Login/Register
Windows forward packets to c# application
Asked Answered
c#windowsportforwardpcap.net
L

1

7

Is there any way to forward tcp packets to my c# application on windows (10) and let TcpListener/HttpListener handle the requests? In linux I can do that by setting up iptables (iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 7000).

For example, in my c# application I could listen for incoming connections (Using TcpListener or a socket listener) on a specific port, let's say 7000. Could I somehow configure windows to forward all tcp traffic to 127.0.0.1:7000? Keep in mind that the packets will have a different destination IP address than my computer's address in the network (But of course, same destination hardware address).

I've tried a different approach using Pcap .Net in c#. I'm capturing packets and forwarding them to 127.0.0.1. However, it seems that my host still doesn't capture the packet (Perhaps it's sending the packet to the gateway, trying to find a host with that IP in the network?). I can always use my local IP address in the network, but that would cause the packet to go to the gateway and then back again which is unnessesary since all I want is for my TcpListener to recognize incoming connections. The code I'm using:

static void processPacket(Packet packet) {
    EthernetLayer ethernetLayer = (EthernetLayer)packet.Ethernet.ExtractLayer();
    IpV4Layer ipLayer = (IpV4Layer)packet.Ethernet.IpV4.ExtractLayer();

    if (ipLayer.Protocol == IpV4Protocol.Tcp) {
        TcpLayer tcpLayer = (TcpLayer)packet.Ethernet.IpV4.Tcp.ExtractLayer();

        if (tcpLayer.DestinationPort == 80) {
           Packet newPacket = BuildTcpPacket(packet, "127.0.0.1"); //copies the packet but changes the ip destination address to 127.0.0.1
                Communicator.SendPacket(newPacket);
                return;
        }
     }
     reroutePacket(packet); //forwards packet to correct destination
 }
Leveille answered 19/9, 2013 at 17:16 Comment(5)
IMHO there's a misunderstanding. If you capture packets with PCap, you already have them. Why forward to a port just to receive them again? And perhaps, this will trigger a PCap capture again, which will be forwarded, ...Stettin
Hi Thomas thanks for your input. I could, but I would need to rewrite the functionality of TcpListener at packet-level (using Pcap.net). I can't use TcpListener without forwarding the packets because they have a different destination address and are therefore not "picked up" by TcpListener.Leveille
what happens to packets that reach my host when their destination IP address doesn't match with my host's address? - Usually they won't be picked up. If PCap works in promiscuous mode, they will be captured by PCap but not forwarded to any applicationStettin
Are they automatically rerouted to the correct host? - No. On the network, all attacked PCs listen at the same time. The one who's MAC address matches processes itStettin
Possible duplicate of port forwarding in windows.Candycecandystriped
Y
3

using

netsh interface portproxy add v4tov4 listenport=9999 listenaddress=0.0.0.0 connectport=80 connectaddress=127.0.0.1

will redirect all requests to system registered IP addresses to localhost.

Firewall discards packets that do not match internal IP address list, the only way to capture such traffic is to set network card in promiscuous mode to capture all traffic by tool like wireshark.

My ideas:

  1. Dump all traffic to file (wireshark) and tail it to send to other host for processing.

  2. setup switch using port mirroring and have dedicated host for traffic analytics.

any comments welcome!

In the realm of computer networking, promiscuous mode refers to the special mode of Ethernet hardware, in particular network interface cards (NICs), that allows a NIC to receive all traffic on the network, even if it is not addressed to this NIC.

Ygerne answered 17/6, 2016 at 8:59 Comment(1)
I tried using netsh but HttpListener does not pick up http requests (Promiscuous mode turned on because of Pcap) .Dumping traffic to file and then tailing it from C# app (or port mirroring) is not what I need. I already have the data from Pcap, I need to let my application pick up the request using TcpListener or HttpListener.Leveille

© 2022 - 2024 — McMap. All rights reserved.