Hi,

I'm using madwifi linux driver (ath1) in monitor mode to capture some wireless traffic.
I can see that all wireless traffic is coming well through the wireless interface (checked using TCPDUMP).

What I want to know is how I can forward the captured wireless packets to a different Ethernet interface (e.g. eth2) in the same machine to send those captured packet out to a different computer.

I set 1 for /proc/sys/net/ipv4/ip_forward
for iptables, I tried this rule: iptables -A FORWARD -i ath1 -o eth2 -j ACCEPT

However, I coudn't read any packet from eth2 via TCPDUMP.
I think I'm missing some important things to do this.

Could you please give me a direction? It would be really appreciated.

Thanks,
JK

Maybe use prerouting before you setup the forwarding?

corp769;
Thanks for your comment. But I don't understand your comment because I'm new on iptables.
Did you mean that I need to use NAT? and could you let me know why prerouting is needed before forwarding?

Thanks,
JK

Check these out for reference.

http://forum.soft32.com/linux/IPTabl...ict440623.html
http://www.linuxreport.org/content/view/26/23/

Overall, you want to preroute so you can forward what you need to a new destination interface or IP address.

corp769;
Thank you so much.
I will check those links out.

Thanks,
JK

Not a problem, that's why I'm here. Wasting my work time for linuxquestions.org

To make my problem simple, I tested this simple case with iptables.

There are three nodes: a wireless node, an AP and a server.



client ---------(wireless)--------- AP -------(Ethernet)--------- server



Using iperf, client send udp or tcp packets to a server via an AP.
I run another iperf server on AP and I try to intercept the udp iperf traffic by setting the rule of iptables with "iptables -t nat -A PREROUTING -p udp -d server_IP -j DNAT --to AP_IP".
This works fine.

However, here is my problem.
I added one sniffer which has a wireless interface with monitor mode.



client ---------(wireless)--------- AP -------(Ethernet)--------- server
|
|
(wireless)
|
|
sniffer



If Iperf on client send udp traffic to the server, I can see that UDP traffic is captured in the wireless interface on the sniffer (using TCPDUMP).
And I also tried same thing as what I did on the AP in the first case.
By setting the iptables rule with "iptables -t nat -A PREROUTING -p udp -d server_IP -j DNAT --to SNIFFER_IP", I ran iperf on the sniffer, the Iperf on sniffer couldn't receive any packets.
Do I need to do extra work for iptables or something else?

Thanks,
JK

Monitor mode maybe?

I set the wireless interface of the sniffer with monitor mode. And I checked packets are captured.
Is there any flag or bit setting that let other protocol layers know that this packet was not originally for this node so that the packets are dropped before iptables rule is applied?


Thanks,
JK

As far as what? Being in monitor mode, you can sniff the packets for security testing using a program like wireshark, etc.

I don't know.. you are right..
Because I have not found any clue for this problem, I'm just trying to think of anything

This thread is in violation of LQ Rules (#13). It is closed as a result.