| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 10 May 2021 23:16:06 +0530 From: Ajay Garg <ajaygargnsit@...il.com> To: netdev@...r.kernel.org Subject: Re: Packet Sniffing on Intermediate Nodes I think my question might be unneeded. Machine-2 would likely pick up the packets destined for Machine-3, because of promiscuity. On Mon, May 10, 2021 at 10:02 PM Ajay Garg <ajaygargnsit@...il.com> wrote: > > Hi All, > > I have been playing around with sniffing packets, using raw sockets. > > Following is my setup : > > * Machine-1 (Sender), with IP 1.2.3.4 > * Machine-2 (Intermediate), with IP 5.6.7.8 > * Machine-3 (Receiver), with IP 9.10.11.12 > > The packet-path is Machine-1 <=> Machine-2 <=> Machine-3. > I have an agent installed, one each on all the 3 machines, > communicating on port 12345. > > Following is what I have accomplished so far : > > 1. > I have been able to do communication over raw-sockets. > Most importantly, Machine-3 (Receiver) is able to receive the packets > from Machine-1, via raw-socket paradigm. > > 2. > Now, raw sockets in general accept all packets. > So, the next step was to apply socket-flitering, so that only packets > intended for port 12345 are received on Machine-3 agent. > > This was accomplished via the help from > https://www.kernel.org/doc/Documentation/networking/filter.txt > > 3. > Now, I intend to sniff packets on Machine-2 (the intermediate node). > > Is there a normal / legal way to do this? > Would be grateful for any pointers. > > > Thanks and Regards, > Ajay
Powered by blists - more mailing lists