[ale] question

Joseph A. Knapka jknapka at earthlink.net
Tue Mar 6 15:03:54 EST 2001


You will need to manually add a route on the Win box
for the IP you are trying to spoof. So if the spoofed
IP is 128.128.128.128 and the IP of the box you want
to capture the packets with is 10.10.10.11:

route add 128.128.128.128 10.10.10.11

I just tried this on my NT box and it does send the
packets to the right machine. You will also need to
add an alias IP on the capture machine so it will
accept packets for 128.128.128.128 on its 10.10.10.11
interface. I'm not sure how to do that on Linux, but
I know it's possible.

-- Joe

JB Wells wrote:
> 
> If I set the server's IP to the target address, will
> the client try to do a search for that IP on my local
> network first or go straight for the PPP connection?
> It's necessary to start the PPP connection because the
> windows program is bound to it on installation and
> waits to detect the connection before attempting to
> communicate with the server.
> 
> thanks for your help
> 
> jb
> 
> --- Michael Mealling <michael at bailey.dscga.com> wrote:
> > On Tue, Mar 06, 2001 at 11:21:44AM -0800, JB Wells
> > wrote:
> > > I'm trying to reverse engineer a windows app that
> > > connects to an IP address on port 7818 when a
> > Dial-up
> > > networking session has been opened.
> > >
> > > Is there any way I can spoof this IP, effectively
> > > tricking the windows program into sending packets
> > to a
> > > server program I've bound to that port on a
> > machine in
> > > my home network?
> >
> > Put them both on their own isolated segment and let
> > your server claim to be
> > that IP address...
> >
> > -MM
> >
> > --
> >
> --------------------------------------------------------------------------------
> > Michael Mealling      |      Vote Libertarian!       |
> > www.rwhois.net/michael
> > Sr. Research Engineer   |   www.ga.lp.org/gwinnett
> >   | ICQ#:         14198821
> > Network Solutions     |          www.lp.org          |
> > michaelm at netsol.com
> > --
> > To unsubscribe: mail majordomo at ale.org with
> > "unsubscribe ale" in message body.
> 
> =====
> --------------------------
> John B. Wells IV
> Application Developer
> Acterna
> 6100 Lake Forrest Drive
> Atlanta, GA  30328
> 404.531.8938
> 
> __________________________________________________
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail.
> http://personal.mail.yahoo.com/
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

-- Joe Knapka
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list