Networking :: Capture A Dropped Or Rejected Firewall Packet?
Jul 3, 2011
I'm running ubuntu 11.04, and using firestarter for my firewall. Logging events, all good, but I'd like to be able to (tcp)dump the packets being dropped/rejected. Wireshark is great after the event, but can I hook iptables and tcpdump together somehow so the system logs the entire packet rather than the summary when it says "no"? I've had a quick look/google, but can't find anything. I'm sure somebody must have wanted to do this before - any pointers people?
PS - will keep looking and post the answer if I find one....
View 5 Replies
ADVERTISEMENT
Jan 11, 2010
I've recently installed Ubunter 9.10 Server Edition to use as a NAT firewall for the lab I run. I'm using iptables to do NAT forwarding and everything works great except that, occasionally, connections seem to break. Ssh connections close with "Connection reset by peer" and HTTP connections just stall out.I believe this has to do with the firewall's internal network interface occasionally dropping packets.
View 2 Replies
View Related
Mar 13, 2010
I am using ubuntu 9.10. Configuring my firewall using guarddog. I have setup a rule to allow traffic OUT on port 7078 UDP, and just because i'm having problems i added an IN rule.
# Create the filter chains
# Create chain to filter traffic going from 'Internet' to 'Local'
ipchains -N f0to1
[code]....
View 2 Replies
View Related
May 29, 2010
Does ubuntu have anything similar to window's program Cain & Abel for wireless packet capture?
View 1 Replies
View Related
Jun 10, 2009
I am looking for a solution for our LAN traffic monitoring and would like to use some opensource linux application. I have a linux box with two NIC cards and what I thought is the following: Our setup is as follows. Internet comes in through the router and into the firewall. From the firewall it goes into our switch and distributed among the workstations.
I have no access to the router or the firewall as they are centrally configured. I would like to place a device into the loop through which I could monitor the LAN traffic.
Can I put a linux box between the firewall and the switch and have all packets going through registered and logged? I have a proxy server (non transparent) and that captures some but not all. I would like to get all packets registered without interfering with the LAN etc.
View 3 Replies
View Related
Aug 9, 2010
I'm getting dropped frames from both Digital8 & MiniDV camcorders using Kino. MyCPU doesn't seem to be spiking. I've made sure compiz is disabled and no memory/cpu hungry apps are running. I'm using SATA drives so DMA shouldn't be the issue.
The video and audio that is captured seems to be fine.
Hardware info:
CPU - AMD 64 FX-55 Processor
Mobo - GA-K8NXP-SLI
01:07.0 FireWire (IEEE 1394): Texas Instruments TSB12LV23 IEEE-1394 Controller
01:0a.0 FireWire (IEEE 1394): Texas Instruments TSB82AA2 IEEE-1394b Link Layer Controller (rev 01)
View 1 Replies
View Related
Jul 21, 2010
I wanna capture network packets from DMA ring buffer, just like netfilter. i wanna capture it from DMA, because i wanna get MAC address of I/O packets, so netfilter not included MAC address of out going packets because its on IP level and Ebtables is like that too. how i can capture network packets from DMA ring buffer.
View 9 Replies
View Related
Sep 1, 2009
I switched over to Fedora a couple of days ago. I'm using the built-in firewall shipped with it but I can't find out how to enable logging of dropped packets. Among others I'd like to use psad that needs firewall logging. Is there an easy way to do this? I'm not an iptables "expert".
View 6 Replies
View Related
Jul 12, 2010
I am the new user to ns-2. I would like to know is it possible to send the keys or some value as the packet data (content of the packet) in ns-2 (for wireless environment).
View 1 Replies
View Related
May 18, 2010
I am learning to setup firewall in my home for that i have selected four system(sys1,sys2....sys4) for testing .I have configured sys2 to act as a firewall with two NIC. sys3 and sys4 are inside the firewall . sys1 is not connected to firewall for testing purpose.
the IP assignments are follows :
sys1 : ( fedora, not connected to firewall i am thinking, But i am not sure )
IP : 192.168.2.1 ,
gateway : blank
dns1 : blank
dns2 : blank
sys2 firewall ,IPTABLES )
code....
what happened is that sys1(not connected to firewall) can ssh to sys4(connected,inside firewall),since the rules are written not to ssh form sys1 to sys4..
then I came to know whatever the request I give, It directly goes as sys1 --> sys4. Not as sys1-----> sys2(firewall)---> sys4 .and the firewall is not filtering and processing anything for both inbound and outbound (i think it's my mistake some where). the requests are directly going inside without firewall.
View 3 Replies
View Related
Sep 22, 2010
I am having trouble with my local ssh connection. In my hosts.deny I have ALL, and in my hosts.allow I have my computer. I cannot connect unless I comment out the ALL in hosts.deny. Why is it not allowing a connection?
View 1 Replies
View Related
Mar 3, 2010
Out of the blue a dialog popped up requesting that I enter the key for my home wireless network. This is of course unexpected since the correct key is defined for that network in my network config. I entered the correct key but it was rejected. I then clicked on the network manager icon in the task bar. Contrary to normal behavior this did not show either my home network or any of the other wireless networks from my neighbors. The only resolution I could find to restore the wireless network was restarting my system. This seems excessive.
View 1 Replies
View Related
May 15, 2010
i installed ubuntu on my friends laptop but when he tries to connect to his network and enters his wep key the box disappears for a few second and comes back again...The card is Atheros on a Toshiba laptop and it is detected , it finds the networks but the wep key is rejected every time without a error
View 5 Replies
View Related
Feb 18, 2011
I have 2 laptops running Ubuntu 10.04. One connects to my Linksys wireless modem fine while the other does not. The one that does not connect, will connect fine within the instances of Windows XP SP3 and Puppy Linux 5.1 that run on the same laptop. Ubuntu wireless worked fine with version 8.04 on this laptop before upgrading to 10.04.
When trying to connect within 10.04, Ubuntu pops up the dialog box to enter the authentication key. It rejects the correct key, and after a moment, pops up the same dialog box asking for the key again. I'm using WEP 40/128-bit encryption and the key I enter in the dialog box is the correct 26-character key.
The laptop is a Toshiba Satellite Pro 6000 (1g ram/40g disk). Here are some vital outputs root@user-laptop:/home/bsmis# iwconfig
lo no wireless extensions.
eth0 no wireless extensions.
irda0 no wireless extensions.
eth1 IEEE 802.11b ESSID:"kr_wireless"
Mode:Managed Frequency:2.457 GHz Access Point: None
Bit Rate:11 Mb/s Sensitivity:1/0
[Code]...
View 3 Replies
View Related
Apr 10, 2009
Each time after boot, I have to wait for proximately 2 minutes before Firefox starts showing any web pages. I believe the delay is caused by the following issue: Code: Apr 7 21:03:18 linux-kr6c nm-dispatcher.action: cript '/etc/NetworkManager/dispatcher.d/netcontrol_global_hooks' exited with error status 1.Apr 7 21:03:18 linux-kr6c nm-dispatcher.action: cript '/etc/NetworkManager/dispatcher.d/nfs' exited with error status 2.
Apr 7 21:03:18 linux-kr6c dbus-daemon: Rejected send message, 14 matched rules; type="method_return", sender=":1.50" (uid=0 pid=3132 comm="/usr/lib/NetworkManager/nm-dispatcher.action ") interface="(unset)" member="(unset)" error name="(unset)" requested_reply=0 destination=":1.5" (uid=0 pid=2097 comm="/usr/sbin/NetworkManager "))
Apr 7 21:05:39 linux-kr6c ntpd[3500]: ntpd 4.2.4p4@1.1520-o Mon Jan 19 14:44:51 UTC 2009 (1)Apr 7 21:05:39 linux-kr6c ntpd[3501]: precision = 1.000 usec I have no idea what my machine is doing, but it seems as nothing is happening between 21:03:18 and 21:05:39.
View 5 Replies
View Related
Oct 1, 2010
My wireless connection keeps getting dropped very frequently. I am on a Dell XPS m1530 and I will just be on the interent and it just disconnects from wireless and I have to connect back. It is super annoying. I am on the latest version of ubuntu.
View 4 Replies
View Related
Oct 11, 2010
my laptop running 10.10 and a dell. the college is witch i attend's unsecured wireless network keep disconnecting me from every on average 45 minutes to an hour ands will not re connect for about 10-15 minutes. it works fine anywhere else i go but here i get dropped.
View 1 Replies
View Related
Oct 1, 2010
One of our RHEL 5.3 servers has trouble about 30% of the time with TCP-based communications, but it does not seem to be firewall issues. From another computer on the same switch, you can SSH to the server sometimes and other times the SSH command will just hang. When it hangs, you can often just Ctrl+C and try it again and it works. Same with HTTP connections. You'll get part of a web page and then FireFox will just hang waiting for the rest and eventually time out. Same goes for communication initiated FROM the server. SSH'ing from the server to any outside server or connecting to any web site works sometimes, but most times not. iptables if off. No other firewalls are running. Tcpdump shows communication gets so far and then stops. It does not matter whether tou run tcpdump on that server or the client connecting to it. Either way you see the connection stops working. MEANWHILE, pinging with small or large packets works flawlessly. 10,000 packets, zero drops.
View 5 Replies
View Related
Feb 13, 2009
I have question regarding netstat? When performing a "netstat -s" I receive the following information regarding dropped packets under IP:
IP:
93978695 total packets received
0 forwarded
0 incoming packets discarded
79472157 incoming packets delivered
65235033 requests sent out
29527 outgoing packets dropped
However if I run a "netstat -i" I have no dropped packets whatsoever: (apologies for the table format):
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
bond0 1500 0 34326528 0 0 0 72755307 0 0 0 BMmRU
bond0:1 1500 0 - no statistics available - BMmRU
bond1 1500 0 28605491 0 0 0 20948952 0 0 0 BMmRU
eth0 1500 0 34199550 0 0 0 72755278 0 0 0 BMsRU
eth1 1500 0 126978 0 0 0 29 0 0 0 BMsRU
eth2 1500 0 97911 0 0 0 1 0 0 0 BMsRU
eth3 1500 0 28507580 0 0 0 20948951 0 0 0 BMsRU
lo 16436 0 34094225 0 0 0 34094225 0 0 0 LRU
View 5 Replies
View Related
Jul 11, 2010
I've been using my current laptop since Ubuntu Edgy Eft and, since then, I never had any problem with wireless ( Network controller: Intel Corporation PRO/Wireless 3945ABG [Golan] Network Connection (rev 02) ) Since I upgraded to Lucid, my connection is dropped approximately every 3-4 minutes for 10s. Network-manager doesn't show anything but it is well visible with the netspeed applet that shows a warning sign "No connection" instead of the speed.This is very annoying and frustrating. I recall having seen the same issue in an blog article where the author was talking about his upgrade to lucid. It was just one line and I didn't care a lot at the time and cannot find the article back.
Is there anyone having heard about a possible issue ? (I've upgraded from Karmic when Lucid was still in Beta, so it might be the cause).
View 1 Replies
View Related
Jul 4, 2011
I'm working right now with ubuntu 11.04 on my asus ul30vt-x1, my wireless n network is working on a linksys e3000 router, my issue is basically with long file transfers. When the issue started i was reaching speeds of 100 Mbps through my wireless network even when I'm connected at 150 Mbps. However when at this speed, I don't know why, the connection is dropped after some minutes or even seconds. I made some testing on windows, I'm reaching 70 Mbps there and no problem at all with dropping the connection.
So my conclusion is that for some reason the linux driver, in my case, is not able to handle such speed of 100 Mbps. I know that a wireless network will have a throughput of aprox 60% the wireless speed. Right now im trying to apply traffic shapping to my transfers so i can get 70 to 80 Mbps, its being working so far.
View 1 Replies
View Related
Mar 17, 2011
I've forwarded incoming connections on port 25 to my virtual machine with the following commands:
sudo iptables -t nat -A PREROUTING -p tcp -i eth0 -d 10.1.1.3 --dport 25 -j DNAT --to 192.168.56.101:25
sudo iptables -A FORWARD -p tcp -i eth0 -d 192.168.56.101 --dport 25 -j ACCEPT
The strange thing is the connections coming through in the virtual machine seem to be getting dropped. A port scan from the internet says the port is closed, but it is not the case as I can see the connection coming through. As you've probably worked out, I am running a mail server. When I send myself test mail, the connections from the senders mail server also gets dropped.
View 1 Replies
View Related
Dec 5, 2010
I've run into a of a routing issue pertaining to packets leaving a firewall, traversing and IPSec tunnel, hitting the target and then returning via a different tunnel, finally arriving back on the source firewall but on a different interface from where it started. Once the packet has returned to the firewall it is dropped I've been unable to discover the reason for the drop. Two sides to the system, Firewall A and Firewall B. Each firewall provides the default gateway to its respective side and offers a backup IPSec tunnel to the high capacity tunnel handled internally. The Layer 3 Switch uses OSPF and takes care of the bulk of the behind the scenes routing between the sides. In case of failure the Layer 3 switches direct traffic to use the Firewall tunnels to route traffic.
View 2 Replies
View Related
Apr 4, 2011
I'm running a Debian Squeeze 6.0.1a box that's connected to my ISP via an L2TP connection that's managed by OpenL2TPD. The box is configured to perform NAT from local clients (on eth0) to the internet (on ppp0).
However, I'm having an issue with TCP packets that are sent from the box itself to the internet (packets originally coming from the local clients get sent and received over the internet just fine)
I'm using this Python app to test this:
Code:
#!/usr/bin/env python
import socket, time
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(('', 5003))
s.listen(1)
while 1:
conn, addr = s.accept()
[Code]...
View 3 Replies
View Related
Sep 17, 2009
I got a problem with my CentOS server. Somebody told me OpenVPN Requires different changes inside my firewall settings. That could be the problem why openvpn wont load..I receive this error on my CentOS panel when im trying to connect into the centos openvpn (with my winxp pc):
Thu Sep 17 20:31:36 2009 TLS Error: incoming packet authentication failed from 84.xx.62.122:2622
Thu Sep 17 20:31:38 2009 Authenticate/Decrypt packet error: packet HMAC authentication failed
Thu Sep 17 20:31:38 2009 TLS Error: incoming packet authentication failed from 84.xx.62.122:2622
[code]....
View 5 Replies
View Related
Jan 23, 2010
When I am running linux on my laptop, my ssh session to a particular server keeps getting randomly dropped. What should I do to troubleshoot the problem?
View 4 Replies
View Related
Oct 5, 2010
In my Fedora13 machine, while in mobile broadband, i can ping and skype outside, but cannot browse/yum etc. Few output that may be of relevence are here:
$ netstat -s
IP:
149468 total packets received
6 with invalid headers
16174 with invalid addresses
0 forwarded
0 incoming packets discarded
118821 incoming packets delivered
101331 requests sent out
124 outgoing packets dropped
866 dropped because of missing route .....
View 3 Replies
View Related
Feb 28, 2010
with my other ethernet card problem solved, I suddenly run into this:
Code:
eth1
Link encap:Ethernet HWaddr 00:02:e3:16:37:4c
inet addr:10.0.2.1 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::202:e3ff:fe16:374c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
[Code]...
This card was working perfectly fine up until....an hour ago and it started doing this. My iptables isn't blocking it somehow, because I didn't change anything. I tried reverting to an older kernel and that didn't help. It's not the network cable, it works fine in any other card. Also, the dropped packets seem to count down? It seems to go down by exactly one every time I run ifconfig, no matter the length of time in between running it.
View 3 Replies
View Related
May 23, 2011
when I change the hostname on my Ubuntu server, the DHCP clients table in my router is dropped.I'm running 32-bit Ubuntu Server 10.10. My router is a Linksys WRT54GL with firmware version 4.30.15. I'm changing the hostname by modifying /etc/hosts and /etc/hostname. I've also tried changing the hostname using the Linux hostname command in a terminal, but this does not seem to behave correctly according to the manpages (it does not actually change the hostname, or update either of the aforementioned files).
I've also tried using a different router - a Linksys BEFSR41 - but the DHCP table is still dropped when I change the hostname on my server (although this router is not all that different from my other one).
View 3 Replies
View Related
Jun 15, 2010
My wireless is flakey -- dropped connections, poor speed, etc. As diagnosis, I loaded the 'wavemon' utility so that I might watch the radio and signal and noise.Things will be good, then fall off, then get better, then go away entirely. Repeat continuously and randomly. For these experiments, my laptops -- more than one -- are on a table.The table is roughly 15-20 ft laterally from the access point. The access point is also 8 ft above the floor vs. 3 ft table height.(grin) While the signal "wobbles" everything else is mechanically stable and otherwise not moving.
View 11 Replies
View Related
