Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 21 Mar 2008 19:47:09 -0700
From:      Julian Elischer <julian@elischer.org>
To:        Alireza Torabi <alireza.torabi@gmail.com>
Cc:        freebsd-net@freebsd.org
Subject:   Re: bpf packet capture and SOCK_STREAM socket redirects...
Message-ID:  <47E4732D.5050807@elischer.org>
In-Reply-To: <cffd8c580803211825p4ff0e79lf208b3bc7c21a15b@mail.gmail.com>
References:  <cffd8c580803192006g4045258bxcf8fa10b322a640@mail.gmail.com>	<cffd8c580803200243u4465889m197d2a7ca6d0fff7@mail.gmail.com>	<slrnfu4g5d.1b5e.vadim_nuclight@hostel.avtf.net>	<cffd8c580803200357l686d6e40qb49b3ecadb734151@mail.gmail.com>	<slrnfu4hm4.1b5e.vadim_nuclight@hostel.avtf.net>	<cffd8c580803200427u62d8d3b9q208364a8a96de7ba@mail.gmail.com>	<20080321063517.GK85901@server.vk2pj.dyndns.org>	<cffd8c580803210402j7c3c0900h4e8f486be0c325c@mail.gmail.com>	<47E3FB93.1080501@elischer.org>	<cffd8c580803211823v6837031fp918a4dbcb3c507e6@mail.gmail.com> <cffd8c580803211825p4ff0e79lf208b3bc7c21a15b@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Ok I have read this again,

I think you are trying to hijack a session before the intended
target can start it up... but you have some problems.
The original packets will continue on to the intended server so it
will respond as well. And when the session you have created
starts talking, that original server is going to start sending you
lots of resets. They MAY or MAY NOT (depending on the client OS)
reset your session.

We do something almost exactly like this sometimes, but we have a 
mechanism to stop the original packets.

as long as the port is in promiscuous mode, you
should be able to jsut use ipfw add 100 fwd 127.0.0.1,1000 tcp from 
any to any 80 in recv em0 setup

where em0 is your span NIC and your dummy server is listening on port 
1000 on 127.0.0.1

It will respond faster than the remote server (assuming port 80 here)
and will supply a sequence number that the intended window will fail
to match.

you can force the interface into promiscuous mode in several ways..
including using netgraph and ifconfig.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47E4732D.5050807>