Duplicate TCP traffic on a port to another
I have a program that connects using TCP to a server and communicates with it. I would now want to duplicate the packets sent by the server to me and redirect them to another port for processing. Thus I have a two-fold problem :
1.) Do port-mirroring on the client so that any traffic on the client port gets copied to another port say X.
I have tried iptables for the same. Since I want my application to continue communicating and port X to simply be a passive sniffer I resorted to the -j TEE to duplicate the packets. The problem here being that TEE only has a --gateway flag that only allows to route the duplicate packet to another host (Note I cannot route the duplicate to the localhost this way because I already have the original packet to the localhost at that port). -j REDIRECTwas also tried but it spoils the original TCP connection. So is it possible that I can duplicate packets to a port to another port on the same machine ?
2.) Read raw TCP packets from port X and process them.
Now on port X I would want to simply read the raw TCP packets in a C++ program (Not send SYN/ACK etc). I am using tcpdump until now. I have a vague knowledge that raw sockets might be useful for the same. So is it possible that I can read the traffic on port X and then process the TCP packets ?
|