)
- Re: Forwarding sniffed packets Jose Nazario (Nov 12)
- Re: Forwarding sniffed packets Loki (Nov 12)
- Re: Forwarding sniffed packets Jose Nazario (Nov 12)
- Re: Forwarding sniffed packets Loki (Nov 12)
- Re: Forwarding sniffed packets Chris Wage (Nov 12)
- RE: Forwarding sniffed packets Fernando Cardoso (Nov 12)
- Re: Forwarding sniffed packets Gigi Sullivan (Nov 12)
- Re: Forwarding sniffed packets Jose Nazario (Nov 12)