tags:

views:

122

answers:

3
Q: 

Transparently proxying telnet traffic?

We have written a tool to proxy telnet traffic, and fork the inbound/outbound streams for recording purposes (this is a testing tool to test a legacy system). However, we hit a snag. The legacy system relies on knowing a client's ip address in certain cases, but when we use our proxy the clients' addresses are all changed to the proxy's address. Since we control what machine the legacy systems uses as a gateway, I'm wondering if there isn't some way via iptables or some other packet mangling tech to spoof this. So, in other words, without the proxy we have:

[CLIENT A - 172.16.2.2]------|
[CLIENT B - 172.16.2.3]------|------------[SERVER sees CLIENT A as 172.16.2.2, B as 2.3, so on]
[CLIENT C - 172.16.2.4]------|

With the proxy we get:

[CLIENT A - 172.16.2.2]---|
[CLIENT B - 172.16.2.3]---|---[PROXY 172.16.2.5]--[SERVER sees all clients as 172.16.2.5]
[CLIENT C - 172.16.2.4]---|

What we need:

[CLIENT A - 172.16.2.2]---|
[CLIENT B - 172.16.2.3]---|---[PROXY 172.16.2.5]--[SERVER sees CLIENT A as 172.16.2.2, so on]
[CLIENT C - 172.16.2.4]---|

Is there any possible way to accomplish this?

Thanks!

A: 

This question is not really programming-related.

But you can do it with the Linux kernel facility TPROXY, which I believe is distributed separately from Linux.

TPROXY lets you transparently proxy traffic, making the client and server see their own original IP addresses. You can do other tricks too.

MarkR  2009-03-25 13:30:34
A: 

Instead of using a proxy, can you just put a network card into promiscuous mode and use tcpdump or something similar to capture what's going on?

Paul Tomblin  2009-03-25 13:30:49
This is actually a good idea, but the task of reassembling and sequencing seems a bit daunting. I will look to see if any decent tcp reassembly utilities exist.
jbwiv  2009-03-25 15:50:00
tcpdump has some pretty sophisticated filtering mechanisms. You can use them to filter on just the traffic from one host to one client on one port, for example.
Paul Tomblin  2009-03-25 16:38:10
Yep, and we found a project called chaosreader that looks like it's going to help as well. Thanks for thinking outside the box!
jbwiv  2009-03-28 21:43:19
A: 

How about some NATing: does the server really need to see the exact IP or just unique IPs for the clients? If not, how about doing:

172.16.88.2                     --- 172.16.2.2
172.16.88.3   ---  PROXY        --- 172.16.2.3   --- SERVER
172.16.88.4       w/ 3 IPs      --- 172.16.2.4
ShiDoiSi  2009-03-25 13:34:28
Unfortunately...it needs to see the original ips. Thanks for your answer though.
jbwiv  2009-03-25 13:39:07

related questions

Windows packet sniffer that can capture loopback traffic?
Sockets and Processes in Java
Getting the Hostname or IP in Ruby on Rails
How do I measure bytes in/out of an IP port used for .NET remoting?
How do I read and write raw ip packets from java on a mac?
Tool for degrading my network connection?
How do you find out which NIC is connected to the internet?
How do you parse an IP address string in C#?
Spread vs MPI vs zeromq?
How do you get the ethernet address using Java?
Leaving your harddrive shared
Should a wireless network be open?
Wifi Management on XP (SP2/SP3)
Broadcast like UDP with the reliability of TCP
Default Routes
Optimizing for low bandwidth
What workshops / user groups / conventions do you attend?
Why is Peer-to-Peer programming a hard topic to obtain good research for?
Boundary Tests For a Networked App
Remoting server auto-discovery. Broadcast or not?
How do I interpret 'netstat -a' output
Default Internet connection on Dual LAN Workstation
Objective-C/Cocoa: How do I accept a bad server certificate?
Easiest way to provide VPN access easily for all client OSes?
How to setup Quality of Service?