0

I am currently new to this field and did some research on raw socket programming and packet injection and sniffing but could come across my requirement which is to inject a packet with ESP and AEH headers. (To intercept an insecure packet and apply either ESP or AEH).

The tutorials I found mostly talks about injecting packets into networks/ altering the header such as, https://gist.github.com/securitytube/5325122 , http://www.youtube.com/watch?v=V6CohFrRNTo , how to modify packet header(IP header, TCP Header) before the host send them into the network . I must be looking at the wrong topics.

I would be really grateful if you experts could point me to any API or opensource project that could be used to perform this task.

Community
  • 1
  • 1
Hasitha Shan
  • 2,900
  • 6
  • 42
  • 83
  • Are you trying to implement IPSec by yourself or just configure the OS to do it for you? – rodolk Feb 19 '14 at 16:52
  • @rodolk Thank you for the reply.. :) yes I am trying to implement IPsec on my own. to my own conditions. :) is there a way to do this with C? – Hasitha Shan Feb 19 '14 at 17:23

1 Answers1

1

First you need to capture an IP packet then mangle it and then send it and avoid the original packet be sent. You can use libpcap library to capture packets, then mangle them and add your ESP and AH headers (and do all the work IPSec does) and then send it using raw INET sockets (instead of packet sockets, which one of your links shows, with packet socket you need to add your own IP headers). For raw INET sockets:

socket(AF_INET, SOCK_RAW, int protocol);

You can also use Netfilter and add iptable rules to drop outgoing/incoming packets or send them to your handler. This is a very strong tool and you can do everything with it.

I assume you know you will have to implement management of Security Associations and directly handle hash algorithms, authentications algorithms, encryption algorithms, etc.

rodolk
  • 5,606
  • 3
  • 28
  • 34
  • Thanks for the descriptive step by step answer. May I ask do you know any library that could help to add ESP and AH headers to a packet via C? That is a section that I am stuck in – Hasitha Shan Feb 19 '14 at 18:52
  • I really don't know a library for doing that. The kernel does it. – rodolk Feb 19 '14 at 21:10