Results 1 to 4 of 4

Thread: Edit thrugoing packets?

Hybrid View

  1. #1
    Just burned their ISO
    Join Date
    Mar 2013
    Posts
    2

    Default Edit thrugoing packets?

    I am trying to edit a specific packet, as it passes through Backtrack. Ive been scouring the forums and other places for a week, and have seen similar questions, but nothing so far has helped, or was never answered enough to help.

    device->eth1->Backtrack->eth0->router

    I would like to use Ettercap, and write a filter to use, but IP forwarding conflicts break that option. And if I try to run etter in unoffensive mode, the connection stays up, but i cant inject/edit data.

    Im looking for some help please.

    Is there anything that can use filters or rules to edit packets, besides ettercap? Anything where I could search for specific data, and then change that data in the packet when its found?

    I have also tried to do this through ARP with a different setup and got unreliable results.

    Backtrack->eth0->router<-ethernet<-device

    Once, I sent out this packet and seen it, most off the time I never see it come through. I made a filter, and tried over and over to get it to fire off, but it never did. And im sure its not the filter, it just never seen the data it was looking for. Ive also made other filters, just simple things. It doesnt even see a filter thats just looking for source address 192.168.1.20 (the device) and shoot a message when it happens. Also, I used a simple filter to spoof images, and it hit on one image, on one site, one time.

    And so i wish to do this on a solid/routed connection. I see all data fine, every time, no fails, but dont know how to edit that data. I really wish i could use ettercap filters, but with ARP wireshark says "unseen segment" and doesnt show even half the packets, that i know are going through.

    I seen a post about someone asking this, and then answered themselves, saying that they used something to send some data to a different port, where some program would edit it and send it out.

    I will keep trying, and keep looking. If anyone can help me, I would appreciate it very much.

  2. #2
    Very good friend of the forum maverik35's Avatar
    Join Date
    Sep 2009
    Location
    Debian land
    Posts
    734

    Default Re: Edit thrugoing packets?

    Have you tried wireshark?

    Also see iptables: man iptables

    iptables is the tool for firewalls in Linux...Read iptables, I've read it and it might help you...

    Luck.

  3. #3
    Just burned their ISO
    Join Date
    Mar 2013
    Posts
    2

    Default Re: Edit thrugoing packets?

    Yes, thanks. Ive started playing with iptables and things. im trying to do it with netsed. i got tcp traffic forwarded to a port for netsed, but when traffic flows, netsed goes crazy. It says it forwarded the packets untouched, but it just keeps saying that, and the only thing that changes from message to message is it now on the next port.

    the steps i take are

    echo 1 > /proc/sys/net/ipv4/ip_forward
    iptables -t nat -A POSTROUTING -j MASQUERADE
    ifconfig eth1 192.168.0.1/24

    and everything is fine. then

    iptables -t nat -A PREROUTING -s 192.168.0.20 -p tcp -j REDIRECT --to 10101
    netsed tcp 10101 0 0 s/search/replace

    and then i reconnect to get the forwarding working, and netsed goes nutz.

    in this post here, he says he got it working, with a bridge, ebtables, and iptables.

    Im trying to do things with ports that change everytime i connect, except for the remote server. it uses the same port, but the ip changes between a few.

    ill keep at it. Thanks

  4. #4
    Very good friend of the forum maverik35's Avatar
    Join Date
    Sep 2009
    Location
    Debian land
    Posts
    734

    Default Re: Edit thrugoing packets?

    Would you please post your setup (ethernet cards and networks)?

Similar Threads

  1. How to edit mbr
    By leeffm in forum BackTrack 5 Beginners Section
    Replies: 3
    Last Post: 11-09-2012, 08:02 PM
  2. Aireplay read packets constantly, but no packets is found.
    By mmassad in forum BackTrack 5 Beginners Section
    Replies: 1
    Last Post: 07-25-2011, 11:18 AM
  3. edit the rc.local
    By brizey in forum OLD Newbie Area
    Replies: 4
    Last Post: 02-24-2009, 06:58 PM
  4. help me edit my iso please :)
    By PwnStar in forum OLD Newbie Area
    Replies: 11
    Last Post: 08-09-2008, 02:03 AM
  5. How to edit and save on cd
    By imported_ASTRAPI in forum OLD LiveCD Support
    Replies: 2
    Last Post: 03-17-2007, 10:32 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •