tcpdump mailing list archives
kernel/system add wrong MAC address when I use raw socket to send IP packets
From: liu wen <caonimagongling () gmail com>
Date: Fri, 13 Nov 2015 12:56:08 +0100
I have three laptops in a WLAN, A and C uses wlan0, but B is connected to wirelss router via cable and it uses eth0. I wrote a C program to do TCP hijacking experiment. And then modified it to C++ program. 1) A establishes a TCP connection with B 2) C runs the program and masquerade as B, so it sends out packets with src_ip = IP(B) and dst_ip = IP(A) 3) I use tcpdump to capture packets on A,B,C 4) it is expected that tcpdump on A can capture the IP spoofing packets. With the original C program, it is the case. But when I run C++ program, it is strange that tcpdump on B captures the packets but tcpdump on A can't. after some investigation, I notice it is due to the MAC address. When the C++ program ran, the kernel/system adds the MAC address of B as destination MAC to the IP-spoofing packets(it is expected that the kernel adds the MAC address of A coz the destination IP is of A). However, I wrote packets on IP level and I use raw socket as below in both C program and C++ program: send_sd = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)); ... sendto(send_sd, packet, ip_len, 0, (struct sockaddr*)&client_addr, addr_len); so it is strange that when I ran these two programs, the kernel/system added different destination MAC addresses, what are potential causes? _______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- kernel/system add wrong MAC address when I use raw socket to send IP packets liu wen (Nov 13)