Man in the middle: get packets that are destined for other ethernet card

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Currently I'm learning packet capturing/modification/crafting in my
home network and I've got a little problem with active man in the
middle attack with data modification. I will explain everything in
steps and by giving an real-life examples because I want to avoid

In my home network there are 3 hosts with 3 ethernet cards (working
with switch):
host A -
host B -
host C -

Host A wants to communicate with C, but host B want to intercept
traffic and modify packets. Scheme:

1. Host B activates kernel's ip_forwarding.
2. Host B ARP poisons host A, so that A thinks that B is C.
3. Host B ARP poisons host C, so that C thinks that B is A (afer doing
that host B is in the middle of the communication between A and C, the
unencrypted packets can be seen by using sniffer).
4. Host B doesn't want only to sniff data, he wants to DROP packets or
modify them and then send to the original destination host, so he uses
iptables with appropriate options to send specific packets to the
QUEUE (NFQUEUE mechanisms to be more precise). He fires up the program
that he has written to modify/drop/accept packets waiting in the

And here is the problem, because it all works but only when packets
are destined directly for host B. Example:
1) Packet A->B - works fine, goes to NFQUEUE and can be modified by
the program.
2) Packet C->B - as above.
3) Packet A->C (to be specific A->B->C, because we have to remember
that B is the middleman) - iptables does not work, packet doesn't go
to the NFQUEUE, because it is destined for host C.
4) Packet C->A (C->B->A) - as above.

What am I trying to do?
For i.e.:
1. A sends packet to C
2. B captures the packet which goes to the NFQUEUE.
3. Running program makes all modifications and then packet from
NFQUEUE is transmitted to host C (note that the packet data is
modified and then packet leaves the queue and goes to C, B is not
sending the packet!).
4. Host C gets the packet with modified data and thinks that it's the
data that A send him.

How can I achieve that? Is there a way to force B to receive all
packets? How can B activly take part in transmission and decide which
packet from A send to C and which not? I would appreciate ideas and
clues what to use to achieve that.

Re: Man in the middle: get packets that are destined for other ethernet card

Quoted text here. Click to load it

Well, I've rechecked everything twice and found where the issue was
lying. I've added the rule to wrong chain. If someone will have the
similar problem I've recommend reading Packet Mangling with iptables
by Lucian Gheorghe .

Site Timeline