TCP packet interception and redirection under windows - windows

I have been trying to find some way of redirecting outbound TCP packets under windows, but so far have not been successful. Does anyone know of any software/code bit that would do something like that?
I am not even sure it is possible with the windows stack.
I am looking at doing something similar to what "-j REDIRECT" is to iptables.
EDIT: to be more precise, what needs to be done here, is to transparently(ie without the original application having to do anything) redirect outgoing tcp packet with a certain destination port to a specific ip.(alternatively redirecting them to a local port would be fine too since I can then just use something like rinetd or any port forwarder)

Netsh is a command-line scripting utility that allows you to, either locally or remotely, display or modify the network configuration of a computer that is currently running.
netsh interface portproxy add v4tov4 listenaddress=localaddress listenport=localport connectaddress=destaddress connectport=destport

see BarbaTunnel here and use its port redirecting
BarbaTunnel project

Related

Simpler method to redirect outgoing connection to localhost in Windows 10

Ok, so I have a program that talks with a device through Bluetooth and enables it to open a socket connection to an external host. I have a simulator that runs in my computer and I want to redirect the outgoing connection to the simulator running in localhost. Even for Windows, this seems more complicated that I think it should be.
Based in this I tried netsh int ip add addr 1 111.222.333.444/32 st=ac sk=tr
Based on this I tried netsh interface portproxy add v4tov4 listenaddress=111.222.333.444 listenport=15000 connectaddress=127.0.0.1 connectport=2405 protocol=tcp
While the outgoing connection always goes to port 15000, I can control the port where my simulator is listening. It is 2405 merely because the first version of the simulator used that port for some reason.
I tried with both active and forgot about them while I searched for alternatives.
I then found this link with no solution, but the OP said that he solved his problem with PassPort, which finally enabled the device's outgoing communication to reach my simulator.
When I tried to revert the netsh commands, I discovered out that I needed both commands active for PassPort to do its trick.
Isn't there a simpler method to achieve this? My system is Windows 10 21H1
I can't use the hosts file because the connection is made directly to the IP, not to a hostname.
Edit: apologies, I just realized that this might have been better to ask in superuser... can I move it or need to delete/recreate?

How to differentiate between closed and filtered remote ports

I am setting up port scanner for remote server in my application using Go. I am using DialTimeout function in Go net package to check whether a remote host port is opened or not. The result is fine with success case. But, if i/o timeout happens, I need to identify whether
The port is closed (No service is running) or
Port is blocked (Firewall filtered) or
Due to internet connectivity down in local system where the application is running.
Have tried nmap cli command, I can able to differentiate those failure 3 cases exactly.
nmap command tried: nmap -sA -p port_number host_ip
I found a Go 3rd party libray to use nmap.
But, I don't want to use nmap in my application. Are there any other alternatives in Go to exactly differentiate those 3 cases?
In the simple world
Lets assume you want to scan a Linux system.
If you get an ICMP message type 3 code 3, the firewall explicitly told you:
Hi, I am the firewall of your target host. The host is running. I hereby inform you that you (potentially amongst others) can not access this port. So now that you know you should quit your connection attempts. However, I won't tell you wether it is because there is no service running behind it (in which case my response is simply a courtesy) or because I was told to deny you access. Goodbye!
The port is closed if you do not get above answer and can not make a connection. I hence strongly advice to use context.WithTimeout to make a connection.
In the real world
However, this only applies if the admin of the target host did not change the ICMP message type to respond with - or chose just to drop any packets coming from sources which are not allowed to access the respective service. In the latter case, there is no way for you to know wether the port is closed or filtered.
All of the above only applies if we are talking of an iptables based firewall on the target system with default settings.
Now assume something which is by far more likely: A border firewall plus a local firewall. The border firewall might send other ICMP messages (or, again, simply drop your packages). Those rules apply additionally to the rules of the local firewall. So it is a misconception that you are actually scanning a host. It is more accurate to say that you scan the services reachable via a specific IP.
EDIT
Why would one send an ICMP message explicitly rejecting connection attempts?
There are various reasons to come to that decision. There is a good answer on serverfault.com

Netcat FTP active mode file transfer not working

Im trying to download a file from a FTP server using active mode.However,it looks like my connection just"expire" or something each time.First,I open a port on my computer using netcat,ex:
nc -vv -l -p 62077
this will listen on port 62077 on my computer.Then,I open another netcat windows,log in to the FTP link using port 21,and once im in the directory where the file I want is in,I do
PORT (my IP separated by , ),(242,125(wich equals to port 62077)\r\n
However,after I enter this command,nothing happen for about 10-15 seconds,and the netcat just quit without saying anything.Nothing happen either on the netcat window that is listening on port 62077.It does that everytime,I dont know what I am doing wrong.I did the same thing with Filezilla(in active mode) and examinated the commands with wireshark,I do the exact same command as Filezilla,however filezilla will be able to retrieve the file while netcat wont.I want to retrieve it with netcat and I dont know what im doing wrong.I am using Windows 10.
thank you!
After you have established your listening nc socket, and after you have sent the USER, PASS, and PORT commands, you then need to trigger the file transfer to that listening socket using e.g.:
RETR /path/to/file/to/download
on the control connection. (Unless you actually are already doing this, but didn't mention it in the post?)
Also, just to note: you mention using something like this:
PORT 1,2,3,4,(242,125)\r\n
Right? Those parentheses might also be an issue. Instead, you might try:
PORT 1,2,3,4,242,125\r\n
without any parentheses.
Now, depending on the IP address you sent (hopefully not a private network address), the data transfer may still not happen, due to firewalls/routers/NAT on the client side of things. Given that your Filezilla download of the same file works, I suspect that those firewall/router/NAT issues may not apply.
Hope this helps!

FTP programs not working. Router blocking maybe?

When I use ftp programs like filezilla and notepad++ I have problem to transferring files to my ftp-server. This problem exist only at my home. My theory is that my routers are making the problem and my question is how can you check if it is the router that causing the problem?
How can I fix it?
you can add a firewall rule that allows everything / turn off your router firewall, if it then works, you know its that, so before you turn it back on add the ftp ports in there.
It might also be windows firewall blocking the ftp program also.
check the firewall rules to see if standard ftp access is allowed. Alternately you can try an ssh client like winscp to make a secure connection and see if this goes through

How to forward the TCP/IP traffic of a process in Windows XP?

alt text http://img440.imageshack.us/img440/6950/problemyd1.png
(The curly lines with dots represent a network route.)
Having a process called "foo.exe", is there a way to forward everything it communicates over TCP/IP to a forwarding proxy located elsewhere? This forwarding should not reflect to other processes.
Another question: if there are multiple network adapters, is it possible to force a process to use one specific adapter.
Since in this example the targethost.com is known, I could just edit "system32\drivers\etc\hosts" to map targethost.com's IP to localhost, where on port 8765 would be the first forwarder waiting for an incoming connection and pass everything forward to proxy.foo.com. I was wondering if there's a more elegant way of doing this.
This is not for malware, I'm doing some network testing with my complex home network. Thank you for warning us.
Some free software for this would be perfect, alternatively a code idea (native or .net). Thank you very much.
It's not too hard if you make your own computer a firewall, then your app connects to a port on your own computer, and that port is forwarded to both the original destination and logged or forwarded on to your spying computer.
Alternatively you can make your other computer the firwall and have it log/forward the info.
Finally you could use a sniffer.
SocksCap will probably do the job (if you're OK with establishing a SOCKS proxy at proxy.foo.com).
You could hook into the TCP stack, for example, by using the Windows Filtering Platform or its predecessors, or you could substitute the network libraries/calls of that particular process.

Resources