I am trying to find the easiest way to intercept TCP SYN packets sent by my computer in a c++ program. There are couple of options that I know. One would be monitor all traffic and just selectively work with the SYN packets doing nothing with the rest. Another option I came across was to use a packet filtering utility which will forward the SYN packets to my program. Someone suggested me to use netfilter for the same.
I was wondering if there are other options or should I delve into netfilter. Also, any pointers on how to do it this with netfilter would be helpful.
EDIT: I want to intercept the SYN packet and may need to modify it (reroute to different destination, change destination port etc) before reinjecting it back to the network
Edit: I was able to do this using a combination of iptables and libnetfilter_queue. I used ipfilter to redirect all TCP SYN packets to a particular queue (this was using a simple command)
Then in a C program I was able to use libnetfilter_queue API to access the packets in the queue analyze them and reinject them back to the network.
If you merely want to see the packets, use
libpcapand packet filtering – that’ll work on most any UNIX variant.If you want to somehow intercept and rewrite the packets, please supply more information about what you’re trying to do, and what’s supposed to happen to the packets afterwards.
As you suggest, that might be an application for netfilter and its queue module, although that requires a 2.6.14 or later kernel: