Redirect packets thru another network adapter

Home Forums Discussions Support Portal Redirect packets thru another network adapter

Tagged: , ,

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • #11513
    JohnS
    Participant

    I am looking for a library that will allow me to redirect specific packets (that are coming from a specific application by checking on what sockets IP:PORT that application has opened) and route them to another adapter.

    The reason been that I want to route specific application packets to the normal adapter and not thru my VPN adapter.
    I am not experienced in networking, so what I am asking might not be something as easy as I hope to.

    #11514
    Vadim Smirnov
    Moderator

    Yes, it is possible to do using Windows Packet Filter, however:

    1. this is not trivial, as you need to write the code to select and re-route network packets
    2. implementation may depend on VPN you are using, so I would recommend to start with something simple, e.g. routing ICMP PING or DNS
    #11515
    JohnS
    Participant

    I have a feeling that I started the wrong way. I used the dotNet example from the source code.
    From that, I took the packet filter and I make filters based on source and destination IP:port of what the application has opened. For example:

    My internal IP for the normal adapter would be: 192.168.1.6
    My internal IP for the VPN adapter would be: 10.128.19.222

    And I have an application that has a connection as following:
    Local address: 10.128.32.222:50449 -> Remote address: 54.210.0.167:443

    I would listen to the VPN adapter for all the packets that are sent from 10.128.32.222:50449 to 54.210.0.167:443.
    Then take the packets and parse with PacketDotNet and change the source address to my normal adapter address so the new packet has the following network data:
    Source 192.168.1.6:50449 ; Destination: 54.210.0.167:443
    The new packet is then sent downwards the network stack thru the normal adapter.

    In a separate thread, I listen to the normal adapter for all packets that are received from Source: 54.210.0.167:443 ; Destination: 192.168.1.6:50449
    Then take the packets and parse with PacketDotNet and change the source address to my VPN adapter address so the new packet has the following network data:
    Source: 54.210.0.167:443 ; Destination: 10.128.32.222:50449
    The new packet is then sent upwards to the network stack thru the VPN adapter.

    I have little network knowledge and most probably my terminology is disappointing for what I am sorry.

    #11516
    Vadim Smirnov
    Moderator

    The approach looks good in general. I hope you remember to recalculate IP/TCP checksum and adjust MAC addresses accordingly.

    #11517
    JohnS
    Participant

    Thank you very much for the help. I added the MAC change and also now I am calculating the IP and TCP checksums.
    I made a repository with the code here: https://github.com/maryus04/TrafficReddirect
    Not sure what I do wrong. The packets get sent but no response is coming back.

    The program is looking for firefox process that should already have a page opened. (for my tests I used to search “my ip” on google) and collects all opened sockets then based on them it will make the filters.

    #11518
    Vadim Smirnov
    Moderator

    First I would check if packet are delivered to the destination. You could setup the HTTP server in the LAN and try to connect to it while capturing traffic using tcpdump/wireshark (on the server). For the TCP connection you must see the incoming TSP SYN and if the SYN is OK then also the outgoing SYN_ACK.

    #11519
    JohnS
    Participant

    Thank you for the response, I did setup a HTTP server and checked with wireshark.
    The packets do get send but I am not sure what to do next.
    https://postimg.cc/z3vG5rTn
    Not sure what the following black lines mean, they have the info: “This frame is a (suspected) retransmission”

    #11520
    Vadim Smirnov
    Moderator

    From what I can see there is no SYN-ACK packet from your HTTP server. So,

    • Does your HTTP server listen on port 153?
    • Check if HTTP server if firewall protected and disable Windows Defender firewall if the server is Windows.
    #11521
    JohnS
    Participant

    The server listens to 153 port. If I disable the packet filter going to the same address would lead to a hello world html page. The SYN-ACK appears when the filter is disabled.
    Firewall is also disabled om the server

    • This reply was modified 1 month, 1 week ago by JohnS.
    #11523
    Vadim Smirnov
    Moderator

    Then there must be something wrong with your modified SYN packet. Enable checksum verification in Wireshark and check if packet checksums are good.

    #11526
    JohnS
    Participant

    Thank you very much for the help. I got to the bottom of the problem. It was my receiving filter not set properly, I did check the checksum and that was correct on Wireshark.

Viewing 11 posts - 1 through 11 (of 11 total)
  • You must be logged in to reply to this topic.