1

What I simply want is to redirect all HTTP packet from any interface to my tun/tap interface. A scapy script will listen on this interface and do some treatments to these packets.

First, I created a tun/tap interface:

sudo ip tuntap add mode tap tt0

I assigned an IP address as follow:

ifconfig tt0 10.0.0.1

Then, I added a mark with iptables as follow:

sudo iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK --set-mark 1

I made a rule to route marked packet through table 2:

ip rule add fwmark 1 table 2

Finnaly, I added the route to the tt0 interface created above:

ip route add default via 10.0.0.1 table 2

A simple "curl google.com" will normally generate an HTTP request, and I should be able to see that packet with wireshark if I listen to the tt0 interface right? In fact, this is not the case...no traffic is present on tt0. Do I miss something? Thanks.

Duke Nukem
  • 111
  • 2
  • I must add that my eth0 interface is on another subnet. Is that a problem? – Duke Nukem Nov 22 '16 at 23:39
  • You try to use your own ip as gateway. – Ipor Sircer Nov 23 '16 at 01:11
  • Hello, thanks for you answer. I try to use tt0 as my gateway indeed. My principal interface is eth0 at 192.168.0.6. My second interface is tt0 at 10.0.0.1 on the same server. What I want is to route HTTP traffic from eth0 to * via tt0, and see them in wireshark if I listen to "tto" interface. – Duke Nukem Nov 23 '16 at 09:09
  • Use the endpoint of your tt0 as gateway. – Ipor Sircer Nov 23 '16 at 09:49
  • I understand what you mean, however I don't have any endpoint for my tt0. It was just created via "ip tuntap add " and random private ip attributed via "ifconfig" as a virtual interface. My goal was to route all HTTP traffic through that interface and get packets with wireshark that listen on it. Do you mean that without any valid endpoint, I could not sniff anything on it? – Duke Nukem Nov 23 '16 at 09:53

0 Answers0