I'm trying to capture packets with WireShark on 2 port ranges.
This syntax is not working :
Quote:
bash-3.2# /usr/sbin/tcpdump -ttttvv udp portrange 8500-8600 and portrange 5060-5070
There is no output...
What is the correct syntax for defining multiple port ranges ??
What is the syntax to capture packets from multiple host through tcpdumptcpdump ip host host1|host2|host3|host3
View 3 Replies View RelatedI am currently running Debian 6. I would like to know if there is a way and how i would go about blocking a certain IP range from connecting to my server within a certain port range. Say for example.
i want to block ip range 123.123.123.* from connecting to my server on the ports 33000 - 43000. But, i want to allow them to connect on any other port range, and i want to be able to allow connections from my server to the blocked ip range on those same ports. so, blocking incoming only on the above port range.
using iptables.
I'm trying to use iptables in order to forward all the incoming packets for port 5555 to port 5556 on the same server (192.168.2.101).
I wrote the following commands:
iptables -A PREROUTING -t nat -i any -p tcp --dport 5555 -j DNAT --to 192.168.2.101:5556
iptables -A FORWARD -p tcp -m state --state NEW -d 192.168.2.101 --dport 5556 -j ACCEPT
I have a network like
Node A to Vlan Switch
Node B to Vlan Switch
Node C to Vlan Switch
Node B is set up to be a middle man between A and C.
All nodes have 1 NIC.
They are all linux boxes. Node B can ping Node C. When I try to ping Node C from Node A, the ping just hangs forever.
When I use Wireshark to sniff What's going on with Node B during a ping from Node A to Node C, I can see an ICMP request with src = Node A and dest = Node C. I'd like to know if that ICMP packet was received by B from A or if it is going out. If it's going out, that makes no sense since B knows how to send to C. If B is only getting the requests but not forwarding them, then I know there is something wrong with B's configuration.
So I'd like to be able to sniff incoming packets only, or outgoing packets only. Is there a way to do this?
I have a toshiba phone system that has a feature where it spits raw data and i can direct that data to a serial port on the toshiba phone system or to an IP/PORT the data is just ascii data - tells me calls that are made/time/etc
I would like to setup an existing linux box to capture this data and store the data for me
then later i can build reports based on that data (and for me a report could be just a few cat's/greps/etc so basic stuff) - but i can figure this out later.
for now i would just like to GRAB the data on a port and dump it into a file (and recycle files every 24 hours)
i need to write a program in c that can sniff packets from Ethernet and distinguish RTP packets from Non-RTP packets, i have no idea what should i do
View 9 Replies View RelatedI've a strange situation in my network: pcs gatewayed to another network, then a proxy, then a firewall.pcs --> router --> cloud --> router --> proxy --> switch <-- fw --> Internet(router, proxy and fw are alla connected by the switch)Some months ago the situation was: pcs --> router --> cloud --> router --> switch <-- fw --> Internet.There was a static route in the router that gatewayed the packets to the firewall, but that route has been deleted, and I cannot reinsert it because I've not access to the routers, so we have to use a proxy to go to Internet, and we have the configuration of all pcs (Windows XP) with the fields "proxy" filled.The proxy ha only one NIC gatewayed to the firewall, and Ubuntu and squid installed, but we have some problems:
1. we cannot use email, so how can we make port 110 and 25 packets pass?
2. squid seems to slow down, so can we uninstall it and route all the traffic directly to the firewall to speed up?
This is where it starts: I have 2 networks. The first: 192.168.1.0/24 composed by the router which has access to the internet with the IP 192.168.1 and the server (who is a gateway) with the IP 192.168.1.42 The other network: 192.168.2.0/24 composed by the gateway with the IP 192.168.2.1 and the clients (on the 192.168.2.0/24 subnet). To sum up, the gateway has 2 IPs (192.168.1.4(eth0) and 192.168.2.1(eth1)). On this gateway, I have squid installed (and listening on port 3128). I also made a redirection to redirect some computers who want to access to the web (port 80) to squid (port 3128) with this command: /sbin/iptables -t nat -A PREROUTING -m mac --mac-source CLIENT_MAC -p tcp -m tcp --dport 80 -j REDIRECT --to-port 3128
At this stage, everything works fine. The clients can access the web by the proxy without "knowing". What I wanted to do, is redirect also the port 443 (HTTPS). Actually, when a client wants to access to, for example, [URL]. He cannot. So I would want to be able to redirect people (without passing by any proxy) directly to google. Like a NAT. But the problem is that I can't. The thing would be to, in the gateway, take all the packets with port 443 in destination and handle them to the router 192.168.1.1. Then, when the router sends the packet back, the gateway takes the packet and handles it to the client. I tried putting ip_forward to 1, but the problem is that all IPs and ALL PORTS are forwarded. And I just want port 443 to be forwarded.
I was testing the security of my Ubuntu 10.04 64bit install by running a port scan from [URL] and I came upon some odd results. It appears that basically all my ports are closed, but only Port 646 is dropping packets silently. Furthermore, Port 80 is open.
View 5 Replies View RelatedI am currently having problems with my server. Its being DDOSed. I have a vps with Centos 64bit. The attack I want to block is udp flood. I was trying to do something like this: iptables -I INPUT -p udp --dport 123 -m limit --limit 40/s -j DROP but instead of blocking certain hosts it blocks the whole port and during the attack its unreachable. How to limit packets per host or any other way to protect from udp flood.
View 11 Replies View Relatedhow can i drop igmp port 0 packets with iptables rule? my log file is full of this router advertisement.
View 2 Replies View RelatedI use speech for a lot of notifications, email, time every 30 minutes, system alerts, etc... but there are times when I do not want the speech, because I am on a conference call or have an open mic.
View 5 Replies View RelatedI have the datafile like this. I have to subtract 20 to the left of that number and add 120 to the right of that number. Output also given.Quote:
Input:
Chr5:26236044-26236064
Chr25:2622227-2622247
[code]....
i have a linux server runnig oracle applications. i need to access this server from putty using ssh through internet. i did by registering my static ip with the dnydns.org and i am able to connect to the server. but now there is no security to authenticate any user as any one knowing the password can login to it.
i thought of configuring the firewall of linux server but the client ip`s are not static and they change continiously. so thought of keeping one more pc between the server and the router which will do the work of authenticating. but i am confuse as how to configure it to allow the packets coming from the internet after authenticating and to by pass the packets generated from internal LAN?
i am not able to use wireshark in rhel5.0
View 2 Replies View Relatedanyone know network packet editor for Linux? or modify network packet in wireshark?
View 1 Replies View RelatedI'm trying to install Wireshark but I have this message :
"configure: error: Header file pcap.h not found; if you installed libpcap from source, did you also do "make install-incl", and if you installed a binary package of libpcap, is there also a developer's package of libpcap and did you also install that package?"
I tried to use #yum -y install wireshark but didn't work.
I want to use wireshark network traffic analyser to analyse ethernet traffic in a "Abis over IP" based GSM cellular communication network. Can anybody guide me how to install WireShark in my Ubantu 9.10 Live USB drive. I cannot access internet with this USB drive but i can download pacages in a windows machine. I need to know which pacages to download and how to build wireshark from source.
View 1 Replies View RelatedI'm using Fedora9. I cannot start wireshark or tcpdump because of the lib dependency error:
Code:
[root@localhost ~]# wireshark
wireshark: error while loading shared libraries: libpcap.so.0.9: cannot open shared object file: No such file or directory
I updated libpcap before and the latest version is libpcap.so.1.1. I changed the version because of another application but I cannot remember when I did it, perhaps on Sep.11?
Code:
[root@localhost lib]# ll |grep libpcap
-rw-r--r-- 1 root root 309670 2010-09-11 08:10 libpcap.a
lrwxrwxrwx 1 root root 12 2010-09-11 08:10 libpcap.so -> libpcap.so.1
lrwxrwxrwx 1 root root 14 2010-09-11 08:10 libpcap.so.1 -> libpcap.so.1.1
-rwxr-xr-x 1 root root 243207 2010-09-11 08:10 libpcap.so.1.1
So I tried
Code:
ln -s libpcap.so.1.1 libpcap.so.0.9
but it doesn't work.
What is the best analogue capture program please to capture Austar.
View 1 Replies View RelatedI've googled til my brain went boom... So the short story goes; I have lots of ip address ranges in multiple files which need to go into an iptables firewall... Sounds simple right?
Example of files:
1.0.1.0-1.0.1.255
1.0.1.0-1.1.0.255
[code]....
I am trying to remember the procedure used to determine the ip address range when given a network address and its subnet mask. Does anyone have any documentation on the steps that are done to accomplish this?
View 6 Replies View RelatedI have a mail server with IPTABLES enabled.I want to allow access to:
41.0.0.0/8
58.0.0.0/8
61.0.0.0/8
[code]....
How do I find for example the 4th to the 9th result in a particular SELECT query?
View 6 Replies View RelatedAs awk programmers may know, we can print range of lines with awk, from an initial pattern until a final pattern as follow:
Code:
awk '/Initial_String/,/Final_String/' inputfile
Well, I have this inputfile:
Code:
[code]...
Once having those elements in that way within an array(a[]), I want to be able to manipulate the array (a[]) and copy its elements
to another array (b[]) in different order (all lines joined in a single line separated with commas), as follow:
Code:
Category,Adventure,Titles,Robinson,Crusoe,Saturday,Authors,Daniel-Defoe,Ian-McEwan
Only inserting the missing "array" coding and based and follow the code I've written Not needed to create a new code to do it with other method.
VERY new to linux, erm but I have an issue that needs solving!I recently moved to university, where their network blocks sftp port 22, this means that I cannot connect to my FTP server which is running a version of linux.Now I've got this ftp server connected to a seedbox and it was created using the following walk through..Code:I have written this guide for a friend, but I though it would be useful for others as well.
There are several guides floating around, but I found that most always cock up in some way. This one is tried and tested to work on Debian Etch (on an OVH rps, but should apply to most servers).If there is a new stable release of rtorrent/libtorrent then I will update this guide to show you how to update it (without reinstalling the whole server).
At the bottom there are also instructions to install ftp access & some network monitoring software.Basically, I would really like someone to be able to construct the commands on how to change the listen port for sftp connection on linux or add another port to the list that Linux would use so that I could put in through putty.
I tried to make "ssh tunneling", but failed and got this message.
Quote:
Administrator@windstory-PC /
$ ssh -R 7869:localhost:7869 windowsstudy@192.168.0.4
windowsstudy@192.168.0.4's password:
Warning: remote port forwarding failed for listen port 7869 Last login: Wed Jul 21 01:56:04 2010 from 192.168.0.2 -bash-3.2$
1. system environment
192.168.0.2 - windows 7 + copssh
192.168.0.4 - centos 5.4 x86 + openssh
2. Guide for setting "ssh tunneling"
[URL]
3. Added this to sshd.conf
Quote:
AllowTcpForwarding yes
4. "netstat -na|grep 7869" at 192.168.0.4
Quote:
[root:maestro:~]# netstat -na|grep 7869
tcp 0 0 0.0.0.0:7869 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:7869 127.0.0.1:53539 ESTABLISHED
[code]....
5. result of "ssh -vvv -R 7869:localhost:7869 windowsstudy@192.168.0.4"
Quote:
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
[code]....
6. I added 7869 for telnet service as follow;
Quote:
mytelnet 7869/tcp # My Telnet server
I have a series of input files formatted like this:
Code:
RTREVF, KOG3266 = 111
RTREVF, KOG3294 = 130
RTREVF, KOG3295 = 177
WAGF, KOG3307 = 107
JTTF, KOG3320 = 174
Each line represents a portion of a data matrix. I want to convert the numbers after the "=" to the range of that partition in the matrix such that the output file looks like this:
Code:
RTREVF, KOG3266 = 1-111
RTREVF, KOG3294 = 112-241
RTREVF, KOG3295 = 242-418
WAGF, KOG3307 = 419-525
JTTF, KOG3320 = 526-699
I have a hardware device with two ethernet ports, eth0 and eth1 running Centos 5. Basically my goal is to forward packets from eth0->eth1 and eth1->eth0 as well as get a copy of these packets for analysis. If I set IP routing to do the forwarding then I won't get a copy of the packets for analysis.
View 3 Replies View Related