I am trying to implement a custom traffic filter that modifies packets on the go.
As a first step, I am sniffing the packet, modifying only the destination port, recomputing the checksum, and sending it, all using scapy (code below).
I am running tcpdump, and I see that the packet is sent as intended, or at least it appears in the dump correctly (hex identical to the original, except the port and checksum). Yet it does not seem to be received on the other end.
It is a TCP SYN packet and I am listening to connections on the modified port. I know it is not received because I don't see an ACK packet in the dump (using "sudo tcpdump -i lo").
The sniff and send code:
def sniff_and_send(dst_port, alt_port):
def prn(sniffed):
sniffed.show()
hexdump(sniffed)
sniffed.dport = alt_port
sniffed['TCP'].dataofs = None
sniffed['IP'].len = None
sniffed['IP'].chksum = None
sniffed['TCP'].chksum = None
a = sendp(sniffed, iface='lo')
sniffed = sniffed['IP']
sniffed.show2()
conf.L3socket=L3RawSocket
sniff(filter=f"dst port {dst_port}", iface="lo", prn=prn)
and then I am running two processes that try to communicate with each other, as follows:
def subproc(port):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
serversocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
serversocket.bind(("127.0.0.1", port))
serversocket.listen(5)
print(f"listenig on {port}")
(clientsocket, address) = serversocket.accept()
message = clientsocket.recv(4000)
clientsocket.close()
print(message)
if __name__ == "__main__":
options = opt_parse()
port = 60003
sniff_and_send(port, port+1)
proc = mp.Process(target=subproc, args=(port+1, ))
proc.start()
time.sleep(0.1)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("127.0.0.1", port))
s.send(b"bah")
s.close()
proc.join()
And TCP dump "sudo tcpdump -i lo" shows the following. You can see that the packets are the same except for the port. For some reason, the packet from scapy appears twice. Anyway, the dump shows no reply from the other end.
02:28:59.214832 IP [redacted].59542 > [redacted].60003: Flags [S], seq 1154455911, win 65495, options [mss 65495,sackOK,TS val 1600034588 ecr 0,nop,wscale 7], length 0
02:28:59.231374 IP [redacted].59542 > [redacted].60004: Flags [S], seq 1154455911, win 65495, options [mss 65495,sackOK,TS val 1600034588 ecr 0,nop,wscale 7], length 0
02:28:59.263106 IP [redacted].59542 > [redacted].60004: Flags [S], seq 1154455911, win 65495, options [mss 65495,sackOK,TS val 1600034588 ecr 0,nop,wscale 7], length 0