1

First I'm using Visual Studio 2012 with C# and the Pcap.Net Library. I try to to forward packets which I captured before.

What I try to do:

  1. Spoof ARP-Table of my phone.
  2. Redirect the traffic which normally goes to the gateway to my computer.
  3. Log the packets.
  4. Forward them to the gateway.

What I did:

  1. Spoofing ARP-Table -> works fine.
  2. Redirect traffic to my PC -> works fine (logically).
  3. Log the packets to a dumpfile (.pcap) as shown in the tutorial on this site -> works fine (I can open it and read it with wireshark and it looks good).
  4. Forward the packets to the gateway. -> does not work.

I would like to forward them fluently. So what I did was use the "sendBuffer()" function as shown in the tutorial. So I just read in the .pcap file where all the packet information is saved and try to resend it with this "sendBuffer()" function. And of course I use the same adapter to do it. When I capture the traffic with wireshark I can see that my packets don't even get sent. (I'm also not sure if it works at the same time while I capture the data to the file. Because the code which should forward them need to read the packets from the file. Isn't there another way?) My code to forward the packets from the .pcap file (the IDE doesn't give me any error): It's approximately my code, I don't have it available cause I'm not at home. But should be right.

IList<LivePacketDevice> devices = LivePacketDevice.AllLocalMachine;
PacketDevice selectedOutputDevice = devices[0];
long capLength = new FileInfo(@"E:\CSharp\Pcap\dumpFile.pcap").Length;
bool isSync = true;
OfflinePacketDevice selectedInputDevice = new OfflinePacketDevice(@"E:\CSharp\Pcap\dumpFile.pcap");
            using (PacketCommunicator inputCommunicator = selectedInputDevice.Open(65536, PacketDeviceOpenAttributes.Promiscuous, 1000))
            {
                using (PacketCommunicator outputCommunicator = selectedOutputDevice.Open(100, PacketDeviceOpenAttributes.Promiscuous, 1000))
                {
                    if (inputCommunicator.DataLink != outputCommunicator.DataLink)
                    {
                       tB_Log.Text = tB_Log.Text + Environement.NewLine + "ERROR: Different Datalinks!";
                    }
                    using (PacketSendBuffer sendBuffer = new PacketSendBuffer((uint)capLength))
                    {
                        Packet packet;
                        while (inputCommunicator.ReceivePacket(out packet) == PacketCommunicatorReceiveResult.Ok)
                        {
                            sendBuffer.Enqueue(packet);
                        }
outputCommunicator.Transmit(sendBuffer, isSync);
}
}
}

Thank you very much for helping!

user3585773
  • 99
  • 4
  • 1. Why do you open the outputCommunicator with 100 as the first parameter? 2. Are you sure Transmit() with a non-empty buffer? 3. Did you manage to send any packets this way? 4. Why do you prefer SendBuffer instead of SendPacket()? – brickner May 09 '14 at 16:56
  • 1. That's a good suggestion I didn't check this. 2. I followed the example on the pcap.net (codeplex) site... so... could you please explain that to me a bit more detailed. 3. No I didn't. But I've built ARP packets and sent them successfully with the SendPacket() function. 4. According to the tutorial it's much more efficient when many packet have to be sent (Instead of rebuilding every packet manually). – user3585773 May 14 '14 at 11:25
  • Discussion continues here: https://pcapdotnet.codeplex.com/discussions/543737 – brickner Jun 20 '14 at 06:37

0 Answers0