|
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
|
|
|
|
|
|
|
|
|
|
|
|
Bridging Ethernet The first step in the Bongo Link was to get most of the socket programming out of the way. To make things as transparent as possible, a
bridge was determined to be the best way to implement the Bongo Link. For starters, two network cards were thrown in two Linux boxes for testing purposes, with a patch cable from the wall to the first Linux box, and cross cables
between the others.
Without having addressable boxes, data taken in from one network card was to be spit out through the other, and vise versa. C programming makes this very simple. Lets take a look at some code to make things clearer. |
|||||||||||||||||||||||
|
int s0, s1; memset(&to, '\0', sizeof(to)); s0=socket(AF_INET,SOCK_PACKET,htons(0x0003)); |
|||||||||||||||||||||||
|
We first declare two file descriptors that will address each network card in the Linux box, s0 and s1. We’ll also create some sockaddr structures that we will bind to our sockets later that will hold information such as which ethernet cards they’ll be associated with, and the family type. The sockaddr structures are first cleared with the memset function, and then the family type and ethernet card device are copied into them. The file descriptors are then set to point to two corresponding sockets, which are created using the same family type as the structures and a special argument number which allows the sockets to be placed in promiscuous mode (they’ll look at every packet on the wire). These sockets are then bound to the corresponding sockaddr structure. As soon as the two sockets are setup, we can simple use read() and write() calls to the sockets as shown below to read packets and send packets: |
|||||||||||||||||||||||
|
read(s0,buf,count); |
|||||||||||||||||||||||
|
The buffer
(buf) will be an unsigned char array (8 bits) which contain the packet that is to be sent, or the packet that has
been received. Now we have all the coding required to make a bridge! All that has to be done is read
everything from eth0 and write it to eth1, and read everything from eth1 and write it to eth0. Pretty easy.
There's only one more catch... Since the users should not be aware of such a bridge, we don’t want the
Linux box to have any IP addresses associated with them (i.e. non- addressable since we want transparency) we
must issue a simple unix command to remove any possibility of addressing before running the bongo link. Along
with removing our addressable presence on the network, we also set the network cards themselves to promiscuous mode at the same time. We issue a ifconfig command like below: |
|||||||||||||||||||||||
|
ifconfig eth0 -arp promisc up 10.1.1.0 |
|||||||||||||||||||||||
|
We now have all the tools to make a transparent bridge as shown here: |
|||||||||||||||||||||||
 |
|||||||||||||||||||||||
|
Since we will require two linux boxes for the final implementation it’s just as easy to set up: |
|||||||||||||||||||||||
 |
|||||||||||||||||||||||
|
There we go, everything’s all set.
With the above, you could experiment making your own personal firewalls or filters at a very low layers. In fact you could play around a bit too including re-writing packets as they’re sent out - just make sure to recalculate checksums or the packet will be garbage. You could also try your skills at some sort of spoofing depending on how the local routers/bridges/switches are set up. |
|||||||||||||||||||||||
 |
|||||||||||||||||||||||
|
| Home | Overview | Background | OSI Model | |
|||||||||||||||||||||||
 |
|||||||||||||||||||||||