Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?
From: Kary Rogers (kdr7_at_msstate.edu)
Date: Wed, 13 Apr 2005 11:30:02 -0500 To: Joćo Paulo Caldas Campello <email@example.com>
On Apr 12, 2005, at 1:17 PM, Joćo Campello wrote:
> The question is:
> - Does already exist such a tool, module or whatever way to change
> arbitrary headers of IP packets on-the-fly or will I have to (try to)
> write one? =)
> Joćo Paulo Campello,
> Network Security Analyst,
> Tempest Security Technologies.
I think you can do this with divert sockets. I've used divert sockets
on FreeBSD and MacOS X to change TCP flags. There's a how-to for
From the introduction:
"Ever wish you could intercept packets traveling up or down the IP
stack of your host? And I'm not talking about listening in, like raw
sockets or libpcap (tcpdump). I mean literally stop the packet from
further propagating through the IP stack and then (possibly after some
changes), reinjecting it back? Well, the time to dream is over, because
divert sockets for Linux are here!
Divert sockets do exactly that - they filter out certain packets based
on firewall specifications and bring them to you in user space. You
then have the freedom of simply reinjecting them back as if nothing
happened, mangling them first and then reinjecting them, or not
reinjecting them at all.
As the name suggests, this mechanism utilizes a special type of RAW
socket called divert (IPPROTO_DIVERT) that allow you to receive and
send on them just like regular sockets. The difference is that a divert
socket is bound to a port, into which the firewall can be instructed to
send certain packets. Anything that a firewall can filter out can be
sent into a divert socket.
Divert sockets first appeared as part of FreeBSD. Divert sockets under
Linux is a port of this mechanism that strives to be source-code
-- Kary Rogers Network Analyst Network Services Mississippi State University