Re: Packet Manipulation advice request.

From: P Gentry (rdgentry1_at_cablelynx.com)
Date: 08/09/04

• Next message: Harry Putnam: "[NETGEAR FVS318] any users here?"
• Previous message: Clifford Kite: "Re: Problem bringing up network interfaces with slackware"
• In reply to: Richard Stone: "Packet Manipulation advice request."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Date: 9 Aug 2004 08:03:12 -0700

richardbs2000@yahoo.co.uk (Richard Stone) wrote in message news:<b0ea5a30.0408090237.54e710b1@posting.google.com>...
> Hi,
> I'm looking for a mechanism which would enable me to manipulate the
> payload of a known UDP packet. Ideally I'm looking for solutions that
> maybe already available, not sure whether IPTables could be used.
>
> Here's the scenario.
> I have a dual-homed Linux gateway. The gateway will be looking for a
> certain packet/s on one of its interfaces. On receipt of the packet it
> will manipulate the payload of the packet by replacing current padding
> within the payload with some other data. It will then send the packet
> out of it's other interface to the intended recipient.
>
> If I had the time I'd probably implement my own IPTables type of
> approach but as with most things I needed to have done this by
> yesterday.
>
> Is it possible to use iptables/netfilter to perform the task?
> Identifying the packet is no problem its simply the payload
> manipulation I'm really concerned with.

Off the top of my head ...

It sounds like you need a proxy on the GW to handle these packets --
netfilter will handle headers and the like, but to read _and_ rewrite
the payload you're going to have to roll your own.

BTW, by rewriting the payload you'll also need to recalculate the crc
of the FCS.

Then, of course, what is the listener on the other end going to do
with this munged payload? Sounds like you'll need a proxy at that end
also unless you have reason to believe it can properly handle
"arbitrary" payloads by parsing out the munged part or blindly
accepting whatever it is sent.

Perhaps there is a better way to accomplish your needs?

hth,
prg
email above disabled

---

• Next message: Harry Putnam: "[NETGEAR FVS318] any users here?"
• Previous message: Clifford Kite: "Re: Problem bringing up network interfaces with slackware"
• In reply to: Richard Stone: "Packet Manipulation advice request."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Relevant Pages RE: Packet Payload ... storage you would need and if it would cause a packet loss issue. ... concerned about then I would really look a doing some sort of capture. ... Subject: Packet Payload ... Cenzic Hailstorm finds vulnerabilities fast. ... (Pen-Test) Re: Packet Manipulation advice request. ... > payload of a known UDP packet. ... not sure whether IPTables could be used. ... > will manipulate the payload of the packet by replacing current padding ... (comp.os.linux.security) Re: Should I be concerned about? ... snort -- snort has the capability to parse the payload of Destination ... Type:3 Code:13 DESTINATION UNREACHABLE: PACKET FILTERED ... > send data to a trojan (listening for ICMP traffic on the target machine)? ... (Incidents) Packet Manipulation advice request. ... I'm looking for a mechanism which would enable me to manipulate the ... payload of a known UDP packet. ... not sure whether IPTables could be used. ... (comp.os.linux.networking) Packet Manipulation advice request. ... I'm looking for a mechanism which would enable me to manipulate the ... payload of a known UDP packet. ... not sure whether IPTables could be used. ... (comp.os.linux.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Newsgroups  > comp.os.linux.networking  > 2004-08