Redirect packets thru another network adapter

Home Forums Discussions Support Redirect packets thru another network adapter

Tagged: , ,

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • #11513
    JohnS
    Participant

      I am looking for a library that will allow me to redirect specific packets (that are coming from a specific application by checking on what sockets IP:PORT that application has opened) and route them to another adapter.

      The reason been that I want to route specific application packets to the normal adapter and not thru my VPN adapter.
      I am not experienced in networking, so what I am asking might not be something as easy as I hope to.

      #11514
      Vadim Smirnov
      Keymaster

        Yes, it is possible to do using Windows Packet Filter, however:

        1. this is not trivial, as you need to write the code to select and re-route network packets
        2. implementation may depend on VPN you are using, so I would recommend to start with something simple, e.g. routing ICMP PING or DNS
        #11515
        JohnS
        Participant

          I have a feeling that I started the wrong way. I used the dotNet example from the source code.
          From that, I took the packet filter and I make filters based on source and destination IP:port of what the application has opened. For example:

          My internal IP for the normal adapter would be: 192.168.1.6
          My internal IP for the VPN adapter would be: 10.128.19.222

          And I have an application that has a connection as following:
          Local address: 10.128.32.222:50449 -> Remote address: 54.210.0.167:443

          I would listen to the VPN adapter for all the packets that are sent from 10.128.32.222:50449 to 54.210.0.167:443.
          Then take the packets and parse with PacketDotNet and change the source address to my normal adapter address so the new packet has the following network data:
          Source 192.168.1.6:50449 ; Destination: 54.210.0.167:443
          The new packet is then sent downwards the network stack thru the normal adapter.

          In a separate thread, I listen to the normal adapter for all packets that are received from Source: 54.210.0.167:443 ; Destination: 192.168.1.6:50449
          Then take the packets and parse with PacketDotNet and change the source address to my VPN adapter address so the new packet has the following network data:
          Source: 54.210.0.167:443 ; Destination: 10.128.32.222:50449
          The new packet is then sent upwards to the network stack thru the VPN adapter.

          I have little network knowledge and most probably my terminology is disappointing for what I am sorry.

          #11516
          Vadim Smirnov
          Keymaster

            The approach looks good in general. I hope you remember to recalculate IP/TCP checksum and adjust MAC addresses accordingly.

            #11517
            JohnS
            Participant

              Thank you very much for the help. I added the MAC change and also now I am calculating the IP and TCP checksums.
              I made a repository with the code here: https://github.com/maryus04/TrafficReddirect
              Not sure what I do wrong. The packets get sent but no response is coming back.

              The program is looking for firefox process that should already have a page opened. (for my tests I used to search “my ip” on google) and collects all opened sockets then based on them it will make the filters.

              #11518
              Vadim Smirnov
              Keymaster

                First I would check if packet are delivered to the destination. You could setup the HTTP server in the LAN and try to connect to it while capturing traffic using tcpdump/wireshark (on the server). For the TCP connection you must see the incoming TSP SYN and if the SYN is OK then also the outgoing SYN_ACK.

                #11519
                JohnS
                Participant

                  Thank you for the response, I did setup a HTTP server and checked with wireshark.
                  The packets do get send but I am not sure what to do next.
                  https://postimg.cc/z3vG5rTn
                  Not sure what the following black lines mean, they have the info: “This frame is a (suspected) retransmission”

                  #11520
                  Vadim Smirnov
                  Keymaster

                    From what I can see there is no SYN-ACK packet from your HTTP server. So,

                    • Does your HTTP server listen on port 153?
                    • Check if HTTP server if firewall protected and disable Windows Defender firewall if the server is Windows.
                    #11521
                    JohnS
                    Participant

                      The server listens to 153 port. If I disable the packet filter going to the same address would lead to a hello world html page. The SYN-ACK appears when the filter is disabled.
                      Firewall is also disabled om the server

                      #11523
                      Vadim Smirnov
                      Keymaster

                        Then there must be something wrong with your modified SYN packet. Enable checksum verification in Wireshark and check if packet checksums are good.

                        #11526
                        JohnS
                        Participant

                          Thank you very much for the help. I got to the bottom of the problem. It was my receiving filter not set properly, I did check the checksum and that was correct on Wireshark.

                        Viewing 11 posts - 1 through 11 (of 11 total)
                        • You must be logged in to reply to this topic.