3

I have a working system that receives data via UDP packets sent to a fixed IP:Port and I want to use a program (some kind of proxy?) to send a copy of those packets to a new IP:Port (or a list of IP:Ports, but all inside the same LAN as the program).

Not as easy as it seems, because I need the copied packets to have the same Source IP address as the original ones.

In my research, I have found PCap.Net (WinPCap .NET wrapper) to be useful, because it can build a Packet from scratch and it supports modifying all the address fields. I have managed to capture the packets and build them. But somewhat they are not arriving at the desired destination (!?). Should I use a different PacketCommunicator to receive and send them?

Anyway, the question is not fully related to PCap.Net but to know alternative ways to achieve my desired goal. Via a free application? commercial application? Open source sample? Any other library to use?

My systems are Windows based (no Linux available here). And I have C# (.NET) experience (I can not use a C++ library, if NET bindings are not available).

Many thanks for your help

Opera362
  • 51
  • 1
  • 4

5 Answers5

2

I know it's an old question, but this is the answer:

http://code.google.com/p/samplicator/

Listens for UDP and forwards it to one or more other IP addresses, optionally spoofing (the original) source IP address.

Used for forwarding netflow/sflow/syslog etc. packets.

Jannes
  • 1,784
  • 1
  • 17
  • 20
0

If you try to spoof the destination address to do things like netflow relaying you often will get blocked by anti-spoofing routers inbetween. I encountered this with AWS for example.

The solution is to take the RAW udp packet and then just send that along to your new destination inside another udp packet. When it reaches the destination you have to "unwrap" the packet and then send it to itself on the loopback interface (essentially "unwrapping").

You can do this with python code with the sockets module.

Dillian Murphey
  • 1
0

you should think about network first. it may not be possible if traffic needs to go through router. the original packet came through:

source->router->your server

if you are trying to sent it back out like so:

your server->router->another computer

then the router may not even accept this traffic, since it can not originate from your computer, according to routers configuration. just think about it - i could send traffic as anybody, if that was allowed.

however, in LAN that's very doable (unless you have some sort of MAC spoofing protection on your switches)

Artemiy
  • 1,969
  • 14
  • 19
  • This "proxy" will operate on a LAN, no router involved. The source packets come from Internet and once in the LAN, the proxy program will send the same packet (maintaining the public IP source address) to two or more IP:Ports. – Opera362 Dec 03 '10 at 07:21
  • I have edited my original question with the LAN remark. Thanks :-) – Opera362 Dec 03 '10 at 07:25
  • you will have to make sure this traffic doesn't go through router but instead gets sent on LAN directly from your computer. I am not sure that's the default behavior of UDP on LAN. That is possible to enforce using raw sockets and/or pcap. – Artemiy Dec 03 '10 at 16:03
0

What you are trying to do is called "UDP Forwarding". You receive a UDP packet and then forward it to another host

Here is an application that does that (seems to be free)

Eric
  • 19,525
  • 19
  • 84
  • 147
  • Uhm... I will try that program, but it seems that the source address of the packets will be changed. I need that the forwarded packets retain the original source address. The original and new systems must answer to the source IP (they have a node-IP mapping, and address translation will not work out of the box). – Opera362 Dec 03 '10 at 09:29
  • I think that I need UPD listener + "UDP spoofing" to forward the packets... I keep googling for info... – Opera362 Dec 03 '10 at 09:43
0

in addition to keeping the source ip address and changing the destination ip address you MUST swap the source and destination mac addresses.

if you send a raw packet out to your router/switch/modem, but the mac address is not addresses to it. it will be dropped.

basicly, you have to revise every network layer your dealing with, and handle addressing approperately. Sorry for my spelling

Nor
  • 115
  • 1
  • 4