How can Wireshark effect network traffic? - wireshark

On our team we have a standardized development setup where we have a Win8 workstation with various VMs running on Hyper-V. All development takes place on a VM.
I was having an issue where I couldn't check out a project from a Team Foundation Server using VS2012, it would start checking out, but then the connection drops. I fired up Wireshark to check what's happening, but then it worked fine. I double checked:
When Wireshark(or rather WinPcap which is doing the actual capture), running on the workstation, is capturing packets from the VM's virtual NIC, everything works fine.
As soon as I stop the capture, TFS can't check out.
So I can't even properly inspect the network traffic to diagnose the issue, because the act of inspecting traffic changes it. Heisenberg would be proud!
I thought it might be an issue with Wireshark overriding some check-sum offloading settings, but it seems not to be the case.
So what else can be affected by running Wireshark? I rather thought that the point of packet sniffers is that they don't change the packets as they capture them.

That means you are picking traffic that normally would not be picked by the vmnic.
Try to check on mac address level what is happening. Maybe mac address conflict between VMs ?
ps. You can whireshark without promiscuous mode. The the Heisenberg rule should not apply :)

Related

Is it possible to access a Chromebook via ssh through USB?

My employer has asked me to prepare for testing several thousand Chromebooks (mix of models/manufacturers) to refurb/flip. This may be a recurring thing.
Most or all of these will be old enough that CCD will not be available. I'd like to connect a widget such as a Raspberry Pi to the USB and have it automate testing as much as possible.
I know I can use keyboard emulation to inject commands, but I'd like to get a crosh session running over USB so that I can read info from the DUT besides just controlling it.
Google shows bazillions of returns about using a Chromebook as an ssh terminal but what I'm looking for is the opposite. I'm prepared for the answer to be a simple "no" but I'm concerned because I can't find that anyone else has asked this question. I don't think I'm that creative, so I suspect my Goog-fu is weak.
The answer appears to be "no". However I solved it another way; using "gadget mode" I have a Raspberry Pi ZW enumerate as a keyboard and a serial port. I put the Chromebook into Developer mode, open a developer shell with ctrl/alt/F2, or on a PC/linux or Mac system open a terminal window and type "sudo su" (these have to be done manually). Then I have the RPi issue this bash command to identify the serial port "in the blind":
SERPORT=/dev/serial/by-id/$(ls /dev/serial/by-id) # Chromebook or PC/linux
(or)
SERPORT=$(ls /dev/cu.usbmodem*) # Mac
Now I can have the RPi inject commands via the keyboard, put ">$SERPORT" on the end of each command, and the output comes in the RPi gadget serial port. The RPi then packages the data and forwards it over WiFi to our CRM. It's working nicely for Chromebooks, PCs booted into linux, Mac desktops and Macbooks.
Edit:
The company I work for has actually turned this into a product and so I'm not sure how much detail I should share, but...
I learned my way around gadget mode on the RPi from this link. There are examples for setting up a keyboard and a serial port. Using the templates in that link, I made a device called /dev/hidg0 which emits keyboard scancodes from the RPi to the Chromebook. I also made a device called /dev/ttyGS0 which the Chromebook sees as a serial port.
So I send keystrokes with some python like:
with open("/dev/hidg0","bw") as hid:
hid.write(blah)
and then have the Chromebook send text to the serial port, which I then read by looking at /dev/ttyGS0
Hopefully this will be enough to get you started. I found the isticktoit link very helpful.

VMWare on Windows - Disabling Internet for CentOS7 VM without disabling network access

I need two things:
Disabled Internet access on my VM.
Enabled local network access from my VM.
I'm currently trying to replicate a bug on my CentOS7 VM which requires that I have no direct internet access, only able to connect to the web through a proxy on my local network. I've taken two paths to this so far:
Disable the Internet on my Windows machine. Why this didn't work: My VM just...froze until the internet was turned back on. Currently considering looking into the possibility of a daemon and disabling it.
Disable Internet access only on my VM. This hasn't worked yet. It's the path I'm taking right now, but everything I've tried has done the same as the above: frozen my VM, only this time in order to get it back I need to shut it down completely and restart it. Given that I have to mount drives on it to do what I need to do, it's understandable that this is a less than ideal approach. Below are images of my NAT settings and the in-VM Network UI.
I've also gone in and turned on Airplane Mode, disabled the IPv4 and IPv6 manually, and went through all the network settings to see what there was. A Google search turned up nothing except an OSX-specific workaround which I couldn't replicate on my system.
Does anybody have any suggestions?
EDIT:
The above still applies, but I'm trying to take another route to #2. What I'd like to do is shut down all traffic to my VM except from the proxy and network. However, my network is accessible only through my host machine, so I don't want to shut my host machine out entirely, just internet coming from it. Any thoughts?
You could achieve the desired effect by disabling the nameserver configuration.
Just empty the /etc/resolv.conf file (of course after making a backup for later).

Find out if a device is turned on in LAN using its MAC address without an IP

On a local network I'm sending a WOL (Wake-On-LAN) packet using sendto to the target MAC address. The code for that works without any problems and the target machine is turned on correctly. The problem is, that I don't know if the target machine has a LAN cable attached or not. If it's not attached, then the whole process fails. Unfortunately, sendto is unidirectional, so I don't know if my magic packet arrived.
I'm wondering about the best and fastest way to find out if WOL succeeded or not. Waiting for the device to boot up completely so I find out get and ping its IP address takes way too long.
Is there a way to "ping" a MAC address, i.e. get some sort of Layer-2-reply?
I need this solution for a Delphi application, but if you have a solution for a different language at hand you're welcome to post that as well. Thank you!

looking for alternative solution than IPFW for slowing down an internet connection

I need to slow down (simulate bad) internet connection, I found some documentation where it was achieved by "ipfw pipe" command , the thing is that in latest MAC OS versions , ipfw was deprecated (and removed)...
I was wondering if there are any alternative to the ipfw API ?
Does anyone know how latest Network Link Conditioner achieves it?
The original previous way which enabled to slow down an internet connection :
sudo ipfw pipe 1 config bw 56Kbit/s delay 200 plr 0.2
and to clear the pipe :
sudo ipfw delete 1
Thanks.
I don't know much about Mac OS (I use Linux myself), but I'll give this a shot.
A bunch of digging established that ipfw seems unavailable, as you say.
I was also unable to find a way to use the Network Link Conditioner from the command line. Everything should be usable from the command line, so that's stupid.
One work around would be to try to access the NLC from within AppleScript. The following will get you started on toggling the NLC:
property thePane : "com.apple.Network-Link-Conditioner"
tell application "System Preferences"
activate
set the current pane to pane id thePane
--delay 2
end tell
---
tell application "System Events"
tell application process "System Preferences"
try
click ((checkboxes of window "Network Link Conditioner") whose description is "enable switch")
on error
click ((checkboxes of window "Network Link Conditioner") whose description is "enable switch")
end try
end tell
end tell
I think that you can run a script from the terminal with osascript <SCRIPT>.
As an alternative, Charles Proxy is a pay-to-use program that can be used to perform throttling, provided you can convince the software you are testing to connect to the proxy's port rather than directly to the internet. Maybe there are free proxy solutions out there somewhere?
Perhaps Squid would work in that regard. SquidMan seems to be an easy-ish way to install it for Mac. It looks as though DelayPools and or Client Bandwidth Limits might be useful for simulating a low speed connection, though I can't find evidence of people having used them for such.
I found several solutions that might work. They come from some old threads, but they might help:
How to simulate slow internet connections on the mac
Apple has made a very handy official tool to slow down the network connections on you Mac for testing purposes.
The Network Link Conditioner preference is a free download from within Xcode (for Lion and later OS). Additionally, iOS has similar function accessible from within Xcode and iOS 6 or later.
How do I simulate a bad Wi-Fi connection on my iPad?
There are a few ways you can do this, depending on your situation:
Move further away from your router. While this may seem a bit obvious, I realize that it isn't always possible while testing/debugging (for example, if you are working on a desktop computer).
Put aluminum foil around the router and/or antenna. This will (partially) block some or all of the radio signals by creating a makeshift Faraday cage. The results you get will depend on the strength of your router signal, distance from the router, and other environmental factors.
Set your router's wireless signal power to a lower setting. The method for doing this is different for each router, so you will have to look at the user guide for instructions on how to do this.
Slow down internet for iOS simulator
You can set the network to slow characteristic by testing on devices. Go to Settings -> Developer Settings -> Network Link Conditioner -> Enable. This is for iPhone/iPad running iOS 6
I don't know if the last one you can still do.
I've used many methods in the past for slowing down network connections, among them:
performing a parallel download of some massive Linux ISO file;
physically pulling out the Ethernet cable (at one point, I actually toyed with the idea of building a push-button device that would sit between two cat5 cables and do this without having to physically disconnect the whole cable).
using ifconfig eth0 down ; sleep 1 ; ifconfig eth0 up.
Hopefully one or more of those methods will help.
If you're looking to slow down your network connection because you're doing testing/profiling work, one option is to get a specific device that can create network latency/noise.
For example Apposite Tech's mini2 WAN emulator allows you to change values for bandwidth and packet loss. You can roll your own device too using something like: http://wanem.sourceforge.net/ . It just depends on your needs, time and budget.

capture data packets in LAN

in my college lab all the PCs are connected via LAN by L2 switch. i want to capture the http data packets by wireshark but it is only showing the interface of my own PC. so how can i capture the packets of other PCs.
can somebody tell me working of wireshark?
It is in the nature of switches that you will only see either broadcast packets or traffic that has your MAC address as a destination, that is one of the crucial differences between a switch and a hub.
It is possible for most switches to be configured to copy traffic from one port to another, this is commonly done for monitoring purposes, but that has to be done via administrative access to the device.
You can manipulate the switch's behavior by means of ARP-Spoofing. But be cautious! Doing so might be seen as a criminal act.
So be sure that you're allowed to do so in the lab, sometimes that's OK if it serves the educational purpose. Ask your supervisor or the school's administrator.
My weapon of choice for such things is Ettercap.
A far less intrusive approach would be to use one of your own switches and configure it to forward all traffic. Then you can connect one port as an uplink to the lab's switch, one port to the device under test and one port to your machine running wireshark. (I would recommend using tcpdump for capturing, though.) If you don't have a manageable switch at hand, you can also use a router running OpenWRT.

Resources