Tagged: TTL HOP
November 17, 2020 at 5:25 pm #11396packetman007Participant
Just found your site and products. A few questions and introduction.
I’m a packet analyst, started at Network General Sniffer in 1986. See securityinstitute.com and hopzero.com efforts. https://www.linkedin.com/in/billalderson/
I am trying to figure a way to configure ttl/hop by tcp.udp port
each computer we set will have a lower ttl than the default which is 128.
We determine the better lower ttl/hop and then set it.
We set a few or a couple of dozen computers for a lower hop/ttl individually.
Additionally we would like to do so for a certain destination IP Address. But that is secondary to just setting a windows machine as follows.
Windows example Server IP Address or Host : MSSQL1
Port 1433 hop=3 (stay in Data Center or Expire)
Port 80 hop = 128 (may go as far as Internet)
Port 443 hop = 128
Port 445 hop = 12 (stays inside orgn private network)
Port 135 hop = 12
Port 3389 hop = 12
All other ports = default global ttl = 128
We are looking for multiple ways to deliver the config,
1.) Registry or local modification
2.) AD Policy
3,) Ansible, Puppet, Chef config management
4.) PowerShell settings
5,) running batch or script.
As a last ditch effort we may need to use code. That’s why I am communicating with you today.
1.) maybe I could use your VirtNet Bridge in some cases to solve my issue.
a.) connect your virtnet or something like it between Windows and WSL2
b.) in WSL2 use IPTABLES mangle rules to modify the ttl/hop as we do very easily already on linux.
c.) we need Windows communications to go through WSL2 firewall IPTABLES instead of Windows Firewall.
2.) maybe we could use your Windows packet Filter to do this without WSL2 only using Windows, adding your product with a hoop to a tcpudpporthop.ini file with the ports defined with an easy way for us to change that file for each computer adjusting the hop value for different ports.
3.) maybe you know a better, lighter or easier way to accomplish ttl by port?November 18, 2020 at 3:21 am #11397Vadim SmirnovModerator
I don’t know if there is way to pass Windows host traffic through the WSL2 IPTABLES. I’d say that this could be a subject for serious research.
However, you still have two possibilities:
- Use WinpkFilter to intercept traffic for the desired connections (select by tcp/udp ports using built-in filters), adjust TTL/HOP according the settings, recalculate packets checksum and re-inject these packets back into the network stack.
- Develop a specialized WFP or LWF driver doing the same directly in the Windows kernel.
Second approach is preferred from the performance point of view (passing packets through the user space has its cost), however more expensive in development and support.
- You must be logged in to reply to this topic.