[Winpcap-users] Sending packets to own NIC

Reznicencu Sergiu sergiureznicencu at gmail.com
Mon Sep 24 16:21:08 UTC 2018

Weird enough: I have managed to even alter the tcp payload. I had some
problems with the tcp payload but now I see why before I couldn't change
the ip checksum...this would lead to an invalid checksum at the tcp layer
because the tcp checksum includes both src and dest ip.
When I saw that I could change the tcp payload I injected an redirection
http header to divert traffic to my server. I should note that I spoofed
one way(I could see all "victim's" packets from the gateway but not the
packets sent by the client...so that everything would be faster). Now comes
the problem: the injected payload was quicly unrecognized by the other
. This lead me to think that once a client receives a packet it checks the
checksum but it also sends pack the packet for confirmation. This is the
only explanation for why the client refused the redirect packet(it would
have sent it back to the server and the server would not-acknowldge it...).
So this is a dead end.

Back to the ip method: Once I realized that I shoud recalculate the tcp
checksum I went on to patch the ip layer. Now I have serious problems with
this one. I tried every checksum function I could find on internet but none
works(don't worry..I am not a copycat-I read and understand the code I
copy). I have a strong feeling the checksum is incorrect because on
big/little endianness mismatch(this was the case with the code I took for
tcp checksum).

Update. Actually I solved it. I found a good method for recalculating the
checksum it appears to work. About sending packets to own NIC. Another
method. Send the packet to router(set dest mac to gateway) and set the dest
ip to mine. The router will check the ip and forward the packet back to my
computer. My system will think the source is the victim. Is this a good
ideea? (I already tried it but it seems I still have problems with tcp
checksum and out -of-order packets...I wonder why..).

În dum., 23 sept. 2018 la 21:00, Mark Pizzolato - Winpcap-Users <
winpcap-users-20040408 at subscriptions.pizzolato.net> a scris:

> On Sunday, September 23, 2018 at 10:20 AM, Guy Harris wrote:
> > On Sep 23, 2018, at 4:37 AM, Reznicencu Sergiu
> > <sergiureznicencu at gmail.com> wrote:
> >
> > > I forgot to mention that I already recalculate the ip checksum. It is
> weird that
> > I cann see in wireshark the packets that I modified and resnt. Shouldn't
> the
> > packets be in "loopback"?
> >
> > On most UN*Xes, yes; they will show up on the loopback interface (lo0 or
> lo).
> >
> > On Windows, there isn't such an interface.  WinPcap doesn't capture that
> > traffic;
> Actually, WinPcap, by default, does capture all traffic you transmit using
> pcap_sendpacket() on a pcap_t handle (unless you're filtering to exclude
> it).
> That transmitted traffic will in fact be received by the host system's
> network
> Stack (presuming matching MAC and IP address values on the interface your
> pcap_t handle is connected to).
> This receipt will be in addition to the fact that the host system's network
> stack will also have received the original traffic which you've rewritten.
> WinPcap is not a facility that will let you capture traffic and inhibit
> its
> reception by the host system's network stack.
> - Mark Pizzolato
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/winpcap-users/attachments/20180924/e427fd4d/attachment.html>

More information about the Winpcap-users mailing list