Forwarding received packets

Apr 29, 2014 at 3:07 PM
Edited Apr 29, 2014 at 3:32 PM
Hey there

First I'm using Visual Studio 2012 with C# and the Pcap.Net Library.
I try to to forward packets which I captured before.

What I try to do:
  1. Spoof ARP-Table of my phone.
  2. Redirect the traffic which normally goes to the gateway to my computer.
  3. Log the packets.
  4. Forward them to the gateway.
What I did:
  1. Spoofing ARP-Table -> works fine.
  2. Redirect traffic to my PC -> works fine (logically).
  3. Log the packets to a dumpfile (.pcap) as shown in the tutorial on this site -> works fine (I can open it and read it with wireshark and it looks good).
  4. Forward the packets to the gateway. -> does not work.
I would like to forward them fluently. So what I did was use the "sendBuffer()" function as shown in the tutorial. So I just read in the .pcap file where all the packet information is saved and try to resend it with this "sendBuffer()" function. And of course I use the same adapter to do it.
When I capture the traffic with wireshark I can see that my packets don't even get sent.
(I'm also not sure if it works at the same time while I capture the data to the file. Because the code which should forward them need to read the packets from the file. Isn't there another way?)
My code to forward the packets from the .pcap file (the IDE doesn't give me any error):
It's approximately my code, I don't have it available cause I'm not at home. But should be right.
IList<LivePacketDevice> devices = LivePacketDevice.AllLocalMachine;
PacketDevice selectedOutputDevice = devices[0];
long capLength = new FileInfo(@"E:\CSharp\Pcap\dumpFile.pcap").Length;
bool isSync = true;
OfflinePacketDevice selectedInputDevice = new OfflinePacketDevice(@"E:\CSharp\Pcap\dumpFile.pcap");
            using (PacketCommunicator inputCommunicator = selectedInputDevice.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000))
            {
                using (PacketCommunicator outputCommunicator = selectedOutputDevice.Open(100, PacketDeviceOpenAttributes.Promiscuous, 1000))
                {
                    if (inputCommunicator.DataLink != outputCommunicator.DataLink)
                    {
                       tB_Log.Text = tB_Log.Text + Environement.NewLine + "ERROR: Different Datalinks!";
                    }
                    using (PacketSendBuffer sendBuffer = new PacketSendBuffer((uint)capLength))
                    {
                        Packet packet;
                        while (inputCommunicator.ReceivePacket(out packet) == PacketCommunicatorReceiveResult.Ok)
                        {
                            sendBuffer.Enqueue(packet);
                        }
outputCommunicator.Transmit(sendBuffer, isSync);
}
}
}
Thank you very much for helping!
Coordinator
May 9, 2014 at 6:14 PM
Hi xTester24,
  1. Why do you open the outputCommunicator with 100 as the first parameter?
  2. Are you sure Transmit() with a non-empty buffer?
  3. Did you manage to send any packets this way?
  4. Why do you prefer SendBuffer instead of SendPacket()?
Boaz.
May 14, 2014 at 12:22 PM
Hi Brickner
Thank you for your reply.

After some advanced research and understanding the topic a bit better.
I think what I need to do is to create or use a bi-directional TCP and UDP proxy.
But since that's not a simple task at all. My idea is to use an existing configurable
proxy. And for the certain Challenge to answer for example a DNS request by myself I
just listen for the packets with my self made tool and answer them (even thought there exist some tools for that).

I thought maybe it's helpful for someone else. So I answer Brickners questions:
  1. That's a good suggestion I didn't check this.
  2. I followed the example on this site... so... could you please explain that to me a bit more detailed.
  3. No I didn't. But I've built ARP packets and sent them successfully with the SendPacket() function.
  4. According to the tutorial it's much more efficient when many packet have to be sent (Instead of rebuilding every packet manually).
Best regards
Tester
Coordinator
May 16, 2014 at 9:34 AM
  1. You said you don't see any packets so maybe you call Transmit() before inserting any packets to the buffer, maybe there are none in the input.
  2. Yes, it is more efficient, but I suggest you start by using SendPacket() so it works and only after things seem to work go for the more efficient implementation.