Submit a ticketCall us

AnnouncementsAre You “Flying Blind?”

When it comes to your complex IT infrastructure, you want to ensure you have a good grasp of what’s going on to avoid any fire drills that result from guesswork. Read our white paper to learn how proactively monitoring your IT environment can help your organization while giving you peace of mind.

Get your free white paper.

Home > Success Center > Kiwi Syslog Server > Kiwi Sys - Knowledgebase Articles > Spoof Network Packet

Spoof Network Packet

Table of contents

Updated August 6th, 2016

Overview

 

When Forwarding Packets, If you want to retain the original source address you can use the “Spoof Network Packet” option.

Environment

Kiwi Syslog Server

Detail

 

This feature is only available in the licensed version, requires WinPcap 4.1+ installation.

This option only applies to syslog messages forwarded via UDP protocol with IPv4 address only.

 

This option only applies to syslog messages forwarded via UDP protocol.

The network packet will be spoofed to appear as though the fowarded message has come directly from the originating devices' IP address, and not the address of the Syslog Server.  Kiwi Syslog Server will use the Selected Network Adapter to send the spoofed UDP/IP packet.

 

Important Note:

This option also requires that WinPcap version 4.1 and above is installed.  WinPcap (Windows Packet Capture library) is available for download from: WinPcap, The Packet Capture and Network Monitoring Library for Windows (© 2013 Riverybed Technology, available at https://www.winpcap.org/, obtained on July 26th, 2017.)

 

Test button

Use the Test button to send a test Syslog message to the host(s) specified.

 

Note:  If the "Spoof Network Packet" option is used, then the "Original Address=" tag will not be used.  The Syslog packet will be fowarded to the destination address as though it has been sent from the originating IP address.

 

Not working

In the Error log you will see the following:
“Forward Syslog Message [Spoof UDP packet] Failed : WinPCap version 3.0 and above is required for packet spoofing”
 

Resolution

Reinstall WinPCap version 3.0 so that it is detected by Kiwi.

 

 

Last modified

Tags

Classifications

Public