Redirect traffic in "sniff/tap?" mode to specific ip address(es), that is: rewrite destination headers to target other machine(s)

Aleksandarf

5/26/24, 12:01 PM

I have incoming traffic on eth1 (vlan id 201) which is emitted by another machine which is doing

sudo tcpreplay -x 0.01 --loop=0 --intf1=eth12 Wireshark_bidirectional_data.pcap

I would like to rewrite the destination to target other devices e.g. 198.19.5.1... connected on eth1.

i've enabled

net.ipv4.ip_forward=1

and been trying to forward the data by doing:

table ip nat {
        chain postrouting {
                type nat hook postrouting priority srcnat; policy accept;
                masquerade
        }

        chain prerouting {
                type nat hook prerouting priority dstnat; policy accept;
                vlan id 201 ip daddr 198.19.5.1 udp dport { 2000 } dnat to 192.168.2.161:2000
        }
}

Hovewer this only works if have a "matching interface" active.

7: eth1.201@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 02:00:00:00:00:13 brd ff:ff:ff:ff:ff:ff
    inet 169.254.190.209/16 brd 169.254.255.255 scope global noprefixroute eth1.201
       valid_lft forever preferred_lft forever
    inet 198.19.5.1/32 scope global eth1.201
       valid_lft forever preferred_lft forever
    inet6 fe80::742d:66d4:dd72:78dd/64 scope link
       valid_lft forever preferred_lft forever

So I would like to achive the same without the "matching interface", I guess I should use a tap device instead.

Please help me configure this without "matching interface"

Also, for starters; just a firm confirmation where someone can confirm that this is possible would be encouraging.

0 + 3

vlan

tap

nftables

raspbian

djdomi

5/28/24, 7:53 PM

what is the business related question or issue in here? what research did you? what is the environment?

Aleksandarf

5/28/24, 8:36 PM

Intention is to monitor the traffic as id the traffic was intended to "me".

Aleksandarf

5/28/24, 8:42 PM

Intention is to monitor the traffic as if the traffic was intended to "me" in real time. Pcap replay simulates the source data and my software is located in the other end. If one linux need to sit in between to rewrite the destination address thats fine. If 'nc -u -l 2000' works my software will be happy. I'm trying to avoid writing promiscious socket code and like to see this special environment as specific setup.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Redirect traffic in "sniff/tap?" mode to specific ip address(es), that is: rewrite destination headers to target other machine(s)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.