0

I'm sending spoofed packets from a server to a client. My goal is to replay original traffic (say, traffic from google.com) from a different machine to the same host.

Therefore a packet sent by my server will have the IP source address of whatever machine originally generated the packet. I have control over both client and server.

Is there any way such that the client can distinguish such packets from all other traffic, without any significant change in the packets' payload?

Any field in the IP header that I could safely use for this purpose? In the case of TCP traffic, how about using some unused field in the TCP header? I only need one bit, after all. So how about the reserved field?.

Ricky Robinson
  • 21,798
  • 42
  • 129
  • 185

1 Answers1

0

If it's an exact 'spoof' then no, but depending on your framework you should be able to get the client IP address even if a header's spoofed.

E.g. You might have spoofed the X-FORWARDED_FOR header, but not the REMOTE_ADDR.

You could also look in to browser 'fingerprinting', whereby you check a whole raft of properties to try and get a unique 'signature' of the client. Try it out on your browser at panopticlick.eff.org.

Widor
  • 13,003
  • 7
  • 42
  • 64
  • Thanks for the reply. I probably wasn't clear in the first place. What I want to do is to dump a few incoming packets (say, they all come from google), send everything to a server, and have the server send them again to me. Ideally, I won't apply any changes to the packets except for some kind of mark I need to put somewhere in the IP or TCP header to let the client recognize this particular traffic and deal with it accordingly. – Ricky Robinson Apr 27 '12 at 15:18
  • @RickyRobinson That just sounds like you need a proxy server to me. – Widor Apr 27 '12 at 15:29
  • I just think the desciption of a [Proxy Server](http://en.wikipedia.org/wiki/Proxy_server) covers your requirement to "replay original traffic". – Widor Apr 30 '12 at 09:39