Archived from groups: alt.internet.wireless (
More info?)
On 27 Jul 2004 12:59:43 -0700, bjohnsme@yahoo.com (bjohnsme) wrote:
>Is it possible to forward sniffed packets elsewhere on the lan. e.g.
>- if you have an 802.11 card in monitor mode, will IPTABLES forward
>beacon frames elsewhere on the lan? by the same token, if the sniffed
>packet is a UDP broadcast packet, can that then be broadcast to any
>connected machines?
>
>I guess I'm really just curious how IPTables handles "sniffed" packets
>in general.
It would be helpful if you disclosed what you were trying to
accomplish. I'll make a guess that you're trying to setup a remote
sniffer station that can sniff wireless traffic over a wired network.
No big deal. Setup a network service using inetd on an unused IP
socket. Redirect the sniffed wireless data stream from your wireless
card to a named pipe that terminates in the service you've setup.
When you wanna be buried in sniffed packets, simply telnet to the IP
socket and it should spew data all over your screen. If you need
formatting or filtering, use sed, awk, perl, or such through a pipe.
I've done this for collecting data from phone loggers, test equipment,
goofy network devices, and one mountain top wireless sniffer (a bad
idea due to almost continuous collisions.)
One catch is that in its simplest form, the service can handle only
one telnet connection at a time. If you need more than one
connection, you'll need to scribble a more complex service based on
smux.
As for IPTables, methinks you will need to setup a rule set for the
new service by interface and IP socket number. You can make that do
whatever you want and not affect operation on other interfaces.
--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D
http://www.LearnByDestroying.com
Santa Cruz CA 95060 AE6KS 831-336-2558
Facebook
Twitter
Instagram