[Za-pm] Spoofing UDP Packets

Nick Cleaton nick at cleaton.net
Sat Jul 12 07:16:44 CDT 2003


On Sat, Jul 12, 2003 at 01:15:12PM +0200, Nico Coetzee wrote:
> 
> Need some help. It seems since Kerlnel 2.4 ( Linux ), you cant 'spoof' the
> source address of UDP packets. I need to do this to forward Netflow UDP
> packets from Cisco devices to Netwatch (
> <http://www.crannog-software.com/> ). Problem is, Netwatch sees my Linux
> box as the source address for all the packets, and tries to do a SNMP walk
> on my machine. Also, Netwatch can't forward Netflow pactets, so that's why
> I get them first.
> 
> I already have a program that cathes the UDP pactets on the Linux box, and
> then splits in in two, forwarding one leg to a Perl service on the Linux
> box that does some Netflow analysis, and the second leg get's forwarded to the
> Netwatch box. I tried with iptables to spoof the source address, but that
> didn't work.
> 
> I can write a UDP client and UDP server ( from examples from the Perl
> Cookbook ), but I want to know if my 'server' can simply rewrite the
> source address and forward it to Netwatch.
> 
> Any ideas?

Net::RawIP might do it.

--
Nick



More information about the Za-pm mailing list