TLDR: Why would a layer 2 packet injection of a PING request not work on a computer, when the packet is an identically structured packet from a successful packet injection PING request from the "pinging" computer? (essentially why would a spoofed ping request fail?)
Test Setup/ Issue:
I have two computers, A (192.168.0.36) & B (192.168.0.36), connected directly via Ethernet.
I manually create and inject a PING request on A to ping B (i.e. as if running "ping 192.168.0.37" from a terminal on A). This works, and I can see B receive and respond to the ping request using Wireshark on computer B.
Then, I manually create and inject an identical PING request (from the test above) on B to ping B (i.e. as if running "ping 192.168.037" on A, except injected directly into B's Ethernet interface from software run locally on B). The injection works and Wireshark shows a packet identical to the original test from A to B, expect it is met with no response.
My question is, why?
I'm assuming I'm lacking something fundamental about network interface security or OS security settings or something.
I'm running Ubuntu 16.04. I'm injecting packets with manually created Layer 2 headers. I am setting cap_net_raw,cap_net_admin+eip on my executable. Following code/guidance from this site: http://www.pdbuchan.com/rawsock/rawsock.html
In Wireshark main image, first to ping entries show a successful transaction from my own injected packets onto computer A. The last entry is the spoofed packet injected by me directly on to computer B. Packets are identical. Second Wireshark shows the packets side by side.
Wireshark Main View
Packets Side by Side
Try disabling Reverse Path Filtering sudo sysctl -w 'net.ipv4.conf.all.rp_filter=0'
Related
All this is done in the Cooja simulation.
I need to develop a project in which I have a mote (or many) that acts like a sensor and sends data to a server which does computations and publishes the results on a topic using MQTT.
In both cases I assign IPs to motes using the rpl-border-router example provided by Contiki-NG.
I can publish fake data created by the server and publish it through the border router via MQTT; I can create a tree to send the values from the sensor motes to the server using UDP and compute what The problem is that I can't connect the two.
I don't attach the code because I want to understand the structure that I should use to accomplish this and the general idea behind the solution you propose, if possible
I tried two configurations but none works, because I think I don't have the right structure.
These are the two settings:
one mote per functionality: 1 sensor (1) sending data via UDP to a server (2), this server is set as root using NETSTACK_ROUTING.root_start(), which should publish data through MQTT via the rpl-border-router (3). I think the error here is that the server is set as root, while the rpl-border-router should, but then how can I send data to the server for computations?
use the rpl-border-router (1) as server also, so it computes the outcomes and publishes through MQTT, receiving the values via UDP from sensor mote (2). The problem here is the synchronization between MQTT broker assignment and IPv6 assignments, since both require IP
Thank you
I have 2 nodeMCU modules, which I want to connect to an MQTT broker and send some data every 5 seconds.
The topology I am trying to achieve is sth like [router]<==[nodeMCU#1]<==[nodeMCU#2]
It looks like [nodeMCU#1] is a wifi extender, but at work we are planning on using multiple nodeMCU's to use in a mesh-like way for an IoT application.
On both of them I flashed the latest (float) release that I downloaded from here https://github.com/nodemcu/nodemcu-firmware/releases/tag/0.9.6-dev_20150704 using nodeMCU-flasher.
For this project wrote 2 lua scripts and I have uploaded them to the modules using ESPlorer.
For the first module it connects in STATIONAP mode to my work wifi, and creates its own network with SSID nodeMCUwifi, with a basic password of 10 characters "1234567890". After it connects the script sends random values to an MQTT topic.
For the second module connects to nodeMCUwifi correctly, it is assigned an IP address, but it cannot connect to the MQTT broker.
When I try to connect to nodeMCUwifi using my smartphone (just to test the connection, I have no intention of using this system for heavy internet load, only MQTT messages) I get a message "authentication error occured" even though I have typed the password correctly, or (in rarer cases)it connects but disconnects immediately.
I would appreciate any ideas to resolve this issue. Thank you.
EDIT: At the AP configuration I added the auth parameter set to 3, I am pasting a part of my code below.
cfg.ssid="ESP8266_"..node.chipid();
cfg.pwd="1234567890"
cfg.auth=3
wifi.ap.config(cfg);
Now my laptop and my smartphone connect to the wifi created by the module, but still have no connectivity to the internet. I can ping the module, but I can't ping 8.8.8.8 or the MQTT broker IP or anything else.
As I understand, [nodeMCU#1] creates a wifi network named nodeMCUwifi. Then the others are trying to connect to nodeMCUwifi. As You stated:
Now my laptop and my smartphone connect to the wifi created by the module, but still have no connectivity to the internet. I can ping the module, but I can't ping 8.8.8.8 or the MQTT broker IP or anything else.
I assume your laptop and smartphone connects to the nodeMCUwifi network. Now you want this [nodeMCU#1] act like layer 2 switch or something like router(since SOFTAP creates its own ip network).
With all this information on hand, I can say that the purpose you are trying to achieve is not possible with esp. Since esp has not enough resources to act like switch or similar. Also (currently) there is no software implemented in esp to achieve that.
However; if only you want the system to transfer certain type of traffic (such as MQTT) over a certain protocol (such as UDP) it is possible to relay the messages like a mesh structure but this will work one-way only. In this configuration the nodes will act more like repeater but on upper layers of OSI. For this idea i cannot provide sample code but I will provide pseudo-code below:
Configuration
> Each node must be configured to build a chain structure. That means each SOFTAP node should have different SSID or TCP settings. For example:
router(192.168.0.0)<----[NODE#1(SOFTAP0)]<----[NODE#2(SOFTAP1)]<---...
...
...
...<----[NODE#n(STATION)]
> Each node must have a TARGET IP address according to setup. This means every node will send the MQTT message to that address.
> If a node is configured as a SOFTAP, this means this system is a TARGET and must listen to a specific port.
> If a SOFTAP node receives some data on the port that is listening to, it should send the data immediately (or buffering) to its TARGET node.
> As a result of this chaining operation the message, no matter what is the source, will reach to the end of the chain.
CODE : SOFTAP
...soft ap config...
listento.port: udp.965
on("receive"):
create.conn:TARGET
send(DATA_RECEIVED)
close.conn:TARGET
CODE : STATION
...station config...
...Do some logic...
data=gather.data()
create.conn:TARGET
send(data)
close.conn:TARGET
I'm using a real machine (hp procurve) for my project, I need to send message of other protocol format, OSPF for instance, instead of flows, from controller side to OpenFlow switch through socket(by specifying ip address and port of the OF switch).
But everytime I try to do this, I get "Connection refused" error message, I guess that it might be that the port on OpenFlow switch I'm sending the message to is not listening, so I think I might need to use the same port for the sending which OpenFlow switch uses to talk to the controller, like the port 51067 in the log info :
Switch:192.168.1.11:51067 is connected to the Controller
My question is, how do I retrieve the port information on the controller side, since it is changing every time I restart it? I couldn't find this information.
Or am I going the wrong direction that I need to go another way around instead of sending the message using socket?
Thanks a lot in advance, any suggestions will be appreciated.
jonesir
I think you are misunderstanding the nature of networking ports, protocol numbers, and protocols such as OSPF. Let me clear those up:
Port numbers: Usually, there is exactly one application listening on a single port: The operating system/networking stack checks each packet of certain types (e.g. TCP or UDP) for the port number and then passes the packet to the application that registered itself for that specific port. If the application cannot handle the received packet then usually it will just ignore it or log an error.
Aside: It is possible for two applications to communicate on the same port only if you put some sort of multiplexing application before both (usually a reverse proxy, possibly a TCPMUX application). This multiplexing application would take incoming packets, determine what type of packet it is and then pass it to the correct application.
Protocol numbers: The protocol number is a field inside an IP packet that tells the networking stack what type of data is contained inside. For example, TCP is protocol 6, ICMP is 1, and OSPF is 89.
OF switches: Now, logically an OF switch consists of two components: 1) the switching fabric (which includes the physical ports and OF flow tables), and 2) a separate physical port to for out-of-band control, with several applications running behind it. One of these applications is the OpenFlow application, which in your case happens to listen on port 51067. But in real switches, other applications might also be running on different ports, e.g. a web interface running on port 80 for maintenance etc.
OSPF: If you now wanted to talk to the application serving the web interface, you'd send a TCP packet with destination port 80 from your controller to the switch. Similarly, if you'd like to install a new flow, you'd send an TCP packet with port 51067 in your case. OSPF is quite different, as it directly uses IP packets and does not use port numbers. To process an OSPF packet, an application needs to use a raw socket to process the incoming IP packets that have protocol number 89, and skip all others. See also the raw manpage here. This will already be built into your OF switch.
Thus, if you want to send an OSPF packet to the OF switch (and your OF switch supports OSPF on the separate physical port!), you'd just send an OSPF IP packet to the switch's IP address (192.168.1.11), no port needed!
Note that the separate physical port might not support all of the features of the other ports on the OF switch, as they are not intended for the same uses.
I've set up a networking project to communicate over LAN or WAN via hole punching. I'm using GCSAsyncUdpSocket for the clients. I have a rendezvous server which is port forwarded to be accessible from all incoming connections. My setup works like this:
Client A connects to the server.
Client B connects to the server.
Server observes the IP address and Port used by both clients.
Server tells Client A to communicate with public IP Address B and public Port B.
Server tells Client B to communicate with public IP Address A and public Port A.
Client A sends periodic data to Client B.
Client B sends periodic data to Client A.
This is where it goes a bit weird. While the clients are on the same network, which we've tried on both our networks, nothing works. But, if the devices are connected on different networks (both with different providers and are not linked directly) then one of the devices receive data, while the other does not.
This also fails to work on 3G completely.
What I can't understand is how it works 1-way with 1 device on each network, but not at all with both devices on the same network?
I've since found that one of our routers is detecting the messages being sent from one client to another contain different target IP addresses of that to the Server, and then our router decides that these messages should then be sent via a different external port. This is where the problem was coming from. Using a bit of port prediction, this hurdle can be overcome most of the time.
For those who are interested, most of the time if a connection cannot be found at the presumed port, it will most likely be at the very next port (ie. Port# + 1). If not, it gets a little bit complex from there to work out.
in my college lab all the PCs are connected via LAN by L2 switch. i want to capture the http data packets by wireshark but it is only showing the interface of my own PC. so how can i capture the packets of other PCs.
can somebody tell me working of wireshark?
It is in the nature of switches that you will only see either broadcast packets or traffic that has your MAC address as a destination, that is one of the crucial differences between a switch and a hub.
It is possible for most switches to be configured to copy traffic from one port to another, this is commonly done for monitoring purposes, but that has to be done via administrative access to the device.
You can manipulate the switch's behavior by means of ARP-Spoofing. But be cautious! Doing so might be seen as a criminal act.
So be sure that you're allowed to do so in the lab, sometimes that's OK if it serves the educational purpose. Ask your supervisor or the school's administrator.
My weapon of choice for such things is Ettercap.
A far less intrusive approach would be to use one of your own switches and configure it to forward all traffic. Then you can connect one port as an uplink to the lab's switch, one port to the device under test and one port to your machine running wireshark. (I would recommend using tcpdump for capturing, though.) If you don't have a manageable switch at hand, you can also use a router running OpenWRT.