Packet Redirection on Windows
We currently run windows on all of our machines due to software limitation.
Within this however, we are needing to redirect certain packets that come into an IP and Port to a different Port (same IP). We have software listening on the "Proxy Port".
This is achievable with IPTables on linux by doing something similar to:
iptables -t nat -I PREROUTING -p udp -d <DSTIP> --dport <DSTPORT> -m u32 --u32 '0>>22&0x3C@8=0xFFFFFFFF && 0>>22&0x3C@12=0x54536F75 && 0>>22&0x3C@16=0x72636520 && 0>>22&0x3C@20=0x456E6769 && 0>>22&0x3C@24=0x6E652051 && 0>>22&0x3C@28=0x75657279' -j REDIRECT --to-port <REDIRECT PORT>
This works great on linux and will redirect certain packets to our proxy software, however is it at all possible to do something such on windows without having to get a dedicated machine in-front of our windows machines?
I was thinking of writing something up with pcap.net but I'm guessing this will have to direct read from the NIC rather than windows?
Answer
From the MSDN:
Netsh is a command-line scripting utility that allows you to, either locally or remotely, display or modify the network configuration of a computer that is currently running.
You can redirect connections coming to any port to another local (or remote) port with the command:
netsh interface portproxy add v4tov4 listenaddress=localaddress listenport=localport connectaddress=destaddress connectport=destport
Also, as stated in this SO post, netsh is a good replacement for iptabes on Windows.