How to retrieve original destination address - windows

I'm using a REDIRECT iptables rule from my router(OpenWRT) to redirect certain UDP packets from the server A to the server B and I need to know how to get the original destination address(like a proxy).
I already found a lot of information on how to do this on Linux using TProxy and other methods but unfortunately I don't see how to use them on Windows, there is some alternative?

If you use the REDIRECT iptables target, the original destination IP address is overwritten. It is lost and cannot be recovered.
Also, iptables only runs on Linux, so your question about how to do this on Windows doesn't make sense.

Related

How to differentiate between closed and filtered remote ports

I am setting up port scanner for remote server in my application using Go. I am using DialTimeout function in Go net package to check whether a remote host port is opened or not. The result is fine with success case. But, if i/o timeout happens, I need to identify whether
The port is closed (No service is running) or
Port is blocked (Firewall filtered) or
Due to internet connectivity down in local system where the application is running.
Have tried nmap cli command, I can able to differentiate those failure 3 cases exactly.
nmap command tried: nmap -sA -p port_number host_ip
I found a Go 3rd party libray to use nmap.
But, I don't want to use nmap in my application. Are there any other alternatives in Go to exactly differentiate those 3 cases?
In the simple world
Lets assume you want to scan a Linux system.
If you get an ICMP message type 3 code 3, the firewall explicitly told you:
Hi, I am the firewall of your target host. The host is running. I hereby inform you that you (potentially amongst others) can not access this port. So now that you know you should quit your connection attempts. However, I won't tell you wether it is because there is no service running behind it (in which case my response is simply a courtesy) or because I was told to deny you access. Goodbye!
The port is closed if you do not get above answer and can not make a connection. I hence strongly advice to use context.WithTimeout to make a connection.
In the real world
However, this only applies if the admin of the target host did not change the ICMP message type to respond with - or chose just to drop any packets coming from sources which are not allowed to access the respective service. In the latter case, there is no way for you to know wether the port is closed or filtered.
All of the above only applies if we are talking of an iptables based firewall on the target system with default settings.
Now assume something which is by far more likely: A border firewall plus a local firewall. The border firewall might send other ICMP messages (or, again, simply drop your packages). Those rules apply additionally to the rules of the local firewall. So it is a misconception that you are actually scanning a host. It is more accurate to say that you scan the services reachable via a specific IP.
EDIT
Why would one send an ICMP message explicitly rejecting connection attempts?
There are various reasons to come to that decision. There is a good answer on serverfault.com

How to redirect an outgoing traffic to another address?

I'd like to redirect specific outgoing TCP traffic to another address.
Say I have an application that tries to establish a connection to a server aaa.bbb.ccc.ddd:99999.
What I am trying to do is to redirect the application's outgoing traffic to another address (e.g., ddd.eee.fff.ggg:88888) without touching the application. Is this possible in Windows or Mac OS X?
Thanks
There two cases here:
First if you have fqdn, it's easy you just have to resolve it to a different ip via the local hosts file.
Second if the application is trying to reach specific ip address it's not so simple, and i will mention a way to do it on the system and one without changing anything on the system.
Within the system you have to modify local firewall. I will write you an example command from iptables which works on linux systems but sth equivalent you can apply with the software MacOS (pf see the edit on the end) and Windows have installed.
What i do below, is to NAT the IP i want to change, to a new IP.
iptables -t nat -A OUTPUT -p tcp -d IP_YOU_WANT_REWRITE --dport PORT -j DNAT --to-destination NEW_IP:NEW_PORT
In case now you don't want to mess with the host machine at all you can apply a similar NAT rule on your gateway/router, you just NAT the IP you want to change to the new one on the router configuration and your host reach the new one transparently.
edit: As far as i can see osx equivalent to iptables is pf so you need to write a similar rule using the nat command.

Checking networok connectivity between two hosts

I want to have a generic shell script which will check network connectivity between two hosts.
I wrote shell script with host and nslookup command to get the more details of target host, with these command I can't determine if current host can talk to target host.
Also I can't use(restricted) ping command , I was wondering if can use some other command to check network connectivity betweenn two hosts
Please suggest
Given a target host to determine if source host can communicate to target host
This is too vague to be useful. To solve this problem, you need to nail down what you mean by "communicate." A host may be able to send ICMP but not TCP. It may be able to send TCP but not ICMP. It may be able to send TCP to port 80, but not to 22. It may be able to send HTTP to port 80, but not SSH to port 80. Packets you send may return an error, or they may be silently dropped. The endpoint may receive your packets, but not process them. It may process them but not respond to you. There are many levels of "communicate."
So the best thing to test with is the thing you actually want to do. So if you want to communicate with HTTP over port 80, the best test is to do that. In fact, the best test is to just do the thing you wanted to do and not check beforehand. You're going to have to deal with errors no matter way. Just because you checked beforehand doesn't mean your actual attempt will be successful.
But sometimes you do just want to check "connectivity" (for some value of "connectivity") for monitoring purposes. In that case, again, do the thing you want. The easiest shell tool for checking HTTP connectivity is to fetch something with curl. If you need some other port, then a very nice generic solution is netcat (often called nc). I like:
nc -G 1 <host> <port> </dev/null
A return code of 0 means it connected; 1 means it failed.
For more esoteric issues, you can use nmap or even hping to craft about anything you want.
But most of the time, you shouldn't check at all. And if you do check, check with the thing you really want to do.

Get MAC address

How do I know visitor's MAC address on linux hosting (nginx)?
From ethernet user.
Thanks.
You cannot get that through PHP.
Networks protocol are used in a stack. When doing HTTP communications, your web server uses the HTTP protocol, responsible for the high-level communications. This protocol is implemented on the top of the TCP protocol (which brings stream-like connections and port numbers), which in turn is implemented on the top of the IP protocol (v4 or v6, which bring IP addresses for identification), which in turn is implemented on the top of the Ethernet protocol.
The Ethernet protocol is the one you would need to work with. It has both the source MAC address and the destination MAC address. However, most unfortunately, there are a lot of problems with it.
First, the data it conveys is probably hard to access: I say "probably" because I never stumbled upon how to do it.
Second, much like you get your client's router address when they access your site, you get your client's router MAC address at the Ethernet level. Unless they don't traverse any router (which would only happen if your server was directly wired to your client machine without any router interfering, because there are a whole lot of routers out there that relay data to other parts of the Internet), there is no chance that the MAC address you'll receive will be your client's.
Third, Apache will never try to access that data. And since PHP is "sandboxed" into the network environment Apache gives it, there is no way you can wind back to the Ethernet protocol.
So accessing the MAC address of a visitor from a website, from PHP, is not possible.
EDIT Seems you've taken out the PHP part from your question. So obviously, the last point won't stand anymore.
You can't get that with php it's not included in http
The more general question is this one. Since all PHP has to work with (I'm assuming this is PHP running on your webserver, here) is the HTTP request, you won't be able to get the MAC address. That requires something running on the visitor's side.
This may, or may not work. I know it will work on LAN clients, however for external clients it may be incorrect. I don't overly know my networking, but it's worth a shot right?
If you execute the arp -a command on either windows or linux, it will print out your arp records, which you can then parse for the mac.
Other than that, as far as I know, apache (and therefor php) doesn't just give out mac addresses in its env vars.
*Edited: Sorry, that won't work... The better utility is arping however that will just give you the mac of your router.
If you want to do this, clients will need to be directly connected to your server, with no router in between...
However if that is the case, then arping will work... I don't know of a better tool, but it seems a bit wasteful to do a ping (in root) for just a mac address.
The mac address is only visible on for the network provider if i'm correct (your internet host can see the mac address of your router for example), don't think you can get it with php.

TCP packet interception and redirection under windows

I have been trying to find some way of redirecting outbound TCP packets under windows, but so far have not been successful. Does anyone know of any software/code bit that would do something like that?
I am not even sure it is possible with the windows stack.
I am looking at doing something similar to what "-j REDIRECT" is to iptables.
EDIT: to be more precise, what needs to be done here, is to transparently(ie without the original application having to do anything) redirect outgoing tcp packet with a certain destination port to a specific ip.(alternatively redirecting them to a local port would be fine too since I can then just use something like rinetd or any port forwarder)
Netsh is a command-line scripting utility that allows you to, either locally or remotely, display or modify the network configuration of a computer that is currently running.
netsh interface portproxy add v4tov4 listenaddress=localaddress listenport=localport connectaddress=destaddress connectport=destport
see BarbaTunnel here and use its port redirecting
BarbaTunnel project

Resources