Networking :: Can Sniffed Packets Be Forwarded To A Different Network
Feb 15, 2011
I'm using madwifi linux driver (ath1) in monitor mode to capture some wireless traffic. I can see that all wireless traffic is coming well through the wireless interface (checked using TCPDUMP). What I want to know is how I can forward the captured wireless packets to a different Ethernet interface (e.g. eth2) in the same machine to send those captured packet out to a different computer.
I set 1 for /proc/sys/net/ipv4/ip_forward
for iptables, I tried this rule: iptables -A FORWARD -i ath1 -o eth2 -j ACCEPT
However, I coudn't read any packet from eth2 via TCPDUMP.
View 11 Replies
ADVERTISEMENT
Feb 9, 2011
I'm a student who is working on a wireless research project. I have a madwifi driver for Atheros chipset on Debian Linux. With having the wireless interface get into monitor mode, I want to forward the captured packets from the wireless interface to the other Ethernet interface so that a different computer which is connected to this machine via Ethernet receives those packets. I checked that alll packets are received in the wireless interface using TCPDUMP. I tried to forward those packets with IPTABLES like 'iptables -p FORWARD -i ath0 -o eth2 -j ACCEPT' However, I couldn't see any packets forwarded to eth2 using TCPDUMP.
View 5 Replies
View Related
Mar 23, 2011
One inconvenience I face now, though, is that I cannot tell if I have already forwarded certain messages or not, because the message is not automatically tagged as forwarded. how to set it up, so it would indicate in the list that the message has been forwarded?
View 2 Replies
View Related
Dec 10, 2008
I am not a networking expert by any means (in fact I have never taken a networking course), but I have taken several security courses, and generally we wind up discussing replay attacks. For example, the Needham-Schroeder protocol (using symmetric-key cryptography anyway) is flawed because it allows for replay attacks, and I understand why.
I guess my question is actually how someone would perform a replay attack. I know I can sniff network traffic by downloading wireshark. I also have downloaded winpcap and npg on my WinXP virtual machine. I'm trying to use this guide to help me, but I'm quite lost:[URL]What I did was to post a "link" to my facebook profile and I sniffed the traffic using wireshark. What I would ultimately like to accomplish is to copy that packet out of the wireshark output, and then use a tool like npg to transfer the raw packet back to facebook, which should result in a second, redundant post. I just can't figure out how to do that.
I'm pretty sure this should be possible. Facebook only uses an SSL session for authentication during login. After that, the information is just sent in the clear, so I'm pretty sure this should be possible.Can anyone explain how to do such a thing? It would really help my research paper that I'm working on this semester if you can. As of right now the attack we are trying to demonstrate/defend against is using a Windows VM, which is why I'm using winpcap/npg. The attack is actually possible using just about any OS (depending on the exploit used), but our POC is Windows only at the moment
View 4 Replies
View Related
Feb 17, 2010
I am running into trouble while trying to set-up a iptables routing policy. I have two machines on the same sub-network (xxx.xxx.153.0). One of the machines is used as a default gw for the other (xxx.xxx.153.250 is a gateway for xxx.xxx.153.142 and xxx.xxx.153.254 is a gw for xxx.xxx.153.250). There is no explanation for why the xxx.xxx.153.250 is in the middle -- xxx.xxx.153.142 can go straight to xxx.xxx.153.254, but is is like that for now.I am trying to find an iptable rule to be executed on the xxx.xxx.153.250 machine to route the packets.
View 3 Replies
View Related
Feb 8, 2010
i have a linux server runnig oracle applications. i need to access this server from putty using ssh through internet. i did by registering my static ip with the dnydns.org and i am able to connect to the server. but now there is no security to authenticate any user as any one knowing the password can login to it.
i thought of configuring the firewall of linux server but the client ip`s are not static and they change continiously. so thought of keeping one more pc between the server and the router which will do the work of authenticating. but i am confuse as how to configure it to allow the packets coming from the internet after authenticating and to by pass the packets generated from internal LAN?
View 8 Replies
View Related
Feb 7, 2011
I'm sniffing network packets in ubuntu, I need to write these packets as raw bytes to memory but libpcap give packets in its special format. how can i save and recover packets in byte format?
View 2 Replies
View Related
Aug 30, 2010
i need to write a program in c that can sniff packets from Ethernet and distinguish RTP packets from Non-RTP packets, i have no idea what should i do
View 9 Replies
View Related
May 20, 2011
I have a system running 11.04 and it is dropping packets on the hardwired ethernet interface to other systems on the LAN, only in the inbound direction. It drops packets every 5 seconds. I verified this with iperf. Outbound packets pass with no problems. The network card in this system is a Broadcom Corporation NetXtreme BCM5752
View 9 Replies
View Related
Dec 5, 2010
I cant get my ubuntu machine to forward my vnc - I cant log on my windows machine running the server (it is DMZ and its ip is 192.168.1.2)Here is my firewall dump? What am I doing wrong? The important parts are connection sharing and forward allowance..
Code:
#!/bin/bash
ipt=/sbin/iptables
[code]....
View 1 Replies
View Related
Feb 28, 2010
I'm trying to setup my debian system so that I can access it's services from the internet
I have my router set to forward ports 21, 22, and 80 to the internal ip of the server, and internet port checking tools tell me the ports are open at my external ip.
On the debian I am running Apache, ProFTPD, and SSH Server, and they all work fine for me inside the network, but whenever I try connecting with my external ip, all connections are immediately refused.
So I don't know if its a problem with my router setup, with my debian system setup, or the setups of the servers.
View 4 Replies
View Related
Jul 8, 2010
Mail going to invalid email addresses are being forwarded to postmaster@domain instead of being bounced. How can I fix this? postconf -d | grep mail_version gives the following: mail_version = 2.2.5
View 4 Replies
View Related
Sep 27, 2010
I have a hardware device with two ethernet ports, eth0 and eth1 running Centos 5. Basically my goal is to forward packets from eth0->eth1 and eth1->eth0 as well as get a copy of these packets for analysis. If I set IP routing to do the forwarding then I won't get a copy of the packets for analysis.
View 3 Replies
View Related
Mar 15, 2010
I have a small LAN with two desktop computers, both running linux, hooked up by ethernet cable to an SMC broadband router hooked up (by a cable with two multipin plug thingies) to a US Robotics modem. I have been happy with the modem, but my system never really got along with the router, and I am thinking of buying a new one. Just to make sure I am not misunderstood:
Connectivity I want: dynamic IP
dialup, via my modem
Connectivity I don't want: static IP
wireless
broadband
DSL
cable
satellite dish
[Code]...
View 9 Replies
View Related
Aug 8, 2010
I created a similar thread last week in the networking section but only got one response. I was hoping to get a little more help here as this forum helped me tremendously to partition my hard drive safely. That was over a week ago, and ever since then I have been struggling with setting up my network. Here is what I have done.Basic set up with netconfig. I selected DHCP and followed the directions on the screen.ifconfig -a shows eth0 with no RX or TX packets at all, but at least it showed me information. If it was not detecting my card (which is compatible with linux), it would have said no device found. correct?
dhclient eth0 just hangs there for half a minute until I can add a command again.dhcpcd eth0 times out.I read (in slackbook chaper 5.2.1) that the correct kernel module may not be loaded. So I opened rc.modules with pico and went to the netdevice section. In slackbook it said to find my device and uncomment it.... but I cant find it! (I have an atheros ar9285 in my stock compaq CQ61 laptop) I also opened rc.netdevice and it was empty..It seems like the more I learn about the network, the more lost I get. I keep hearing that configuring a network on slackware is easy, am I just missing some simple step?Also, whenever I startx, akonadi gives me an error. I also get another error saying that it could not parse XMS file. Is that just due to my lack of an internet connection at the moment?
View 14 Replies
View Related
Mar 27, 2010
I am using vnuml to test a network project. I have one Ethernet card on my ubuntu 9.10( eth0) with network 10.1.0.0/16, and creating a tap0 with subnet 10.4.0.0/16. Now the problem is how to work them together, such that packets from one interface goes to other one?
View 2 Replies
View Related
Feb 8, 2011
how to fix this error: I wanna compile a C program which niffs the network for arp packets and prints them out ,I keep getting this error:
undefined reference to `pcap_parse' I have installed every thing new version of pcap ,..
View 4 Replies
View Related
Jul 25, 2011
I have users using Windows XP, Windows 7, Linux (Fedora) and Mac. They all are in a single private network and all access internet through a Linux (RHEL5) system in which Squid acts as gateway. The same is true with my branch offices too except that private network is different and gateway system uses Fedora 9 instead of RHEL5. All the branch offices are connected through point to point leased lines with the head office for file transfer.
My requirement is this: I have a web server located at head office. Presently I am able to access this server from my branch offices through internet. I would like to access this server from branch offices through leased lines. This too I am able to access if I do routing in users system. The file transfer is taking place through one to one system at two ends by creating static routing in those systems.
View 1 Replies
View Related
Aug 9, 2010
I'm looking for an open source/free network emulator tool that I could use on Mac OS X, to simulate a slow network connection, limited bandwidth and other network characteristics such as dropped packets etc for both UDP/TCP connections (or even on the physical layer).
I'm looking for the simplest solution that would allow me to run TCP/UDP servers and have a few clients connect to them on localhost emulating various network connections. I'm mainly wondering if I can use something like Linux's netem on Mac OS X (or even better cross-platform Windows/Linux/Mac). Perhaps I can run VirtualBox and a Linux kernel running netem, has anyone had luck with that?[URL]...
View 2 Replies
View Related
Feb 10, 2010
I have a small network with 4 users, a Win2003 server for LAN/security functions, and a Dell Blade server running Ubuntu 8.04.1 which runs as our web server on port 80. I manage the Ubuntu server with Webmin v1.42Yesterday, my users weren't able to access the internet nor were they able to receive mail, etc. and no one could access any of the website hosted on the webserver. However, the internal users could access each other's PCs and internal printers and devices - just nothing outside.
I began to troubleshoot: I could see a lot of activity on the Router/Firewall on the port connected to the Ubuntu server. When I unplugged the server, everyone could immedately connect to the internet. So, the problem was originating with that server.When I logged in to the Ubuntu server using Webmin, I checked System>Running Processes and right at the top of the list was the process:ID Owner CPU Command23184 www-data 98.1% ./s 174.120.164.186 7777When I drilled down on this process it said that the parent process was:/bin/sh -c ./s 174.120.164.186 7777I pressed the Trace Process button and it appears to be sending the following repeatedly:Time System Call Parameters Returnxxxx send 125,0123456789ABCDE,15,0 15So, I manually Killed the process and added a rule to my firewall/router to block an IP range that includes 174:120:164:186
A few hours later the same process stars again in Ubuntu,, effectively plugging up my pipeline to the internet and preventing access to the websites being hosted.It suspect that there is some kind of virus on my Ubuntu machine but have no idea how to locate and destroy it. I am relatively new to the Ubuntu world and would appreciate anyone's help immensely! I just don't know what to do!
View 9 Replies
View Related
Apr 7, 2011
I want to simulate a wireless network where all nodes broadcast packets
View 3 Replies
View Related
Aug 6, 2011
My LAN has 2 PCs installed, Ubuntu 10.04 and Windows XP. I run the server on Ubuntu, and client on Windows XP. Because I am doing stress test, so the client will keep sending tons of packets to server.
The strange thing is: After few seconds, the client program crash because of insufficient network buffer, the server is still ok. But after that I cant connect Ubuntu PC anymore until I restart it. And I check the router, the led for the Ubuntu PC is always ON (not blinking), look like it is jam already.
View 1 Replies
View Related
Mar 9, 2011
I am using tcp for data transmission between 2pcs running linux.During transmission, I have noticed that if I unplug the network cable and reinsert it quickly,connection is not lost(same as i expect)and the sender start to resend the packet after 5s(what i expect is that network packets sent immediately after quick physical disconnect and reconnect).My question is can i reduce 5s to 0s(resend immediately after network cable reconnect)?Any parameters(tcp rto,txqueuelength,..) can be modified to achieve this condition?
View 10 Replies
View Related
Mar 15, 2010
I have a DSL brodband connection. The internet connectivity was working fine but lately, I am am facing problems while connecting to internet.Upn connecting the cable to the eth0, the /var/log/messages shows repeated instances of:"kernel:corrupted packets received"Also, if i use pppoe-dicovery, I get " Timeout Waiting for PADO packets" error.There is nothing wrong with the cable. If I connect the cable to a windo$s xp laptop, internet connects fine without any problems.Any idea what could be going wrong? Since the internet was working fine earlier on my opensuse box, im not sure what could have gone wrong with the settings.
View 5 Replies
View Related
Sep 6, 2010
My setup is...I have a wireless access point using laptop as a gateway. The AP is also connected to a switch as is the laptop. So the laptop has two interfaces one wireless and one wired. A third device is using the AP to connect to a server on the internet. The AP sends the packets to my laptop where they are dropped. I've been looking for a solution to this problem without success. Basically is there a way for my laptop to forward all packets it sees from a certain IP address to whatever destination address they have?To clarify, my laptop is just the gateway of the AP and none of the packets are addressed to it at all, it just picks them up using a sniffer or similar tool.
View 1 Replies
View Related
Dec 3, 2010
using layer 7 filtering how to block the ftp packets?..
In My router i am going to add a below rule.... iptables -A OUTPUT -m layer7 --l7proto tcp --dport 20 -j DROP
above statement will it work in my router?.
View 1 Replies
View Related
Oct 17, 2010
1) i have to find the source and destination address in the ip and ethernet headers of a packet that go from my machine to the router.2) Then i have to do the same for the packet that goes from the router to my partner's machine.Then I have to answer the above questions but now for the echo replay.How could i see these address?The result could be found in the output of a tcpdump?
[guest@shakti guest]$ sudo tcpdump -en host 128.238.62.101 and 128.238.61.101
tcpdump: listening on eth0
20:27:36.662737 0:4:75:b5:20:bc 0:3:e3:2a:4a:60 ip 42: 128.238.61.101 > 128.238.62.101: icmp: echo request
[code]....
View 2 Replies
View Related
Feb 15, 2010
I've a ssh server on FEDORA 12. It was going well but now it's overloaded with ARP traffic and is unable to run ssh. normally i'm getting about 150 packets in just 3 second
View 1 Replies
View Related
Jun 7, 2011
we are using Red hat enterprise 5.4 for our internet connection with following ip's
eth0: 192.168.1.2 (local lan)
eth1: 114.143.28.240 (static ip address for 1st isp)
eth2: 192.168.100.149 (2nd isp modem connected with lan cable)
first isp i.e tata internet connected to the internet and working very well
now i want 2nd isp to work when the first isp goes down, i had configured all dns in the resolve.conf and squid.conf, when i switch off the 1st isp for checking that failover is working or not i cannot get internet packets from the second isp.
View 5 Replies
View Related
Jun 10, 2010
my Linux does not workDoes not accept incoming connectionsiptable disabledping is a network but cannot nor at 22 nor at any other connectsHow do I check what is blocking the connection
thnx alot.OS Ubuntu 9.4
View 4 Replies
View Related
