Monitor packet and change dest IP if it matches another IP

[Vigilante]

Hey good fellows, I need to do something.

I need a program of sorts, that can monitor ALL outgoing packets, and if the destination IP address matches what I'm looking for, then CHANGE the destination IP and continue sending the packet along.

Reason is for locally testing a server of sorts. I need to change the outgoing destination IP to be one of my internal IPs.

I've looked for packet filtering, packet monitoring, packet editing, routing tables in Windows, hosts file entries. I can't seem to find anything for just this seemingly simple task.

Any ideas? thx

 

[naiku]

Ethereal is a decent packet monitor. Easily can view all outbound traffic from a single machine. To catch ALL information you will need to be on a hub or mirror the ports you want to listen to on the switch.

I need to change the outgoing destination IP to be one of my internal IPs.

Changing the destination ip? Thats where the machine is sending information to...sounds more application based. When you are dealing with machines on the same LAN/Subnet they use MAC Addresses to talk to eachother. . if thats what you mean by an internal ip.

 

[Vigilante]

I DO need to monitor all outgoing packets. If the destination IP is 69.92.xx.xx then I need that destination changed to 192.168.0.40.
However, the SOURCE IP is NOT starting from 0.40 to begin with. It's actually 192.168.0.20. So it is not like a loop back.

What happens to the packet is that it goes to 69.92.x.x, which is my IP, and that IP comes back in to 0.40. But somehow this causes my client to do strange things and disconnect. The route looks like this from source to dest:

192.168.0.20 --> 69.92.x.x --> 192.168.0.40

need to change to just:

192.168.0.20 --> 192.168.0.40

All other packets are fine, but any that are bound to 69.92 need to be changed to 0.40. I think this is a software app as well, some kind of Layer 3 routing software. Perhaps a driver installed to the IP stack? Perhaps a full fledged software router? Perhaps some sort of LSP?
I can monitor the packets just fine, but I can't find any program that can change the data automatically. Or manually for that matter.

thx

 

[Nodsu]

The functionality is builtin to most unix opearting systems I assume you are talking about Windows here..

I am not sure if you can do packet rewriting in the Windows RRAS, but you could look into it.

 

[Vigilante]

Yes it's XP Pro.

I've been researching and the closest thing I've come up with is putting an entry in the Route Table of Windows. That is, rather then actually change the packet, it needs to be internally forwarded before it gets outside the network. I think.
I found this page about the static routes, but I can't be sure if a static route is what I need to be looking in to:
http://www.microsoft.com/resources/...Windows/XP/all/reskit/en-us/prcc_tcp_gvuf.asp

Any thoughts?

 

[Nodsu]

Yes, it would work.
Both your source and target computers need to have an IP address from the 69.92.x.x range so you won't be doing packet rewriting - you are just recreating the 69.92.x.x network on your own LAN.

You can try assigning multiple IP addresses to one NIC in Windows (it's a hack) and try it out.

 

[Zex]

Im going to assume that you are running a setup similar to my own here:
You may not need to do any packet reconfiguration or anything.
Assuming that you are behind a router of some sort your best bet would be to setup some simple port forwarding. For instance, let's say your PC is 192.168.1.101 and your server is 192.168.1.102. Go into your router ( im gonna assume 192.168.1.1 or 192.168.0.1 ) and under port forwarding, try forwarding 1 - 65535 to 192.168.1.102. This way, any Incoming traffic on any port is automatically redirected to your sever.
This is what it would do, basically:
PC->Router->Modem->Internet->Modem->Router->Server
Im on a similar setup, and after configuring that one thing I was good to go. on the off chance that you DONT want to foward everything to the server, you can specify more IPs to forward more specific ranges to, I.E:
1 - 65535 : 192.168.1.102
21 - 80 : 192.168.1.101
And it should work. If not, lemme know and Ill try to help further.

 

[Zex]

Something else to note: If you dont do this, nobody can connect to your server from the outside either. A Successful connection to your external IP means that you've got it setup properly, and others can hit your server as well. For instance: If you cant hit 66.92.xx.xx it means that nobody else can. If you can hit 192.168.1.102, but not 66.92.xx.xx it means that you're the only person that can. I've got more for you if you only want your local to connect to your server that shouldnt really be too hard to setup, if you're interested.

 

[Vigilante]

Hey guys, thanks for the help. I'm currently researching your solutions and trying things. But actually this setup is for a friend so I'm not 100% in-the-know on his network.

But what I do know is that there IS port forwarding going on. And that outsiders DO need access to the 69.92.x.x address uninterrupted. So basically he is is trying to connect with the client in the same exact manor as anybody outside the network, only just his own packets need to be changed and not interrupt outsiders.

So I don't think I can do a static route in the router itself, as this would change traffic outside the network. What I'm hoping is to change the packet so that it never goes out the router, but stays in the network.

Also, the loopback can't be used because there are ports involved and the IPs are different.

I will have my friend post in this thread with more details about his network, and more specific info about all the IPs and ports and how the traffic actually works. As far as I know it is like this:

Packet originates (192.168.0.20) goes out router (192.168.0.1/69.92.x.x) comes back to my external on port 7777 (69.92.x.x:7777) forwards inside to (192.168.0.40). I think this is right. But he wants it to just use internal IPs and not go out external IPs. So basically strait from 0.20 to 0.40. Which I was originally thinking we just need to change the destination IP for the packet. Or route it from the PC itself so it doesn't enter the hardware router at all.

thx