[Za-pm] Spoofing UDP Packets
Nico Coetzee
nico at itfirms.co.za
Sat Jul 12 06:15:12 CDT 2003
Hi all
Need some help. It seems since Kerlnel 2.4 ( Linux ), you cant 'spoof' the
source address of UDP packets. I need to do this to forward Netflow UDP
packets from Cisco devices to Netwatch (
<http://www.crannog-software.com/> ). Problem is, Netwatch sees my Linux
box as the source address for all the packets, and tries to do a SNMP walk
on my machine. Also, Netwatch can't forward Netflow pactets, so that's why
I get them first.
I already have a program that cathes the UDP pactets on the Linux box, and
then splits in in two, forwarding one leg to a Perl service on the Linux
box that does some Netflow analysis, and the second leg get's forwarded to the
Netwatch box. I tried with iptables to spoof the source address, but that
didn't work.
I can write a UDP client and UDP server ( from examples from the Perl
Cookbook ), but I want to know if my 'server' can simply rewrite the
source address and forward it to Netwatch.
Any ideas?
Thanks
--
Nico Coetzee
http://www.itfirms.co.za/
http://za.pm.org/
http://forums.databasejournal.com/
To the systems programmer, users and applications serve only to provide a
test load.
More information about the Za-pm
mailing list