Networking :: Directly Access Received Packets In Buffer?
Mar 29, 2011
where packets are stored when they're received. After some googling, I think perhaps libpcap with mmap would be the solution. Does libpcap 1.0 and above support mmap?From my understanding, mmap would allow me to directly access the buffer without having to explicitly copy the packet to another buffer for me to do processing. I would also appreciate it if someone can let me know where I can find examples of such applications, as many examples of mmap I've found involves mapping a buffer for file operations, rather than integrating it with pcap functions like pcap_loop, pcap_next_ex etc.
I am new to Ubuntu almost installed it after windows showed blue screen 4 ever n ever. However after installing ubuntu whenever I log in windows it doesnt detect any network connection but when I use Ubuntu it automatically does can it be that Ubuntu is causing any problem? And how to check how many packets are being sent and received through my wired network and do I have to install any drivers for my modem in Ubuntu.
i got major problems with mencoder.I work like this.1.) Demux Audio.2.) 2 Passes Encode. The second Encode includes the Audio.And there i got the problem:Too many audio packets in the buffer: (4100 in 1043395 bytes).Maybe you are playing a non-interleaved stream/file or the codec failed?For AVI files, try to force non-interleaved mode with the -ni option.I tried likely anything possible.How to fix that ?Before that i got the issue with demuxing the audio where i got a massive amount of "Too many buffered pts" errors. I overcame this by adding the nocorrect-pts option.
I keep finding packets that appear to be whois on port 44. they appear to originate from me to whois.arin.net (2 packets each time) and 199.212.0.43 (also 2 packets each time) when I put 199.212.0.43 in the URL box it says "Failure To Connect To Web Server". when I whois it it says:
Quote:
Available at [url] And yes, I did get the same packets when I used whois. Why is my computer randomly whoising stuff?
My LAN has 2 PCs installed, Ubuntu 10.04 and Windows XP. I run the server on Ubuntu, and client on Windows XP. Because I am doing stress test, so the client will keep sending tons of packets to server.
The strange thing is: After few seconds, the client program crash because of insufficient network buffer, the server is still ok. But after that I cant connect Ubuntu PC anymore until I restart it. And I check the router, the led for the Ubuntu PC is always ON (not blinking), look like it is jam already.
I have a DSL brodband connection. The internet connectivity was working fine but lately, I am am facing problems while connecting to internet.Upn connecting the cable to the eth0, the /var/log/messages shows repeated instances of:"kernel:corrupted packets received"Also, if i use pppoe-dicovery, I get " Timeout Waiting for PADO packets" error.There is nothing wrong with the cable. If I connect the cable to a windo$s xp laptop, internet connects fine without any problems.Any idea what could be going wrong? Since the internet was working fine earlier on my opensuse box, im not sure what could have gone wrong with the settings.
i made a video and i wanted to put it on my myspace(video upload) and it justs fade to grey and becomes unresponive. that it goes back to normal but no progress. so then i tried going to image shack and uploading a picture. can't do that either. tried mediafire, videos, vimeo, nothing.
so i tried on my desktop(desktop running 9.10 32 bit. laptop(the first one i tried) running 9.10 64 bit. it didn't work on that either. i know it's not my isp because it works on my ps3(no ubuntu). not my firewall and tried without without my router. didn't work either. i tried upgrading flash on both of them and on my desktop i can upload some pictures to imageshack now. nothing else though. i have tried using both firefox and opera.
i pinged yahoo and this is what i got:
6 packets transmitted, 6 received, 0% packet loss, time 5007ms rtt min/avg/max/mdev = 72.732/73.437/75.024/0.761 ms
On our webhosting servers, where is primary running apache, sometimes starts huge outgoing traffic to random IP addressess (each time of attack is it just one IP). It's always UDP,and according to my investigation tcpdump, it looks like p2p. The problem is in big outgoing traffic, and secondly in filling ip_conntract table /proc/net/ip_conntrack. I think, that one of our webhosting users has some virus uploaded on his FTP, which is time to time ran. I think, that if I can map outgoing traffic to particular process ID, it will be easy to find the PID in access log of webserver and than see what URL it causes.
What I have checked already:
- outgoing UDP connections are not listed in netstat - so cannot get PID from there - Apache with PHP is in safe mode - cannot exec binaries, cgi is disabled - I can see tons of records in tcpdump, but from the dump I'm not able to get PID - In time of attack I was trying to run `lsof`, but nothing to see - didn't found the attacker - I went through apache access log - I took time of attack -i.e. 02:22 am - grep from access log all hits between 02:20 and 02:29 am and try to call all them again - problem didn't occured - checked the POST records from access log - nothing - grepped all php files for keyword 'fsockopen' and 'torrent' - from iptables --log-uid I have found user nobody (under apache is ran)
I think that the key is able to match outgoing connection to PID, than it will be easy.
i have a linux server runnig oracle applications. i need to access this server from putty using ssh through internet. i did by registering my static ip with the dnydns.org and i am able to connect to the server. but now there is no security to authenticate any user as any one knowing the password can login to it.
i thought of configuring the firewall of linux server but the client ip`s are not static and they change continiously. so thought of keeping one more pc between the server and the router which will do the work of authenticating. but i am confuse as how to configure it to allow the packets coming from the internet after authenticating and to by pass the packets generated from internal LAN?
I have a hardware device with two ethernet ports, eth0 and eth1 running Centos 5. Basically my goal is to forward packets from eth0->eth1 and eth1->eth0 as well as get a copy of these packets for analysis. If I set IP routing to do the forwarding then I won't get a copy of the packets for analysis.
We have a system with 1 GB memory. Out of this, i would like to restrict only 512MB for linux and would like to access the rest 512MB directly from an application that runs on linux.
What is the suggested means to achieve this on 2.6.x?
Trying to set up VSFTPD on the CentOS 5 box at work, which is an internal web development server. I'm leaving soon, and all knowledge of or desire to learn SSH is going with me so the other employees will need to be able to access the web root using FTP clients.
Essentially there is no need for special user accounts or privileges, it's an internal server in a tiny company. I've got the LocalRoot set to /var/www/ which I can log in to and read all files via FTP, however despite setting everything to 777 in /var/www/ and below, I still can't get any write privileges on the FTP server.
I set up environment according to BareMetalProvisioningBestPractices document, I think everything should be ok. Now trying to plug in new virtual machine for PXE install Linux. But something is wrong, DHCP waits couple of seconds, and then I receive:
PXE-E53: No boot filename received PXE-M0F: Exiting Intel PXE ROM.
I think, all services required are started.
dhcp.conf on boot/stage is: # # DHCP Server Configuration file. # see /usr/share/doc/dhcp*/dhcpd.conf.sample #
[Code].....
pxelinux.0 was taken from RHEL4, but I've got image and trying to boot RHEL5. Maybe there is something?
This has been bugging me for quite a long time. I need to have a pptp connection to my university. I have tried to locate the error, but this has been a real trouble.
A little bit of history: My girlfriend had a laptop with M$ vista on it with a working PPTP connection. I had a laptop with Ubuntu, with which I couldn't get the PPTP working.
When my laptop crashed, I bought a new one on which I run a dual boot XP SP3 and Ubuntu. I also own a desktop (Dual M$ Win 7 / Ubuntu standard Karmic) and my girfriend also upgraded to Win 7.
Currently, the XP version is the only one on which I can get a connection. Both Ubuntu and the Win 7's give me a GRE proc 47 not received error. I know our router (a DAVOLINK DV2020) is notorious for not sending through GRE proc 47, but this either shouldn't be the case or it shouldn't matter, since I can make a perfect connection through the XP OS.
This is quite a handicap, since we both study at the university for which we require working VPN PPTP connections.
i am using centos 5.2 . recently i have implementing transparent proxy but i faced issue. i received lots of messages in dmesg. i have 2 machine with same OS another machine are works fine with this same configuration
br0: received tcn bpdu on port 1(eth0) br0: topology change detected, propagating br0: received tcn bpdu on port 1(eth0) br0: topology change detected, propagating br0: received tcn bpdu on port 1(eth0)
I have configured pppoe connection via NetworkManager through key-file plugin. The problem is that after a while i cant load any web page. All connections r up, nothing bad in /var/log/messages. Ping produce mystical error message: Code: sendmsg: no buffer space available
I think i've discoverd an issue on our linux servers. We have developed an in house application that send and recieves a large volume of udp data. I'm see alot of errors for udp when I run a "netstat -us". Could the recieve buffer be too small and if so, how do it change it. What is the default size on centos 5?
kernal = 2.6.18-53.1.14.el5PAE #1 SMP Wed Mar 5 12:07:47 EST 2008 i686 i686 i386 GNU/Linux
"netstat -us" output Udp: 197961014 packets received 1474 packets to unknown port received. 49340800 packet receive errors 25890918 packets sent
I was wondering if there was a Windows or Ubuntu way to limit the amount of data that is able to be sent over the internet between certain times, eg. Between the times of 7am and 7pm can only download 300 MB from the web, when this limit is reached the web is either disconnected or slowed down.
I am having (seemingly) random trouble with my wired network ever since I installed Lucid. I have no problem getting an ip address from dhcp. However, randomly the computer will boot and although I have an ip address I do not receive any responses for pings on the network nor can I browse the web. If I sudo /etc/init.d/networking restart a few times (or reboot) it will start working. However, restarting the networking services (as mentioned above) again will cause me to no longer receive responses for pings or browse the web.
Furthermore, I have never been able to successfully ping if I manually set an ip address. I have un-installed network manager and I am using /etc/network/interfaces to configure the network. Using Lucid Lynx 64bit on a Dell Precision. I have pasted below the output of a few working commands. When I switch between static ip and dhcp I am commenting/uncommenting the lines shown in /etc/network/interfaces.
I have a Webserver (Co-Location) and all runs fine ... since last week. Now there are a lot of RX-ERR shown in netstat and ifconfig. And when I try to upload a external website direct on the server for example via wget, it is very very slow and hangs very often.
I have analyse the network but I was not able to find a problem. My hoster has checked the network and all looks fine. For example my hoster has plugged-in a pc in the same switch ... and was able to do wget (load external data, like websites) in normal speed.
Since last week my websites were delivered slower as before, too. It seemed there is a network-problem ... but how can I find it?
Actually I can install moduls ... but the server needs hours. So, if you knows a good command-line tool to analyse the network.
I'm using OpenVPN 2.1 on Ubuntu 8.10 to connect to LAN behind an IPCOP server. Everything works fine except when I move across the tunnel files which are over 180kb, then I get UDPv4 []: No buffer space available (code=105 surfing the Internet I've found post that suggest to increase these settings on the kernel
those have actually made a small difference, but not enough for uploading even an image over http. I guess that I can keep increasing those values till I'm not satisfied, but as I'm not sure on what I am dealing with, can anyone tell me if there's a rule of thumb? My machine is a laptop with a dual core processor and 2GB ram.
I used to connect to the internet via a Linksys router using the following terminal commands (Network Manager has never worked for me on any Ubuntu install):
Code:
sudo ifconfig wlan0 down sudo dhclient -r wlan0 sudo ifconfig wlan0 up
[code]....
However, I recently changed the old modem + router for a new wireless modem (a Thomson TG585v8 ). Now, the result of that last command is this:
Code:
amosupremo@amosupremo:~$ sudo dhclient wlan0 Internet Systems Consortium DHCP Client V3.1.3
[code]....
No working leases in persistent database-sleeping. I've tried to connect in Natty(both Ubuntu and Kubuntu) and it's not working either.I also purged Network Manager and installed wicd and I managed to get an intermittent, slow connection.
1 ) Machine Brand and Model (PC/Laptop): No brand. I built it with the following specs:
AMD Athlon II X4 2.6GHz 2 HD: 100GB Sata (Ubuntu and XP64 install) / 80GB IDE (XP) 4GB RAM Gigabyte Motherboard
2 ) Wireless Brand, Model and Wireless Chipset:
Code:
amosupremo@amosupremo:~$ lsusb Bus 002 Device 005: ID 0ace:1201 ZyDAS 802.11b Bus 002 Device 004: ID 049f:000e Compaq Computer Corp. Internet Keyboard
[code]....
3 ) check interface:
Code:
amosupremo@amosupremo:~$ ifconfig wlan0 wlan0 Link encap:Ethernet HWaddr 00:02:72:04:d0:04
[code]...
I am also attaching the wicd log. It contains a session where I got the intermittent connection. I stopped that connection and restarted it (with the same results) two times.
PC1 runs radvd to provide router advertisements to the network and a DHCPv6 server for stateful addresses.Each interface is configured on a separate subnet. PC2 runs a DNS server on eth0. PC2:eth1 is used as an IPv6 client for testing purposes. The connections from PC1 to PC2 are just crossover cables.I've created virtual machines of both PCs and have created 4 virtual adapters on the host machine for each of the local-only interfaces.Now I have this:
My setup is...I have a wireless access point using laptop as a gateway. The AP is also connected to a switch as is the laptop. So the laptop has two interfaces one wireless and one wired. A third device is using the AP to connect to a server on the internet. The AP sends the packets to my laptop where they are dropped. I've been looking for a solution to this problem without success. Basically is there a way for my laptop to forward all packets it sees from a certain IP address to whatever destination address they have?To clarify, my laptop is just the gateway of the AP and none of the packets are addressed to it at all, it just picks them up using a sniffer or similar tool.
1) i have to find the source and destination address in the ip and ethernet headers of a packet that go from my machine to the router.2) Then i have to do the same for the packet that goes from the router to my partner's machine.Then I have to answer the above questions but now for the echo replay.How could i see these address?The result could be found in the output of a tcpdump?
[guest@shakti guest]$ sudo tcpdump -en host 128.238.62.101 and 128.238.61.101 tcpdump: listening on eth0 20:27:36.662737 0:4:75:b5:20:bc 0:3:e3:2a:4a:60 ip 42: 128.238.61.101 > 128.238.62.101: icmp: echo request
