Linux's Windows Filtering Platform equivalent?

Question

Hi,

More than once I picked myself wanting to have an easy way to edit packets on-the-fly in my LAN, so I thought it was time for me to make some "machinery" to do the job. I think WFP would do exactly what I needed.

Not only I wanted to filter and edit packets off the computer my program would be running, but I would also like to ARP poison a machine in my LAN and edit the packets routed through the other one (I don't know wheter I could do this using WFP; that's another part of my question. If anyone knows, please tell me).

The problem is I'm not being able to download Visual C++, and I need it to use the WFP (it's part of the Windows SDK, which is not fully available for MinGW; porting the headers myself is generally a headache). Also I simply would like to know how to do that in Linux.

Anyone?

(Complementary question at ServerFault.com: http://serverfault.com/questions/74915/best-way-to-live-edit-packets-from-another-computer)

Answer 1

The most common way to capture and store packets in linux is through libpcap. You can use standard sockets to send the packets or generic libraries (boost::asio).

You can accomplish the same using wireshark. I believe wireshark will allow replay and/or injection.

As far as arp poisoning, you will probably have to do that directly with arp packets yourself.