Networking :: Packet Payload From Pcap Files
Aug 25, 2010
As part of a research experiment, we need to use a web proxy and direct certain users from their computers through that web-proxy. Given that we do not have access to DHCP logs (this is on a college campus), we have asked each user to go through the proxy using a different port number so we can differentiate between them. Now as a result of doing this, the entire TCP packet is encapsulated as payload data within the captured packet (using tshark to capture the packets). Now I need to be able to parse the payload for statistics including the URL. I am not sure how best to proceed. I cannot find a utility that will just output the payload and then I can probably parse the output.
View 1 Replies
ADVERTISEMENT
Jun 22, 2011
I have a GPS device which sends in data on port number 5000, i am able to capture the data into a pcap file using tcpdump. Now my problem is, i need to pipe the data into a text file as and when data arrives into the pcap file continuously.I did extensive search, but to no avail. been trying to solve this for the past 3 days. I use the following commands to capture and pipe the data, but that happens only once when i issue the command. I want this to happen continuously as and when the data arrives.
View 1 Replies
View Related
Feb 21, 2011
How to convert Tcpdump output file to a Pcap format? Is there such way?
This is what i mean:
tcpdump -i eth0 >> test.out
Now i want to convert test.out to Pcap so It's readable via Wireshark.
View 5 Replies
View Related
Jul 12, 2010
I am the new user to ns-2. I would like to know is it possible to send the keys or some value as the packet data (content of the packet) in ns-2 (for wireless environment).
View 1 Replies
View Related
Apr 13, 2010
Ok, I have debated where to post this question. Should it be in Software? Networking? Security? Since I am going through a security class, I decided to post it here in hopes that other security gurus may have came accross the problem. Ok so, I am in a security class and they give you a wireshark capture file with RTP traffic and want you to dump the payloads into an audio file.
Pretty easy with wireshark:
Telephony -> RTP -> Show all streams...
Pick Stream -> Analyze
Save Payload
Format: RAW, Channels: BOTH -> OK
Ok so here is the problem when I do this I get: Can't save reversed direction in a file: Unsupported codec! At first I thought I was missing an audio codec it needs but I can't find it. I've searched the web and found one post that wasn't very helpful. If anyone can give me a hand that would be great.
View 1 Replies
View Related
May 28, 2010
I have a questions regarding iptables/netfilter and payload inspection (not headers).I have 2 servers (A and B) connected together. Server A sends information from sensors to server B.Server B process the information and send a few packets back to A.I would like to filter the packet sent back from B to A (by putting a Linux gateway in between).I know the size and the content of these packets sent to A. Is it possible to use iptables/netfilter with advanced options in order to perform the following algo:
when a packet arrive on the gateway compare the packet received on the gateway with my internal base of knowledge of payload if the packet match one of the possibility forward the packet else drop the packet endif parse the following packet received on the gateway
View 3 Replies
View Related
Sep 17, 2009
I got a problem with my CentOS server. Somebody told me OpenVPN Requires different changes inside my firewall settings. That could be the problem why openvpn wont load..I receive this error on my CentOS panel when im trying to connect into the centos openvpn (with my winxp pc):
Thu Sep 17 20:31:36 2009 TLS Error: incoming packet authentication failed from 84.xx.62.122:2622
Thu Sep 17 20:31:38 2009 Authenticate/Decrypt packet error: packet HMAC authentication failed
Thu Sep 17 20:31:38 2009 TLS Error: incoming packet authentication failed from 84.xx.62.122:2622
[code]....
View 5 Replies
View Related
Nov 25, 2014
How can I send already encapsulated Ethernet frame payload to server? Basically what I would like to do is to is route Ethernet packages I get from other peripherals to their needed destinations and packets I receive send to requested device on peripheral. Program will be running on BeagleBone Black with Debian OS. Steps program should do from my point of view:
# <IPv6<UDP<DATA>>> packet received on some peripheral (UART in exact case) sent to server requested by <IPv6> destination address field# <IPv6<UDP<DATA>>> packet need to be sent to server that server application would receive <DATA> extracted from IPv6 and UDP encapsulation# <IPv6<UDP<DATA>>> packet need to be sent to server that server would know that device which is requested is available in BBB local network# <IPv6<UDP<DATA>>> packet received from server would be sent to requested device
From what I already found out I need to add routing header to packet I want to send and pass it to MAC encapsulation layer, or there is service which can add routing header and pass to other layers for me?
Also how can I get data sent from server, since if I'm not very wrong, system should receive them also encapsulated in Routing header, not as RAW data payload.
View 0 Replies
View Related
Apr 9, 2010
I have 3 Dell Precision M4400 machines. After getting updates yesterday or today, I get random network dropouts like crazy, on wired or wireless. On one machine I was able to turn off ipv6 in grub and reboot, and it works now. However on the other 2 machines, still have the same problems. All 3 are running 9.10 64 bit. Is there a way I can back out the updates so the network works again? Anyone else see this behavior after updates today?
View 2 Replies
View Related
Jan 25, 2011
I am in a hub(with switches and rooters) and i want to spy what packets everyone receives! if can i do this and if i can which tools i can use?
View 6 Replies
View Related
Aug 19, 2010
I am trying to simply address translate TCP packets from one destination IP to another destination IP (DNAT?) without getting the initial SYN packet. Is this possible? I do not think it is with DNAT since the conntrack needs SYN first.
I have given the command:
The problem is that the first packet that matches this rule will be the SYN-ACK and I suspect it is simply DROPPED.
I am sparing you the gory details of why I would do such a silly thing, but simply put; I need to intercept client-to-server packets through a tunnel, but allow server-to-client packets to follow through the regular network.
I have been working on this for many days w/o success and my learning curve is still steep. I can provide more details as needed.
View 2 Replies
View Related
May 19, 2010
My question is about the raw MX reply package structure. I've read the RFC and all relevant pages I could find, but I couldn't figure this one out. Say we do a google.com MX query.
The first answer (just the rdata part) will be: google.com.s9b2.psmtb.com But in the raw package, instead of the .com, you have c0 13. Then for the second answer, google.com.s9b1.psmtb.com, the raw package has, instead of psmtb.com, just c0 3a. So is the part after c0 a pointer towards another part of the message? Or what does it stand for exactly? I am puzzled by it, and don't know exactly where to ask... some of the networking people here might have a good idea.
View 3 Replies
View Related
Jan 11, 2011
From all the stuff that can enter an interface, how does it know when an IP packet has been *formed*? What if it's just random garbage entering there for whatever reason? Also, can Linux do other protocols besides TCP/IP? This would be the problem, as I said above.
View 2 Replies
View Related
Jul 28, 2011
In application udp port listening with 3330 i am sending udp request from port 0.0.0.0:3330 to 0.0.0.0:3330 that is same port in the same machine....application works fine udp sending and receiving also fine.....for clarification ....is there any conflicts in the communication ?
View 2 Replies
View Related
Feb 7, 2010
I have a machine with two network cards running linux mint 8 XFCE (which is compatable with Ubuntu Intrepid Ibex). eth0 gos out onto the network propper, has a static IP address of 10.10.10.10 and serves DHCP requests for the 10.10.10.x subnet.
eth1 is pluged into a PPPoE concentrator, and has a static address of 192.168.0.1 (I would have left it alone but pppoeconf wouldn't work unless it had an address).
ppp0 is the piont to piont over ethernet conection that is corectly created when I run pon. I have both guard dog and guide dog installed but they are both disabled.
Now, the weird part: I can ping the IP number of the machine at the other end of the pppoe conection (when it changes I can still ping the new number), the local IPs (10.10.10.x), but *nothing* else not even the DNS servers passed to the machine during ppp conection which are in the same sub net as the machine I can ping.
When I try to ping or trace the route I get an error message like: reply from 10.10.10.10: desination unreachable There is nothing wrong with the network at the other end, as I can make an Identical PPPoE connection from other machines on the network if the the concentrator is pluged into the hub (a rather unsafe place for it to be) and it all just falls into place.
What seems to be happening is that the machine is treating eth0 rather than ppp0 as the internet gateway, and passing the packets round in circles.
View 12 Replies
View Related
Feb 27, 2010
I wrote a program for transmitting an UDP Packet. It is properly received in Fedora core 2 machine while its not received properly in Fedora 12. I tried using Wireshack packet capture software which shows the protocol as DIS. Is there any service or setting i need to do for identifying the packet as UDP.
View 2 Replies
View Related
Dec 1, 2010
how to identify the icmp packets & marking. this below icmp packets marking is not working.
iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 0x5
iptables -t mangle -A PREROUTING -p icmp -j RETURN
with the help of port no or any other how can i identify the icmp packet ?... This below two is working fine
iptables -t mangle -A PREROUTING -p tcp -j MARK --set-mark 0x2
iptables -t mangle -A PREROUTING -p tcp -j RETURN
iptables -t mangle -A PREROUTING -p udp -j MARK --set-mark 0x3
iptables -t mangle -A PREROUTING -p udp -j RETURN
View 1 Replies
View Related
Jun 24, 2011
I need to know how a data packet is transmitted from the sender to the receiver passing through the five Internet layers. Specially what device (hardware) the data packets have to pass through at each layer before reaching the destination in a LAN.
View 2 Replies
View Related
Jun 16, 2010
How can i send udp packet to the DNS using netcat in opensuse.
View 7 Replies
View Related
Jun 23, 2010
I am simulating a TCP/FTP to TCP/FTP network and trying to monitor the packet loss.
I am able to monitor and graph data regarding the TCPSinks' bytes received, but I can't monitor packet loss.
Why is it that the TCPSink Agent has a variable for bytes (bytes_) but not one for monitoring packet loss?
Do I have to monitor the packet loss from the queue? If so, how do I write code for this?
Below is part of the code for monitoring bytes received from sinks if anyone was interested.
View 4 Replies
View Related
May 4, 2011
I have 2 Ubuntu boxes sitting in the same subnet; server 1 [130.15.6.68] and server 2 [130.15.6.69] What I am trying to achieve here is the following: server 1 act as a gateway or proxy to server 2, meaning that server 1 is exposed to the Internet and all traffic to server 2 should go though it (i hope!).
server 2 act as application server and I don't want a direct access to it from the internet. I want all the inbound traffic comes through server 1. for testing purposes, i will limit the traffic to simple http or port 80
in server 1, i have done the following settings: iptables -t nat -A PREROUTING -p tcp -i eth0 -d 130.15.6.68 --dport 80 -j DNAT --to 130.15.6.69:80 iptables -A FORWARD -p tcp -i eth0 -d 130.15.6.69 --dport 80 -j ACCEPT In server 1, I've edited the value of net.ipv4.ip_forward to equal 1 (uncomment that line in /etc/sysctl.conf) Currently, both server 1 and server 2 has its own apache2 servers with different index.html files. the problem is, when i browse to server 1, I am still seeing its index page rather than being forwarded to the index page of server 2. how can i achieve the traffic forwarding from server 1 to server 2 when my browser pointing to server 1?
View 3 Replies
View Related
Nov 19, 2010
I have to interfaces eth0(10.0.0.7) and wlan1(10.0.0.8) in my box. An application is listening (say, udp socket) at 10.0.0.7:5888.
Now if someone sends packet at 10.0.0.8:5888, I want to forward them to 10.0.0.7:5888.
I have tried this - iptables -t nat -A PREROUTING -p udp --dport 5888 -d 10.0.0.8 -j DNAT --to-destination 10.0.0.7
But Packets(with destination addr 10.0.0.8) are not received by the application (But they are received by the box, I have checked using wireshark). I have also enabled ip_forwarding.
View 1 Replies
View Related
Jun 29, 2011
Code:
Internet ---> Tap A--> Traffic Monitor
B--> Firewall --> Internal Network
I was hoping to make a server with Windows and "Colasoft Capsa" to capture and record all traffic. Is there a way to make it unaddressable so that I don't have to worry about someone getting into it? Like, put it in promiscuous mode, read and capture all traffic, without having an IP address or something like that?
View 2 Replies
View Related
Jul 13, 2011
Does udp use Packet Sequence Number?
View 2 Replies
View Related
Oct 8, 2010
it's one of the first time I'm using linux! For a report I have to answer to the question (the title) but it's very strange! A packet has an ip address? or does it referer to the IP address of the destination? And in particular this is the output of tcpdump -en ip proto 1 (while I'm sending ping -sv remote_machine)which are:
What are IP and Mac andress of a packet that went from my machine to the bridge? and what are the IP and mac of a packet that went from the router to my partner's machine? And how could i find the average delay that a packet experience in the bridge?
[Code]...
View 1 Replies
View Related
May 29, 2010
I am just starting my adventure into Ubuntu. After installing and configuring Shrew Soft in Ubuntu 10.04 64Bit, I am having some serious packet loss issues. The LAN is wireless, however the only packet loss I experience is over the tunnels. I have tried different algorithms, and it seems as I fiddle with the MTU client side, it clears a bit, but the best I have managed is 23% loss average.
View 2 Replies
View Related
Feb 12, 2010
I am a windows programmer. There I wrote a firewall and VPN System. It was easy. Simply, I USED WINPKFilter by ntkernel.com.What I need is to GET, Edit, and Send the raw Layer 2 packet before reaching to IP Stack.My friends were saying that linux is Ideal for Networking purposes. But for now I say that Linux is very bad in this field and I should say that windows is much better (I beg your pardon)After tens of hours for searching I got nothing good. The hook system of IPtables is not GOOD for me because it has not Ethernet header and also the packets are defragmented when I caught them.
I tried ebtables but it has no user space queue like IPTABLES. What I exactly need is to be able to reach to the chain of raw Ethernet packets and be able to modify them and resend or inject some ethernet packet packet. I Dont Want to go inside the KERNEL. (As windows I want a userspcae library). Dear linux expert I beg your help. Do not let me turn back to windows.
View 1 Replies
View Related
Apr 14, 2010
I don't know if this is related to a problem I have run into and posted elsewhere regarding 2 (or more) ethernet ports. But I encountered this while trying to solve the other problem (which I thought was Linux not setting correct routes for 2 interfaces). As suggested by someone when trying to solve the other problem, I switched to using the same IP address (it's a secondary address) on BOTH interfaces. So thus I have configured 172.30.0.13 on both eth0:1 and eth1:1. I am running the NSD program (an authoritative-only name server) listening on port 53 of 172.30.0.13. Some computers are getting the MAC address of eth0 for their ARP requests. Others are getting the MAC address of eth1 for their ARP requests. So this is determining which ethernet port their DNS queries will arrive on.
Those that send their DNS queries to the eth0 MAC address work fine. The NSD process gets the requests and answers them. The answers get back to where the query was sent from. HOWEVER ... those that send their DNS queries to the eth1 MAC address do not work. Using tcpdump, I see that the queries actually do arrive on the server. Using strace, I see that the NSD process never gets them. There are no iptables in effect.
Any idea why the kernel is deciding to not deliver the DNS query UDP datagram to the NSD process? It sure seems that the kernel just doesn't handle more than 1 ethernet interface (at least in the same subnet) correctly. IMHO, when an ARP request is received on 2 or more different interfaces, it should at least answer on both, each answer with the respective MAC address of that interface. It cannot know, and should not assume, any specific physical topology of the network beyond those interfaces.
View 1 Replies
View Related
May 19, 2010
How can I configure, the packet capturing mechanism to allow non - privileged users to use it...
View 2 Replies
View Related
Jan 23, 2010
I try to setup a locale network between 10 (Web) Servers (openSuse 11.2), each Server is connected to the internet (eth0) which works fine on all servers.
A 2nd NIC eth1 (1GBit rtl-8169) on each Server is connect to a Switch and should function as a LAN. I installed/configured the 2nd NIC with yast, and than added a route for the local network (192.168.20.0) to use eth1. So far every thing works (ssh for example), but I have a packet loss of 10%-60% (ping) on the local network, and I cant find the reason for the packet loss. I already installed a Debian Lenny on 2 Servers (just to test) but I have the same problem on Debian.
No firewall or any other application is in the way. With tcpdump I could figure out that the packages are send but never show up on the destination server.
I put some more information about how I configured the LAN below. I have not done this my first time and from my experience if something is wrong with the network configuration (wrong routing, firewall in the way, etc.) this usually leads to a packet loss of 100% or the destination is simply not reachable.
The 2nd NIC is installed with either yast on suse , or by editing /etc/network/interfaces on debian. The Kernel module rtl8169 is loaded.
They are configured with the following values:
Route is added by:
Output example. of ifconfig :
Output of route (same on all servers):
Output of ping:
View 14 Replies
View Related
