April 5, 2021 at 10:32 am #11513
I am looking for a library that will allow me to redirect specific packets (that are coming from a specific application by checking on what sockets IP:PORT that application has opened) and route them to another adapter.
The reason been that I want to route specific application packets to the normal adapter and not thru my VPN adapter.
I am not experienced in networking, so what I am asking might not be something as easy as I hope to.April 5, 2021 at 3:53 pm #11514
Yes, it is possible to do using Windows Packet Filter, however:
April 6, 2021 at 7:14 am #11515
- this is not trivial, as you need to write the code to select and re-route network packets
- implementation may depend on VPN you are using, so I would recommend to start with something simple, e.g. routing ICMP PING or DNS
I have a feeling that I started the wrong way. I used the dotNet example from the source code.
From that, I took the packet filter and I make filters based on source and destination IP:port of what the application has opened. For example:
My internal IP for the normal adapter would be: 192.168.1.6
My internal IP for the VPN adapter would be: 10.128.19.222
And I have an application that has a connection as following:
Local address: 10.128.32.222:50449 -> Remote address: 188.8.131.52:443
I would listen to the VPN adapter for all the packets that are sent from 10.128.32.222:50449 to 184.108.40.206:443.
Then take the packets and parse with PacketDotNet and change the source address to my normal adapter address so the new packet has the following network data:
Source 192.168.1.6:50449 ; Destination: 220.127.116.11:443
The new packet is then sent downwards the network stack thru the normal adapter.
In a separate thread, I listen to the normal adapter for all packets that are received from Source: 18.104.22.168:443 ; Destination: 192.168.1.6:50449
Then take the packets and parse with PacketDotNet and change the source address to my VPN adapter address so the new packet has the following network data:
Source: 22.214.171.124:443 ; Destination: 10.128.32.222:50449
The new packet is then sent upwards to the network stack thru the VPN adapter.
I have little network knowledge and most probably my terminology is disappointing for what I am sorry.April 6, 2021 at 2:04 pm #11516
The approach looks good in general. I hope you remember to recalculate IP/TCP checksum and adjust MAC addresses accordingly.April 7, 2021 at 5:58 am #11517
Thank you very much for the help. I added the MAC change and also now I am calculating the IP and TCP checksums.
I made a repository with the code here: https://github.com/maryus04/TrafficReddirect
Not sure what I do wrong. The packets get sent but no response is coming back.
The program is looking for firefox process that should already have a page opened. (for my tests I used to search “my ip” on google) and collects all opened sockets then based on them it will make the filters.April 7, 2021 at 9:13 am #11518
First I would check if packet are delivered to the destination. You could setup the HTTP server in the LAN and try to connect to it while capturing traffic using tcpdump/wireshark (on the server). For the TCP connection you must see the incoming TSP SYN and if the SYN is OK then also the outgoing SYN_ACK.April 7, 2021 at 2:09 pm #11519
Thank you for the response, I did setup a HTTP server and checked with wireshark.
The packets do get send but I am not sure what to do next.
Not sure what the following black lines mean, they have the info: “This frame is a (suspected) retransmission”April 7, 2021 at 2:46 pm #11520
From what I can see there is no SYN-ACK packet from your HTTP server. So,
April 7, 2021 at 3:48 pm #11521
- Does your HTTP server listen on port 153?
- Check if HTTP server if firewall protected and disable Windows Defender firewall if the server is Windows.
The server listens to 153 port. If I disable the packet filter going to the same address would lead to a hello world html page. The SYN-ACK appears when the filter is disabled.
Firewall is also disabled om the server
April 7, 2021 at 4:36 pm #11523
- This reply was modified 2 months, 1 week ago by JohnS.
Then there must be something wrong with your modified SYN packet. Enable checksum verification in Wireshark and check if packet checksums are good.April 8, 2021 at 8:46 am #11526
Thank you very much for the help. I got to the bottom of the problem. It was my receiving filter not set properly, I did check the checksum and that was correct on Wireshark.
- You must be logged in to reply to this topic.