0

I have a system with two network adapters. One of the network adapters is connected to a port mirror, so it sees all the traffic in the network. I'd like to sniff that connection for a certain TCP connection with a specific port number, and forward all the data of that connection that to TCP server using the second network adapter.

What I have tried so far:

  • Use socat to listen on a port and fork it to another port. This works when a TCP connection would be directly made with the port socat is listening on, but I don't know how this could be replaced with the input from a sniffed connection.
  • tcpdump to sniff all the data. However, I'm unsure how to forward this data to a different TCP connection.

Any help would be much appreciated!

Improve this question
4
  • 2
    Can you tell us what your underlying goal is? I'm worried this might be an XY problem. I have a suspicion your real goal would be well-handled by a reverse proxy, load balancer, or NAT.
    – Spiff
    Commented Nov 1, 2020 at 23:56
  • The data that is sniffed needs to be logged, for which I use Wireshark. I do not have any influence on the network that is being sniffed. Furthermore, to allow for real-time analysis of that data, the data has to be forwarded/relayed to one or more other machines on a different location. I currently use a Java application on Windows that sniffs the data and puts it on a different TCP connection like described in the question, but I wondered if it would also be possible using Linux.
    – theflyingaviator
    Commented Nov 2, 2020 at 12:24
  • 1
    Have you tried using netcat for this?
    – Tim_Stewart
    Commented Nov 2, 2020 at 17:31
  • I'm familiar with netcat and I use it sometimes to create a TCP server or client. However, I'm not sure how I would be able to use netcat for the problem I described.
    – theflyingaviator
    Commented Nov 2, 2020 at 18:03

1 Answer 1

Reset to default
0

It sounds like what you are looking for is port forwarding.

You could try something like this.

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 1111 -j DNAT --to x.x.x.x:2222
iptables -A FORWARD -p tcp -d x.x.x.x --dport 2222 -j ACCEPT

The above example will forward all traffic received ingress on eth0 on port 1111 to IPv4 address x.x.x.x on port 2222.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .