Networking :: Sending/replaying Network Packets?
Dec 10, 2008
I am not a networking expert by any means (in fact I have never taken a networking course), but I have taken several security courses, and generally we wind up discussing replay attacks. For example, the Needham-Schroeder protocol (using symmetric-key cryptography anyway) is flawed because it allows for replay attacks, and I understand why.
I guess my question is actually how someone would perform a replay attack. I know I can sniff network traffic by downloading wireshark. I also have downloaded winpcap and npg on my WinXP virtual machine. I'm trying to use this guide to help me, but I'm quite lost:[URL]What I did was to post a "link" to my facebook profile and I sniffed the traffic using wireshark. What I would ultimately like to accomplish is to copy that packet out of the wireshark output, and then use a tool like npg to transfer the raw packet back to facebook, which should result in a second, redundant post. I just can't figure out how to do that.
I'm pretty sure this should be possible. Facebook only uses an SSL session for authentication during login. After that, the information is just sent in the clear, so I'm pretty sure this should be possible.Can anyone explain how to do such a thing? It would really help my research paper that I'm working on this semester if you can. As of right now the attack we are trying to demonstrate/defend against is using a Windows VM, which is why I'm using winpcap/npg. The attack is actually possible using just about any OS (depending on the exploit used), but our POC is Windows only at the moment
View 4 Replies
ADVERTISEMENT
Jun 10, 2009
Suppose I have computer A with ip address on eth0 of 192.168.0.1 and ip address on eth1 of 192.168.1.1. If I send packets to 192.168.1.1 from computer A, it automatically uses the loopback interface. Is it possible to modify the routing table some how to send these packets out on eth0 instead and have them route around the network and come back on eth1.I've tried 'route add -host 192.168.1.1 dev eth0' but it seems to completely ignore this entry.
View 5 Replies
View Related
Oct 13, 2010
I want to build a topology of this kind:
|eth0 (a.a.a.a) |
Linux PC |<----------------> | ROUTER
|eth1 (b.b.b.b) |
|<----------------->|
the linux machine has two interfaces eth0 (a.a.a.a) and eth1 (b.b.b.b) connnected to two interfaces of a router. Now that if I send any packet destined to b.b.b.b from a.a.a.a interface on the linux machine, it should take the folowing path: eth0->router->eth1 . and it should be the same for vice versa.
View 1 Replies
View Related
Jun 20, 2011
I'm trying to create and send my own ETH packets from inside the kernel.My objective to send the packages from layer 2 by building my own skbuffand sending itusingdev_queue_xmit().anyone did it or have examples of how to do it ?I tried to build my own skbuff without success.
View 1 Replies
View Related
Apr 5, 2010
I'm looking for a way how to send an arp request / reply packet using C or C++. I've written an application that can send different crafted packages using jpcap (java), but I'm not a C expert (trying to learn). The reason for this is that I would like to port my java program to C to use it on a less powerful system that can't fully cope with the resource hungry VM
View 3 Replies
View Related
Mar 26, 2010
(Let me first of all state that I am a newbie to any form of programming.) I have been trying to create an IP header + TCP header and send this to another machine on my network.using C)I used the normal stuff: two structures for the headers, a sockaddr_in structure, call to function socket with SOCK_RAW, setsockopt with HDRINCL and call to sendto.All functions seem to return fine (values other then -1) the function that I have used to calculate the checksum for the IPheader matches the value that I manually calculated. I just don?t see the anything coming out of the interface on whireshark.I assumed that it had something do with my piece of code so I used two examples (including mixter void ru rawip html A brief programming tutorial in C for raw sockets[/url]). They show exactly the same thing functions return fine but no packets being send.I use Ubuntu 9.04 2.6.28-14-genericThe machine has two interfaces one with an ip address the other interface is in promiscuous mode. (both interfaces connected to a switch with port mirroring) I can see all normal traffic in/out.
View 2 Replies
View Related
Jul 16, 2009
The following piece of code is suppose to send a UDP packet.but inside function udpsocketinit , i get a segmentation fault and i can not understand why
Code:
#include <arpa/inet.h>
#include <netinet/in.h>
[code]...
View 5 Replies
View Related
Jul 17, 2009
In my network I have 25 workstations and some serves. Everything working in local LAN with firewall. The problem is that on one machine (I dont know which one) is installed software which sending data to the internet. Actually I dont know what it is. Last time as I remember was trojan which can create new network interfaces in windows and send some data to the internet. The half speed of my network connection is used by this infected machine. How can I detect which machine it is? How can I listen/capture some traffic and analyze from which machine I have more connections.
Please take a look on this time. Instead of 141-150ms should be 4-5ms.
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=1 ttl=249 time=141 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=2 ttl=249 time=135 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=3 ttl=249 time=147 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=4 ttl=249 time=127 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=5 ttl=249 time=156 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=6 ttl=249 time=129 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=7 ttl=249 time=188 ms
How can I detect which machine is infected using only linux and keyboard ?
View 5 Replies
View Related
Feb 15, 2011
I'm using madwifi linux driver (ath1) in monitor mode to capture some wireless traffic. I can see that all wireless traffic is coming well through the wireless interface (checked using TCPDUMP). What I want to know is how I can forward the captured wireless packets to a different Ethernet interface (e.g. eth2) in the same machine to send those captured packet out to a different computer.
I set 1 for /proc/sys/net/ipv4/ip_forward
for iptables, I tried this rule: iptables -A FORWARD -i ath1 -o eth2 -j ACCEPT
However, I coudn't read any packet from eth2 via TCPDUMP.
View 11 Replies
View Related
Feb 17, 2010
I am running into trouble while trying to set-up a iptables routing policy. I have two machines on the same sub-network (xxx.xxx.153.0). One of the machines is used as a default gw for the other (xxx.xxx.153.250 is a gateway for xxx.xxx.153.142 and xxx.xxx.153.254 is a gw for xxx.xxx.153.250). There is no explanation for why the xxx.xxx.153.250 is in the middle -- xxx.xxx.153.142 can go straight to xxx.xxx.153.254, but is is like that for now.I am trying to find an iptable rule to be executed on the xxx.xxx.153.250 machine to route the packets.
View 3 Replies
View Related
Feb 8, 2010
i have a linux server runnig oracle applications. i need to access this server from putty using ssh through internet. i did by registering my static ip with the dnydns.org and i am able to connect to the server. but now there is no security to authenticate any user as any one knowing the password can login to it.
i thought of configuring the firewall of linux server but the client ip`s are not static and they change continiously. so thought of keeping one more pc between the server and the router which will do the work of authenticating. but i am confuse as how to configure it to allow the packets coming from the internet after authenticating and to by pass the packets generated from internal LAN?
View 8 Replies
View Related
Jun 10, 2011
I have proxy running. I have seen LAN machines sending packets by iftop -P -F 192.168.10./24
[Code]....
How do i set my iptables so that I can only send and recieve http,smtp,ssh,dns,dhcp request in and out of the proxy
[Code]...
View 3 Replies
View Related
Feb 7, 2011
I'm sniffing network packets in ubuntu, I need to write these packets as raw bytes to memory but libpcap give packets in its special format. how can i save and recover packets in byte format?
View 2 Replies
View Related
Aug 30, 2010
i need to write a program in c that can sniff packets from Ethernet and distinguish RTP packets from Non-RTP packets, i have no idea what should i do
View 9 Replies
View Related
May 20, 2011
I have a system running 11.04 and it is dropping packets on the hardwired ethernet interface to other systems on the LAN, only in the inbound direction. It drops packets every 5 seconds. I verified this with iperf. Outbound packets pass with no problems. The network card in this system is a Broadcom Corporation NetXtreme BCM5752
View 9 Replies
View Related
Feb 13, 2011
My two machines are both running Ubuntu 10.10. I want to transfer program files between them using a local area network.
My Ubuntu machines can both see the Window machines on the network, and get files from them. But my Ubuntu machines do not detect each other as being on the network. Nor can my Windows machines detect my Ubuntu machines.
From what I can tell, that's normal, and I've become resigned to using a pendrive to transfer files between the two machines. Or even sending files as email attachments.
there is a clean and easy way to transfer files between two Ubuntu machines on the same local area network.
View 9 Replies
View Related
Jul 29, 2009
I am having a problem with sound in a range of applications. Playing an mp3 file is OK for 30 seconds or so, and then it seems to skip and make crackling noises. Stopping and replaying the file causes the same thing to happen again. I have installed all the mp3 codecs so i'm not sure what's going on.
View 14 Replies
View Related
Sep 27, 2010
I have a hardware device with two ethernet ports, eth0 and eth1 running Centos 5. Basically my goal is to forward packets from eth0->eth1 and eth1->eth0 as well as get a copy of these packets for analysis. If I set IP routing to do the forwarding then I won't get a copy of the packets for analysis.
View 3 Replies
View Related
Aug 8, 2010
I created a similar thread last week in the networking section but only got one response. I was hoping to get a little more help here as this forum helped me tremendously to partition my hard drive safely. That was over a week ago, and ever since then I have been struggling with setting up my network. Here is what I have done.Basic set up with netconfig. I selected DHCP and followed the directions on the screen.ifconfig -a shows eth0 with no RX or TX packets at all, but at least it showed me information. If it was not detecting my card (which is compatible with linux), it would have said no device found. correct?
dhclient eth0 just hangs there for half a minute until I can add a command again.dhcpcd eth0 times out.I read (in slackbook chaper 5.2.1) that the correct kernel module may not be loaded. So I opened rc.modules with pico and went to the netdevice section. In slackbook it said to find my device and uncomment it.... but I cant find it! (I have an atheros ar9285 in my stock compaq CQ61 laptop) I also opened rc.netdevice and it was empty..It seems like the more I learn about the network, the more lost I get. I keep hearing that configuring a network on slackware is easy, am I just missing some simple step?Also, whenever I startx, akonadi gives me an error. I also get another error saying that it could not parse XMS file. Is that just due to my lack of an internet connection at the moment?
View 14 Replies
View Related
Mar 27, 2010
I am using vnuml to test a network project. I have one Ethernet card on my ubuntu 9.10( eth0) with network 10.1.0.0/16, and creating a tap0 with subnet 10.4.0.0/16. Now the problem is how to work them together, such that packets from one interface goes to other one?
View 2 Replies
View Related
Feb 8, 2011
how to fix this error: I wanna compile a C program which niffs the network for arp packets and prints them out ,I keep getting this error:
undefined reference to `pcap_parse' I have installed every thing new version of pcap ,..
View 4 Replies
View Related
Jul 25, 2011
I have users using Windows XP, Windows 7, Linux (Fedora) and Mac. They all are in a single private network and all access internet through a Linux (RHEL5) system in which Squid acts as gateway. The same is true with my branch offices too except that private network is different and gateway system uses Fedora 9 instead of RHEL5. All the branch offices are connected through point to point leased lines with the head office for file transfer.
My requirement is this: I have a web server located at head office. Presently I am able to access this server from my branch offices through internet. I would like to access this server from branch offices through leased lines. This too I am able to access if I do routing in users system. The file transfer is taking place through one to one system at two ends by creating static routing in those systems.
View 1 Replies
View Related
Aug 9, 2010
I'm looking for an open source/free network emulator tool that I could use on Mac OS X, to simulate a slow network connection, limited bandwidth and other network characteristics such as dropped packets etc for both UDP/TCP connections (or even on the physical layer).
I'm looking for the simplest solution that would allow me to run TCP/UDP servers and have a few clients connect to them on localhost emulating various network connections. I'm mainly wondering if I can use something like Linux's netem on Mac OS X (or even better cross-platform Windows/Linux/Mac). Perhaps I can run VirtualBox and a Linux kernel running netem, has anyone had luck with that?[URL]...
View 2 Replies
View Related
Feb 10, 2010
I have a small network with 4 users, a Win2003 server for LAN/security functions, and a Dell Blade server running Ubuntu 8.04.1 which runs as our web server on port 80. I manage the Ubuntu server with Webmin v1.42Yesterday, my users weren't able to access the internet nor were they able to receive mail, etc. and no one could access any of the website hosted on the webserver. However, the internal users could access each other's PCs and internal printers and devices - just nothing outside.
I began to troubleshoot: I could see a lot of activity on the Router/Firewall on the port connected to the Ubuntu server. When I unplugged the server, everyone could immedately connect to the internet. So, the problem was originating with that server.When I logged in to the Ubuntu server using Webmin, I checked System>Running Processes and right at the top of the list was the process:ID Owner CPU Command23184 www-data 98.1% ./s 174.120.164.186 7777When I drilled down on this process it said that the parent process was:/bin/sh -c ./s 174.120.164.186 7777I pressed the Trace Process button and it appears to be sending the following repeatedly:Time System Call Parameters Returnxxxx send 125,0123456789ABCDE,15,0 15So, I manually Killed the process and added a rule to my firewall/router to block an IP range that includes 174:120:164:186
A few hours later the same process stars again in Ubuntu,, effectively plugging up my pipeline to the internet and preventing access to the websites being hosted.It suspect that there is some kind of virus on my Ubuntu machine but have no idea how to locate and destroy it. I am relatively new to the Ubuntu world and would appreciate anyone's help immensely! I just don't know what to do!
View 9 Replies
View Related
Apr 7, 2011
I want to simulate a wireless network where all nodes broadcast packets
View 3 Replies
View Related
Aug 6, 2011
My LAN has 2 PCs installed, Ubuntu 10.04 and Windows XP. I run the server on Ubuntu, and client on Windows XP. Because I am doing stress test, so the client will keep sending tons of packets to server.
The strange thing is: After few seconds, the client program crash because of insufficient network buffer, the server is still ok. But after that I cant connect Ubuntu PC anymore until I restart it. And I check the router, the led for the Ubuntu PC is always ON (not blinking), look like it is jam already.
View 1 Replies
View Related
Mar 9, 2011
I am using tcp for data transmission between 2pcs running linux.During transmission, I have noticed that if I unplug the network cable and reinsert it quickly,connection is not lost(same as i expect)and the sender start to resend the packet after 5s(what i expect is that network packets sent immediately after quick physical disconnect and reconnect).My question is can i reduce 5s to 0s(resend immediately after network cable reconnect)?Any parameters(tcp rto,txqueuelength,..) can be modified to achieve this condition?
View 10 Replies
View Related
Mar 15, 2010
I have a DSL brodband connection. The internet connectivity was working fine but lately, I am am facing problems while connecting to internet.Upn connecting the cable to the eth0, the /var/log/messages shows repeated instances of:"kernel:corrupted packets received"Also, if i use pppoe-dicovery, I get " Timeout Waiting for PADO packets" error.There is nothing wrong with the cable. If I connect the cable to a windo$s xp laptop, internet connects fine without any problems.Any idea what could be going wrong? Since the internet was working fine earlier on my opensuse box, im not sure what could have gone wrong with the settings.
View 5 Replies
View Related
Dec 31, 2010
I have OpenSuse 64bit running a web site. I have a form on this site here:- Dynamic Systems Group The script itself works and I have tested it on another hosted server and it works fine. However on my server the email the script sends never arrives, which must be a problem with my Postfix settings I guess. However I also have two pages on my site for testing sending of mail, which BOTH report a postive result:-
[URL]
However even though these pages report successful send the mail stil never arrives. I have looked at many pages and forums on the internet and I am really, really confused as to how to set up Postfix. On the Suse box I have the Mail Server configured in Yast to send mail via my Gmail.com account using TLS and authentication but still no success!
View 9 Replies
View Related
Jul 3, 2010
i am using centos 5.4 (5.5?) gnome on multiple machines in a local network.is there a program available that does the following:you type a message in a 'note'screen on one computer and can send it to one (to choose) or all machines in the local network that are online, so you can read the message on these other machines screens.
View 6 Replies
View Related
