如何使用Linux修改数据包 (linux 修改数据包)
How to Modify Data Packets with Linux
Data packets are essential for the transfer of information over the internet. By default, data packets travel through the internet without any modification. However, sometimes it is necessary to modify certn elements of the data packet in order to achieve a specific result. In such a situation, Linux can be very useful as it offers numerous tools to modify data packets. In this article, we will explore how to use Linux to modify data packets.
What is a data packet?
A data packet is a unit of information that is tranitted over the internet. It contns a header and a payload. The header contns information such as the source and destination IP addresses, protocol number, and other optional fields. The payload contns the actual data being tranitted. Data packets are sent from one device to another over the internet, and they are received and reassembled into the original message by the receiving device.
Why modify data packets?
There are several reasons why one may want to modify data packets. For instance, modifying the value of the TTL (Time-To-Live) field in the header of a data packet can be useful if you want to prevent the data packet from reaching its final destination. Similarly, modifying the source and destination IP addresses can be useful for routing purposes. Moreover, modifying the payload of a data packet can be useful in cases where you want to manipulate the data being sent or received.
Tools to Modify Data Packets
In Linux, there are several tools that can be used to modify data packets. Here are some of the most popular tools:
1. Tcpdump: Tcpdump is a command-line tool that captures and displays packets tranitted over a network. It can also be used to yze and modify packet headers.
2. Scapy: Scapy is a Python-based tool that can be used to create, sniff, and manipulate network packets. It has a flexible and expressive syntax that allows for easy packet construction and modification.
3. Ncat: Ncat is a command-line tool that can be used to create, send, and receive data packets. It is part of the nmap security suite and is avlable for all major operating systems.
4. Wireshark: Wireshark is a graphical tool that can be used to capture and yze network packets. It can also be used to modify packet contents and headers.
Using Tcpdump to Modify Data Packets
Tcpdump is a very popular tool for capturing and yzing network packets. It can also be used to modify packet headers. Here’s an example of how to modify the TTL field of a packet using tcpdump:
1. Open a terminal and type the following command to start tcpdump:
$sudo tcpdump -i eth0 -v
2. Send a packet to your machine from another machine on your network.
3. When tcpdump captures the packet, press “Control+C” to stop tcpdump from capturing packets.
4. Type the following command to modify the TTL value of the packet:
$sudo tcpdump -r tcpdump.cap -w new.pcap ‘src X.X.X.X and dst X.X.X.X’ -e -XX ‘ip[8] = 0x32’
Here, X.X.X.X represents the source and destination IP addresses of the packet. The ip[8] = 0x32 part of the command sets the TTL value to 50 (0x32 in hex). The modified packet is saved in the new.pcap file.
Using Scapy to Modify Data Packets
Scapy is a powerful Python-based tool that can be used to create, sniff, and manipulate network packets. Here’s how to modify a packet using Scapy:
1. Open a terminal and type the following command to start Scapy:
$ sudo scapy
2. Create a new packet using the following command:
>>> pkt = IP(dst=”X.X.X.X”)/TCP(dport=80)/HTTP()/Raw(“Hello World”)
Here, X.X.X.X represents the destination IP address of the packet.
3. Modify the value of the TTL field using the following command:
>>> pkt[IP].ttl = 50
Here, 50 is the new value of the TTL field.
4. Send the modified packet using the following command:
>>> send(pkt)
Using Ncat to Modify Data Packets
Ncat is a command-line tool that can be used to create, send, and receive data packets. Here’s how to modify a packet using Ncat:
1. Open a terminal and type the following command to start Ncat:
$ ncat -lvp 4444
2. In another terminal, use the following command to send a packet to the Ncat listener:
$ echo “Hello World” | ncat localhost 4444
3. When Ncat receives the packet, you can modify its contents by piping the output to a text editor or other tool:
$ ncat -lvp 4444 | sed ‘s/Hello/Goodbye/g’ | ncat localhost 5555
Here, sed is used to modify the payload of the packet. The modified payload is sent to another instance of Ncat listening on port 5555.
Using Wireshark to Modify Data Packets
Wireshark is a popular graphical tool that can be used to capture and yze network packets. It can also be used to modify packet contents and headers. Here’s how to modify a packet using Wireshark:
1. Open Wireshark and start capturing packets.
2. Send a packet to your machine from another machine on your network.
3. When Wireshark captures the packet, right-click on it and select “Follow TCP Stream”.
4. In the Stream view, modify the contents of the packet and click “Save As” to save the modified packet to a file.
Conclusion
In this article, we explored how to use Linux to modify data packets. We discussed several tools, including tcpdump, Scapy, Ncat, and Wireshark, that can be used to modify packet contents and headers. It’s important to note that modifying data packets can have serious implications, and should only be done for legitimate purposes. When used responsibly, however, the ability to modify network packets can be a powerful tool for network administrators and security professionals.
相关问题拓展阅读:
- linux在正常配置路由转发功能,关闭防火墙,linux收到数据包后,还是无法转发数据包
- Linux使用TPROXY进行UDP的透明代理
- Linux修改iptables,开放端口?如何在文件中输入规则
linux在正常配置路由转发功能,关闭防火墙,linux收到数据包后,还是无法转发数据包
你只是增加了路由中的目的地,并没有加需要到这个目的地去的数据所以转发的网关,即你的上级路由陪岁
route add 114.215.195.176/32 gw 192.168.0.1 dev seth0 其中192.168.0.1就是你的上含亩级路由的ip,根据实芦老睁际情况来改
Linux使用TPROXY进行UDP的透明代理
在进行TCP的代理时,只要在旁带NET表上无脑进行REDIRECT就好了。例如使用ss-redir,你只要把tcp的流量redirect到ss-redir监听的端口上就OK了。但是当你使用这种方法的时候,就会不正常,因为对于UDP进行redirect之后,原始的目的地址和端口就找不到了。
这是为什么呢?
ss-redir的原理很简单:使肆桥用iptables对PREROUTING与OUTPUT的TCP/UDP流量进行REDIRECT(REDIRECT是DNAT的特例),ss—redir在捕获网络流量后,通过一些技术手段获取REDIRECT之前的目的地址(dst)与端口(port),连同网络流量一起转发至远程服务器。
针对TCP连接,的确是因为Linux Kernel连接跟踪机制的实现才使获取
数据包
原本的dst和port成为可能,但这种连接跟踪机制并非只存在于TCP连接中,UDP连接同样存在,conntrack -p udp便能看到UDP的连接跟踪记录。内核中有关TCP与UDP的NAT源码/net/netfilter/nf_nat_proto_tcp.c和/net/netfilter/nf_nat_proto_udp.c几乎一模一样,都是根据NAT的类型做SNAT或DNAT。
那这究竟是怎么一回事?为什么对于UDP连接就失效了呢?
回过头来看看ss-redir有关获取TCP原本的dst和port的源码,核心函数是getdestaddr:
在内核源码中搜了下有关SO_ORIGINAL_DST的东西,裂启猛看到了getorigdst:
We only do TCP and SCTP at the moment。Oh,shit!只针对TCP与SCTP才能这么做,并非技术上不可行,只是人为地阻止罢了。
为了在redirect UDP后还能够获取原本的dst和port,ss-redir采用了TPROXY。Linux系统有关TPROXY的设置是以下三条命令:
大意就是在mangle表的PREROUTING中为每个UDP数据包打上0x2333/0x2333标志,之后在路由选择中将具有0x2333/0x2333标志的数据包投递到本地环回设备上的1080端口;对监听0.0.0.0地址的1080端口的socket启用IP_TRANSPARENT标志,使IPv4路由能够将非本机的数据报投递到
传输层
,传递给监听1080端口的ss-redir。IP_RECVORIGDSTADDR与IPV6_RECVORIGDSTADDR则表示获取送达数据包的dst与port。
可问题来了:要知道mangle表并不会修改数据包,那么TPROXY是如何做到在不修改数据包的前提下将非本机dst的数据包投递到换回设备上的1080端口呢?
这个问题在内核中时如何实现的,还待研究,但是确定是TPROXY做了某些工作。
TPROXY主要功能:
TPROXY要解决的两个重要的问题
参考:
Linux修改iptables,开放端口?如何在文件中输入规则
/etc/sysconfig/iptables 是iptables启动时默认载入的配置文件
开发67端口,只需要该文件的:RH-Firewall-1-INPUT – 链中加入一条指令:
(iptables 不用写入) -A INPUT -dport 67 -j ACCEPT
这里只匹配数据包的目标端口,不做协议匹配,也就说所有通过到达该端口的数据包都会被通过
要做其他如协议的匹配,加入 -p 协议名 即可。
=======================================
另外要提出的是:
直接 vi /etc/sysconfig/iptables 和在终端输入iptables命令的区别:
/蚂逗败etc/sysconfig/iptables 是默认配置文件,每次iptables在启动时都会载入里面的规则,但载入之后,实际上该文件没有什么用处。也就是只有载入的时候有用。
在/etc/sysconfig/iptables-config 里面的IPTABLES_SAVE_ON_STOP=no 这一句的”no”改为”yes”这样每次服务在停止之前会自动将现有的规则保存在 /etc/sysconfig/iptables 这个文件中去.等同于每次在停止iptables时 首先会执行一个命令# iptables-save /etc/sysconfig/iptables
使用iptables命令输入,规则立即生效,但并不是立即写入/etc/sysconfig/iptables文件指者,只闷颤有执行# iptables-save /etc/sysconfig/iptables 之后,现有规则才会被保存到/etc/sysconfig/iptables文件。
说的做吧,我尽量解释清楚。
/etc/init.d/iptables start 启动iptables
初始化iptables,删除之前的规则,
iptables -F
iptables -X
iptables -Z
iptables -F -t nat
iptables -X -t nat
iptables -Z -t nat
允许SSH进入,要不然等下就连不上去了
iptables -A INPUT -p TCP –dportj ACCEPT
设置默认出入站的规则
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
载入相应的模块
modprobe ip_tables
modprobe iptable_nat
modprobe ip_nat_ftp
modprobe ip_conntrack
modprobe ip_conntrack_ftp
配置默认的转发规则
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
允许圆脊内网连接
iptables -A INPUT -i 内网网卡名(比如eth1) -j ACCEPT
启用转发功能
echo “1” > /proc/sys/net/ipv4/ip_forward
配置源NAT,允许内网通过主机nat上网,即所谓的网络碰腔逗共享
iptables -t nat -A POSTROUTING -s 内网网卡名 -o 外网网卡名 -j MASQUERADE
把FTP服务笑卖器映射到外网
iptables -t nat -A PREROUTING -p tcp -d 58.222.1.3 –dport-j DNAT –to 192.168.0.211:21
结束,别忘了保存
service iptables save
192.168.0.211的网关应该设成这成主机192.168.0.1。这样就行了。
关于linux 修改数据包的介绍到此就结束了,不知道你从中找到你需要的信息了吗 ?如果你还想了解更多这方面的信息,记得收藏关注本站。
