| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHP4M8Va9TuFycrVZmLwBnuPtDRykX__NOxxF9zq0089JJBACA@mail.gmail.com> Date: Mon, 10 May 2021 22:02:53 +0530 From: Ajay Garg <ajaygargnsit@...il.com> To: netdev@...r.kernel.org Subject: Packet Sniffing on Intermediate Nodes Hi All, I have been playing around with sniffing packets, using raw sockets. Following is my setup : * Machine-1 (Sender), with IP 1.2.3.4 * Machine-2 (Intermediate), with IP 5.6.7.8 * Machine-3 (Receiver), with IP 9.10.11.12 The packet-path is Machine-1 <=> Machine-2 <=> Machine-3. I have an agent installed, one each on all the 3 machines, communicating on port 12345. Following is what I have accomplished so far : 1. I have been able to do communication over raw-sockets. Most importantly, Machine-3 (Receiver) is able to receive the packets from Machine-1, via raw-socket paradigm. 2. Now, raw sockets in general accept all packets. So, the next step was to apply socket-flitering, so that only packets intended for port 12345 are received on Machine-3 agent. This was accomplished via the help from https://www.kernel.org/doc/Documentation/networking/filter.txt 3. Now, I intend to sniff packets on Machine-2 (the intermediate node). Is there a normal / legal way to do this? Would be grateful for any pointers. Thanks and Regards, Ajay
Powered by blists - more mailing lists