StreamDivert is a tool to man-in-the-middle or relay in and outgoing network connections on a system. It has the ability to, for example, relay all incoming SMB connections to port 445 to another server, or only relay specific incoming SMB connections from a specific set of source IP’s to another server. Summed up, StreamDivert is able to:
Pre-compiled binaries for StreamDivert can be downloaded here.
How do you use StreamDivert? Run the the tool with administrative privileges:
streamdivert.exe config_file [-f] [-v]
The config file contains entries for streams you want to have diverted. En example config file:
//Divert all inbound TCP connections to port 445 (SMB) coming from 10.0.1.50 to 10.0.1.49 port 445
tcp < 445 10.0.1.50 -> 10.0.1.49 445
//Divert all inbound TCP connections to port 445 (SMB) coming from 10.0.1.51 to a local SOCKS server
tcp < 445 10.0.1.51 -> socks
//Divert all inbound TCP connections to port 445 (SMB) coming from fe80::f477:846a:775d:d37 to fe80::20c:29ff:fe6f:88ff port 445
tcp < 445 fe80::f477:846a:775d:d37 -> fe80::20c:29ff:fe6f:88ff 445
//Divert all inbound TCP connections to port 445 (SMB) to 10.0.1.48 port 445
tcp < 445 0.0.0.0 -> 10.0.1.48 445
//Divert all inbound UDP connections to to port 53 (DNS) to 10.0.1.49 port 53
udp < 53 0.0.0.0 -> 10.0.1.49 53
//Divert all inbound ICMP packets coming from 10.0.1.50 to 10.0.1.49
icmp < 10.0.1.50 -> 10.0.1.49
//Divert all outbound TCP connections to 10.0.1.50, port 80 to 10.0.1.49 port 8080
tcp > 10.0.1.50 80 -> 10.0.1.49 8080
//Send all packets going to 10.0.1.50 port 80 and prefer interface 9 to send them. If the interface does not exist or is not up, the packets are send from the default interface.
tcp > 10.0.1.50 80 -> 10.0.1.50 80 interface 9
//Force all packets going to 10.0.1.50 port 80 over interface 9, or drop the packets if the interface does not exist or is not up.
tcp > 10.0.1.50 80 -> 10.0.1.50 80 force interface 9
//Divert all outbound UDP connection to port 53 (DNS) to 10.0.1.49 port 53
udp > 0.0.0.0 53 -> 10.0.1.49 53
The [-f] flag, when present, will modify the Windows Firewall to add an exception for the application to properly redirect incoming traffic to another port. The [-v] flag control the logging verbosity. When provided, StreamDivert will log details about redirected packets and streams.
Help! My packets/ connections are not correctly diverted!
One thing to keep in mind when configuring diverted connections is that you don’t have conflicting diverted streams. Given the following example config file:
icmp < 0.0.0.0 -> 10.0.1.50
icmp > 10.0.1.49 -> 10.0.1.48
Those two diverted streams will conflict with eachother, as packets for the first diverted stream will also be picked up by the second packet ‘diverter’. Generally you will only run into these issues with UDP and ICMP and using wildcards.
Also note that diverting an IPv4 to an IPv6 address and vice versa is not supported for UDP and ICMP traffic.
Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…
Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…
Efficient disk space management is vital in Linux, especially for system administrators who manage servers…
Knowing how to check directory sizes in Linux is essential for managing disk space and…
Managing user accounts is a core responsibility for any Linux administrator. Whether you’re securing a…
Linux offers powerful command-line tools for system administrators to view and manage user accounts. Knowing…