Is there any way to forward tcp packets to my c# application on windows (10) and let TcpListener/HttpListener handle the requests? In linux I can do that by setting up iptables (iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 7000).
For example, in my c# application I could listen for incoming connections (Using TcpListener or a socket listener) on a specific port, let's say 7000. Could I somehow configure windows to forward all tcp traffic to 127.0.0.1:7000? Keep in mind that the packets will have a different destination IP address than my computer's address in the network (But of course, same destination hardware address).
I've tried a different approach using Pcap .Net in c#. I'm capturing packets and forwarding them to 127.0.0.1. However, it seems that my host still doesn't capture the packet (Perhaps it's sending the packet to the gateway, trying to find a host with that IP in the network?). I can always use my local IP address in the network, but that would cause the packet to go to the gateway and then back again which is unnessesary since all I want is for my TcpListener to recognize incoming connections. The code I'm using:
static void processPacket(Packet packet) {
EthernetLayer ethernetLayer = (EthernetLayer)packet.Ethernet.ExtractLayer();
IpV4Layer ipLayer = (IpV4Layer)packet.Ethernet.IpV4.ExtractLayer();
if (ipLayer.Protocol == IpV4Protocol.Tcp) {
TcpLayer tcpLayer = (TcpLayer)packet.Ethernet.IpV4.Tcp.ExtractLayer();
if (tcpLayer.DestinationPort == 80) {
Packet newPacket = BuildTcpPacket(packet, "127.0.0.1"); //copies the packet but changes the ip destination address to 127.0.0.1
Communicator.SendPacket(newPacket);
return;
}
}
reroutePacket(packet); //forwards packet to correct destination
}
using
netsh interface portproxy add v4tov4 listenport=9999 listenaddress=0.0.0.0 connectport=80 connectaddress=127.0.0.1
will redirect all requests to system registered IP addresses to localhost.
Firewall discards packets that do not match internal IP address list, the only way to capture such traffic is to set network card in promiscuous mode to capture all traffic by tool like wireshark.
My ideas:
Dump all traffic to file (wireshark) and tail it to send to other host for processing.
setup switch using port mirroring and have dedicated host for traffic analytics.
any comments welcome!
In the realm of computer networking, promiscuous mode refers to the special mode of Ethernet hardware, in particular network interface cards (NICs), that allows a NIC to receive all traffic on the network, even if it is not addressed to this NIC.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With