How to intercept packets under Linux
Posted on 2008-11-13
So here's the deal. I'm writing a basic proxy program, and I want it to work with no client side configuration. The proxy will run on a GNU/Linux machine, which acts as a gateway for my LAN.
The nix machine is currently forwarding packets -- I've set /proc/sys/net/ipv4/ip_forward to 1
Now I want to be able to intercept this traffic -- i.e all traffic gets sent to my proxy application, and the proxy will choose whether or not to forward to packets to the destination.
I've got a basic knowledge of iptables, and I've thought of using iptables -t nat -I PREROUTING -p tcp --dport 80 -j DNAT --to-destination <ip-of-nix-box>, however I believe this will cause me to loose either the source or destination address of the packet.
Perhaps a user-space forwarding application like fragrouter could do this? Could it be done with tcpdump and tcpreplay?
I really don't know, so I thought I'd ask you guys: what is the best way of going about intercepting packets under linux?