Hi all,

Assume my private network has 3 Hosts A,B,C behind a Router that connect to Internet as normal.

The requirement is:
-when A sends packets to internet, it will always send to C and C will forward packets to Router.
-And I've no access to A and Router.
-I only can install softwaare on C.

Therefore, my approach is to run my first program (on C) to programmingly tell the Router (the default gw of A,B,C) to send ICMP redirect to back HostA.
The second program will take care forward packets to Router.

I'm stuck on the first one (how to tell Router...)
How to do it ? what tool ? what protocol to use...?

I really appreciate if anyone can help ?
Thanks

Without being able to modify the firmware on the router, this should not be possible. If you control the network, why don't you just adjust the routing tables on host A?

ICMP only redirects pings. If you want to intercept all traffic you are going to need to lump UDP and TCP into the mix.

Second, what you are referring to doing (running a program on C that will tell the router to forward all packets to A) would be considered a severe security risk. Can you imagine if I wrote a program that told your bank's server to forward all the packets sent from you to it to just pass them right along to me? For this reason it can't be done. You will need to have access to the router where you can put some packet filtering rules in place to send packets from A to C and then only allow packets to the internet from C.

Blogg,
I think ICMP redirect(host, net) is one of the types that ICMP protocol provides to let a Host
change its own routing table. Thus it's not only redirect pings like you said.

Second, there're few ways to force a particular host/hosts in a LAN to send packets to your machine instead of to the normal destination:
1. icmp redirect from your machine to that host
2. icmp redirect from Router to that host
3. arp spoof

I just dont know how the number2 works..the other methods can be done easily and work
(provided that the host would accept icmp redirect message)

(when the Customers use the software, we let them know how the software works and they accept the solution)

You are going to have to reconfigure A to use C as its default gateway. The only way to get the router to redirect all traffic from A to C is to add a default route pointing to C at which point you have just created a nice loop. You could spoof a redirect i.e. an unsolicited redirect from C to A. However to get the router to deliver A's return traffic to C first you would need to use arp poisoning.

One has to ask why you want to do this. If you don't have access to A why do you want all of its traffic to pass through your machine? It sounds like you might be up to no good!

wikipedia says only routers can send redirects. If A does not think that C is a router, then it shouldn't accept redirects from C right? The redirect was placed in ICMP so that if C says "I need to talk with B" and sends that packet to A. A, being the gateway, sends an ICMP redirect saying "You do know that you are on the same network as B right? You can send it yourself. Modify your route tables like so..." then, after it sends the redirect back to C it says "I'll still pass this stuff along to B" and routes the packets like C initially asked it to.

Unless I misunderstood wikipedia, it sounds like A will need to either know or at least BELIEVE that C is it's gateway before it will accept and "authorize" ICMP redirects.