Ubuntu Networking :: How To Check Packets Being Sent / Received Through WAN
Jan 14, 2010
I am new to Ubuntu almost installed it after windows showed blue screen 4 ever n ever. However after installing ubuntu whenever I log in windows it doesnt detect any network connection but when I use Ubuntu it automatically does can it be that Ubuntu is causing any problem? And how to check how many packets are being sent and received through my wired network and do I have to install any drivers for my modem in Ubuntu.
where packets are stored when they're received. After some googling, I think perhaps libpcap with mmap would be the solution. Does libpcap 1.0 and above support mmap?From my understanding, mmap would allow me to directly access the buffer without having to explicitly copy the packet to another buffer for me to do processing. I would also appreciate it if someone can let me know where I can find examples of such applications, as many examples of mmap I've found involves mapping a buffer for file operations, rather than integrating it with pcap functions like pcap_loop, pcap_next_ex etc.
I keep finding packets that appear to be whois on port 44. they appear to originate from me to whois.arin.net (2 packets each time) and 199.212.0.43 (also 2 packets each time) when I put 199.212.0.43 in the URL box it says "Failure To Connect To Web Server". when I whois it it says:
Quote:
Available at [url] And yes, I did get the same packets when I used whois. Why is my computer randomly whoising stuff?
My LAN has 2 PCs installed, Ubuntu 10.04 and Windows XP. I run the server on Ubuntu, and client on Windows XP. Because I am doing stress test, so the client will keep sending tons of packets to server.
The strange thing is: After few seconds, the client program crash because of insufficient network buffer, the server is still ok. But after that I cant connect Ubuntu PC anymore until I restart it. And I check the router, the led for the Ubuntu PC is always ON (not blinking), look like it is jam already.
i made a video and i wanted to put it on my myspace(video upload) and it justs fade to grey and becomes unresponive. that it goes back to normal but no progress. so then i tried going to image shack and uploading a picture. can't do that either. tried mediafire, videos, vimeo, nothing.
so i tried on my desktop(desktop running 9.10 32 bit. laptop(the first one i tried) running 9.10 64 bit. it didn't work on that either. i know it's not my isp because it works on my ps3(no ubuntu). not my firewall and tried without without my router. didn't work either. i tried upgrading flash on both of them and on my desktop i can upload some pictures to imageshack now. nothing else though. i have tried using both firefox and opera.
i pinged yahoo and this is what i got:
6 packets transmitted, 6 received, 0% packet loss, time 5007ms rtt min/avg/max/mdev = 72.732/73.437/75.024/0.761 ms
I have a DSL brodband connection. The internet connectivity was working fine but lately, I am am facing problems while connecting to internet.Upn connecting the cable to the eth0, the /var/log/messages shows repeated instances of:"kernel:corrupted packets received"Also, if i use pppoe-dicovery, I get " Timeout Waiting for PADO packets" error.There is nothing wrong with the cable. If I connect the cable to a windo$s xp laptop, internet connects fine without any problems.Any idea what could be going wrong? Since the internet was working fine earlier on my opensuse box, im not sure what could have gone wrong with the settings.
i have a linux server runnig oracle applications. i need to access this server from putty using ssh through internet. i did by registering my static ip with the dnydns.org and i am able to connect to the server. but now there is no security to authenticate any user as any one knowing the password can login to it.
i thought of configuring the firewall of linux server but the client ip`s are not static and they change continiously. so thought of keeping one more pc between the server and the router which will do the work of authenticating. but i am confuse as how to configure it to allow the packets coming from the internet after authenticating and to by pass the packets generated from internal LAN?
Just wanted input for this script i have cobbeled together. Its not done yet. I am trying to think of ways to close up my outgoing while maintaining full functionality of my laptop ( irc, web stuff, a torrent or two, etc.) . Anyways, I have done some myself; as well as, pulling bits and pieces from other stuff out on the web. I am starting to wonder why i have to write a specific rule to check for spoofed packets if my default input is set top drop. wouldnt it be caught?
I have a hardware device with two ethernet ports, eth0 and eth1 running Centos 5. Basically my goal is to forward packets from eth0->eth1 and eth1->eth0 as well as get a copy of these packets for analysis. If I set IP routing to do the forwarding then I won't get a copy of the packets for analysis.
This has been bugging me for quite a long time. I need to have a pptp connection to my university. I have tried to locate the error, but this has been a real trouble.
A little bit of history: My girlfriend had a laptop with M$ vista on it with a working PPTP connection. I had a laptop with Ubuntu, with which I couldn't get the PPTP working.
When my laptop crashed, I bought a new one on which I run a dual boot XP SP3 and Ubuntu. I also own a desktop (Dual M$ Win 7 / Ubuntu standard Karmic) and my girfriend also upgraded to Win 7.
Currently, the XP version is the only one on which I can get a connection. Both Ubuntu and the Win 7's give me a GRE proc 47 not received error. I know our router (a DAVOLINK DV2020) is notorious for not sending through GRE proc 47, but this either shouldn't be the case or it shouldn't matter, since I can make a perfect connection through the XP OS.
This is quite a handicap, since we both study at the university for which we require working VPN PPTP connections.
I was wondering if there was a Windows or Ubuntu way to limit the amount of data that is able to be sent over the internet between certain times, eg. Between the times of 7am and 7pm can only download 300 MB from the web, when this limit is reached the web is either disconnected or slowed down.
I am having (seemingly) random trouble with my wired network ever since I installed Lucid. I have no problem getting an ip address from dhcp. However, randomly the computer will boot and although I have an ip address I do not receive any responses for pings on the network nor can I browse the web. If I sudo /etc/init.d/networking restart a few times (or reboot) it will start working. However, restarting the networking services (as mentioned above) again will cause me to no longer receive responses for pings or browse the web.
Furthermore, I have never been able to successfully ping if I manually set an ip address. I have un-installed network manager and I am using /etc/network/interfaces to configure the network. Using Lucid Lynx 64bit on a Dell Precision. I have pasted below the output of a few working commands. When I switch between static ip and dhcp I am commenting/uncommenting the lines shown in /etc/network/interfaces.
I set up environment according to BareMetalProvisioningBestPractices document, I think everything should be ok. Now trying to plug in new virtual machine for PXE install Linux. But something is wrong, DHCP waits couple of seconds, and then I receive:
PXE-E53: No boot filename received PXE-M0F: Exiting Intel PXE ROM.
I think, all services required are started.
dhcp.conf on boot/stage is: # # DHCP Server Configuration file. # see /usr/share/doc/dhcp*/dhcpd.conf.sample #
[Code].....
pxelinux.0 was taken from RHEL4, but I've got image and trying to boot RHEL5. Maybe there is something?
I used to connect to the internet via a Linksys router using the following terminal commands (Network Manager has never worked for me on any Ubuntu install):
Code:
sudo ifconfig wlan0 down sudo dhclient -r wlan0 sudo ifconfig wlan0 up
[code]....
However, I recently changed the old modem + router for a new wireless modem (a Thomson TG585v8 ). Now, the result of that last command is this:
Code:
amosupremo@amosupremo:~$ sudo dhclient wlan0 Internet Systems Consortium DHCP Client V3.1.3
[code]....
No working leases in persistent database-sleeping. I've tried to connect in Natty(both Ubuntu and Kubuntu) and it's not working either.I also purged Network Manager and installed wicd and I managed to get an intermittent, slow connection.
1 ) Machine Brand and Model (PC/Laptop): No brand. I built it with the following specs:
AMD Athlon II X4 2.6GHz 2 HD: 100GB Sata (Ubuntu and XP64 install) / 80GB IDE (XP) 4GB RAM Gigabyte Motherboard
2 ) Wireless Brand, Model and Wireless Chipset:
Code:
amosupremo@amosupremo:~$ lsusb Bus 002 Device 005: ID 0ace:1201 ZyDAS 802.11b Bus 002 Device 004: ID 049f:000e Compaq Computer Corp. Internet Keyboard
[code]....
3 ) check interface:
Code:
amosupremo@amosupremo:~$ ifconfig wlan0 wlan0 Link encap:Ethernet HWaddr 00:02:72:04:d0:04
[code]...
I am also attaching the wicd log. It contains a session where I got the intermittent connection. I stopped that connection and restarted it (with the same results) two times.
i am using centos 5.2 . recently i have implementing transparent proxy but i faced issue. i received lots of messages in dmesg. i have 2 machine with same OS another machine are works fine with this same configuration
br0: received tcn bpdu on port 1(eth0) br0: topology change detected, propagating br0: received tcn bpdu on port 1(eth0) br0: topology change detected, propagating br0: received tcn bpdu on port 1(eth0)
I have a Webserver (Co-Location) and all runs fine ... since last week. Now there are a lot of RX-ERR shown in netstat and ifconfig. And when I try to upload a external website direct on the server for example via wget, it is very very slow and hangs very often.
I have analyse the network but I was not able to find a problem. My hoster has checked the network and all looks fine. For example my hoster has plugged-in a pc in the same switch ... and was able to do wget (load external data, like websites) in normal speed.
Since last week my websites were delivered slower as before, too. It seemed there is a network-problem ... but how can I find it?
Actually I can install moduls ... but the server needs hours. So, if you knows a good command-line tool to analyse the network.
PC1 runs radvd to provide router advertisements to the network and a DHCPv6 server for stateful addresses.Each interface is configured on a separate subnet. PC2 runs a DNS server on eth0. PC2:eth1 is used as an IPv6 client for testing purposes. The connections from PC1 to PC2 are just crossover cables.I've created virtual machines of both PCs and have created 4 virtual adapters on the host machine for each of the local-only interfaces.Now I have this:
I am using ubuntu 9.10. Configuring my firewall using guarddog. I have setup a rule to allow traffic OUT on port 7078 UDP, and just because i'm having problems i added an IN rule.
# Create the filter chains # Create chain to filter traffic going from 'Internet' to 'Local' ipchains -N f0to1
My setup is...I have a wireless access point using laptop as a gateway. The AP is also connected to a switch as is the laptop. So the laptop has two interfaces one wireless and one wired. A third device is using the AP to connect to a server on the internet. The AP sends the packets to my laptop where they are dropped. I've been looking for a solution to this problem without success. Basically is there a way for my laptop to forward all packets it sees from a certain IP address to whatever destination address they have?To clarify, my laptop is just the gateway of the AP and none of the packets are addressed to it at all, it just picks them up using a sniffer or similar tool.
1) i have to find the source and destination address in the ip and ethernet headers of a packet that go from my machine to the router.2) Then i have to do the same for the packet that goes from the router to my partner's machine.Then I have to answer the above questions but now for the echo replay.How could i see these address?The result could be found in the output of a tcpdump?
[guest@shakti guest]$ sudo tcpdump -en host 128.238.62.101 and 128.238.61.101 tcpdump: listening on eth0 20:27:36.662737 0:4:75:b5:20:bc 0:3:e3:2a:4a:60 ip 42: 128.238.61.101 > 128.238.62.101: icmp: echo request
I've a ssh server on FEDORA 12. It was going well but now it's overloaded with ARP traffic and is unable to run ssh. normally i'm getting about 150 packets in just 3 second
For learning purposes i've set up a vpn between a laptop (running ubuntu) and a pc (running windows). The 2 computers are on the same lan. The VPN server is set on the laptop, and as a guide i used this tutorial:The problem is that the mtu on the ppp0 interface is 1396 and the mtu on the eth0 interface is 1492 so in order to pass packets from the et0 if to the ppp0 if, the laptop needs to fragment the packets, and here is where the problem appears: the packets come with the don't fragment bit set. I've tried lowering the mtu of the eth0 if but that didn't work. The only way i managed to make this work is setting the ppp0 mtu size to 1492. The thing is that setting the mtu and mru in the pptpd-options file to 1492 doesn't do anything (at least to solve this problem) and the only way to set the mtu of the ppp0 if is to manually set it using: Code:sudo ifconfig ppp0 mtu 1492 The issue with this is that every time the connection resets i have to enter the command.
I've setup ufw rules on my system but noticed that the rule i created to allow traffic from my local network is still dropping some RST packets.here's part of the output of dmesg
we are using Red hat enterprise 5.4 for our internet connection with following ip's
eth0: 192.168.1.2 (local lan) eth1: 114.143.28.240 (static ip address for 1st isp) eth2: 192.168.100.149 (2nd isp modem connected with lan cable)
first isp i.e tata internet connected to the internet and working very well
now i want 2nd isp to work when the first isp goes down, i had configured all dns in the resolve.conf and squid.conf, when i switch off the 1st isp for checking that failover is working or not i cannot get internet packets from the second isp.
my Linux does not workDoes not accept incoming connectionsiptable disabledping is a network but cannot nor at 22 nor at any other connectsHow do I check what is blocking the connection thnx alot.OS Ubuntu 9.4
