MitM tool with packet delay
Hey guys,
I'm looking for a MitM tool that is capable of delaying packets for a configurable amount of time before sending them on their way. I was trying various methods via Ettercap filters, but I don't think something like that is going to work under Ettercap. Does anyone have an recommendation for a different tool capable of this? Linux support, of course.
Thanks :happy:
My guess is that you won't be able to delay packets with ettercap, as it enables ip forwarding in the kernel, which probably can't be messed with easily.
Unfortunately I don't know of any programs that can do what you want. You could try to write write one yourself though :P I'm curious, what use do you have for a program that delays the intercepted packets?
As I proposed through IRC yesterday - redirect the traffic and make delay with iptables.
Here is another possible solution: http://stackoverflow.com/questions/614795/simulate-delayed-and-dropped-packets-on-linux
Just to throw another idea out there, I don't know if this will work as it depends what you're doing, but it's just off the top of my head from something else I've seen for realtime packet decoding and dumping for game protocols called 'sudppipe' - sudppipe - see further down the page.
Just a UDP 'pipe' to a a specified IP, usually for a game server, you can run on a server / local machine and write yor own library for it to modify/decode/dump what ever you wish. I've dabbled with it, it's useful enough to bypass an IP ban :)
Maybe you can use the same approach by some means? Maybe more difficult with a TCP connection depending on how it is supposed to operate. Just depends how flexible this MitM needs to be…
You could write your own take on this in what ever language you like I guess. EDIT The time delay you can probably do a strait forward wait loop/event wait or pause.
Jim,
Thanks for the responses, guys.
starofale wrote: Unfortunately I don't know of any programs that can do what you want. You could try to write write one yourself though :P
Yeah, if worst came to worst I was just going to roll my own arp spoofer. I might still do that to play with some C++ networking, but that's a future project.
I'm curious, what use do you have for a program that delays the intercepted packets?
I'm playing with methods of deliberately increasing lag on an Xbox360 console.
Jelmer's first suggestion, of using iptables, actually worked very beautifully. It always catches me off guard exactly what iptables is capable of doing, I seem to keep falling back to the idea that it's just some firewall software that goes on gateway systems >.>
If anyone is curious to the method I used, here is the original link: http://people.redhat.com/berrange/notes/network-delay.html
I made a nice little script that loads net-delay.pl into the background, sets the iptables, and then loads up Ettercap and arp poisons the machine I need to delay traffic for. I needed to tweak the iptables commands a bit as so it doesn't delay traffic on my own system, but that just required changing the chain to OUTPUT and adding a second command that set a destination rule (so traffic is delayed both ways).
Thanks again for the help, especially Jelmer, I really like that method in retrospect ;)