Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.

 

Home > Success Center > Kiwi Syslog Server > Spoof Network Packet

Spoof Network Packet

Table of contents
Created by Gary O'Donovan, last modified by MindTouch on Jun 23, 2016

Views: 24 Votes: 0 Revisions: 4

Overview

 

When Forwarding Packets, If you want to retain the original source address you can use the “Spoof Network Packet” option.

Environment

Kiwi Syslog Server

Detail

 

This feature is only available in the licensed version, requires WinPcap 4.1+ installation.

This option only applies to syslog messages forwarded via UDP protocol with IPv4 address only.

 

This option only applies to syslog messages forwarded via UDP protocol.

The network packet will be spoofed to appear as though the fowarded message has come directly from the originating devices' IP address, and not the address of the Syslog Server.  Kiwi Syslog Server will use the Selected Network Adapter to send the spoofed UDP/IP packet.

 

Important Note:

This option also requires that WinPcap version 4.1 and above is installed.  WinPcap (Windows Packet Capture library) is available for download from: WinPcap, The Packet Capture and Network Monitoring Library for Windows

 

Test button

Use the Test button to send a test Syslog message to the host(s) specified.

 

Note:  If the "Spoof Network Packet" option is used, then the "Original Address=" tag will not be used.  The Syslog packet will be fowarded to the destination address as though it has been sent from the originating IP address.

 

Not working

In the Error log you will see the following:
“Forward Syslog Message [Spoof UDP packet] Failed : WinPCap version 3.0 and above is required for packet spoofing”
 

Resolution

Reinstall WinPCap version 3.0 so that it is detected by Kiwi.

 

 

Last modified
19:51, 22 Jun 2016

Tags

Classifications

Public