0

I know that each port can only be assigned to one app. However, I want to do this:

(1) I want to monitor a port, such as 80. This port is already assigned by another app, such as Apache

(2) I can copy every sockets sent to that port, and redirect those ports to another port

I have searched tcpdump, it can capture packets(with whole content). But I do not how to copy packets and then send them to another port?

Or, maybe there are other tools can capture packet easily?

Can give me some details if I want to implement myself? because I am not good at socket programming.

lishoubo
  • 11
  • 3

1 Answers1

0

As you correctly noted, you would not be able to use a socket to get packets from port 80 easily. THis is because if the second socket were to also receive packets for that port, then it would need to reuse the port (SO_REUSEADDR option). If the application is third-party and you cannot set this option to the server socket, then this would not work. You probbaly could try checking out scapy which has an option of sniffing packets and see if it meets our requirement: http://www.secdev.org/projects/scapy/doc/usage.html .

Manoj Pandey
  • 4,528
  • 1
  • 17
  • 18
  • Thank you. I am trying to use scapy. And I still do no know how to copy sockets, can you give me some ideas? – lishoubo Aug 30 '13 at 01:54
  • Basically, use the sniff() method to get the packet destined for a port. Next, udpate the port in the header and call send() method to send the packet. This answer should be helpful: http://stackoverflow.com/questions/13017797/how-to-add-http-headers-to-a-packet-sniffed-using-scapy . – Manoj Pandey Aug 30 '13 at 03:37