I have a gateway server which is currently listening for TCP/UDP packets and authenticating clients if their details IP/MAC is known.
I have a couple of clients who's network equipment sends ICMP pings to a remote site to determine internet connectivity and I'm missing those resulting in the client's device not logging in.
Is there some way that I can write a listener similar to a listener for TCP/UDP sockets which will listen to ICMP packets and pick up the IP and MAC address of the sender upon which I can perform processing on?
i have configured racoon (ipsec tunnel) between 2 hosts and i am afraid of unencrypted ICMP which appears in TCPDUMP logs. There ale also encrypted ESP packets. Is this result of wrong racoon configuration? 172.16.220.133
When I ping our Microsoft Windows terminal server "cluster" farm, I get ICMP warnings that there are duplicate packets. I am able to rdesktop to the cluster with no problems. We are trying to setup nagios to run on this Ubuntu configuration and nagios is reporting the following error: "PING WARNING - DUPLICATES! Packet Loss=0%, RTA=.98ms. FPing reports duplicates as well. Is there a setting in the Arp table that needs to be set differently because the "Cluster" MAC address isn't an actual hardware MAC but a virtual MAC address?
I have a centos 5.5 machine. I have forwarded both port 22 and 8080 on my router. I can connect on 22 via telnet ip 22 and even can remotely login into the machine. The problem when I start my java listener program which is listening on 8080 it cant not establish any connection (via telnet ip 8080). I have even add this into the iptables too -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 9000 -j ACCEPT. I have disabled the SELINUX too.
For quite some time now, I've been trying to implement a multi-threaded or forked TCP server to perform the following action:1) Listen for new connections on all ip addresses on a specific port.2) Wait for a new connection to arrive3) When a new connection coms in, fork or thread to free up the listening process so it can go back to #2.When handling a client after it's been forked/threaded4) Get the connected client's ip address.5) Perform some in-house processing;6) Read the data sent from the client (checking for http connections)7) Perform some more processing;8) Write some data back to the client based on the above processing9) Close the socket/thread/forkI've tried implementing an solution similar to the multi-threaded example show here http://perl.active-venture.com/pod/p...-sockets.html; as well as looking at the CPAN solutions Net:aemon and POE::Component::Server::TCP but these don't seem to give me the information needed.The active-venture solution provides me with what I need, but randomly exits without reason/error and when attempting to change the 'for' loop to a 'while' loop, it keeps throwing up different errors.
I am setting up a virtual server. Ubuntu 11.04, "minimal provider image".UFW was disabled by default. I set it to default deny. Allowed HTTP, SSH and other standard stuff, and enabled it. All seems to be OK. Adding one rule to block some annoying security scanners causes ping not to work. I'm not an Iptables expert, but it looks OK to me. I got it from some website, rather than invented it myself, but modified to to fit the ufw config file syntax. What in that rule prevents pings?!? It seems completely unrelated.
I want to receive an icmp packet using net filter hook function. A string will be printed if an icmp packet is received.I am able to print the string. but the packet loss in the log message shows 100%packet loss.So i changer hooknum = NF_IP_FORWARD.but still its not working.I want to get log message as received 100%
I'm using a single raw socket to read UDP packets from local test network with 1024 ports. Each UDP src and dest port is unique and I need access to IP and UDP header fields. I can stream and process data (in and out) at 100 mbps in linux-rt kernel with very low jitter < 250 usec, 10 usec nominal.
I'd like to prevent kernel from issuing ICMP port unreachable errors back to the sending host, however, I don't want to create 1024 vanilla UDP sockets and bind to each one because of resource constraints. Currently, I'm using iptables to drop the outbound port unreachable messages. Does anyone know of a way (programmatic using C code) to prevent the ICMP unreachable traffic? Perhaps an IOCTL or socket option? I also tried changing /proc/sys/net/ipv4/icmp_ratelimit but that seemed to have no effect. By default the ratemask is set for dest unreachables and a variety of ratelimit values did not change any behavior that I could see.
I've a strange situation in my network: pcs gatewayed to another network, then a proxy, then a firewall.pcs --> router --> cloud --> router --> proxy --> switch <-- fw --> Internet(router, proxy and fw are alla connected by the switch)Some months ago the situation was: pcs --> router --> cloud --> router --> switch <-- fw --> Internet.There was a static route in the router that gatewayed the packets to the firewall, but that route has been deleted, and I cannot reinsert it because I've not access to the routers, so we have to use a proxy to go to Internet, and we have the configuration of all pcs (Windows XP) with the fields "proxy" filled.The proxy ha only one NIC gatewayed to the firewall, and Ubuntu and squid installed, but we have some problems:
1. we cannot use email, so how can we make port 110 and 25 packets pass?
2. squid seems to slow down, so can we uninstall it and route all the traffic directly to the firewall to speed up?
I'm looking for a way how to send an arp request / reply packet using C or C++. I've written an application that can send different crafted packages using jpcap (java), but I'm not a C expert (trying to learn). The reason for this is that I would like to port my java program to C to use it on a less powerful system that can't fully cope with the resource hungry VM
i have a linux server runnig oracle applications. i need to access this server from putty using ssh through internet. i did by registering my static ip with the dnydns.org and i am able to connect to the server. but now there is no security to authenticate any user as any one knowing the password can login to it.
i thought of configuring the firewall of linux server but the client ip`s are not static and they change continiously. so thought of keeping one more pc between the server and the router which will do the work of authenticating. but i am confuse as how to configure it to allow the packets coming from the internet after authenticating and to by pass the packets generated from internal LAN?
I am trying to build a socket to retrieve the ethernet packets from ECU(I do not know much about the ECU). When i run my code on windows there is no problem and the code runs correctly. But when i run my code on Debian it gets stuck at s.recv(1024).
I have already set static ip in /etc/network/interfaces as follows:
Code: Select all import socket import sys HOST = "160.48.199.91" port = 30490 s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_UDP) s.bind((HOST, 30490)) while True: data = s.recvfrom(1024) print(data)
There is no LAN or Router. When i check netstat -s i see that there are 0 UDP and 0 TCP messages received. But when i check in Wireshark on Debian i could see the displayed UDP packets. Does it mean that the UDP packets are reaching the Raspberry Pi but not received by Debian ? Or are these packets being dropped?
(Let me first of all state that I am a newbie to any form of programming.) I have been trying to create an IP header + TCP header and send this to another machine on my network.using C)I used the normal stuff: two structures for the headers, a sockaddr_in structure, call to function socket with SOCK_RAW, setsockopt with HDRINCL and call to sendto.All functions seem to return fine (values other then -1) the function that I have used to calculate the checksum for the IPheader matches the value that I manually calculated. I just don?t see the anything coming out of the interface on whireshark.I assumed that it had something do with my piece of code so I used two examples (including mixter void ru rawip html A brief programming tutorial in C for raw sockets[/url]). They show exactly the same thing functions return fine but no packets being send.I use Ubuntu 9.04 2.6.28-14-genericThe machine has two interfaces one with an ip address the other interface is in promiscuous mode. (both interfaces connected to a switch with port mirroring) I can see all normal traffic in/out.
I have tried to google it around and couldn't find any good solution for it. What I want is to hook up to the kernel network hooks and for example investigate all of the packets (maybe keep some in the buffer and drop in the kernel so I could send them out lets say 10 minutes later) but from a C / C++ program perspective / level. I know it can be done via iptables but isn't there a way to do it from a program ?? I have found a library called ipq but apparently doesn't work with kernel 2.6.x anymore.
I have forwarded both port 22 and 9000 on my router. I can connect on 22 and remotely login into the machine. The problem when I start my java listener program which is listening on 9000 it cant not establish any connection. I have even add this into the iptables too -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 9000 -j ACCEPT. I have disabled the SELINUX too. What else must I do to make it work any suggestion please?
I want to send Received UDP Packets to neighbor MAC Address. Anyone can guide me to how to do it?
I can received UDP packets and then forward to unicast address as follow: How can i modify this codes (Maybe Last Line) to send the received packets to destination MAC Address instead of destination IPv6 Address?
Code: int main(int argc, char ** argv) { int s,s1; struct sockaddr_in6 a,a1;
The following piece of code is suppose to send a UDP packet.but inside function udpsocketinit , i get a segmentation fault and i can not understand why
I want to gave much details as possible. working directory (~/a1/shell) in the shell directory i have Makefile. also in the shell directory i have subdirectory's (obj, src, include)
My current Makefile
Quote:
#What needs to be built to make all files and dependencies
clean:
# End of Makefile
I wanted it so: all .o files are created in the obj subdirectory, and my application, sshell, is created in the shell directory.
I am getting this error when i run the make run: No rule to make target 'shell.h', needed by 'shutil.o'. stop
I have a hardware device with two ethernet ports, eth0 and eth1 running Centos 5. Basically my goal is to forward packets from eth0->eth1 and eth1->eth0 as well as get a copy of these packets for analysis. If I set IP routing to do the forwarding then I won't get a copy of the packets for analysis.
I run a linux box as a gateway behind a satellite modem. The internet link over the satellite modem is only 1mbit so the usage often reaches 100% when someone is downloading/uploading something. I am seeing my ping return time jump from 700ms to 6000ms if someone tries to upload a file (by sending a attachment in a email etc). The satellite operator is saying this is normal, but I have my doubts.
Has ICMP got a lower priority? Should I really be seeing this behaviour? I understand that if it was a TCP packet then it would just be queued until the previous acknowledgement has been received. And if it was a UDP packet then it would have been dropped, but how does ICMP deal with these situations during heavy traffic?
Is there a way to set the IP that's returned in an ICMP TTL exceeded packet? Reason I ask is I have an edge router with several upstreams, and several downstream routers, and when I traceroute to it I would like only one of it's IP's to show up in the trace (Instead of each . Much like some of the larger ISP's do to mask the IP and hostname of their internal routers.. Is this possible?
I have One Server which is having IP 10.176.0.155. I want that client 10.176.0.135 is not able to ping this server only & cane it is possible to block through hosts.
Why linux traceroute uses UDP protocol, we have basic ICMP protocol which is used in MS-windows tracert.Any specific use of traceroute using with UDP,TCP than ICMP?Windows is displaying all HOPs address but linux printing *.*.*
I'm facing a strange problem. I have a Debian squeeze machine connected to Internet through a 3G USB modem. The machine connects as expected, and I can resolve domain names and establish HTTP and SSH connections.The problem is when I try to communicate to that machine from another PC connected to Internet. The machine doesn't respond to PING and I can't connect to the SSHD installed in it. If I connect the machine to the local network, it works right.
route:
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default * 0.0.0.0 U 0 0 0 ppp0[code]...........
1. Creates a UDP socket 2. Send the UDP Request packet to the TFTP server. 3. If the TFTP server is not listening in the 69 port, the remote machine send an ICMP ("Port Unreachable") message.
Is there a way to receive a notification from the Linux kernel on receipt of an ICMP packet to the created UDP socket.
