- This topic has 10 replies, 2 voices, and was last updated 3 years, 7 months ago by
.
-
Posts
-
I am looking for a library that will allow me to redirect specific packets (that are coming from a specific application by checking on what sockets IP:PORT that application has opened) and route them to another adapter.
The reason been that I want to route specific application packets to the normal adapter and not thru my VPN adapter.
I am not experienced in networking, so what I am asking might not be something as easy as I hope to.Yes, it is possible to do using Windows Packet Filter, however:
- this is not trivial, as you need to write the code to select and re-route network packets
- implementation may depend on VPN you are using, so I would recommend to start with something simple, e.g. routing ICMP PING or DNS
I have a feeling that I started the wrong way. I used the dotNet example from the source code.
From that, I took the packet filter and I make filters based on source and destination IP:port of what the application has opened. For example:My internal IP for the normal adapter would be: 192.168.1.6
My internal IP for the VPN adapter would be: 10.128.19.222And I have an application that has a connection as following:
Local address: 10.128.32.222:50449 -> Remote address: 54.210.0.167:443I would listen to the VPN adapter for all the packets that are sent from 10.128.32.222:50449 to 54.210.0.167:443.
Then take the packets and parse with PacketDotNet and change the source address to my normal adapter address so the new packet has the following network data:
Source 192.168.1.6:50449 ; Destination: 54.210.0.167:443
The new packet is then sent downwards the network stack thru the normal adapter.In a separate thread, I listen to the normal adapter for all packets that are received from Source: 54.210.0.167:443 ; Destination: 192.168.1.6:50449
Then take the packets and parse with PacketDotNet and change the source address to my VPN adapter address so the new packet has the following network data:
Source: 54.210.0.167:443 ; Destination: 10.128.32.222:50449
The new packet is then sent upwards to the network stack thru the VPN adapter.I have little network knowledge and most probably my terminology is disappointing for what I am sorry.
The approach looks good in general. I hope you remember to recalculate IP/TCP checksum and adjust MAC addresses accordingly.
Thank you very much for the help. I added the MAC change and also now I am calculating the IP and TCP checksums.
I made a repository with the code here: https://github.com/maryus04/TrafficReddirect
Not sure what I do wrong. The packets get sent but no response is coming back.The program is looking for firefox process that should already have a page opened. (for my tests I used to search “my ip” on google) and collects all opened sockets then based on them it will make the filters.
First I would check if packet are delivered to the destination. You could setup the HTTP server in the LAN and try to connect to it while capturing traffic using tcpdump/wireshark (on the server). For the TCP connection you must see the incoming TSP SYN and if the SYN is OK then also the outgoing SYN_ACK.
Thank you for the response, I did setup a HTTP server and checked with wireshark.
The packets do get send but I am not sure what to do next.
https://postimg.cc/z3vG5rTn
Not sure what the following black lines mean, they have the info: “This frame is a (suspected) retransmission”From what I can see there is no SYN-ACK packet from your HTTP server. So,
- Does your HTTP server listen on port 153?
- Check if HTTP server if firewall protected and disable Windows Defender firewall if the server is Windows.
The server listens to 153 port. If I disable the packet filter going to the same address would lead to a hello world html page. The SYN-ACK appears when the filter is disabled.
Firewall is also disabled om the serverThen there must be something wrong with your modified SYN packet. Enable checksum verification in Wireshark and check if packet checksums are good.
- You must be logged in to reply to this topic.