0

I know there's some topics about forcing local IP trafic of a Linux machine to go through the LAN (over the network where a WireShark is captuting trafic) but all solutions implies IP address modification.

Now my setup :

  • A Linux PC with one interface with two IPs : 192.168.1.2 and 192.168.1.3
  • A server that listen on 192.168.1.2
  • A client (bind on 192.168.1.3) that connect to 192.168.1.2

My question is : Is it possible to force Linux Kernel to let the IP packets go throuh the network (a switch + a PC with Wireshark) WITHOUT changing IP address and ports so WireShark will see 192.168.1.2 and 192.168.1.3 as src and destination (and vice versa) ?

Like I said I found some answers with IP changes here: Force local TCP packets over network segment for capture and another one here : Force local IP traffic to an external interface

Maybe it's impossible at all without driver or kernel modification ? I'm a C programmer so if I have to seek in kernel modifications it may be a possible solution (after I get used to kernel programming...so time consumming)

Thanks in advance network gurus :)

Community
  • 1
Pigmin
  • 1
  • 1
  • I found a possible solution with a sysctl parameter : accept_local in combination with rp_filter : "Accept packets with local source addresses. In combination with suitable routing, this can be used to direct packets between two local interfaces over the wire and have them accepted properly. default FALSE" I'll give it a try and let you know if it's working – Pigmin Jul 08 '15 at 09:47
  • You can also run `tcpdump` with the `-w` option on the local server where it can capture local packets, and then copy the pcap file it generates to your workstation later and load it into Wireshark. – Michael Hampton Jul 08 '15 at 14:11

0 Answers0