I'm playing around with Libpcap trying to send a ping but whenever I send the requests they are never responded to, no errors given and it looks identical to a regular ping sent through the ping utility.
The left packet is sent through ping on the terminal and the right through my app. As far as I can tell the data field is optional so I don't include it, and the identifier/sequence numbers can be random, so they are randomised.
Am I missing something obvious here?
I notice you haven't validated your IP header checksum. Are you sure it is in fact correct? If it isn't the next router will silently drop the packet which is consistent with what you've seen. Wireshark should be able to validate the ip header checksum for you if you switch it on.
Related
I have a packet capture and I'm trying to find out which program a download was made with, where would I go in the packet to find this information?
Thanks all!
Instead of looking for answers within the packet, you may want to look at which port the download was done through. That could give you more information, and faster
I assume you know the destination ip address from where the file is downloaded. If it's something that you can catch while it's happening or you can trigger it then you could use netstat to determine the PID of the program that is handling that socket after filtering the netstat output based on the destination ip address.
Then you could use ps on Linux or TaskManager on Windows to know which program has that PID.
On windows: How to determine which program uses or blocks specific transmission control protocol ports in Windows
Alternative if the packet capture it's all you got and it's not a recurring event then if the download was done via HTTP you could check the headers of the HTTP request for info about the client in the User-Agent header.
Hope it helps.
I have use SNMP v1 and 2c for network discovery of printers by sending broadcast message with community "public" and it works just fine, but when I send broadcast message with version 3 of the protocol I got timeout error.
Do somebody share example of SNMPv3 device discovery?
Thank you.
Two things:
1) Doing a broadcast SNMPv1/v2c is actually not defined to work in the protocol. Cheap implementations will simply respond, as you've found, to any packet it sees that the kernel accepts to the port and not check the address. However, you'll also find some implementations that will not respond to broadcast packets. So that's actually not a surefire discovery mechanism in the first place. (Let alone, many vendors finally got smart and don't have public be the default community name)
2) SNMPv3, on the other hand, is even less likely to work because of how engineID discovery happens within the SNMPv3 protocol. SNMPv3 won't respond with a normal response PDU anyway, as it should respond with a REPORT PDU saying "this is my engineID" and you'd have to respond back with that engineID and the proper USM credentials to access the device.
In short, SNMPv3 was designed for security and there isn't a "public" equivalent any longer. You'd need to know how to access the device and can't just "guess".
I'm currently implementing my first application in Contiki on a Telos bmote and encountered a problem.
For my application (which utilises the uIP IPv4 stack) I need to be able to broadcast messages to all nodes.
I have looked through the source and found that in uip_over_mesh.c the packet is found to be for an external network and is then being sent to a gateway node on the network instead of being distributed to all nodes. If no gateway node is present it just drops the packet.
So in fact rather than the packet being broadcast to all the nodes in the network it's either just being dropped or being sent to just the gateway node and external network.
My problem is that I need it to broadcast to the other nodes in the network(as it should), is there a step I'm missing or am I doing something wrong?
Thanks :)
p.s. This is the rough code to get the message to send.
struct uip_udp_conn *udp_conn = udp_broadcast_new(UIP_HTONS(5001), state);
udp_bind(udp_conn,UIP_HTONS(5001));
uip_udp_packet_send(udp_conn, "hello",5);
Sorry that my question didn't seem clear. To clarify what I wanted to do was send an IPv4 UDP packet to the broadcast address i.e. send to all devices on the network using the all ones addr. But I found that the sending device would only forward the message to a gateway node if it was present on the network.
The question is not clear but what I understand from the question you want to broadcast a message anonymously to all neighbour motes. You have two choices to go.
If you are using RIME stack from contiki. There is already a code under example/rime/example-broadcast.c (have a look at line 79,80 ( packetbuf_copyfrom("Hello", 6); broadcast_send(&broadcast)); I have tested the code and it is working perfectly fine under teleosB. I strongly recommend you to go with uIP (IPv6) stack using RPL. For a large network it 'll be extremely hard to maintain rime stack.
You can use udp based ipv6 enable broadcast example from examples/ipv6/simple-udp-rpl. You do n't need to change anything for receiver function unless you want more additional features. This function 'll print receiver port, sender port and data length. You can add "addr" from "uip_ipaddr_t" in the receiver function if you want to print IP addresses. For sender the lines of code are (76-91). You do n't need to change for simple message like "hello". I tested the code and it works perfectly fine.
After lots more reading of the Contiki source I found that the problem lay in uip_over_mesh.c.
When a broadcast message(255.255.255.255) was being sent it was tripping up when the send function would check if the destination was within the local network (based on the netmask and destination address). Failing this it would then try to send it out to a local gateway(if one existed) to route it out of the network.
Although IPv4 UDP broadcast had been built into the api, I saw no evidence of it actually being implemented in the uip_over_mesh.c(I might be wrong and totally missed it). So to fix this I added a broadcast RIME channel and added a check for the all ones address where the previously mentioned gateway check was. A method to receive the broadcast messages was also implemented ensure broadcast message were correctly received and passed to the upper layers.
From what I gathered from here and the mailing list, IPv6 is where the focus is and not many people are knowledgeable or using the IPv4 uip stack. When I get some time I will dig up my modified uip_over_mesh.c and see if I can push the modifications, though I'm sure it's a bit of a hack and not of much use due to the above mentioned lack of interest.
Is it possible to modify users' HTTP request to
www.example.com/options
instead of
www.example.com/options_and_params
My scenario is that about 30000 users connect to my company's network backbone and I want to add one or more server (with the code I'm current working on) between the backbone switches and Radware LoadProof to achieve this work.
After googling all the night, I have no lead but some more questions:
I don't need to intercept every packet through the network. With some helps like iptables, I can filter out the package I want. I have done it before using iptables. However, packet is not equal to HTTP stream. Do I need to do HTTP re-construct?
If I successfully find a way to modify HTTP request URL content, I still should put it back to network stream. As I know TCP packets have a checksum and after I modify the content it must be wrong. How do I calculate a new checksum and put the packet back to network?
It's my first time to do network programming or packet processing develop. Any suggestion is appreciate.
This depends on whether you are doing HTTP/1.0 or HTTP/1.1 and whether its an initial request you need to modify or all requests in a single HTTP 1.1 session.
If you have the packet and can modify it before it is sent on and you are trying to modify just the request then given the length of a typical packet and the location of the URL in the HTTP request stream (very near the beginning) and the fact that it will be the first thing sent in the TCP stream I think you can fairly safely assume that it will be present in the first N bytes of the first packet sent and therefore won't be split over multiple packets.
However, if this is an HTTP/1.1 stream then multiple requests will be being sent via the same TCP connection in which case in future requests the URL may well be split over two TCP packets.
If you can maybe force HTTP/1.0 or possibly if you modify the initial or all requests to be HTTP/1.0 then you can be pretty sure that the first packet will correspond to the first packet of the TCP stream and that you are very unlikely to see the URL split over multiple packets, meaning no reconstruction and the ability to just do a replace.
However this will come at a cost of new TCP connections which is pretty inefficient.
If you don't and you leave it as HTTP/1.1 then the URL could be at any random point in any future request and therefore split over multiple TCP packets (two realistically given the size of the URL).
If I got your question right, then this could be probably done with some fast reverse-proxy like nginx.
I am using UDP network protocol to send message from various clients to a root server.
The message from client to server may not be sent directly and may be sent via other clients.
I want to know the clients via which the message is sent by looking at the message received at the root server. How to do this?
UDP does not include this information. You'll need to include something in your protocol if you want to keep track of servers through which the message has passed.
The traceroute program uses a trick to get bounced packets by setting the TTL to an increasing number. It starts with a TTL of 1 so that the first bounce comes from the closest server to the source. It then tries a TTL of 2 to get a bounce from the second server on the path, and so on.
traceroute is client-side and heuristic, i.e. works only for stable connections. Since you are essentially constructing an overlay network, the only ways to get information about the route is reconstructing the routing according to your routing algorithm (hard, and probably infeasible in a distributed network) or having each relay add a note (typically consisting of the relay's name, and the previous IP address) to the message.