I've used arp spoofing to forward a tcp connection request to my computer, wireshark in promiscuous mode approves that SYN packet arrives at my computer. I used TCPListener to receive the connection but I can't open a TCPListener instance using the IP address that doesn't belongs to my PC. It seems that TCPListener class is not able to accept packets with different destination ip address than the local interface. How can I perform this task?
Asked
Active
Viewed 276 times
0
-
You'll need to actually add a network interface that pretends to be the IP address in question, otherwise the network stack is just going to discard these packets without ever forwarding them to user mode applications. You could conceivably use a raw socket to read them (not `TcpListener`), but that by itself doesn't give you a valid TCP connection, so you'd have to do all the handshaking yourself too, and I'm not sure the kernel isn't going to prematurely bounce the connection anyway. This is still the way to go if the source address can't be predicted in advance. – Jeroen Mostert Jun 08 '17 at 15:55
-
@jeroen-mostert If I change my IP address to be that IP address, there would be an IP conflict then. – Masoud Jun 11 '17 at 04:58
-
There is already an IP conflict -- you're the one who engineered it by ARP spoofing. There are now effectively two machines on the network using the same IP address. This conflict is just not one Windows is detecting at the moment -- I forget how it does that, exactly. But yeah, if you can't bypass that, you'll have to do your own TCP handshaking and you can't use `TcpListener`. Nobody ever said it was easy. – Jeroen Mostert Jun 11 '17 at 08:44