Search Results

Search found 1582 results on 64 pages for 'packet snifers'.

Page 41/64 | < Previous Page | 37 38 39 40 41 42 43 44 45 46 47 48  | Next Page >

  • Troubles doing transparent proxy for virtual machines

    - by Dan H
    Hi iptables gurus. First here is the basic topology: Internet | Gateway | Workstation---eth0---virbr0 | +-----+-----+ | | | vm1 vm2 vm3 I need to test a traffic analyzer running on my workstation, listening on some port (say 8990) on eth0. The rule [I think] I want is "any packets leaving virbr0 going anywhere to port 80 must instead go to port 8990 on eth0". My software running on port 8990 does its own check of the NAT packet mangling to push the packets through after it inspects them. I've been banging my head on this, with different variants of: iptables -t nat -A PREROUTING -i virbr0 -p tcp --dport 80 -j DNAT \ --to 10.0.0.10:8990 And I've tried the more generic method of using the mangle table with --set-mark and ip rule add fwmark, but I'm not getting it. I guess what's confusing me is that everything runs on the same box. Thanks for any guidance.

    Read the article

  • Manually forcing TCP connection to retry

    - by Vi.
    I have a TCP connection (SSH session to some computer for example) Network suddenly goes down and drops all packets (disconnected cable, out of range). TCP resends packets again and again, retrying with increasing delays. I see the problem and plug the cable back (or restore network somehow). TCP connection finally successfully resends some packet and continues. The problem is that I need to wait for a some timeout on point 5. I want to use my opened SSH session now and not wait for 5-10 seconds until it finds out that connection is working again. How to force all TCP connections to resend data without delays in GNU/Linux?

    Read the article

  • Frequent occurence of FULL GC.

    - by Viji
    Hi, There is a frequent occurence of FULL GC in our system. We are using Java application running on Tomcat server. Our application is running using internal load balancer setup. We are seeing lot of Full GC's in the server logs due to which the application is hung and Proxy errors are occured. The Java parameter values we are using are: Webapp wrapper: wrapper.java.additional.4=-Xms382M wrapper.java.additional.5=-Xmx1024M Backapp wrapper: wrapper.java.additional.4=-Xms382M wrapper.java.additional.5=-Xmx1024M The error found in webapp wrapper logs: INFO | jvm 1 | 2010/11/26 09:33:19 | [PSYoungGen: 1398460K-140291K(1514624K)] 4623364K-3491394K(5009920K), 0.7285303 secs] [Times: user=1.42 sys=0.00, real=0.72 secs] INFO | jvm 1 | 2010/11/26 09:33:19 | 68539.126: [Full GC DEBUG | wrapperp | 2010/11/26 09:33:19 | send a packet PING : ping Tried to change the JVM values to increase the heap size. But of no use. I suspect that there could be some other reason other than these parameters which is causing the issue. Can anyone please help me on this?

    Read the article

  • TCP 30 small packets per second flood connection with server

    - by Denis Ermolin
    I'm testing connection with flash client and cloud server(boost::asio for software) over TCP connection. My connection with server already is really poor - 120 ms ping in average. I found when i start to send packets with 2 bytes size (without tcp header) with speed 30 packets/s - ping grow to 170-200 average. I think that it's really bad and my bad connection and bad cloud provider is reason for this high ping without any load. What do you think? (I tested my software - it can compute about 50k small packets/s so software is not a problem). I measure my ping through flash client - send packet with timestamp and immediatly send from server to client.

    Read the article

  • Websocket handshake response not forwarded from TCP to client

    - by Saharsh
    I am trying to create a websocket server. I can see the websocket client's opening handhshake. My response to it is received by the client laptop (I can see this on wireshark). So the TCP connection has been established. But the client (a chrome websocket client extension) does not receive the handshake packet. What could be a possible reason for TCP to not forward the handshake to the client or for the client to not be able to read the TCP message? Client handshake: GET HTTP/1.1 Upgrade: websocket Connection:Upgrade Cache-Control:no-cache Host:192.168.0.101 Origin:http://www.websocket.org Pragma:no-cache Sec-WebSocket-Extensions:permessage-deflate; client_max_window_bits, x-webkit-deflate-frame Sec-WebSocket-Key: qrmw/m+BoZije6h9HYKmVw== Sec-WebSocket-Version:13 Upgrade:websocket Server Response: HTTP/1.1 101 Switching Protocols Upgrade: websocket Connection: Upgrade Sec-WebSocket-Accept: jj1g5Io57m9ks8cme3jkbyo2asc= Access-Control-Allow-Origin: http://www.websocket.org Server: xyz Sec-WebSocket-Extensions: Thanks!

    Read the article

  • Manually forcing TCP connection to retry

    - by Vi
    I have a TCP connection (SSH session to some computer for example) Network suddenly goes down and drops all packets (disconnected cable, out of range). TCP resends packets again and again, retrying with increasing delays. I see the problem and plug the cable back (or restore network somehow). TCP connection finally successfully resends some packet and continues. The problem is that I need to wait for a some timeout on point 5. I want to use my opened SSH session now and not wait for 5-10 seconds until it finds out that connection is working again. How to force all TCP connections to resend data without now in GNU/Linux?

    Read the article

  • Do TCP connections work differently within the same subnet?

    - by Dean
    I've encountered some network behaviour that confuses me while trying to get Java RMI working. I use netcat to connect to a local machine: [my_machine]$ nc -w 1 192.168.0.100 60000 && echo success success I try to do the same to my server: [my_machine]$ nc -w 1 my-servers-ip 60000 && echo success This doesn't work, unless I explicitly listen on the server socket: [amazon_ec2]$ nc -l 60000 [my_machine]$ nc -w 1 my-servers-ip 60000 && echo success success For the version that fails, the SYN packet receives a RST, ACK in response. I'm not too knowledgable about this stuff, at this point I only have wild theories such as the one in the question. Any ideas? Potentially useful details: Local Machine (192.168.0.100) - Macbook Remote Machine (Amazon EC2) - Amazon Linux AMI 2012.03 Security Group Settings: 22 (SSH) 0.0.0.0/0 1099 0.0.0.0/0 49152-65535 0.0.0.0/0 "iptables -L" shows no rules set

    Read the article

  • ASA 5540 v8.4(3) vpn to ASA 5505 v8.2(5), tunnel up but I cant ping from 5505 to IP on other side

    - by user223833
    I am having problems pinging from a 5505(remote) to IP 10.160.70.10 in the network behind the 5540(HQ side). 5505 inside IP: 10.56.0.1 Out: 71.43.109.226 5540 Inside: 10.1.0.8 out: 64.129.214.27 I Can ping from 5540 to 5505 inside 10.56.0.1. I also ran ASDM packet tracer in both directions, it is ok from 5540 to 5505, but drops the packet from 5505 to 5540. It gets through the ACL and dies at the NAT. Here is the 5505 config, I am sure it is something simple I am missing. ASA Version 8.2(5) ! hostname ASA-CITYSOUTHDEPOT domain-name rngint.net names ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! interface Vlan1 nameif inside security-level 100 ip address 10.56.0.1 255.255.0.0 ! interface Vlan2 nameif outside security-level 0 ip address 71.43.109.226 255.255.255.252 ! banner motd ***ASA-CITYSOUTHDEPOT*** banner asdm CITY SOUTH DEPOT ASA5505 ftp mode passive clock timezone EST -5 clock summer-time EDT recurring dns server-group DefaultDNS domain-name rngint.net access-list outside_1_cryptomap extended permit ip host 71.43.109.226 host 10.1.0.125 access-list outside_1_cryptomap extended permit ip 10.56.0.0 255.255.0.0 10.0.0.0 255.0.0.0 access-list outside_1_cryptomap extended permit ip 10.56.0.0 255.255.0.0 10.106.70.0 255.255.255.0 access-list outside_1_cryptomap extended permit ip 10.56.0.0 255.255.0.0 10.106.130.0 255.255.255.0 access-list outside_1_cryptomap extended permit ip host 71.43.109.226 host 10.160.70.10 access-list inside_nat0_outbound extended permit ip host 71.43.109.226 host 10.1.0.125 access-list inside_nat0_outbound extended permit ip 10.56.0.0 255.255.0.0 10.0.0.0 255.0.0.0 access-list inside_nat0_outbound extended permit ip 10.56.0.0 255.255.0.0 10.106.130.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 10.56.0.0 255.255.0.0 10.106.70.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip host 71.43.109.226 10.106.70.0 255.255.255.0 pager lines 24 logging enable logging buffer-size 25000 logging buffered informational logging asdm warnings mtu inside 1500 mtu outside 1500 icmp unreachable rate-limit 1 burst-size 1 icmp permit any inside no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 route outside 0.0.0.0 0.0.0.0 71.43.109.225 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ (inside) host 10.106.70.36 key ***** aaa authentication http console LOCAL aaa authentication ssh console LOCAL aaa authorization exec authentication-server http server enable http 192.168.1.0 255.255.255.0 inside http 10.0.0.0 255.0.0.0 inside http 0.0.0.0 0.0.0.0 outside snmp-server host inside 10.106.70.7 community ***** no snmp-server location no snmp-server contact snmp-server community ***** snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto map outside_map 1 match address outside_1_cryptomap crypto map outside_map 1 set pfs group1 crypto map outside_map 1 set peer 64.129.214.27 crypto map outside_map 1 set transform-set ESP-3DES-SHA crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp policy 1 authentication pre-share encryption des hash md5 group 2 lifetime 86400 telnet timeout 5 ssh 10.0.0.0 255.0.0.0 inside ssh 0.0.0.0 0.0.0.0 outside ssh timeout 5 console timeout 0 management-access inside dhcpd auto_config outside ! dhcpd address 10.56.0.100-10.56.0.121 inside dhcpd dns 10.1.0.125 interface inside dhcpd auto_config outside interface inside ! dhcprelay server 10.1.0.125 outside dhcprelay enable inside dhcprelay setroute inside dhcprelay timeout 60 threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept tftp-server inside 10.1.1.25 CITYSOUTHDEPOT-ASA-Confg webvpn tunnel-group 64.129.214.27 type ipsec-l2l tunnel-group 64.129.214.27 ipsec-attributes pre-shared-key ***** ! ! prompt hostname context

    Read the article

  • Title: Better logging for cronjob output

    - by Stefan Lasiewski
    I am looking for a better way to log cronjobs. Most cronjobs tend to spam email or the console, get ignored, or create yet another logfile. In this case, I have a Nagios NSCA script which sends data to a central Nagios sever. This send_nsca script also prints a single status line to STDOUT, indicating success or failure. 0 * * * * root /usr/local/nagios/sbin/nsca_check_disk This emails the following message to root@localhost, which is then forwarded to my team of sysadmins. Spam. forwarded nsca_check_disk: 1 data packet(s) sent to host successfully. I'm looking for a log method which: Doesn't spam the messages to email or the console Don't create yet another krufty logfile which requires cleanup months or years later. Capture the log information somewhere, so it can be viewed later if desired. Works on most unixes Fits into an existing log infrastructure. Uses common syslog conventions like 'facility' Some of these are third party scripts, and don't always do logging internally.

    Read the article

  • Firewall blocks FTP PASV response

    - by harper
    I have an FTP server that supports passive server mode (using PASV command). This works fine with Windows XP. When I want to access this server from Windows Vista or Windows 7 with firewall enabled I experience an immediate connection shutdown. A reset packet is sent to the server, and the socket is signaled that the server has reset the connection (which is not true). The problem disappears when the firewall is disabled. Connections to other FTP servers work correctly. The difference is that the server's response to PASV does not enclose the address field with parentheses. This is legal as documented in RFC-959 and RFC-1132. How can I configure the firewall to stop this bad behavior?

    Read the article

  • OpenVPN on port 53

    - by TossUser
    I have an openvpn server setup on UDP port 53 on a public IP. All the connecting clients gets pushed external DNS servers such as 8.8.8.8 and opendns. Sometimes the resolution stops working on the connected vpn clients and I get strange packets in the openvpn log. Now my question is why is that? When a VPN client, let's say 192.168.1.22 does a DNS query that query should go to 8.8.8.8:53 and then an UDP response packet should be sent back to 192.168.1.22 on a high UDP port. Any ideas? Thanks

    Read the article

  • Encrypting absolutely everything, even within the LAN

    - by chris_l
    Has anybody tried that approach already? I'm really considering it: Instead of relying on network based IDS etc., every packet must use encryption which was initiated by a certificate issued by my own CA. Every client gets a unique client certificate Every server gets a unique server certificate Every service additionally requires to login. Both SSL and SSH would be ok. Access to the internet would be done via an SSL tunnel to the gateway. Is it feasible? Does it create practical problems? How could it be done and enforced? What do you think?

    Read the article

  • Improving sound quality with remote ESD server

    - by cuu508
    Hi, I'm investigating low-budget ways to get audio from my PC (Ubuntu) to HiFi without wires. I'm currently testing a setup where Asus WL-500gP wireless router runs ESD daemon and has attached USB soundcard which is then plugged into HiFi. I'm testing playback on PC with mpg123-esd and Spotify under Wine. The sound is there, latency is unexpectedly low, but I also hear occassional clicks and some distortion from time to time. I suppose that's because of the low latency and wireless streaming of uncompressed audio--any packet drops, CPU temporarily being busy etc. will cause clicks in sound output. Is there a way around this problem, increasing latency / buffer size somehow perhaps? Streaming using shoutcast protocol seems to be a way out but I have feeling that would be a complex and brittle setup.

    Read the article

  • how to communicate in typical router switch router scenario?

    - by Kossel
    I'm learning routing using packet tracer simulation and I think this is a very commun scenario: let's say pc4 is the server... why I can't ping from PC1 to 192.168.2.253 (router1) but I can ping 192.168.2.2 (pc0) aren't they the same subnet? what am I missing or have to do in order to reach pc4? (192.168.100.254) from pc 1 (192.168.1.1) is there something like "default gateway" for router? thanks for advice PS: during the simulation it shows error "The routing table does not have a route to the destination IP address. The router drops the packe (from 192.168.2.253 to 192.168.1.1)"

    Read the article

  • Route a specific user's traffic via VPN but still allow local networking

    - by wbg
    So, I want to route certain traffic via a VPN connection and the rest via my normal Internet connection. I want to run several different programs and most of them don't support binding to a specific network interface (tun0 in my case). I've managed to send a specific user's traffic via the VPN following the answers given here: iptables - Target to route packet to specific interface? But unfortunately, when I run a server that connects to the Internet and has a web interface running on a local IP (127.0.0.1/192.168.0.*), all the Internet traffic correctly goes via tun0, but I'm unable to connect to the web interface from a local IP as a different user. When I log in as the VPN-ified user, I can access services running on local IPs, but other users/machines can't access any servers I start. Can anyone point me in the right direction?

    Read the article

  • Logins with only HTTP - are they as insecure as I'm thinking?

    - by JoeCool1986
    Recently I was thinking about how websites like gmail and amazon use HTTPS during the login process when accessing your account. This makes sense, obviously, since you're typing in your account username and password and you would want that to be secure. However, on Facebook, among countless other websites, their logins are done with simple HTTP. Doesn't that mean that my login name and password are completely unencrypted? Which, even worse, means that all those people who login to their facebooks (or similar sites) at a wifi hotspot in public are susceptible to anyone getting their credentials using a simple packet sniffer (or something similar)? Is it really that easy? Or am I misunderstanding internet security? I'm a software engineer working on some web related stuff, and although at the current time I'm not too involved with the security aspect of our software, I knew I should probably know the answer to this question, since it's extremely fundamental to website security. Thanks!

    Read the article

  • In Wireshark's Protocol Hierarchy Statistics screen, is the total byte count of a capture the sum of the Bytes column or just the top line (Frame)?

    - by Howiecamp
    Part 1 - I'm looking at Wireshark's Protocol Hierarchy Statistics screen (sample below), is the total byte count of the capture the sum of the Bytes column or just the top line (Frame)? I'm 99% that it's the latter because of protocol rollup but I wanted to conform. Part 2 - From Wireshark documentation on this screen, "Protocol layers can consist of packets that won't contain any higher layer protocol, so the sum of all higher layer packets may not sum up to the protocols packet count. Example: In the screenshot TCP has 85,83% but the sum of the subprotocols (HTTP, ...) is much less. This may be caused by TCP protocol overhead, e.g. TCP ACK packets won't be counted as packets of the higher layer)." Can you explain this?

    Read the article

  • Wireshark Display Filter protocol==TLSV1? (and PacketLength)

    - by NealWalters
    What would the filter expression be to just select the protocols where the protocol = TLSV1? Something obvious like protocol == "TLSV1" or TCP.protocol == "TLSV1" is apparently not the right way. ip.proto == "TLSV1" says "ip.proto cannot accept strings as values" Update - additional tips: Another great but hidden search is on PacketLength: You can add packet length to your display by clicking "Edit Preferences" (menu or icon), and adding the PacketLength as a new column, but to filter on it you have to use the more cryptic: frame.len == ### where ### is your desired number. We were using this to determine how many packets had been sent and/or received, when you filter, the status-bar at the bottom of the screen shows the number of items matching the filter.

    Read the article

  • Redirect with iptables if destination port is not listened

    - by PoltoS
    I've a server listening on port 10000. But this server is running only in a special case (then some third service is available). Otherwise the port is not listened. Is it possible to redirect the client to another port if 10000 is not listening? I see two solutions: 1) insert/remove iptables rules on server start/stop, but since the server may be killed, it may not insert the correct iptable redirect rule before dieing. 2) make a permanent userspace rule that checks if the port is listening and redirects the packet if not listened. How to do 2) ? Do someone have recipes for ipq? May be someone can suggest me a better way? It is something like fallback redirect: I'll have thousand of clients with different ports (10000-11000) and if their instance of server is not running, whey should be redirected to some page explaining why they don't have and instance connected.

    Read the article

  • How to retrieve connection details of CheckPoint SSL Network Extender?

    - by amoe
    My workplace uses a Java-based VPN tool named CheckPoint SSL Network Extender. I would like to configure the VPN connection myself using stock OS tools, because I find the applet to be rather unstable. How would I go about getting all of the connection details needed to manually connect to the VPN? My workplace only supports the official client. When I am connected with the Java applet, if I run ipconfig /all I can see that a hidden network connection is created named Check Point Virtual Network Adapter For SSL Network Extender - Packet Scheduler Miniport. I can see the various IP and DNS details there as well. However, because I need to log in to the applet-based tool, I presume I need to export some kind of key in order to use OS tools to configure this. Is this even possible? Answers for any OS are great although I am using Windows XP to test, and also want to use Linux clients.

    Read the article

  • How to run wireshark on the background without the GUI?

    - by user60968
    Hello everybody, I am trying to run Wireshark on Mac OS X, on the background. I did install the command line utilities, and so I am able to start wireshark and capture packet using the command line. The only thing I want now is to run it on the background, without even having the X11 icon on the task bar and see the window of wireshark. I believe it is possible but can't find anything on the doc of Wireshark. Maybe another way would be to find a trick to hide an icon on Mac OS X... If anybody already did that or have an idea... Thank you Please excuse my English which is not perfect at all

    Read the article

  • LAN full of public ipv4 addresses - How to filter it?

    - by sparc86
    The answer to my question maybe is not that hard but anyways, I do not know what to do. So, I just got in a new job in a Univerisity and I found out that the network (the LAN) is full of public IP addresses. Seriously, the whole LAN (probably more than 150 hosts) has it' own internet IP address and I don't know how to manage it. I have a very good experience using iptables (Linux firewall) in a NAT'ed environment. But then how should I proceed in an environment where all my LAN is working with a bunch of public IP addresses? Should I just use the "forward" rules and ignore the NAT rules or is there any other issue in such environment which I should take care? Can I add a firewall between the router and the LAN in order to produce packet filtering for these public IP addresses in my LAN or will this just not work? Thanks!

    Read the article

  • Can OpenVPN be set up so the server doesn't have interface that is part of the VPN?

    - by BCS
    I'm looking to set up a VPN (OpenVPN is my first choice but I'm not stuck with it) in such a way that the server that hosts the VPN is not visible from within the VPN. That is; any packet that a client sends via the VPN interface will get delivered to another client's VPN interface or get dropped. In the other direction, the server shouldn't have a VPN interface at all and normal network operations shouldn't be able to send packets on the network. Can this be done? All the docs I have found have assumed that clients will connect via DHCP (this requiring that the server connect at least to that extent) but I can't think of any reason that a VPN couldn't use static IP's or that the DHCP server couldn't be implemented inside the VPN (see edit) server without setting up a VPN interface on the server. Edit: Based on the link on bridged mode from Phil Hollenback's answer it seems that OpenVPN does in fact have the "internal DHCP server" that I'm thinking of.

    Read the article

  • Apache not responding in amazon ec2

    - by Viren
    Well this might sound awkward but I facing terrible issue with my Amazon EC2 instance one of the finding I see is that apache is not responding on port 80 which is weird because I can't even find the incoming packet to port 80 in tcpdump output As per the security rules all security rules are in place correctly at least in amazon console I restarted the apache to listen to port 8080 and added port 8080 and add 8080 to security rule and everything work but I cant just able to understand as to why the port 80 not responding Needless to say since port 8080 is responding all my CNAME and A-record is working too UPDATE No firewall issue either I just cross check the iptables and list is empty Can some share a light on this

    Read the article

  • Wireshark TCP Window Size Value

    - by T Vernon
    I am debugging an application with Wireshark and watching the TCP Window Size value shrink on one side of the communication. If the packet's TCP section shows a "Window size value: 1", does that mean the source's window size is 1 or the destination's window size is 1? I know one side is communicating faster than the other can handle, I just want be sure I know which one it is. 1 192.168.0.1 - 192.168.0.100, Modbus/TCP, Length: 66, Window Size Value: 1 2 192.168.0.100 - 192.168.0.1, TCP, Length: 60, Window Size Value: 92 3 192.168.0.100 - 192.168.0.1 TCP, Length: 310, Window Size Value: 92 4 192.168.0.1 - 192.168.0.100 TCP, Length: 54, Window Size Value: 0 So is 192.168.0.1's window size 0 or is it reporting that 192.168.0.100's window is 0? Thanks.

    Read the article

< Previous Page | 37 38 39 40 41 42 43 44 45 46 47 48  | Next Page >