[Winpcap-users] Sending packets to own NIC

Daniel Smith zamadatix at gmail.com
Sat Sep 22 23:39:48 UTC 2018 

Both TCP and IP include checksums to validate packets have not been
corrupted https://locklessinc.com/articles/tcp_checksum/
https://en.wikipedia.org/wiki/IPv4_header_checksum. For your question "Can
I send messages back to my own NIC" I would say it probably depends on the
NIC but I wouldn't rely on it working for most NICs.

Overall I think this would be significantly easier for you if you didn't
use winpcap at all, why not just change the IP and MAC of your adapter
directly and receive the packets straight to the HTTP server
https://docs.microsoft.com/en-us/powershell/module/netadapter/set-netadapter?view=win10-ps?
Even if you wanted to do other things it's significantly easier to combine
adapter mac spoofing & Windows IP sockets than it is to do everything
manually at layer 2 from winpcap. If you insist on using winpcap I'd first
make sure you test sending a customized TCP packet between 2 PCs before
trying to do it all local as it will be easier to troubleshoot where things
are getting dropped.

Daniel Smith

On Sat, Sep 22, 2018 at 5:24 PM Reznicencu Sergiu <
sergiureznicencu at gmail.com> wrote:

> Hi. I am trying to divert all traffic from a pc to my own. But when doing
> so I will modify the receiving packets to look as if the request was
> specially made for my computer on which I run a http server. To do this I
> receive spoofed packets, I change mac and ip to my own and resend them back
>  with pcap_sendpacket(). But the computer just refuses to accept the first
> SYN packet. I made a side by side comparison between an authentic request
> to my webserver and a fake one. I couldn’t see much of a difference. Is
> there any problem with theory? Can I send messages back to my own NIC?
> Thanks in advance.
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/winpcap-users/attachments/20180922/e8eb22fb/attachment.html>

More information about the Winpcap-users mailing list