Reply To: Re-routing TCP packets

Home Forums Discussions Support Portal Re-routing TCP packets Reply To: Re-routing TCP packets



@voxen wrote:

a) what about the destination MAC address?

If I’ve understood what you said, I guess it is:
destination: POP3 IP
MAC source: MACA
MAC destination: MACB

source: a fake IP on the same net, i.e.
destination: must be your IP on that adapter / network, in our example
MAC source: MACB
MAC destination: MACA

Well, you must try.. Since you are simulating a fake host, you should also fake its MAC address. But this could lead to problems with your ARP table (the system table that the OS keeps to know how to link an IP with a MAC address), depending on how the OS works. The best bet here is to use MACB as source and MACA as destination, as you guessed. Again, you must try because your OS might decide that the source IP is not correct for that source MAC and drop the packet. This should not happen, btw.

The MAC address is the same as the IP address but on a lower level. Each host on an ethernet has a MAC address, which is associated with an adapter. MAC addresses are limited to the local ethernet the adapter is connected to and have no meaning on other networks. When the OS must send a packet, it checks the destination IP address and using the routing table it discovers the next host (hop) on the path of the packet, the network to use and its adapter on that net. Notice that the destination address of the packet is not always the same as the destination of the next hop along the path. As an example, if you have a local net connected to the internat through a gateway, and your host is trying to send a packet to, the destination IP address on the packet is the IP of, but the destination IP of the next hop is the IP of your gateway. So to send that packet to microsoft, your host sould know that it must send the packet to the gateway and not to the real destination. The gateway will then send the packet to the real destination. As another example, if the destination of the packet is instead on a net the host is directly connected, then it can send the packet directly to the destination host. All this informations can be found in the routing table of the OS, which links each host IP address, or network IP address, with an adapter / network and if present with a gateway. So using this table your OS knows the next host on the path and the adapter to use.
Now it must send the packet to this host (next hop), that can be the real destination or a gateway. Since the next hop can only be on a local net, it only needs the lower level address of the hop, since lower level protocols don’t understand IP addresses. There is a standard way to do so, it’s the ARP table. This table is keept by the OS using a standard packet exchange with other local hosts on the nets it’s connected to. It can also contain static entries, that are inserted by the users and not discovered using the ARP protocol.
Btw, the ARP table links each IP address with the MAC address of a host on a local net. So using the ARP table the OS can know the MAC address of the next hop of the IP address. The packet is then incapsulated in a lower level packet (the ethernet packet) with the correct destination MAC address.
Each host on an ethernet listens each packet send, but sends the packet to the OS only if the destination MAC address is its MAC address on that adapter.

That’s roughly how it works. Notice that’s correct only for ethernets and similar networks.

b) do I send the modified packets to Adapter or MSTCP?

Normally you modify the packets and send them along their normal path:

You receive an outgoing packet from MSTCP, modify it, and send it to the adapter.
You receive ad incoming packet from an adapter, modify it, and send it to MSTCP.

BUT there are other special cases, sugh ad modified routing behaviour, which might require to send a packet from an adater to another, or, as in your case, to send a packet from MSTCP to MSTCP again.

In your case, you catch outgoing packets, and send them back modified to MSTCP. Notice that you must not do this to ALL packets, or you will block normal network traffic. You must reroute only the correct packets (i.e. the packets with the IP address, protocol type, and TCP port you need to reroute).

So, to make it short, you will receive packets from MSTCP, and must send them back to MSTCP.