?
Solved

Firewall using libpcap and libnet (perplexing problem)

Posted on 2003-03-17
3
Medium Priority
?
309 Views
Last Modified: 2010-04-21
Hi Experts,

I've got a rather perplexing problem. I want to create a firewall using libpcap (for sniffing) and libnet (for packet injection).

The idea is to have two NICs. To start, I just want to sniff the packets on one NIC and inject them onto the other (and vice-versa). This would create a basic bridge.

The problem comes due to this situation:

NIC A sniffs packet X
NIC B injects packet X
NIC B sniffs the same packet X that it just injected
NIC A injects packet X
LOOP FOREVER

I don't want to change anything about the packets (even MAC address), so I have no way of knowing if a packet is coming from me or not.

Any ideas?!?  Is there a way to set pcap to filter packets that come from me?

Thanks in advance

0
Comment
Question by:wearyweary
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 5

Expert Comment

by:bryanh
ID: 8175724
>I don't want to change anything about the packets (even
>MAC address), so I have no way of knowing if a packet is
>coming from me or not.

A packet that came from you is one whose source MAC address is the MAC address of your NIC.  

You cannot with an ordinary NIC make an outgoing packet have the MAC of some other NIC, so if you were hoping to make this into an Ethernet bridge, you've got the wrong hardware.  But you probably don't want an Ethernet bridge (an IP bridge is usually all you need), so you're fine.
0
 

Author Comment

by:wearyweary
ID: 8175894
I would like to make it an ethernet bridge for complete transparency, and it is possible to spoof MAC addresses using almost any standard NIC. However this isn't enough due to the case I mentioned.

I'm fine changing the source MAC address to my own if absolutely needed, but I'm not sure if ARP packets will work being altered this way.

Does an ARP packet keep the MAC/IP it is resolving in the payload of the packet, or does it rely on using the source address (the one I'm changing)?

Anyway. An ethernet bridge is not impossible using two NICs and a PC. That I am quite sure of.





0
 
LVL 5

Accepted Solution

by:
bryanh earned 120 total points
ID: 8176434
I guess you know more about NICs than I do.

But I do know that the ARP packet payload contains the source MAC address and that is the one that gets entered into the table and to which any reply is sent.
0

Featured Post

Is Your Team Achieving Their Full Potential?

74% of employees feel they are not achieving their full potential. With Linux Academy, not only will you strengthen your team's core competencies but also their knowledge of of the newest IT topics.

With new material every week, we'll make sure that you stay ahead of the game.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this article is to fix the unknown display problem in Linux Mint operating system. After installing the OS if you see Display monitor is not recognized then we can install "MESA" utilities to fix this problem or we can install additio…
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question