Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 05-24-2013, 07:32 AM   #1
LQ Newbie
Registered: May 2013
Posts: 1

Rep: Reputation: Disabled
Unhappy Duplicate TCP traffic on a port to another

I have a program that connects using TCP to a server and communicates with it. I would now want to duplicate the packets sent by the server to me and redirect them to another port for processing. Thus I have a two-fold problem :

1.) Do port-mirroring on the client so that any traffic on the client port gets copied to another port say X.

I have tried iptables for the same. Since I want my application to continue communicating and port X to simply be a passive sniffer I resorted to the -j TEE to duplicate the packets. The problem here being that TEE only has a --gateway flag that only allows to route the duplicate packet to another host (Note I cannot route the duplicate to the localhost this way because I already have the original packet to the localhost at that port). -j REDIRECTwas also tried but it spoils the original TCP connection. So is it possible that I can duplicate packets to a port to another port on the same machine ?

2.) Read raw TCP packets from port X and process them.

Now on port X I would want to simply read the raw TCP packets in a C++ program (Not send SYN/ACK etc). I am using tcpdump until now. I have a vague knowledge that raw sockets might be useful for the same. So is it possible that I can read the traffic on port X and then process the TCP packets ?


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Can I "tee" traffic on a TCP port? bigearsbilly Linux - Networking 6 03-05-2012 04:31 AM
LXer: How TCP Offload Engines scale up the TCP traffic bandwidth by up to 8x on existing Ethernet Ne LXer Syndicated Linux News 0 02-16-2012 11:01 PM
Snort/Base reporting no traffic, Ntop not showing any TCP traffic. a2brute Linux - Security 1 08-10-2009 01:21 PM
Traffic shaping (limiting outgoing bandwidth of all TCP-traffic except FTP/HTTP) ffkodd Linux - Networking 3 10-25-2008 01:09 AM
unwanted network traffic on tcp port 135 debasish_5849 Linux - Security 4 04-20-2006 11:33 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:24 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration