I am currently working with Wireshark for a project and the question I am asked to answer is: Does the Packet List Pane display all the conversation between the two hosts? Why? I am using a uploaded p.cap file and am using the filter: (ip.src == 10.0.0.221) && (ip.dst == 122.167.99.148) as shown. Based on what I am seeing in Wireshark, I do not think this filter is showing the full conversation but I am not sure why this is. Any assistance on this would be much appreciated. I have attached the image links below.
enter image description here
enter image description here
You're right, you are indeed not seeing the whole conversation, since your filter looks for just one side of the conversation (packets sent from 10.0.0.221 to 122.167.99.148). You can fix this easily by just changing ip.src and ip.dst to simply ip:
(ip.src == 10.0.0.221) && (ip.dst == 122.167.99.148)
becomes
(ip == 10.0.0.221) && (ip == 122.167.99.148)
so you want every packet, which has the IP 10.0.0.221 and the IP 122.167.99.148.
Related
we bought a Printronix RFID printer T4304 with these dates:
FirmwareP301189 V1.21A
Serial NumberT4K431948007
Our wish is
to produce RFID-Labels with an QR-Code which includes the EPC-number
of the label. The QR-Code shall look like this:
http://qr.mycompany.com/epc/E280689123456789012345
We were hoping to use it with the Software Nicelabel. But Nicelabel
is only able to produce a QR-Code with only the EPC-Number but not
with our http://qr.my..../epc/ in front.
I had the idea to save the printjob as file. So I was able to
manipulate the file and send that file as printjob to the Printronix
printer like this:
lpr -S 192.168.1.2 -P raw myprintjob.prn
I found the document PTX_PRM_PGL_P7_253642C.pdf
which describes how the printer language is working. But I cannot
fulfill my destination.
My myprintjob.prn looks like this:
!PTX_SETUP
ENGINE-IMAGE_SHFT_H;0
ENGINE-IMAGE_SHFT_V;0
ENGINE-WIDTH;04146.
PTX_END
~NORMAL
~PIOFF
~DELETE LOGO;*ALL
~PAPER;INTENSITY 8;MEDIA 1;FEED SHIFT 0;CUT 0;PAUSE 0;TYPE 0;LABELS 2;SPEED IPS 6;SLEW IPS 6
~CREATE;FRM;99
SCALE;DOT;300;300
RFRTAG;96;EPC
96;DF511;H
STOP
ISET;0
FONT;FACE 92250
ALPHA
AF511;24;INV;POINT;329;1033;10;10;
STOP
BARCODE
QRCODE;INV;XD9;T2;E0;I1;95;843;
"http://qr.mycompany.com/epc/","EPCCODE"
STOP
END
~EXECUTE;FRM
~REPEAT;1
~AF511;<DF511>
~NORMAL
The result is a QRcode which only includes the first part of the string:
"http://qr.mycompany.com/epc/"
but not the "EPCCODE". I am looking for a hint how to do this.
Maybe I could find out the EPC-code via REST or telnet or so and create a special printjob for every single label?
Thanks for your help,
Richard
Printronix T4000, talk with port 9100 to get info from the printer
Author
Richard Lippmann, Stadt Zirndorf, EDV
Documentinformation
name: talk-with-port9100-to-get-infos-from-printronix-rfid-printer.md
revision: 2021-12-02 - init
What I want to achieve
I want to know the RFID-code from the label which is under the print-head.
With this information I am able to build a printjob with Qrcode which includes
the RFID-EPC.
I was not able to find out how to create a print-job with a qr-code.
I do not want this information in qrcode: ABC1234...567
But I want this information in qrcode: http://qr.mydomain.com/rfid/epc/ABC1234...567
With that I am able to take a picture of the label and go to a web-application
which helps me further with the device the label is on.
Documenation, where to find information
The printer language is described in the document which is easy to google: PTX_PRM_PGL_P7_253642C.pdf
My environment
Printronix T4000 printer with RFID-unit to read the RFID from the current label.
How to get info back from my printer
Usually Port 9100 is used to send a printjob to the Printronix-printer. Send job,
don't receive data. But you can switch the printer to be verbose, to send you
back information over the 9100-connection.
Glossary
EPC = this is the unique number which is in every RFID-label, just like
a MAC-address in a network card
PGL = the printer language. We can send printjobs with it, but also get information
from the printer about Configuration etc.
Human connect to the printer via Linux commandline
ssh me#shell.mydomain.com
export MYPRINTER=192.168.100.3
nc -v $MYPRINTER 9100
Put verbose mode on
The printer usually only receives information, but does not talk back.
You have to switch on the back-communication.
~CONFIG
SNOOP;STATUS
END
Put verbose mode off
I you are programming this interface with a programming
language like python, perl, ... it's a good idea to switch
verbose mode off after you did your job.
~CONFIG
SNOOP;OFF
END
IDENTITY
To see information:
put verbose mode on
send ~IDENTITY command
put verbose mode off
~CONFIG
SNOOP;STATUS
END
~IDENTITY
The result is:
T43040,V1.21A,12,131072KB
STATUS
To see information:
put verbose mode on
send ~IDENTITY command
put verbose mode off
~CONFIG
SNOOP;STATUS
END
~STATUS
The result is:
BUSY;0
PAPER;0
RIBBON;0
PRINT HEAD;0
COUNT;000
GAP;0
HEAD HOT;0
CUT COUNT;000000000
PRINT DIST;000001529
PRCT COMPLETE;000
TOF SYNCED;1
SENSED DIST;00450
END
Read one RFID-EPC-code from current label
These are things mentioned in this command:
~CREATE - start creating a new "form" (or subroutine to execute later)
VERIFY - the name of the subroutine we are creating. Keep it simple,
less than 15 characters, no special signs (see docu PTX_PRM_PGL_P7_253642C
page 60 under "CREATE" and page 29 under "Form Name" for exact informations)
NOMOTION - don't move the label to the next one after executing this job
DF511 = This is a variable-name, there seem to be a lot of variables in the printer
which are called by their numbers: DF1, DF2, ... I don't know which one I am
allowed to use, DF511 seems to work
96 = the RFID-EPC on my labels are 96 Bits long
H = Hexnumbers, the code is 96 Bit long, but I would like to see it like this:
ABC1234...567
VERIFY - a command to send information to the commandline.
~EXECUTE;VERIFY;1 - execute the form 1 time
~CONFIG
SNOOP;STATUS
END
~CREATE;VERIFY;432;NOMOTION
RFRTAG;96;EPC
96;DF511;H
STOP
VERIFY;DF511;H;*STARTEPC=*;*=ENDEPC\n*
END
~EXECUTE;VERIFY;1
~NORMAL
The result is:
STARTEPC=E28068940000501EC931EC87=ENDEPC
Read two RFID-EPC-codes
Reads 2 Barcodes and gives back the EPC-codes. With this command the label get
sent (moved) through the printer.
These are things mentioned in this command:
~CREATE - start creating a new "form" (or subroutine to execute later)
VERIFY - the name of the subroutine we are creating. Keep it simple,
less than 15 characters, no special signs (see docu PTX_PRM_PGL_P7_253642C
page 60 under "CREATE" and page 29 under "Form Name" for exact informations)
NOMOTION - don't move the label to the next one after executing this job
DF511 = This is a variable-name, there seem to be a lot of variables in the printer
which are called by their numbers: DF1, DF2, ... I don't know which one I am
allowed to use, DF511 seems to work
96 = the RFID-EPC on my labels are 96 Bits long
H = Hexnumbers, the code is 96 Bit long, but I would like to see it like this:
ABC1234...567
VERIFY - a command to send information to the commandline.
~EXECUTE;VERIFY;1 - execute the form 1 time
~CONFIG
SNOOP;STATUS
END
~CREATE;VERIFY;432
RFRTAG;96;EPC
96;DF511;H
STOP
VERIFY;DF511;H;*STARTEPC=*;*=ENDEPC\n*
END
~EXECUTE;VERIFY;2
~NORMAL
The result is:
STARTEPC=E28068940000501EC931EC87=ENDEPC
STARTEPC=E28068940000401EC931EC86=ENDEPC
I have a simcom7600 modem which I am trying out via AT commands.
I was able to use AT commands to setup the modem, and connect to an MQTT broker and exchange messages. Now I am trying to figure out how I can do something similar, but then with my own TCP/IP stack. Before diving into the deep there, I would like to confirm that I can get into data mode (PPP) which I am not able to, it seems.
I attached my modem (AT+CGATT=1), and activated it (AT+ACACT=1,1). I verified that I have a carrier/provider (AT+COPS?).
So I thought I was all set to send the ATO (online) commands. But it returns NO_CARRIER every time I try. I have no idea what I am doing wrong.
The logging that confirms above statements:
AT+COPS?
Sending command: AT+COPS?
AT+COPS?[CR][CR][LF]+COPS: 0,0,"NL KPN simyo",7[CR][LF][CR][LF]OK[CR][LF]
AT+cgatt?
Sending command: AT+cgatt?
AT+cgatt?[CR][CR][LF]+CGATT: 1[CR][LF][CR][LF]OK[CR][LF]
AT+cgact?
Sending command: AT+cgact?
AT+cgact?[CR][CR][LF]+CGACT: 1,1[CR][LF]+CGACT: 2,0[CR][LF]+CGACT: 3,0[CR][LF][CR][LF]OK[CR][LF]
ATO
Sending command: ATO
ATO[CR][CR][LF]NO CARRIER[CR][LF]
PS: the [CR][LF] stand for resp. \r and \n, I replace them before I log for ease of reading.
I obviously have to supply more info to the modem, but from this manual I can't seem to figure out which commands I miss, and how I could validate step by step that I am on the right track.
I found this nice document. I'll share it here in case somebody else struggles with this as well.
When I send the following commands:
ATZ (reset)
ATE0 (disable echo)
AT+CGREG? (check registration to PDP network)
AT+CGDCONT=1,"IP","internet" (set APN for my provider, they expect the string "internet")
ATD*99# (start data mode, aka PPP)
then I can break out and move back into PPP with the following commands:
+++ (send + character, wait for 700ms, send + character, wait for 700ms, send + character) => back to AT command mode
ATO (back to data mode)
NOTE: the APN your provider expects, is I think in all cases an easy Google. Your provider will most likely explain how to manually set your APN in case your phone won't do it automatically.
I've been struggling with PureFTP on my Orange Pi Zero (Armbian 5.38, ubuntu), I don't know what should I do to enter with system credentials, I have "no" on PAMAuthentication and "yes" on UnixAuthentication, I dont know why it takes me as "Anonymous" (ANONY. OFF).
I'm not using pure-ftpd.conf (That's getting me off) and I just want to leave as simple as it seems to work. I don't want to use Virtual Users, so pure-pw didn't be configured...
I think that could be by the TLS option, I'm trying to set it "pure-ftpd -Y 0" but frozen my ssh connection... Why? there are similar commands of PureFTP that do the same behavior, the temperature is okay (33ÂșC)
Thanks
Finally RESOLVED!
Forget to know what was inside auth/70pam or auth/65unix, that was my error... (contains YES or NO)
Once changed 65unix to "NO" and 70pam to "YES"
Then on conf/PAMAuthentication set to "YES", and UnixAuthentication to "NO" (Because PAMAuthentication includes a
module with Unix authentication , by default)
Finally It didn't was what I'm looking for (Because I was looking for an user with chroot only on 1 directory), so I created Pure-FTP virtual users (First create an user for Linux (ftpuser) and then you can create multiple "virtual users" through pure-pw command, simple once you understand virtual users of pureftp).
Hope it helps!
How do I capture all the packets in radio range of a particular node in contiki?
While reading the contiki mailing lists and contiki github, I could read people saying something about making changes to core/dev/cc2420.c file. Some people spoke about setting or resetting values of CC2420_CONF_AUTOACK.
I nowhere found proper information regarding putting a node in promiscous mode. Please help.
I guess what you mean to do is to disable the hardware address filtering. There is a radio API for this in Contiki:
#include "dev/radio.h"
// ...
radio_value_t radio_rx_mode;
if(NETSTACK_RADIO.get_value(RADIO_PARAM_RX_MODE, &radio_rx_mode) == RADIO_RESULT_OK) {
radio_rx_mode &= ~RADIO_RX_MODE_ADDRESS_FILTER;
NETSTACK_RADIO.set_value(RADIO_PARAM_RX_MODE, radio_rx_mode);
}
You can also disable automatic acknowledgements by removing the RADIO_RX_MODE_AUTOACK bit of the rx_mode, but that's a different setting.
I need to Write a Wireshark display filter to meet the following requirements.
All traffic from host 192.168.12.44 to host 192.168.12.1
I believe it is just
ip.src_host = 192.168.12.44 && ip.dst_host 192.168.12.1
or
ip.src== 192.168.12.44 && ip.dst==192.168.12.1
I'm just not sure which syntax is correct. Can anyone offer any tips/advice? I tried this on two different IPs that i can actually test yet they seem to offer different results, so I'm not sure which one I need.
ip.src & ip.dst are for IP adresses while ip.src_host & ip.dst_host are for their DNS names. Suppose an IP with the address 192.168.1.1 has a corresponding DNS name of mydns.mysite.com. Assuming you have enabled Resolve Network Address under View --> Name Resolution, then ip.src_host will filter mydns.mysite.com while when not enabled ip.src will filter 192.168.1.1
Please refer to this link for more information.