packet marking(IP Traceback) in C#
- by Eyla
I'm looking for implementation of IP Traceback using packet marking algorithm in C#?
I google it but could not find anything!!!
any one know a website has this implementation ??
Search Results
Search found 1582 results on 64 pages for 'packet'.
Page 3/64 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12 | Next Page >
-
-
checksum error with building an HTTP packet(but over TCP, like syn/ack its ok)
- by Hila
I am building a NAT program,I change each packet that comes from our internal subnet, change it's source IP address by libnet functions.( catch the packet with libpcap, put it sniff structures and build the new packet with libnet) I am trying to build an http packet. When I look on wireshark, I see that the new packet that I have built is exectly like the original packet(the only diffrent is that I changed the src port and ip), but there is a checksum error, So the server don't do anything with the packet that I have sent to him, beacuse the cheksum field is wrong. When I send a tcp packet(like syn or ack), the checksum is ok, and the server respons. Is anyone knows what can cause this problem? the new checksum in other packets is calculated as it should be.. but in the HTTP packet it doesn't..Read the article
-
SSH error: "Corrupted MAC on input" or "Bad packet length"
- by William Ting
I have 3 boxes set up as shown: The DFW box can communicate to the SFO / internet just fine, and I send files AUS - DFW. However, every time I trying transferring DFW - AUS it fails over SSH (ssh client, rsync, scp, sftp, etc) with the following error: Corrupted MAC on input. Disconnecting: Packet corrupt Occasionally I'll get a different error: Bad packet length 2097180. Disconnecting: Packet corrupt I've restarted the DFW box, as well as replaced the network cable. I'm not sure what else might be causing problems. Right now to get files from DFW I have to use DFW - SFO - AUS which is not optimal.Read the article
-
Handling packet impersonating in client-server model online game
- by TheDespite
I am designing a server-client model game library/engine. How do I, and should I even bother to handle frequent update packet possible impersonating? In my current design anyone could copy a packet from someone else and modify it to execute any non-critical action for another client. I am currently compressing all datagrams so that adds just a tad of security. Edit: One way I thought about was to send a unique "key" to the verified client every x_time and then the client has to add that to all of it's update packets until a new key is sent. Edit2: I should have mentioned that I am not concerned about whether the actions described in the packet are available to the client at the time, this is all checked by the server which I thought was obvious. I am only concerned about someone sending packets for another client.Read the article
-
When will a TCP network packet be fragmented at the application layer?
- by zooropa
When will a TCP packet be fragmented at the application layer? When a TCP packet is sent from an application, will the recipient at the application layer ever receive the packet in two or more packets? If so, what conditions cause the packet to be divided. It seems like a packet won't be fragmented until it reaches the Ethernet (at the network layer) limit of 1500 bytes. But, that fragmentation will be transparent to the recipient at the application layer since the network layer will reassemble the fragments before sending the packet up to the next layer, right?Read the article
-
SYN flooding still a threat to servers?
- by Rob
Well recently I've been reading about different Denial of Service methods. One method that kind of stuck out was SYN flooding. I'm a member of some not-so-nice forums, and someone was selling a python script that would DoS a server using SYN packets with a spoofed IP address. However, if you sent a SYN packet to a server, with a spoofed IP address, the target server would return the SYN/ACK packet to the host that was spoofed. In which case, wouldn't the spoofed host return an RST packet, thus negating the 75 second long-wait, and ultimately failing in its attempt to DoS the server?Read the article
-
Per Application Packet Analyzer
- by Anindya Chatterjee
Is there any tool which can analyze network traffic per application? Wireshark does not have per application filtering, fiddler also does not give proper logging for any application. So can anyone please help me out to find an app which can analyze network traffic originating from a random application and log the traffic for that particular application only?Read the article
-
Splitting up UDP packet
- by m3n
Heyo, I'm using UdpClient to query game servers about server name, map, number of players, etc. I've followed the guidelines on this page http://developer.valvesoftware.com/wiki/Server_queries#Source_servers and I'm getting a correct reply: I have no idea how I would go about to get each chunk of information (server name, map and the like). Any help? I'm assuming one would have to look at the reply format specified in the wiki I linked, but I don't know what to make of it. Cheers,Read the article
-
Variable sized packet structs with vectors
- by Rev316
Lately I've been diving into network programming, and I'm having some difficulty constructing a packet with a variable "data" property. Several prior questions have helped tremendously, but I'm still lacking some implementation details. I'm trying to avoid using variable sized arrays, and just use a vector. But I can't get it to be transmitted correctly, and I believe it's somewhere during serialization. Now for some code. Packet Header class Packet { public: void* Serialize(); bool Deserialize(void *message); unsigned int sender_id; unsigned int sequence_number; std::vector<char> data; }; Packet ImpL typedef struct { unsigned int sender_id; unsigned int sequence_number; std::vector<char> data; } Packet; void* Packet::Serialize(int size) { Packet* p = (Packet *) malloc(8 + 30); p->sender_id = htonl(this->sender_id); p->sequence_number = htonl(this->sequence_number); p->data.assign(size,'&'); //just for testing purposes } bool Packet::Deserialize(void *message) { Packet *s = (Packet*)message; this->sender_id = ntohl(s->sender_id); this->sequence_number = ntohl(s->sequence_number); this->data = s->data; } During execution, I simply create a packet, assign it's members, and send/receive accordingly. The above methods are only responsible for serialization. Unfortunately, the data never gets transferred. Couple of things to point out here. I'm guessing the malloc is wrong, but I'm not sure how else to compute it (i.e. what other value it would be). Other than that, I'm unsure of the proper way to use a vector in this fashion, and would love for someone to show me how (code examples please!) :) Edit: I've awarded the question to the most comprehensive answer regarding the implementation with a vector data property. Appreciate all the responses!Read the article
-
What would cause different rates of packet loss between client and server in UDP?
- by febreezey
If I've implemented a reliable UDP file transfer protocol and I have a file that deliberately drops a percentage of packets when I transmit, why would it be more evident that transmission time increases as the packet loss percentage increases going from the client to server as opposed from the server to the client? Is this something that can be explained as a result of the protocol? Here are my numbers from two separate experiments. I kept the max packet size to 500 Bytes and the opposite direction packet loss to 5% with a 1 Megabyte file: Server to Client loss Percentage varied: 1 MB file, 500 b segments, client to server loss 5% 1% : 17253 ms 3% : 3388 ms 5% : 7252 ms 10% : 6229 ms 11% : 12346 ms 13% : 11282 ms 15% : 9252 ms 20% : 11266 ms Client to Server loss percentage varied 1 MB file, 500 b segments, server to client loss 5% 1%: 4227 ms 3%: 4334 ms 5%: 3308 ms 10%: 31350 ms 11%: 36398 ms 13%: 48436 ms 15%: 65475 ms 20%: 120515 ms You can clearly see an exponential increase in the client to server groupRead the article
-
Deciphering Encoding: Packet Analyzation Tools
- by Zombies
I am looking for better tools than wireshark for this. The problem with wireshark is that it does not format the data layer (which is the only part I am looking at) cleanly for me to compare the different packets and attempt to understand the third party encoding (which is closed source). Specifically, what are some good tools for viewing data, and not tcp/udp header information? Particularly, a tool that formats the data for comparison. To be very specific: I would like a program that compares multiple (not just 2) files in hex.Read the article
-
Is there a packet sniffer for Windows Mobile?
- by eidylon
I'm looking for a tool along the lines of Fiddler, or better yet Wireshark, that would run on a Windows Mobile 6.1 device. I have an app which calls some webservices on one of our servers, and I want to make sure it it going out to the proper address. Thanks in advance.Read the article
-
Ntop monitoring - Hosts visible with no SPAN/mirroring
- by Cory J
I am attempting to use ntop to monitor traffic over a Cisco Catalyst switch. I was assuming that in order to see any of the traffic, I'd have to use monitor, as described here: http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml. Howver, before I did anything on the switch, I simply plugged my ntop server in and fired up ntop. To my suprise, I instantly see 3+ pages of hosts, and thousands of packets. How is ntop seeing this? I have verified that no monitoring exists on the switch (run as en): cs1.pvdc#show monitor No SPAN configuration is present in the system. My ntop server is Ubuntu 8.04, I haven't done ANY configuration, I just installed the ntop package. This is also a fresh Ubuntu install. Is there anything else on my switch besides "monitor" that might cause my switch to mirror all its traffic like this? I've tried plugging ntop into different ports with the same results. UPDATE: It appears to be more then just broadcast traffic showing up in ntop, for example, I can see when my IPs have talked to the DNS server or generated HTTP traffic. If my switch is misconfigured, can anyone point me in the right direction towards rectify this? Not a Cisco expert.Read the article
-
Identify Executable Creating Network Traffic
- by jeffspost
I've got some application on my Windows XP machine that is generating an HTTP request to aaronsw.com every half hour. We've trapped the packets in wireshark, but wireshark doesn't tell what application generated the packets. Is there any utility that looks at network traffic AND tells what executable produced the traffic?Read the article
-
Identify Executable Creating Network Traffice
- by jeffspost
I've got some application on my Windows XP machine that is generating an HTTP request to aaronsw.com every half hour. We've trapped the packets in wireshark, but wireshark doesn't tell what application generated the packets. Is there any utility that looks at network traffic AND tells what executable produced the traffic?Read the article
-
Monitor number of bytes transferred to/from IP address on port.
- by Mike
Can anyone recommend a linux command line tool to monitor the number of bytes transferred between the local server and a specified IP address/port. The equivalent tcpdump command would be: tcpdump -s 0 -i any -w mycapture.trc port 80 host google.com which outputs : 46 packets captured 131 packets received by filter 0 packets dropped by kernel I'd like something similar that outputs: 54 bytes out, 176 bytes in I'd like it to work on RHEL and be free/open-source. It would be good if there was an existing tool which I was just missing too!Read the article
-
Data management in unexpected places
- by Ashok_Ora
Normal 0 false false false EN-US X-NONE X-NONE Data management in unexpected places When you think of network switches, routers, firewall appliances, etc., it may not be obvious that at the heart of these kinds of solutions is an engine that can manage huge amounts of data at very high throughput with low latencies and high availability. Consider a network router that is processing tens (or hundreds) of thousands of network packets per second. So what really happens inside a router? Packets are streaming in at the rate of tens of thousands per second. Each packet has multiple attributes, for example, a destination, associated SLAs etc. For each packet, the router has to determine the address of the next “hop” to the destination; it has to determine how to prioritize this packet. If it’s a high priority packet, then it has to be sent on its way before lower priority packets. As a consequence of prioritizing high priority packets, lower priority data packets may need to be temporarily stored (held back), but addressed fairly. If there are security or privacy requirements associated with the data packet, those have to be enforced. You probably need to keep track of statistics related to the packets processed (someone’s sure to ask). You have to do all this (and more) while preserving high availability i.e. if one of the processors in the router goes down, you have to have a way to continue processing without interruption (the customer won’t be happy with a “choppy” VoIP conversation, right?). And all this has to be achieved without ANY intervention from a human operator – the router is most likely to be in a remote location – it must JUST CONTINUE TO WORK CORRECTLY, even when bad things happen. How is this implemented? As soon as a packet arrives, it is interpreted by the receiving software. The software decodes the packet headers in order to determine the destination, kind of packet (e.g. voice vs. data), SLAs associated with the “owner” of the packet etc. It looks up the internal database of “rules” of how to process this packet and handles the packet accordingly. The software might choose to hold on to the packet safely for some period of time, if it’s a low priority packet. Ah – this sounds very much like a database problem. For each packet, you have to minimally · Look up the most efficient next “hop” towards the destination. The “most efficient” next hop can change, depending on latency, availability etc. · Look up the SLA and determine the priority of this packet (e.g. voice calls get priority over data ftp) · Look up security information associated with this data packet. It may be necessary to retrieve the context for this network packet since a network packet is a small “slice” of a session. The context for the “header” packet needs to be stored in the router, in order to make this work. · If the priority of the packet is low, then “store” the packet temporarily in the router until it is time to forward the packet to the next hop. · Update various statistics about the packet. In most cases, you have to do all this in the context of a single transaction. For example, you want to look up the forwarding address and perform the “send” in a single transaction so that the forwarding address doesn’t change while you’re sending the packet. So, how do you do all this? Berkeley DB is a proven, reliable, high performance, highly available embeddable database, designed for exactly these kinds of usage scenarios. Berkeley DB is a robust, reliable, proven solution that is currently being used in these scenarios. First and foremost, Berkeley DB (or BDB for short) is very very fast. It can process tens or hundreds of thousands of transactions per second. It can be used as a pure in-memory database, or as a disk-persistent database. BDB provides high availability – if one board in the router fails, the system can automatically failover to another board – no manual intervention required. BDB is self-administering – there’s no need for manual intervention in order to maintain a BDB application. No need to send a technician to a remote site in the middle of nowhere on a freezing winter day to perform maintenance operations. BDB is used in over 200 million deployments worldwide for the past two decades for mission-critical applications such as the one described here. You have a choice of spending valuable resources to implement similar functionality, or, you could simply embed BDB in your application and off you go! I know what I’d do – choose BDB, so I can focus on my business problem. What will you do? /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}Read the article
-
Capturing network traffic on Linux
- by Quandary
Question: I have one Windows laptop, one Linux laptop and a wireless router. Now I want to "investigate" the hotmail/windows live protocol. What I want to do is route network traffic from the windows laptop via ethernet to the linux laptop, capture it on the Linux computer, forward it wirelessly to the router, receive the hotmail response from the router on the linux computer and forward it to the windows computer. How do I do that? In essence, switching the Linux laptop between the Windows laptop and the router, to capture network traffic ? Which program is best for capturing/analysing ? Please note that for whatever reason, packet capturing with winpcap on the windows computer doesn't work...Read the article
-
java packets byte
- by user303289
Guys, I am implementing a protocol in one of the wireless project. I am stucked at one point. In of the java file i am suppose to receive a packet and that packet is 12 byte packet and I have to write different functions for reading different parts of packets and convert it to diferent type. Like I want first four byte in one of the function and convert it to int, next two bytes in string. and again next two in string, last two hop in string and followed by last two int. I want follwing function to implement: // here is the interface /* FloodingData should use methods defined in this class. */ class FloodingPacket{ public static void main(String arg[]){ byte FloodingPack[]; // just for example to test in code FloodingPack=new byte[12]; interface IFloodingPacket { // Returns the unique sequence number for the packet int getSequenceNumber() ; // Returns the source address for the packet String getSourceAddress(); // Returns the destination address for the packet String getDestinationAddress(); // Returns the last hop address for the packet String getLastHopAddress(); // Sets the last hop address to the address of the node // which the packet was received from void updateLastHopAddress(); // Returns the entire packet in bytes (for sending) byte[] getBytes(); // Sets the bytes of the packet (for receiving) void setBytes(byte[] packet); }Read the article
-
Can fragments of a packet be refragmented again?
- by gsinha
In IPv4, fragmentation is done by routers on way to the destination if DF(do not fragment) flag is not set in the IP packet. Once a packet is fragmented, its fragments may take different paths (due to various reasons like topology changes) to the destination. If, on some link again in the path to destination, one routers find that the link MTU is smaller than the frame size, then either the packet needs to be fragmented or dropped. Can fragments of a packet be refragmented again? If yes, what will be the value of MF flag in the new individual fragments created by this?Read the article
-
Are random packets normal?
- by TheLQ
About a month ago on one of my servers I started receiving random packets from IPs all over the world. So I did the smart thing and stopped putting off installing an IDS. This IDS is a ClearOS Gateway which comes with Snort and SnortSam. I enabled it, checked There is a total of 4 ports open, two of which forward to the server I'm talking about. These ports are 3724 and 8085, so they aren't going to be easily detected in a port scan. However checking some logs of this server I found that the attack is resuming. I found this ... Accepting connection from '75.166.155.122' [Auth] got unknown packet from '75.166.155.122' Accepting connection from '98.164.154.93' [Auth] got unknown packet from '98.164.154.93' Ping MySQL to keep connection alive Accepting connection from '70.241.195.129' [Auth] got unknown packet from '70.241.195.129' Accepting connection from '67.182.229.169' [Auth] got unknown packet from '67.182.229.169' Accepting connection from '69.137.140.38' [Auth] got unknown packet from '69.137.140.38' Accepting connection from '76.31.72.55' [Auth] got unknown packet from '76.31.72.55' Accepting connection from '97.88.139.39' [Auth] got unknown packet from '97.88.139.39' Accepting connection from '173.35.62.112' [Auth] got unknown packet from '173.35.62.112' Accepting connection from '187.15.10.73' [Auth] got unknown packet from '187.15.10.73' Accepting connection from '66.66.94.124' [Auth] got unknown packet from '66.66.94.124' Accepting connection from '75.159.219.124' [Auth] got unknown packet from '75.159.219.124' Accepting connection from '99.102.100.82' [Auth] got unknown packet from '99.102.100.82' Accepting connection from '24.128.240.45' [Auth] got unknown packet from '24.128.240.45' Accepting connection from '99.231.7.39' [Auth] got unknown packet from '99.231.7.39' Accepting connection from '206.255.79.56' [Auth] got unknown packet from '206.255.79.56' Accepting connection from '68.97.106.235' [Auth] got unknown packet from '68.97.106.235' Accepting connection from '69.134.67.251' [Auth] got unknown packet from '69.134.67.251' Accepting connection from '63.228.138.186' [Auth] got unknown packet from '63.228.138.186' Accepting connection from '184.39.146.193' [Auth] got unknown packet from '184.39.146.193' Accepting connection from '69.171.161.102' [Auth] got unknown packet from '69.171.161.102' Accepting connection from '76.0.47.228' [Auth] got unknown packet from '76.0.47.228' Ping MySQL to keep connection alive Accepting connection from '126.112.201.14' [Auth] got unknown packet from '126.112.201.14' Ping MySQL to keep connection alive Now that scares me. Why isn't Snort detecting this? How were they able to find this specific port? More importantly, what normally would these packets contain? Is this something I should be worried about? How can I stop this?Read the article
-
Is there a tool to modify HTTP packet on the fly?
- by http
Wireshark is good, but it doesn't allow you to change the content of the packet. Is there a tool to do this job?Read the article
-
Monitoring ASA packet loss via SNMP
- by dunxd
I want to monitor packet loss on my ASA 5505 VPN endpoints using SNMP. This is so I can graph the rates in Cacti and/or get alerts in Nagios. However, I am not sure what SNMP values I should use to measure packet loss. In the ASA I can run sh interface Internet stats to show traffic statistics for the interface connected to the Internet. This shows 1 minute and 5 minute drop rates. Are these measures an indicator of packet loss? Are there SNMP values I can access that correspond to those values? Should I be looking at different values? Is the ASA even able to measure packet loss?Read the article
-
Win7 Prof. Computer won't wake on lan via Magic Packet from outside network
- by Michael
Hi all. I just purchased a new computer running Windows 7 Professional x64. I'd like to save power by having it sleep after an hour, but I would also like to be able to Remote Desktop into it at my leisure. I set up a static IP and have port forwarding set up on the router. If the computer is awake, the RDP connection works just fine. I downloaded and installed Wake-On-Lan thanks to this article If I put my new computer to sleep and send the magic packet from my old computer inside of my home network it wakes up. If I do the same thing, however, from my work computer outside the network it does not. I figured the Firewall was blocking the incoming traffic, but nothing in the Windows Firewall logs points to this happening. I'm wondering if anyone has any suggestions or any tests I can run through in order to narrow down what the problem might be. Thanks in advance for any help you might be able to offer.Read the article
-
(Solved) ERROR: Packet source 'wlan0' failed to set channel 2: mac80211_setchannel() in Kismet and Ubuntu 12.10
- by M. Cunille
I have installed Ubuntu 12.10 in my computer with an Atheros AR5007 wireless card. I want to use Kismet but when I run it it starts displaying the message: ERROR: Packet source 'wlan0' failed to set channel X: mac80211_setchannel() It keeps displaying the same for every channel except channel 1. I have installed the compat-wireless-3.6.6-1 drivers and patched them with the following patch in order to use them with aircrack-ng. I have installed the latest version of Kismet in the git repository and I even tried with the svn but it keeps displaying the same error. I also have set the kismet.conf file with the nsource=wlan0 as it is the name of my wireless interface according to iwconfig : lo no wireless extensions. wlan0 IEEE 802.11bg ESSID:"XXXX" Mode:Managed Frequency:2.412 GHz Access Point: XX:XX:XX:XX:XX:XX Bit Rate=18 Mb/s Tx-Power=20 dBm Retry long limit:7 RTS thr:off Fragment thr:off Power Management:off Link Quality=28/70 Signal level=-82 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:282 Missed beacon:0 I haven't found any answer since similar errors are supposed to be fixed with the latest Kismet release but this isn't my case. Any help will be appreciated. Thank you!Read the article
