Edit thrugoing packets?

[REDNARC]

I am trying to edit a specific packet, as it passes through Backtrack. Ive been scouring the forums and other places for a week, and have seen similar questions, but nothing so far has helped, or was never answered enough to help.

device->eth1->Backtrack->eth0->router

I would like to use Ettercap, and write a filter to use, but IP forwarding conflicts break that option. And if I try to run etter in unoffensive mode, the connection stays up, but i cant inject/edit data.

Im looking for some help please.

Is there anything that can use filters or rules to edit packets, besides ettercap? Anything where I could search for specific data, and then change that data in the packet when its found?

I have also tried to do this through ARP with a different setup and got unreliable results.

Backtrack->eth0->router<-ethernet<-device

Once, I sent out this packet and seen it, most off the time I never see it come through. I made a filter, and tried over and over to get it to fire off, but it never did. And im sure its not the filter, it just never seen the data it was looking for. Ive also made other filters, just simple things. It doesnt even see a filter thats just looking for source address 192.168.1.20 (the device) and shoot a message when it happens. Also, I used a simple filter to spoof images, and it hit on one image, on one site, one time.

And so i wish to do this on a solid/routed connection. I see all data fine, every time, no fails, but dont know how to edit that data. I really wish i could use ettercap filters, but with ARP wireshark says "unseen segment" and doesnt show even half the packets, that i know are going through.

I seen a post about someone asking this, and then answered themselves, saying that they used something to send some data to a different port, where some program would edit it and send it out.

I will keep trying, and keep looking. If anyone can help me, I would appreciate it very much.

[maverik35]

Have you tried wireshark?

Also see iptables: man iptables

iptables is the tool for firewalls in Linux...Read iptables, I've read it and it might help you...

Luck.

[REDNARC]

Yes, thanks. Ive started playing with iptables and things. im trying to do it with netsed. i got tcp traffic forwarded to a port for netsed, but when traffic flows, netsed goes crazy. It says it forwarded the packets untouched, but it just keeps saying that, and the only thing that changes from message to message is it now on the next port.

the steps i take are

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -j MASQUERADE
ifconfig eth1 192.168.0.1/24

and everything is fine. then

iptables -t nat -A PREROUTING -s 192.168.0.20 -p tcp -j REDIRECT --to 10101
netsed tcp 10101 0 0 s/search/replace

and then i reconnect to get the forwarding working, and netsed goes nutz.

in this post here, he says he got it working, with a bridge, ebtables, and iptables.

Im trying to do things with ports that change everytime i connect, except for the remote server. it uses the same port, but the ip changes between a few.

ill keep at it. Thanks

[maverik35]

Would you please post your setup (ethernet cards and networks)?