Code:
Internet ---> Tap A--> Traffic Monitor
B--> Firewall --> Internal Network
I was hoping to make a server with Windows and "Colasoft Capsa" to capture and record all traffic. Is there a way to make it unaddressable so that I don't have to worry about someone getting into it? Like, put it in promiscuous mode, read and capture all traffic, without having an IP address or something like that?
I am the new user to ns-2. I would like to know is it possible to send the keys or some value as the packet data (content of the packet) in ns-2 (for wireless environment).
View 1 Replies View RelatedI got a problem with my CentOS server. Somebody told me OpenVPN Requires different changes inside my firewall settings. That could be the problem why openvpn wont load..I receive this error on my CentOS panel when im trying to connect into the centos openvpn (with my winxp pc):
Thu Sep 17 20:31:36 2009 TLS Error: incoming packet authentication failed from 84.xx.62.122:2622
Thu Sep 17 20:31:38 2009 Authenticate/Decrypt packet error: packet HMAC authentication failed
Thu Sep 17 20:31:38 2009 TLS Error: incoming packet authentication failed from 84.xx.62.122:2622
[code]....
I have 3 Dell Precision M4400 machines. After getting updates yesterday or today, I get random network dropouts like crazy, on wired or wireless. On one machine I was able to turn off ipv6 in grub and reboot, and it works now. However on the other 2 machines, still have the same problems. All 3 are running 9.10 64 bit. Is there a way I can back out the updates so the network works again? Anyone else see this behavior after updates today?
View 2 Replies View RelatedI am in a hub(with switches and rooters) and i want to spy what packets everyone receives! if can i do this and if i can which tools i can use?
View 6 Replies View Relatedtrying to configure a transparent proxy with squid (and filter content with dansguardian) in Debian/Ubuntu. If i configure firefox to use it, it runs ok. I had seen a lot of iptables rules to use fowarding proxy to a lan, but i would like to use squid and dansguardin in a single pc that run them and filter web content.
View 5 Replies View RelatedI have a problem in Eclipse for accessing update sites (for plugins). I am behind a NTLM proxy. Strangely, this proxy asks for a password while in Linux but not when in Windows�
To get around this annoying password issue, I already setup a working cntlmd proxy. I can use this proxy for mounting a remote DavFS2 share, for example. But the issue I have with Eclipse seems to involve proxy configuration. So I decided a transparent proxy could solve this issue. I installed tinyproxy on top of cntlmd, and added the following rule to the firewall:
Code:
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to 8888
Now, I can configure Firefox for direct access to the Internet, and display a web site only if I give this web site's IP instead of its name! I surmise that it's because when configured for direct access, Firefox performs DNS lookups using the local (intranet) DNS, instead of squeezing its lookups through the proxy and accessing a broader DNS (I wonder which). How can I make all DNS lookups go transparently through the transparent proxy?
i have configured transparent squid with dansguardian for content filtering i used this squid server ip on client gateway(not on browser) for content filtering, is it possible that i could use this squid server in different VLAN.
View 3 Replies View RelatedI am playing around with transparent proxies, unfortunately I do not have two machines to test it out with. The current way I am doing things is the program makes a request to a computer on port 80, I use
Code:
iptables -t nat -A OUTPUT -p tcp --destination-port 80 -j REDIRECT --to-port 1234 to redirect to my proxy that is listening on port 1234. The proxy will send out a request to port 81 (as all outbound port 80 are being fed back in to the proxy and if it sent out to port 80 it would just be a infinite loop) so I want to do something like
Code:
iptables -t nat -A OUTPUT -p tcp --destination-port 81 -j DNAT --to-destination xxxx:80
The problem lies with the xxxx part. How do I change the destination port without changing changing the destination ip?
I'm trying to setup a linux box with 3 NICs (2 WAN links and 1 LAN). All http traffic (port 80) should go to WAN 1 via squid proxy and the rest to WAN 2. I already setup MASQUERADING in iptables and I already configured port 80 to redirect to port 3128 for squid. My default gateway is WAN 2. But the problem is squid uses the default gateway - WAN2. setting up the iptables / routing for squid to use WAN 1?
View 7 Replies View RelatedI am trying to simply address translate TCP packets from one destination IP to another destination IP (DNAT?) without getting the initial SYN packet. Is this possible? I do not think it is with DNAT since the conntrack needs SYN first.
I have given the command:
The problem is that the first packet that matches this rule will be the SYN-ACK and I suspect it is simply DROPPED.
I am sparing you the gory details of why I would do such a silly thing, but simply put; I need to intercept client-to-server packets through a tunnel, but allow server-to-client packets to follow through the regular network.
I have been working on this for many days w/o success and my learning curve is still steep. I can provide more details as needed.
My question is about the raw MX reply package structure. I've read the RFC and all relevant pages I could find, but I couldn't figure this one out. Say we do a google.com MX query.
The first answer (just the rdata part) will be: google.com.s9b2.psmtb.com But in the raw package, instead of the .com, you have c0 13. Then for the second answer, google.com.s9b1.psmtb.com, the raw package has, instead of psmtb.com, just c0 3a. So is the part after c0 a pointer towards another part of the message? Or what does it stand for exactly? I am puzzled by it, and don't know exactly where to ask... some of the networking people here might have a good idea.
From all the stuff that can enter an interface, how does it know when an IP packet has been *formed*? What if it's just random garbage entering there for whatever reason? Also, can Linux do other protocols besides TCP/IP? This would be the problem, as I said above.
View 2 Replies View RelatedIn application udp port listening with 3330 i am sending udp request from port 0.0.0.0:3330 to 0.0.0.0:3330 that is same port in the same machine....application works fine udp sending and receiving also fine.....for clarification ....is there any conflicts in the communication ?
View 2 Replies View RelatedI have a machine with two network cards running linux mint 8 XFCE (which is compatable with Ubuntu Intrepid Ibex). eth0 gos out onto the network propper, has a static IP address of 10.10.10.10 and serves DHCP requests for the 10.10.10.x subnet.
eth1 is pluged into a PPPoE concentrator, and has a static address of 192.168.0.1 (I would have left it alone but pppoeconf wouldn't work unless it had an address).
ppp0 is the piont to piont over ethernet conection that is corectly created when I run pon. I have both guard dog and guide dog installed but they are both disabled.
Now, the weird part: I can ping the IP number of the machine at the other end of the pppoe conection (when it changes I can still ping the new number), the local IPs (10.10.10.x), but *nothing* else not even the DNS servers passed to the machine during ppp conection which are in the same sub net as the machine I can ping.
When I try to ping or trace the route I get an error message like: reply from 10.10.10.10: desination unreachable There is nothing wrong with the network at the other end, as I can make an Identical PPPoE connection from other machines on the network if the the concentrator is pluged into the hub (a rather unsafe place for it to be) and it all just falls into place.
What seems to be happening is that the machine is treating eth0 rather than ppp0 as the internet gateway, and passing the packets round in circles.
I am trying to set up squid to make switching proxies easier. I have a laptop which I use at work and at home. At work, I need to connect to the internet via a authenticated proxy. At home, I connect directly to via mobile broadband. So I end up switching proxy settings twice daily, which is just irritating! To solve this I want to set up a system whereby I never have to worry about a proxy - my browser sees a direct internet connection which squid (on my computer) intercepts and forwards either to the mobile broadband connection or to the work proxy (along with the required authentication) depending on which is available. I've read various articles on how to do clever things with iptables and squid, but I don't understand enough of the networking jargon or concepts to know when I need to change to make it work in my situation, or if it is even possible.
View 2 Replies View RelatedI have set up squid3 and dhcp server on my Ubuntu 10.04 box with IP address of 192.168.0.160. Single network card.Squid runs on port 3148. Everything works fine for the users provided that I set up the proxy details manually on each client pc.I want to set up the Squid to run as a transparent proxy and after reading around I have done the following.In the Squid3 conf file I have entered http_port 3148 transparent.Dropping to Root ( sudo -i )However the transparent proxy does not work and if I enter iptables -L I can see that the rule above has not been retained. The default rules in iptables only show up.
View 5 Replies View RelatedI'm configuring Nagios at the moment, but I'm doubting my approach to transparent switches a bit. It seems from reading the documentation that Nagios wants me to ignore transparent switches, although I also doubt this interpretation of mine.
A little example, a VPN:
Code:
demarcation point
|
[router]
/
[switch][switch]
| / |
[7 clients] [switch] [switch]
/ |
[6 clients] [4 clients] [5 clients]
As you can see, there are 22 clients connected to the router. Since switches don't have an address, they cannot be measured. But if I ignore the switches, the schema is an oversimplified picture of reality. So what I'm looking for is a way to display the switches, even though they don't have an address. What I did was, I created the switches as where they proper fully featured ones, and listening to 127.0.0.1 as address. Luckily, this tricked Nagios. And it works, but it's not very elegant. Is there a better way to approach this pseudo-problem? Perhaps a build-in I overlooked?
I'm looking to setup a transparent proxy, which (if I understand correctly) will allow me to monitor/control http traffic on my home lan with the use a log analyser.I'm planning on following this guide Yes... I'm cheap and don't wanna buy another NIC.My question: How does this all work? I get that http traffic goes to my server first, and then to the destination address, but how? What is stopping the other computers on my network from going straight to my router?Is my interpretation of a transparent proxy correct?
View 3 Replies View RelatedThe challenge: I am trying to setup a piece of hardware that is transparent to the network that transfers ip packets between two interfaces without adding a "hop". Details The particular problem I'm having is that one interface is ppp, the other is ethernet. It is trivial to setup a bridge between two ethernet devices but I am having trouble finding anything for ppp<->ethernet.
Here, the ppp link is an internet connection, and the ethernet connection has exactly one device attached. Once the ppp link is negotiated, I want the ppp peer to think it's talking directly with the device on my ethernet interface and I want the device on my ethernet interface to think it's talking directly to the ppp peer.
Current solution: The best solution I currently have is to alter the routing table. When the ppp link is negotiated, I am given an ip address. I add a route that directs everything to that ip address to the eth0 device. I also set a default route to the ppp device. Now, anything that comes from the ethernet side gets forwarded to the ppp side, and anything directed towards my ip address gets forwarded to the eth0 side.
I have big problem with correct settings of iptables as a router. My network topology (UTM Hardware router) 192.168.1.1--->eth0 192.168.1.2(centos with apache ftp and transparent squid 8080)--->eth1 192.168.0.1(LAN with dhcp)
eth0=WAN 192.168.1.2
eth1=LAN 192.168.0.1
I have problem with hanging connections through squid which are very slow or connection failed. Sometimes i received DNS timeout error from squid stable 2.6 21
[Code]...
I wrote a program for transmitting an UDP Packet. It is properly received in Fedora core 2 machine while its not received properly in Fedora 12. I tried using Wireshack packet capture software which shows the protocol as DIS. Is there any service or setting i need to do for identifying the packet as UDP.
View 2 Replies View Relatedhow to identify the icmp packets & marking. this below icmp packets marking is not working.
iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 0x5
iptables -t mangle -A PREROUTING -p icmp -j RETURN
with the help of port no or any other how can i identify the icmp packet ?... This below two is working fine
iptables -t mangle -A PREROUTING -p tcp -j MARK --set-mark 0x2
iptables -t mangle -A PREROUTING -p tcp -j RETURN
iptables -t mangle -A PREROUTING -p udp -j MARK --set-mark 0x3
iptables -t mangle -A PREROUTING -p udp -j RETURN
I need to know how a data packet is transmitted from the sender to the receiver passing through the five Internet layers. Specially what device (hardware) the data packets have to pass through at each layer before reaching the destination in a LAN.
View 2 Replies View RelatedHow can i send udp packet to the DNS using netcat in opensuse.
View 7 Replies View RelatedI am simulating a TCP/FTP to TCP/FTP network and trying to monitor the packet loss.
I am able to monitor and graph data regarding the TCPSinks' bytes received, but I can't monitor packet loss.
Why is it that the TCPSink Agent has a variable for bytes (bytes_) but not one for monitoring packet loss?
Do I have to monitor the packet loss from the queue? If so, how do I write code for this?
Below is part of the code for monitoring bytes received from sinks if anyone was interested.
I have 2 Ubuntu boxes sitting in the same subnet; server 1 [130.15.6.68] and server 2 [130.15.6.69] What I am trying to achieve here is the following: server 1 act as a gateway or proxy to server 2, meaning that server 1 is exposed to the Internet and all traffic to server 2 should go though it (i hope!).
server 2 act as application server and I don't want a direct access to it from the internet. I want all the inbound traffic comes through server 1. for testing purposes, i will limit the traffic to simple http or port 80
in server 1, i have done the following settings: iptables -t nat -A PREROUTING -p tcp -i eth0 -d 130.15.6.68 --dport 80 -j DNAT --to 130.15.6.69:80 iptables -A FORWARD -p tcp -i eth0 -d 130.15.6.69 --dport 80 -j ACCEPT In server 1, I've edited the value of net.ipv4.ip_forward to equal 1 (uncomment that line in /etc/sysctl.conf) Currently, both server 1 and server 2 has its own apache2 servers with different index.html files. the problem is, when i browse to server 1, I am still seeing its index page rather than being forwarded to the index page of server 2. how can i achieve the traffic forwarding from server 1 to server 2 when my browser pointing to server 1?
I have to interfaces eth0(10.0.0.7) and wlan1(10.0.0.8) in my box. An application is listening (say, udp socket) at 10.0.0.7:5888.
Now if someone sends packet at 10.0.0.8:5888, I want to forward them to 10.0.0.7:5888.
I have tried this - iptables -t nat -A PREROUTING -p udp --dport 5888 -d 10.0.0.8 -j DNAT --to-destination 10.0.0.7
But Packets(with destination addr 10.0.0.8) are not received by the application (But they are received by the box, I have checked using wireshark). I have also enabled ip_forwarding.
Does udp use Packet Sequence Number?
View 2 Replies View Relatedit's one of the first time I'm using linux! For a report I have to answer to the question (the title) but it's very strange! A packet has an ip address? or does it referer to the IP address of the destination? And in particular this is the output of tcpdump -en ip proto 1 (while I'm sending ping -sv remote_machine)which are:
What are IP and Mac andress of a packet that went from my machine to the bridge? and what are the IP and mac of a packet that went from the router to my partner's machine? And how could i find the average delay that a packet experience in the bridge?
[Code]...