Search Results

Search found 1687 results on 68 pages for 'packet sniffing'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 4/68 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Can fragments of a packet be refragmented again?

    - by gsinha
    In IPv4, fragmentation is done by routers on way to the destination if DF(do not fragment) flag is not set in the IP packet. Once a packet is fragmented, its fragments may take different paths (due to various reasons like topology changes) to the destination. If, on some link again in the path to destination, one routers find that the link MTU is smaller than the frame size, then either the packet needs to be fragmented or dropped. Can fragments of a packet be refragmented again? If yes, what will be the value of MF flag in the new individual fragments created by this?

    Read the article

  • sniffing on a switched LAN

    - by shodanex
    Hi, I often find myself in the position of having to sniff on a connection between for example an arm board I am developing on, and another computer on the network, or out of the network. The easy situation is when I can install a sniffer on the computer talking to the embedded device. When it is not possible, I currently install an old 10Mb/s HUB. However I am afraid my HUB might stop working, and I would like to know some alternative. Here are the alternatives I could think of : Buy another HUB. Is that still possible ? Have some sort of ethernet sniffing bridge, like what they do for USB. I am afraid this kind of device is expensive. use ARP poisoning.

    Read the article

  • Are random packets normal?

    - by TheLQ
    About a month ago on one of my servers I started receiving random packets from IPs all over the world. So I did the smart thing and stopped putting off installing an IDS. This IDS is a ClearOS Gateway which comes with Snort and SnortSam. I enabled it, checked There is a total of 4 ports open, two of which forward to the server I'm talking about. These ports are 3724 and 8085, so they aren't going to be easily detected in a port scan. However checking some logs of this server I found that the attack is resuming. I found this ... Accepting connection from '75.166.155.122' [Auth] got unknown packet from '75.166.155.122' Accepting connection from '98.164.154.93' [Auth] got unknown packet from '98.164.154.93' Ping MySQL to keep connection alive Accepting connection from '70.241.195.129' [Auth] got unknown packet from '70.241.195.129' Accepting connection from '67.182.229.169' [Auth] got unknown packet from '67.182.229.169' Accepting connection from '69.137.140.38' [Auth] got unknown packet from '69.137.140.38' Accepting connection from '76.31.72.55' [Auth] got unknown packet from '76.31.72.55' Accepting connection from '97.88.139.39' [Auth] got unknown packet from '97.88.139.39' Accepting connection from '173.35.62.112' [Auth] got unknown packet from '173.35.62.112' Accepting connection from '187.15.10.73' [Auth] got unknown packet from '187.15.10.73' Accepting connection from '66.66.94.124' [Auth] got unknown packet from '66.66.94.124' Accepting connection from '75.159.219.124' [Auth] got unknown packet from '75.159.219.124' Accepting connection from '99.102.100.82' [Auth] got unknown packet from '99.102.100.82' Accepting connection from '24.128.240.45' [Auth] got unknown packet from '24.128.240.45' Accepting connection from '99.231.7.39' [Auth] got unknown packet from '99.231.7.39' Accepting connection from '206.255.79.56' [Auth] got unknown packet from '206.255.79.56' Accepting connection from '68.97.106.235' [Auth] got unknown packet from '68.97.106.235' Accepting connection from '69.134.67.251' [Auth] got unknown packet from '69.134.67.251' Accepting connection from '63.228.138.186' [Auth] got unknown packet from '63.228.138.186' Accepting connection from '184.39.146.193' [Auth] got unknown packet from '184.39.146.193' Accepting connection from '69.171.161.102' [Auth] got unknown packet from '69.171.161.102' Accepting connection from '76.0.47.228' [Auth] got unknown packet from '76.0.47.228' Ping MySQL to keep connection alive Accepting connection from '126.112.201.14' [Auth] got unknown packet from '126.112.201.14' Ping MySQL to keep connection alive Now that scares me. Why isn't Snort detecting this? How were they able to find this specific port? More importantly, what normally would these packets contain? Is this something I should be worried about? How can I stop this?

    Read the article

  • Monitoring ASA packet loss via SNMP

    - by dunxd
    I want to monitor packet loss on my ASA 5505 VPN endpoints using SNMP. This is so I can graph the rates in Cacti and/or get alerts in Nagios. However, I am not sure what SNMP values I should use to measure packet loss. In the ASA I can run sh interface Internet stats to show traffic statistics for the interface connected to the Internet. This shows 1 minute and 5 minute drop rates. Are these measures an indicator of packet loss? Are there SNMP values I can access that correspond to those values? Should I be looking at different values? Is the ASA even able to measure packet loss?

    Read the article

  • Win7 Prof. Computer won't wake on lan via Magic Packet from outside network

    - by Michael
    Hi all. I just purchased a new computer running Windows 7 Professional x64. I'd like to save power by having it sleep after an hour, but I would also like to be able to Remote Desktop into it at my leisure. I set up a static IP and have port forwarding set up on the router. If the computer is awake, the RDP connection works just fine. I downloaded and installed Wake-On-Lan thanks to this article If I put my new computer to sleep and send the magic packet from my old computer inside of my home network it wakes up. If I do the same thing, however, from my work computer outside the network it does not. I figured the Firewall was blocking the incoming traffic, but nothing in the Windows Firewall logs points to this happening. I'm wondering if anyone has any suggestions or any tests I can run through in order to narrow down what the problem might be. Thanks in advance for any help you might be able to offer.

    Read the article

  • (Solved) ERROR: Packet source 'wlan0' failed to set channel 2: mac80211_setchannel() in Kismet and Ubuntu 12.10

    - by M. Cunille
    I have installed Ubuntu 12.10 in my computer with an Atheros AR5007 wireless card. I want to use Kismet but when I run it it starts displaying the message: ERROR: Packet source 'wlan0' failed to set channel X: mac80211_setchannel() It keeps displaying the same for every channel except channel 1. I have installed the compat-wireless-3.6.6-1 drivers and patched them with the following patch in order to use them with aircrack-ng. I have installed the latest version of Kismet in the git repository and I even tried with the svn but it keeps displaying the same error. I also have set the kismet.conf file with the nsource=wlan0 as it is the name of my wireless interface according to iwconfig : lo no wireless extensions. wlan0 IEEE 802.11bg ESSID:"XXXX" Mode:Managed Frequency:2.412 GHz Access Point: XX:XX:XX:XX:XX:XX Bit Rate=18 Mb/s Tx-Power=20 dBm Retry long limit:7 RTS thr:off Fragment thr:off Power Management:off Link Quality=28/70 Signal level=-82 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:282 Missed beacon:0 I haven't found any answer since similar errors are supposed to be fixed with the latest Kismet release but this isn't my case. Any help will be appreciated. Thank you!

    Read the article

  • In what way I can implement packet filtering function in C++/C#?

    - by Network study
    Background: I am going to design a firewall-like application (with GUI) which will include several functions such as Packet sniffing and packet filtering. Both of the functions should be implemented to support different protocol levels including application, transport, network and link layer. I only know a little in C#.Net programming to perform the IP packet sniffing. It is also known that packet filtering requires the techniques in WFP or LSP and packet sniffing in application requires dll hooking. Questions: I am not sure which programming language(either C++ or C#) would be suitable for designing such an application described above. If I want to implement the packet filtering function, any libraries will be needed? edit01: Someone suggest that winDivert would be helpful, is it true?

    Read the article

  • Wake on Lan Remote not waking PC while the PC does receive the packet.

    - by Nycrea
    Over the last couple of weeks, I have been trying to set up WOL from a remote location. When I use my laptop to wake the machine locally, it works just fine. (for some reason, when I try to wake from my phone with an app called "WOL wake on lan" it does not work locally either, but I'll get to that later) Anyway, when the machine is turned on, and I let it 'listen' for incoming magic packets (with a program called "WOL magic packet sender") on my specified port, it does receive them, though when turned off, the machine does not wake. When sending from phone, either locally or via 3G remotely, it does receive but does not wake as well. Because the machine does receive them when turned on and listening, but does not wake when turned off, I am convinced the cause of the problem is my receiving PC, rather than the router or the sender. Some extra info: The receiving machine is a PC running Windows 7 64bit. My router is the Netgear JWNR2000v2. I have the port I use forwarded to my PC's static IP in the router. If anyone could help, or just share your own story with the same problem, maybe we can work this out. Thanks a lot in advance.

    Read the article

  • http sniffer not working in a LAN setting

    - by trinity
    Hi , I wrote a http sniffer program , first ran it in my standalone pc < fedora OS , and it worked well. And when i tried this in a LAN setting < bus-LAN , fedora OS again , and set the eth0 to promisc mode , the program captures only the URLs browsed by the system in which it is running , but not the ones browsed in neighbouring systems.. Am i missing something here.. i've heard people talk about " setting up subnets " , " use routers / additional ethernet cards " etc , but i dont really understand / know how to do / or even if i should be doing anything of that sort.. please help ..

    Read the article

  • Issue reading packets from a pcap file. dpkt module. What gives?

    - by Chris
    I am running the following test script to try to read packets from a sample .pcap file I have downloaded. It won't seem to run. I have all of the modules, but no examples seem to be running. import socket import dpkt import sys pcapReader = dpkt.pcap.Reader(file("test1.pcap", "rb")) for ts, data in pcapReader: ether = dpkt.ethernet.Ethernet(data) if ether.type != dpkt.ethernet.ETH_TYPE_IP: raise ip = ether.data src = socket.inet_ntoa(ip.src) dst = socket.inet_ntoa(ip.dst) print "%s -> %s" % (src, dst) For some reason, this is not being interpreted properly. When running it, I get KeyError: 138 module body in test.py at line 4 function __init__ in pcap.py at line 105 Program exited. Why is this? What's wrong?

    Read the article

  • Flow of packets in network

    - by user58859
    I can't visualize in my mind the network traffic flow. eg. If there are 15 pc's in a LAN When packet goes from router to local LAN, do it passes all the computers? Does it go to the ethernet card of every computer and those computers accept the packet based on their physical address? To which pc the packet will go first? To the nearest to the router? What happens if that first pc captures that packet(though it is not for it)? What happens when a pc broadcast a message? Do it have to generate 14 packets for all the pc's or only one packet reach to all pc's? If it is one packet and captured by first pc, how other pc's can get that? I can't imagine how this traffic is exactly flows? May be my analogy is completely wrong. Can anybody explain me this?

    Read the article

  • Using T[1] instead of T for functions overloaded for T(&)[N]

    - by Abyx
    The asio::buffer function has (void*, size_t) and (PodType(&)[N]) overloads. I didn't want to write ugly C-style (&x, sizeof(x)) code, so I wrote this: SomePacket packet[1]; // SomePacket is POD read(socket, asio::buffer(packet)); foo = packet->foo; But that packet-> looks kinda weird - the packet is an array after all. (And packet[0]. doesn't look better.) Now, I think if it was a good idea to write such code. Maybe I should stick to unsafe C-style code with void* and sizeof? Upd: here is another example, for writing a packet: SomePacket packet[1]; // SomePacket is POD packet->id = SomePacket::ID; packet->foo = foo; write(socket, asio::buffer(packet));

    Read the article

  • Packet dropped even when firewall is turned off in windows server 2008

    - by LightX
    We have a windows 2008 server and lately we have started seeing a lot of 5152 Events logged in the server (Windows Filtering Platform blocked a packet). We have an inbound rule configured to allow connections to the port which was working fine earlier. I'm not sure what changed lately. But this doesn't make any sense. The packet is dropped even when windows firewall is disabled. What am I missing?

    Read the article

  • Constructing radiotap header and ieee80211 header structures for packet injection

    - by hektor
    I am trying to communicate between two laptop machines using Wifi. The structure of the radiotap header and ieee80211 header I am using is: struct ieee80211_radiotap_header { unsigned char it_version; uint16_t it_len; uint32_t it_present; }; /* Structure for 80211 header */ struct ieee80211_hdr_3addr { uint16_t frame_ctl[2]; uint16_t duration_id; unsigned char addr1[ETH_ALEN]; unsigned char addr2[ETH_ALEN]; unsigned char addr3[ETH_ALEN]; uint16_t seq_ctl; }; struct packet { struct ieee80211_radiotap_header rtap_header; struct ieee80211_hdr_3addr iee802_header; unsigned char payload[30]; }; /* In main program */ struct packet mypacket; struct ieee80211_radiotap_header ratap_header; struct ieee80211_hdr_3addr iee802_header; unsigned char addr1[ETH_ALEN] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF}; /* broadcast address */ unsigned char addr2[ETH_ALEN] = {0x28,0xcf,0xda,0xde,0xd3,0xcc}; /* mac address of network card */ unsigned char addr3[ETH_ALEN] = {0xd8,0xc7,0xc8,0xd7,0x9f,0x21}; /* mac address of access point i am trying to connect to */ /* Radio tap header data */ ratap_header.it_version = 0x00; ratap_header.it_len = 0x07; ratap_header.it_present = (1 << IEEE80211_RADIOTAP_RATE); mypacket.rtap_header = ratap_header; /* ieee80211 header data */ iee802_header.frame_ctl[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | IEEE80211_FC0_SUBTYPE_BEACON; iee802_header.frame_ctl[1] =IEEE80211_FC1_DIR_NODS; strcpy(iee802_header.addr1,addr1); strcpy(iee802_header.addr2,addr2); strcpy(iee802_header.addr3,addr3); iee802_header.seq_ctl = 0x1086; mypacket.iee802_header=iee802_header; /* Payload */ unsigned char payload[PACKET_LENGTH]="temp"; strcpy(mypacket.payload , payload); I am able to receive the packets when I test the transmission and reception on the same laptop. However I am not able to receive the packet transmitted on a different laptop. Wireshark does not show the packet as well. Can anyone point out the mistake I am making?

    Read the article

  • Sniffing at work- How to detect

    - by coffeeaddict
    Because of the place I work has some real issues (people) especially in IT and the owner, I wonder if we are being sniffed. Is there any way to tell if on a Vista 64-bit machine: 1) In system logs some identification that would tell me that someone might log into my PC such as an Admin 2) Something in the logs that would give me a flag about maybe I'm being monitored some other way? 3) How can I be sure that my gmail, hotmail, and chat is not being sniffed. I know there are things like Simp, etc. I'm talking about specific hidden system signs either in registry or logs. Obviously I'm not going to raise any suspicion by me asking our network admin. I don't trust anyone at this company. is there a good way to basically monitor for this as an end user? Could someone log in and basically watch me work and if so, would there be any goodies left behind for me to find out if this has happened other than visual signs which would not be present...maybe some running processes?

    Read the article

  • Network Sniffing and Hubs

    - by Chris_K
    This will likely seem naive to the experts... but it has been on my mind lately. For years I've been using ntop and a cheap 4 port hub to sniff client networks to determine who's doing what -- and how much. Great way to see what's going on when they call and say "Geeze, the network seems really slow today." No need to bring in a managed switch (or access the existing one) and no need to configure spanning or mirroring. I just drop in the hub inline where I want to measure. Lately I noticed it is just about impossible to buy a real honest-to-goodness hub anymore. While looking for a new one, I had someone tell me that I should be sure to get a full-duplex hub or I'd only be seeing half the traffic when I monitor. Really? I've been using a crusty old Netgear DS104 all this time. No clue if it is half or FD. Have I really been understating my measurements? I'm just not bright enough about the physical layer to really know... Side note: Just ordered a Dualcomm Ethernet Switch TAP as a hub replacement. Seems like a nifty gadget. Any notes or tips about it would be welcome in the comments :-)

    Read the article

  • Boost Asio UDP retrieve last packet in socket buffer

    - by Alberto Toglia
    I have been messing around Boost Asio for some days now but I got stuck with this weird behavior. Please let me explain. Computer A is sending continuos udp packets every 500 ms to computer B, computer B desires to read A's packets with it own velocity but only wants A's last packet, obviously the most updated one. It has come to my attention that when I do a: mSocket.receive_from(boost::asio::buffer(mBuffer), mEndPoint); I can get OLD packets that were not processed (almost everytime). Does this make any sense? A friend of mine told me that sockets maintain a buffer of packets and therefore If I read with a lower frequency than the sender this could happen. ¡? So, the first question is how is it possible to receive the last packet and discard the ones I missed? Later I tried using the async example of the Boost documentation but found it did not do what I wanted. http://www.boost.org/doc/libs/1_36_0/doc/html/boost_asio/tutorial/tutdaytime6.html From what I could tell the async_receive_from should call the method "handle_receive" when a packet arrives, and that works for the first packet after the service was "run". If I wanted to keep listening the port I should call the async_receive_from again in the handle code. right? BUT what I found is that I start an infinite loop, it doesn't wait till the next packet, it just enters "handle_receive" again and again. I'm not doing a server application, a lot of things are going on (its a game), so my second question is, do I have to use threads to use the async receive method properly, is there some example with threads and async receive? Thanks for you attention.

    Read the article

  • Packet loss rate with iperf and tcpdump

    - by stefita
    I tested a line for its link quality with iperf. The measured speed (UDP port 9005) was 96Mbps, which is fine, because both servers are connected with 100Mbps to the internet. On the other hand the datagram loss rate was shown to be 3.3-3.7%, which I found a little too much. Using a high-speed transfer protocol I recorded the packets on both sides with tcpdump. Than I calculated the packet loss - average 0.25%. Have anyone an explanation, where this big difference may be coming from? What is an acceptable packet loss in your opinion?

    Read the article

  • Setting up Linux VPN Client on Mint: Never sends "Set-Link-Info" packet

    - by cabanaboy
    I have tried to set up a VPN Connection on the Linux Mint disto, but could not get it working. When I use a Windows 7 VPN client it works fine. I brought up Wireshark on both Windows and Linux machine and noticed that on the Windows machine, the client never attempted to send the "Set-Link-Info" packet whereas the Windows (working) VPN client did. Why isn't the Linux Mint client sending the "Set-Link-Info" packet. I think if it did that, then my connection would work. What am I missing?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >