Search Results

Search found 1594 results on 64 pages for 'packet sniffers'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 6/64 | < Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >

  • What speed are Wi-Fi management and control frames sent at?

    - by Bryce Thomas
    There are a bunch of different 802.11 Wi-Fi standards, e.g. 802.11a, 802.11b, 802.11g, 802.11n etc. that all support different speeds. Wi-Fi frames are generally categorised as one of the following: Data frames - carry the actual application data Control frames - coordinate when its safe to send/reduce collisions Management frames - handle connection discovery/setup/tear down (e.g. AP discovery, association, disassociation) My question is about whether all these frames, and specifically management frames, are transmitted at the fastest supported speed available, or whether certain classes of frames are transmitted at some lowest common denominator speed. I have noticed that when I put an 802.11b/g only device into monitor mode and capture traffic over the air, I still see management frames (e.g. association/disassociation) being transmitted between my phone and AP which are both 802.11n, even though 802.11n has a higher transfer rate. So I am imagining one of two possibilities: My 802.11n phone/AP had to negotiate a slower speed for some reason and that's why I can see their frames on my 802.11b/g monitoring device. Management frames (and perhaps control frames also?) are sent at a lower speed, and it's only data frames that are transmitted faster with newer 802.11 standards. The reason I would like to know which one of these two possibilities (or perhaps a third possibility) is the case is that I want to capture management frames, and need to know whether using an 802.11b/g card is going to lead to me missing some frames sent at higher speeds than the monitoring card can observe. If management frames are indeed sent at a slower rate, then it's all good. If I just happen to be seeing the management frames because my phone/AP have negotiated a slower rate though, then I need to reconsider what card I use for packet capture.

    Read the article

  • What program sent which packet to the network [closed]

    - by Erik Johansson
    I would like to have a tcpdump like program that shows which program sent a specific packet, instead of just getting the port number. This is a generic problem I've had on and off sometimes when you have and old tcpdump file lying around you have no way to find what program was sending that data.. The solution in how i can identify which process is making UDP traffic on linux ? is an indication that I can solve this with auditd, dTrace, OProfile or SystemTap, but doesn't show how to do it. I.e. it doesn't show the source port of the program calling bind().. The problem I had was strange UDP packets, and since those ports are so short lived it took me a while to solve this issue. I solved this by running an ugly hack similar to: while true; date +%s.%N;netstat -panut;done So either a method better than this hack, a replacement for tcpdump, or some way to get this info from the kernel so I can patch tcpdump. EDIT: This was asked on superuser "tracking what programs sends to net", no good solution though.

    Read the article

  • Random “Lost connection to MySQL server at 'reading initial communication packet', system error: 0”

    - by user1606545
    Sometimes I get the error from MYSQL server: Lost connection to MySQL server at 'reading initial communication packet', system error: 0 I cannot find the cause, since most of the time it works, but every week for some hours I get this error. I googled, but there seem to be only users which have this error permanently. But in this case, it only occurs sometimes. I checked hosts.allow and hosts.deny, but the host is allowed and not denied. Also sometimes I get the error: File './database/table.MYD' not found (Errcode: 24) It occurs very rarely. But it occurs for some hours once a week, sometimes on multiple days, but suddenly the problem disappears again. I have checked the open files limit. It's 2048 and should be absolutely enough. I also tried to increase the number of open files nevertheless, but no effect. I thought, perhaps the process does not close some tables. But this is impossible, because after a while everythings o.k. again and the process opens maximum 100 tables at once. I also checked the MySQL-runtime-environment, and there were 930 opened files. I cannot explain that. After a while it's 129. I am running a MySQL-Server on a SUSE-Linux machine. I connect to the MySQL-Server from another host by the command line tool "mysql" and by MySQL-C-connector. The MySQL-Server is version 5.0.67.

    Read the article

  • What are the attack vectors for passwords sent over http?

    - by KevinM
    I am trying to convince a customer to pay for SSL for a web site that requires login. I want to make sure I correctly understand the major scenarios in which someone can see the passwords that are being sent. My understanding is that at any of the hops along the way can use a packet analyzer to view what is being sent. This seems to require that any hacker (or their malware/botnet) be on the same subnet as any of the hops the packet takes to arrive at its destination. Is that right? Assuming some flavor of this subnet requirement holds true, do I need to worry about all the hops or just the first one? The first one I can obviously worry about if they're on a public Wifi network since anyone could be listening in. Should I be worried about what's going on in subnets that packets will travel across outside this? I don't know a ton about network traffic, but I would assume it's flowing through data centers of major carriers and there's not a lot of juicy attack vectors there, but please correct me if I am wrong. Are there other vectors to be worried about outside of someone listening with a packet analyzer? I am a networking and security noob, so please feel free to set me straight if I am using the wrong terminology in any of this.

    Read the article

  • Packet fragmentation when sending data via SSLStream

    - by Ive
    When using an SSLStream to send a 'large' chunk of data (1 meg) to a (already authenticated) client, the packet fragmentation / dissasembly I'm seeing is FAR greater than when using a normal NetworkStream. Using an async read on the client (i.e. BeginRead()), the ReadCallback is repeatedly called with exactly the same size chunk of data up until the final packet (the remainder of the data). With the data I'm sending (it's a zip file), the segments happen to be 16363 bytes long. Note: My receive buffer is much bigger than this and changing it's size has no effect I understand that SSL encrypts data in chunks no bigger than 18Kb, but since SSL sits on top of TCP, I wouldn't think that the number of SSL chunks would have any relevance to the TCP packet fragmentation? Essentially, the data is taking about 20 times longer to be fully read by the client than with a standard NetworkStream (both on localhost!) What am I missing? EDIT: I'm beginning to suspect that the receive (or send) buffer size of an SSLStream is limited. Even if I use synchronous reads (i.e. SSLStream.Read()), no more data ever becomes available, regardless of how long I wait before attempting to read. This would be the same behavior as if I were to limit the receive buffer to 16363 bytes. Setting the Underlying NetworkStream's SendBufferSize (on the server), and ReceiveBufferSize (on the client) has no effect.

    Read the article

  • What would cause my SendMail server not to acknowledge receiving a TCP Sequence?

    - by Mike B
    My TCP/IP Stack knowledge is a little rusty so please bear with me.... I have a CentOS 5.7 server with SendMail and am having seeing intermittent timeout issues sending email (particularly larger email) to other remote domains. It doesn't happen with all attachments or recipient domains. Just some. After some extended troubleshooting, I think I've narrowed it down to TCP Sequences not being acknowledged. Here's a breakdown of the TCP session from a packet capture I collected directly on my MTA (fooMTA): Packet 1 - 11: Standard TCP handshake followed by initial SMTP conversation. No errors. Packet #12 Recipient MTA: TCP sequence 231. Ack 91. Packet #13 FooMTA: TCP sequence 91. Ack 305. Packet #14 FooMTA: TCP sequence 1115. Ack 305. Packet #15 Recipient MTA: TCP sequence 305. Ack 2495. Packet #16 FooMTA: TCP sequence 2495. Ack 305. Packet #17 FooMTA: TCP sequence 5255. Ack 305. Packet #18: Recipient MTA: TCP sequence 305. Ack 5255. Packet #19: FooMTA: TCP sequence 6635. Ack 305. Packet #20: FooMTA: TCP sequence 8015. Ack 305. Packet #21: Recipient MTA: TCP Sequence 305. Ack 8015. Packet #22: FooMTA: TCP Sequence 10775. Ack 305. Packet #23: FooMTA: TCP Sequence 13535. Ack 305. Packet #24: Recipient MTA: TCP sequence 305. Ack 10775 Packet #25: FooMTA: TCP Sequence 14915. Ack 305 It keeps going like this with my server still thinking it hasn’t received sequence 305… in response the remote side eventually retransmits its prior data thinking that it never arrived. Eventually the gap gets so large that no new data is sent and the remote MTA keeps retransmitting old stuff. This contributes to an exponential backoff and eventually the remote side gives up. What’s strange to me is that I see the “missing” TCP sequence (305 in this case) arriving back to my server (via a packet capture collected directly from fooMTA) So I don’t get why my server keeps asking for it. Could this be firewall related? What would be the next step in troubleshooting?

    Read the article

  • Android never receives UDP packet

    - by Quandary
    The below code results in a timeout. It works fine on non-Android Java. What's the matter? //@Override public static void run() { //System.out.println ( "Local Machine IP : "+addrStr.toString ( ) ) ; HelloWorldActivity.tv.setText("Trace 1"); try { // Retrieve the ServerName InetAddress serverAddr; //= InetAddress.getByName(Server.SERVERIP); InetAddress ias[] = InetAddress.getAllByName(Server.SERVERNAME); serverAddr = ias[0]; Log.d("UDP", "C: Connecting..."); /* Create new UDP-Socket */ DatagramSocket socket = new DatagramSocket(); /* Prepare some data to be sent. */ String strQuery="ÿÿÿÿgetservers"+" "+Server.iProtocol+" "+"'all'"; Log.d("UDP", strQuery); //byte[] buf = ("ÿÿÿÿgetservers 68 'all'").getBytes(); byte[] buf = strQuery.getBytes(); /* Create UDP-packet with * data & destination(url+port) */ DatagramPacket packet = new DatagramPacket(buf, buf.length, serverAddr, Server.SERVERPORT); Log.d("UDP", "C: Sending: '" + new String(buf) + "'"); /* Send out the packet */ socket.setSoTimeout(5000); socket.send(packet); Log.d("UDP", "C: Sent."); Log.d("UDP", "C: Done."); // http://code.google.com/p/android/issues/detail?id=2917 byte[] buffer= new byte[1024*100]; DatagramPacket receivePacket = new DatagramPacket(buffer, buffer.length); //, serverAddr, Server.SERVERPORT); socket.receive(receivePacket); HelloWorldActivity.tv.setText("TTT"); String x = new String(receivePacket.getData()); Log.d("UDP", "C: Received: '" + x + "'"); HelloWorldActivity.tv.setText(x); } catch (Exception e) { HelloWorldActivity.tv.setText(e.getMessage()); Log.e("UDP", "C: Error", e); } } public class Server { /* //public static java.lang.string SERVERIP; public static String SERVERNAME = "monster.idsoftware.com"; public static String SERVERIP = "192.246.40.56"; public static int SERVERPORT = 27950; public static int PROTOCOL = 68; */ //public static String SERVERNAME="monster.idsoftware.com"; public static String SERVERNAME="dpmaster.deathmask.net"; public static String SERVERIP="192.246.40.56"; public static int SERVERPORT=27950; //public static int iProtocol= 68; // Quake3 public static int iProtocol=71; // OpenArena } Android manifest: <?xml version="1.0" encoding="utf-8"?> <use-permission id="android.permission.READ_CONTACTS" /> <use-permission android:name="android.permission.WRITE_SETTINGS" /> <uses-permission android:name="android.permission.READ_CONTACTS" /> <uses-permission android:name="android.permission.CALL_PHONE" /> <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION" /> <uses-permission android:name="android.permission.ACCESS_GPS" /> <uses-permission android:name="android.permission.ACCESS_MOCK_LOCATION" /> <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION" /> <uses-permission android:name="android.permission.INTERNET" /> <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" /> <uses-permission android:name="android.permission.ACCESS_LOCATION" /> <uses-permission android:name="android.permission.ACCESS_ASSISTED_GPS" /> <uses-permission android:name="android.permission.ACCESS_CELL_ID" /> <uses-permission android:name="android.permission.RECEIVE_SMS" /> <uses-permission android:name="android.permission.VIBRATE" /> <uses-permission android:name="android.permission.WAKE_LOCK" /> <application android:icon="@drawable/icon" android:label="AAA New Application" > <activity android:name="HelloWorldActivity"> <intent-filter> <action android:name="android.intent.action.MAIN"/> <category android:name="android.intent.category.LAUNCHER"/> </intent-filter> </activity> </application>

    Read the article

  • Does any one know of a packet generator?

    - by Benoit
    We have a networked device, and we would like to perform some tests on how it handles malformed packets. Is there a product out there that can generate arbitrary packets and packet sequences? I would like to be able to specify a set of TCP/IP payloads and it would open a connection and send the data. Obviouly, the TCP/IP checksum should be calculated correctly, etc... Kind of like a wireshark in reverse. Note that I am not interested in network loading and blasting millions of packet.

    Read the article

  • NDIS or TDI for packet redirection to a local proxy

    - by Enrico Detoma
    I need to develop a transparent filter to redirect outgoing HTTP packets to a local proxy, to do transparent content filtering. Which is the best technology to do it, TDI or NDIS IM? My main constraint is to avoid conflicts with antivirus software, which also do some kind of packet redirection to inspect HTTP content (I don't know whether antivirus programs use TDI, NDIS IM, or both). Rather than writing the driver myself, actually, I'm also considering two commercial SDKs for packet filtering/modification: one uses a TDI driver while the other uses a NDIS IM driver, so that's the origin of my question (I was only aware of NDIS IM, before looking at the two SDKs).

    Read the article

  • Correct usage of socket_select().

    - by Mark Tomlin
    What is the correct way to use socket_select within PHP to send and receive data? I have a connection to the server that allows for both TCP & UDP packet connections, I am utilizing both. Within these connections I'm both sending and receiving packets on the same port, but the TCP packet will be sent on one port (29999) and UDP will be sent on another port (30000). The transmission type will be that of AF_INET. The IP address will be loopback 127.0.0.1. I have many questions on how to create a socket connection within this scenario. For example, is it better to use socket_create_pair to make the connection, or use just socket_create followed by socket_connect, and then implement socket_select? There is a chance that no data will be sent from the server to the client, and it is up to the client to maintain the connection. This will be done by utilizing the time out function within the socket_select call. Should no data be sent within the time limit, the socket_select function will break and a keep alive packet can then be sent. The following script is of the client. // Create $TCP = socket_create(AF_INET, SOCK_STREAM, SOL_TCP); $UDP = socket_create(AF_INET, SOCK_DGRAM, SOL_UDP); // Misc $isAlive = TRUE; $UDPPort = 30000; define('ISP_ISI', 1); // Connect socket_connect($TCP, '127.0.0.1', 29999); socket_connect($UDP, '127.0.0.1', $UDPPort); // Construct Parameters $recv = array($TCP, $UDP); $null = NULL; // Make The Packet to Send. $packet = pack('CCCxSSxCSa16a16', 44, ISP_ISI, 1, $UDPPort, 0, '!', 0, 'AdminPass', 'SocketSelect'); // Send ISI (InSim Init) Packet socket_write($TCP, $packet); /* Main Program Loop */ while ($isAlive == TRUE) { // Socket Select $sock = socket_select($recv, $null, $null, 5); // Check Status if ($sock === FALSE) $isAlive = FALSE; # Error else if ($sock > 0) # How does one check to find what socket changed? else # Something else happed, don't know what as it's not in the documentation, Could this be our timeout getting tripped? }

    Read the article

  • Passing around objects to network packet handlers ?

    - by xeross
    Hey, I've been writing a networking server for a while now in C++ and have come to the stage to start looking for a way to properly and easily handle all packets. I am so far that I can figure out what kind of packet it is, but now I need to figure out how to get the needed data to the handler functions. I had the following in mind: Have a map of function pointers with the opcode as key and the function pointer as value Have all these functions have 2 arguments, packet and ObjectAccessor ObjectAccessor class contains various functions to fetch various items such as users and alike Perhaps pass the user's guid too so we can fetch it from the objectaccessor I'd like to know the various implementations others have come up with, so please comment on this idea and reply with your own implementations. Thanks, Xeross

    Read the article

  • [C++] Passing around objects to network packet handlers ?

    - by xeross
    Hey, I've been writing a networking server for a while now in C++ and have come to the stage to start looking for a way to properly and easily handle all packets. I am so far that I can figure out what kind of packet it is, but now I need to figure out how to get the needed data to the handler functions. I had the following in mind: Have a map of function pointers with the opcode as key and the function pointer as value Have all these functions have 2 arguments, packet and ObjectAccessor ObjectAccessor class contains various functions to fetch various items such as users and alike Perhaps pass the user's guid too so we can fetch it from the objectaccessor I'd like to know the various implementations others have come up with, so please comment on this idea and reply with your own implementations. Thanks, Xeross

    Read the article

  • setup L2TP on Ubuntu 10.10

    - by luca
    I'm following this guide to setup a VPS on my Ubuntu VPS: http://riobard.com/blog/2010-04-30-l2tp-over-ipsec-ubuntu/ My config files are setup as in that guide, openswan version is 2.6.26 I think.. It doesn't work, I can show you my auth.log (on the VPS): Feb 18 06:11:07 maverick pluto[6909]: packet from 93.36.127.12:500: received Vendor ID payload [RFC 3947] method set to=109 Feb 18 06:11:07 maverick pluto[6909]: packet from 93.36.127.12:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike] method set to=110 Feb 18 06:11:07 maverick pluto[6909]: packet from 93.36.127.12:500: ignoring unknown Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8] Feb 18 06:11:07 maverick pluto[6909]: packet from 93.36.127.12:500: ignoring unknown Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582] Feb 18 06:11:07 maverick pluto[6909]: packet from 93.36.127.12:500: ignoring unknown Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285] Feb 18 06:11:07 maverick pluto[6909]: packet from 93.36.127.12:500: ignoring unknown Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee] Feb 18 06:11:07 maverick pluto[6909]: packet from 93.36.127.12:500: ignoring unknown Vendor ID payload [9909b64eed937c6573de52ace952fa6b] Feb 18 06:11:07 maverick pluto[6909]: packet from 93.36.127.12:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 110 Feb 18 06:11:07 maverick pluto[6909]: packet from 93.36.127.12:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 110 Feb 18 06:11:07 maverick pluto[6909]: packet from 93.36.127.12:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 110 Feb 18 06:11:07 maverick pluto[6909]: packet from 93.36.127.12:500: received Vendor ID payload [Dead Peer Detection] Feb 18 06:11:07 maverick pluto[6909]: "L2TP-PSK-NAT"[7] 93.36.127.12 #7: responding to Main Mode from unknown peer 93.36.127.12 Feb 18 06:11:07 maverick pluto[6909]: "L2TP-PSK-NAT"[7] 93.36.127.12 #7: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Feb 18 06:11:07 maverick pluto[6909]: "L2TP-PSK-NAT"[7] 93.36.127.12 #7: STATE_MAIN_R1: sent MR1, expecting MI2 Feb 18 06:11:07 maverick pluto[6909]: "L2TP-PSK-NAT"[7] 93.36.127.12 #7: NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike (MacOS X): peer is NATed Feb 18 06:11:07 maverick pluto[6909]: "L2TP-PSK-NAT"[7] 93.36.127.12 #7: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Feb 18 06:11:07 maverick pluto[6909]: "L2TP-PSK-NAT"[7] 93.36.127.12 #7: STATE_MAIN_R2: sent MR2, expecting MI3 Feb 18 06:11:07 maverick pluto[6909]: "L2TP-PSK-NAT"[7] 93.36.127.12 #7: Main mode peer ID is ID_IPV4_ADDR: '10.0.1.8' Feb 18 06:11:07 maverick pluto[6909]: "L2TP-PSK-NAT"[7] 93.36.127.12 #7: switched from "L2TP-PSK-NAT" to "L2TP-PSK-NAT" Feb 18 06:11:07 maverick pluto[6909]: "L2TP-PSK-NAT"[8] 93.36.127.12 #7: deleting connection "L2TP-PSK-NAT" instance with peer 93.36.127.12 {isakmp=#0/ipsec=#0} Feb 18 06:11:07 maverick pluto[6909]: "L2TP-PSK-NAT"[8] 93.36.127.12 #7: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 Feb 18 06:11:07 maverick pluto[6909]: "L2TP-PSK-NAT"[8] 93.36.127.12 #7: new NAT mapping for #7, was 93.36.127.12:500, now 93.36.127.12:36810 Feb 18 06:11:07 maverick pluto[6909]: "L2TP-PSK-NAT"[8] 93.36.127.12 #7: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024} Feb 18 06:11:07 maverick pluto[6909]: "L2TP-PSK-NAT"[8] 93.36.127.12 #7: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000 Feb 18 06:11:07 maverick pluto[6909]: "L2TP-PSK-NAT"[8] 93.36.127.12 #7: received and ignored informational message Feb 18 06:11:08 maverick pluto[6909]: "L2TP-PSK-NAT"[8] 93.36.127.12 #7: the peer proposed: 69.147.233.173/32:17/1701 -> 10.0.1.8/32:17/0 Feb 18 06:11:08 maverick pluto[6909]: "L2TP-PSK-NAT"[8] 93.36.127.12 #8: responding to Quick Mode proposal {msgid:183463cf} Feb 18 06:11:08 maverick pluto[6909]: "L2TP-PSK-NAT"[8] 93.36.127.12 #8: us: 69.147.233.173<69.147.233.173>[+S=C]:17/1701 Feb 18 06:11:08 maverick pluto[6909]: "L2TP-PSK-NAT"[8] 93.36.127.12 #8: them: 93.36.127.12[10.0.1.8,+S=C]:17/64111===10.0.1.8/32 Feb 18 06:11:08 maverick pluto[6909]: "L2TP-PSK-NAT"[8] 93.36.127.12 #8: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Feb 18 06:11:08 maverick pluto[6909]: "L2TP-PSK-NAT"[8] 93.36.127.12 #8: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 Feb 18 06:11:08 maverick pluto[6909]: "L2TP-PSK-NAT"[8] 93.36.127.12 #8: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 Feb 18 06:11:08 maverick pluto[6909]: "L2TP-PSK-NAT"[8] 93.36.127.12 #8: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x0b1cf725 <0x0b719671 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=93.36.127.12:36810 DPD=none} Feb 18 06:11:28 maverick pluto[6909]: "L2TP-PSK-NAT"[8] 93.36.127.12 #7: received Delete SA(0x0b1cf725) payload: deleting IPSEC State #8 Feb 18 06:11:28 maverick pluto[6909]: "L2TP-PSK-NAT"[8] 93.36.127.12 #7: netlink recvfrom() of response to our XFRM_MSG_DELPOLICY message for policy eroute_connection delete was too long: 100 > 36 Feb 18 06:11:28 maverick pluto[6909]: "L2TP-PSK-NAT"[8] 93.36.127.12 #7: netlink recvfrom() of response to our XFRM_MSG_DELPOLICY message for policy [email protected] was too long: 168 > 36 Feb 18 06:11:28 maverick pluto[6909]: | raw_eroute result=0 Feb 18 06:11:28 maverick pluto[6909]: "L2TP-PSK-NAT"[8] 93.36.127.12 #7: received and ignored informational message Feb 18 06:11:28 maverick pluto[6909]: "L2TP-PSK-NAT"[8] 93.36.127.12 #7: received Delete SA payload: deleting ISAKMP State #7 Feb 18 06:11:28 maverick pluto[6909]: "L2TP-PSK-NAT"[8] 93.36.127.12: deleting connection "L2TP-PSK-NAT" instance with peer 93.36.127.12 {isakmp=#0/ipsec=#0} Feb 18 06:11:28 maverick pluto[6909]: packet from 93.36.127.12:36810: received and ignored informational message and my system log on OSX (from where I'm connecting): Feb 18 13:11:09 luca-ciorias-MacBook-Pro pppd[68656]: pppd 2.4.2 (Apple version 412.3) started by luca, uid 501 Feb 18 13:11:09 luca-ciorias-MacBook-Pro pppd[68656]: L2TP connecting to server '69.147.233.173' (69.147.233.173)... Feb 18 13:11:09 luca-ciorias-MacBook-Pro pppd[68656]: IPSec connection started Feb 18 13:11:09 luca-ciorias-MacBook-Pro racoon[68453]: Connecting. Feb 18 13:11:09 luca-ciorias-MacBook-Pro racoon[68453]: IKE Packet: transmit success. (Initiator, Main-Mode message 1). Feb 18 13:11:09 luca-ciorias-MacBook-Pro racoon[68453]: IKE Packet: receive success. (Initiator, Main-Mode message 2). Feb 18 13:11:09 luca-ciorias-MacBook-Pro racoon[68453]: IKE Packet: transmit success. (Initiator, Main-Mode message 3). Feb 18 13:11:09 luca-ciorias-MacBook-Pro racoon[68453]: IKE Packet: receive success. (Initiator, Main-Mode message 4). Feb 18 13:11:09 luca-ciorias-MacBook-Pro racoon[68453]: IKE Packet: transmit success. (Initiator, Main-Mode message 5). Feb 18 13:11:09 luca-ciorias-MacBook-Pro racoon[68453]: IKEv1 Phase1 AUTH: success. (Initiator, Main-Mode Message 6). Feb 18 13:11:09 luca-ciorias-MacBook-Pro racoon[68453]: IKE Packet: receive success. (Initiator, Main-Mode message 6). Feb 18 13:11:09 luca-ciorias-MacBook-Pro racoon[68453]: IKEv1 Phase1 Initiator: success. (Initiator, Main-Mode). Feb 18 13:11:09 luca-ciorias-MacBook-Pro racoon[68453]: IKE Packet: transmit success. (Information message). Feb 18 13:11:09 luca-ciorias-MacBook-Pro racoon[68453]: IKEv1 Information-Notice: transmit success. (ISAKMP-SA). Feb 18 13:11:10 luca-ciorias-MacBook-Pro racoon[68453]: IKE Packet: transmit success. (Initiator, Quick-Mode message 1). Feb 18 13:11:10 luca-ciorias-MacBook-Pro racoon[68453]: IKE Packet: receive success. (Initiator, Quick-Mode message 2). Feb 18 13:11:10 luca-ciorias-MacBook-Pro racoon[68453]: IKE Packet: transmit success. (Initiator, Quick-Mode message 3). Feb 18 13:11:10 luca-ciorias-MacBook-Pro racoon[68453]: IKEv1 Phase2 Initiator: success. (Initiator, Quick-Mode). Feb 18 13:11:10 luca-ciorias-MacBook-Pro racoon[68453]: Connected. Feb 18 13:11:10 luca-ciorias-MacBook-Pro pppd[68656]: IPSec connection established Feb 18 13:11:30 luca-ciorias-MacBook-Pro pppd[68656]: L2TP cannot connect to the server Feb 18 13:11:30 luca-ciorias-MacBook-Pro configd[20]: SCNCController: Disconnecting. (Connection tried to negotiate for, 22 seconds). Feb 18 13:11:30 luca-ciorias-MacBook-Pro racoon[68453]: IKE Packet: transmit success. (Information message). Feb 18 13:11:30 luca-ciorias-MacBook-Pro racoon[68453]: IKEv1 Information-Notice: transmit success. (Delete IPSEC-SA). Feb 18 13:11:30 luca-ciorias-MacBook-Pro racoon[68453]: IKE Packet: transmit success. (Information message). Feb 18 13:11:30 luca-ciorias-MacBook-Pro racoon[68453]: IKEv1 Information-Notice: transmit success. (Delete ISAKMP-SA). Feb 18 13:11:31 luca-ciorias-MacBook-Pro racoon[68453]: Disconnecting. (Connection was up for, 20.157953 seconds).

    Read the article

  • IPCop Packet Mangling

    - by Zenham
    I've found myself in a pickle replacing an old firewall for a client this afternoon. I'm configuring their new IPCop firewall (1.4.21), Zerina OpenVPN addon is installed. What I need to do: There are three network interfaces, currently set up as red (WAN), green (LAN, 192.168.20.0/24) and orange (remote network 10.1.20.0/24). The orange interface is a direct fiber link to another organization. Simple description: Traffic and networks appear to be properly configured at this point, but I have many (150+) specific IPs on the LAN which, when accessing the resources on the 10.1.20.x network, need to be mangled to appear to be coming from the 10.1.20.0/24 network (and return traffic properly delivered). The routing on the far side was configured earlier and should be fine, but I need to redirect any packets coming across destined for those IPs to end up at their proper destination. The addressing is fixed and predictable (ie. 192.168.20.125 - 10.1.20.125). I need to insert whatever rules I have into the IPCop ruleset through /etc/rc.local I know, I'm just not sure about how I should structure this. There's CUSTOMOUTPUT and CUSTOMINPUT targets, both which currently just consist of the single rule redirecting packets to the OVPNOUTPUT/OVPNINPUT targets, so I'm guessing I should insert a rule matching outbound packets destined for the 10.1.20.x network and redirecting to a new target (maybe called TO-ORANGE) and a rule at the top of CUSTOMINPUT which redirects to a FROM-ORANGE target. Under those targets, I would have rules which do the IP matching and mangling. Am I approaching this right? If so, I'm not very familiar with mangle, and would appreciate seeing examples of how to write that source-IP rewrite. If not, how would you suggest doing this? TIA! edit: I notice additionally that the nat table has CUSTOMPREROUTING and CUSTOMPOSTROUTING targets, I guess I could alternatively post the rules in there....

    Read the article

  • Packet logging on PIX firewall

    - by georged.id.auindex.htm
    We have a Cisco PIX 515 firewall and I would like to set up a simple logging that would give us a traffic breakdown for billing by: source destination protocol port size time PIX is plugged into Catalyst 2970 and I was told that the best thing since sliced bread for logging is to get Netflow and get Catalyst to log. My concern, however, (besides the Netflow cost) is that I really don't want to "listen" to the internal noise and all I'm interested in are the external traffic stats above for billing and analysis purposes. What would be the simplest and the easiest solution? Cheers George

    Read the article

  • What are ping packets made of?

    - by Mr. Man
    What exactly are in the packets that are sent via the ping command? I was reading a Wikipedia article about magic numbers and saw this: DHCP packets use a "magic cookie" value of '63 82 53 63' at the start of the options section of the packet. This value is included in all DHCP packet types. so what else is in the packets?

    Read the article

  • Torrent, ISA Server 2006 and packet dropped due to TCP_NOT_SYNC

    - by Pascal
    Hi, I'm trying to get uTorrent 2.0.4 to work in a DMZ machine, protected by a ISA Server 2006. I've opened 1 inbound port (via publishing) and opened all the higher ports for that specific machine that runs uTorrent on my DMZ, and it's working almost fine. The problem is that I keep getting packets dropped with 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED. Is there any way to disable this via registry? Is there any way around this? The download speed fluctuates a lot, and when I starts hitting the upper limit that I've defined in uTorrent, the errors start poping up a lot, and the download speed goes way down, and the process repeats on and on Tks Edit My outbound rules are: Port Range: TCP 10000-65535 Outbound Port Range: UDP 10000-65535 Send Edit It's probably a bug handling requests from Windows 7. When I installed the uTorrent on a XP machine, the problem went away

    Read the article

  • Understanding packet flows over RVI

    - by choco-loo
    I'm trying to get a full grasp of firewall filters and how to apply them on a Juniper EX4200 switch - to be able to block ports, police traffic and shape traffic. The network architecture is as follows internet >-< vlan4000 >-< vlan43 vlan4000 is a public "routed" block (where all the IPs are routed to and the internet gw is) vlan43 is a vlan with public IPs with devices (servers) attached There are static routes and RVI's on the EX4200 to send all traffic via vlan4000's gateway to reach the internet. I've set up filters on both input and output of the respective RVI's and VLAN's - with simple counters, to measure traffic flow from a server inside of vlan43 and a server on the internet. Using a combination of iperf for UDP and TCP tests and fping for ICMP tests - I observed the following, icmp vlan43>internet internet>vlan43 unit4000-counter-in 0 0 unit4000-counter-out 0 0 unit43-counter-in 100 100 unit43-counter-out 0 0 vlan4000-counter-in 6 4 vlan4000-counter-out 107 104 vlan43-counter-in 101 100 vlan43-counter-out 100 100 tcp vlan43>internet internet>vlan43 unit4000-counter-in 0 0 unit4000-counter-out 0 0 unit43-counter-in 73535 38480 unit43-counter-out 0 0 vlan4000-counter-in 7 8 vlan4000-counter-out 73543 38489 vlan43-counter-in 73535 38481 vlan43-counter-out 38938 75880 udp vlan43>internet internet>vlan43 unit4000-counter-in 0 0 unit4000-counter-out 0 0 unit43-counter-in 81410 1 unit43-counter-out 0 0 vlan4000-counter-in 18 7 vlan4000-counter-out 81429 8 vlan43-counter-in 81411 1 vlan43-counter-out 1 85472 My key goals are to set up a few filters and policers, as there will be many more VLANs - that all need protecting from each other and the internet. Then globally limit/police all outbound traffic to the internet Block inbound ports to vlan43 (eg. 22) Limit outbound traffic from vlan43 (to the internet) Limit outbound traffic from vlan43 (to other vlans) Limit outbound traffic from vlan4000 (to the internet from all vlans) Route traffic from vlans via specific routing instances (FBF) The question What I want to understand is why there isn't ever any activity on unit4000 or vlan4000 inbound or outbound counter - is this because there isn't a device on this VLAN - and that the traffic is only traversing it? And with regards to the TCP test - why is there twice as many packets on unit43-counter-in, vlan4000-counter-out and vlan43-counter-in - is this counting both the inbound and outbound traffic?

    Read the article

  • What does this UDP Packet mean ?

    - by asksuperuser
    I'm total newbie at tcp/ip and I was experimenting with Wireshark. What this mean: 1824 578.194204 xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy UDP Source port: 17500 Destination port: 17500 In data I can see that my user pc name is sent (happily it's a generic name): does this mean someone is trying to hack my pc ?

    Read the article

  • How does Router know where to forward packet

    - by kornelijepetak
    If several computers with local addresses (192.168.0.#) are connected to a router and each computer opens a web browser and requests a page over HTTP, when these TCP:80 packets are sent out, the router switches the local address with the static IP of the router (i.e. Provider given IP) so the server can reply to the appropriate address. But how does the router know to which computer to forward the HTTP reply, since the TCP header does not contain the local IP address (does it?), and all computers are using port 80? Does this have anything to do with the MAC addresses? How exactly does this work?

    Read the article

  • What does this TCP Packet mean ?

    - by asksuperuser
    I'm total newbie at tcp/ip and I was experimenting with Wireshark. What this mean: 1824 578.194204 xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy UDP Source port: 17500 Destination port: 17500 In data I can see that my user pc name is sent (happily it's a generic name): does this mean someone is trying to hack my pc ?

    Read the article

  • [SOLVED] vmware problems - networking - no packet response

    - by jack
    XP is my host. Ubuntu is my Guest in VMware. When I do the following commands, I should get SMTP respones but now get no response. I use wireshark to analayze it. Also in wireshark shows nothing. root@vmware:~# netcat 192.168.1.2 25 220 762462a8c4d Microsoft ESMTP MAIL Service, Version: 6.0.2600.5949 ready at Fri, 12 May 2010 18:04:20 +0800 EHLO SAYHELLO VRFY TEST@LOCALHOST test \ sdfsafsd How can I fix it? UPDATE: I came to know that this is no VMWare problem. This is Netcat problem. For this, you might have to type Ctrl+M {ENTER} {ENTER}

    Read the article

  • hung up troubleshooting packet discards

    - by Chris Satola
    I realize my question is generic, but hopefully someone may have some guidance for me. My network consists of Cisco switches. I am seeing a significant amount (upwards of millions of packets per day) transmit drops between two switches. One being a 3750 and the other a 3560. The peak throughput of this link is only upper 400Mbps, so it shouldn't be a bandwidth issue. At this point, I am sort of clueless where to look or what tools I can use to determine what packets are dropping and why. I can setup a SPAN port on that link and wireshark it, but I don't know if that could tell me anything. Does anyone have any suggestions? Thanks in advance.

    Read the article

  • Forwarding wifi traffic to wired pc

    - by brydgesk
    I'm trying to play around with Wireshark on my home network, and was wondering if there is a way to create a new connection on my PC that receives all wifi packets on the network. The PC is a wired Windows 7 machine, and I'm using DD-WRT on an Asus RT-N16 router. I'm not trying to hack anything, I have full admin access to the router itself. My searching has led me to articles about client bridges and repeater bridges, but none of them seemed to apply entirely to my situation. I'd like to continue using my standard wifi connection, but make my PC act as a repeater that receives all wifi traffic. Again, the PC has no wireless connection. I've used tcpdump which is installed on the router itself, but I'd be more comfortable analyzing the packets in Windows, as I'm trying to learn Wireshark. Thanks

    Read the article

  • vmware problems - networking - no packet response

    - by jack
    XP is my host. Ubuntu is my Guest in VMware. When I do the following commands, I should get SMTP respones but now get no response. I use wireshark to analayze it. Also in wireshark shows nothing. root@vmware:~# netcat 192.168.1.2 25 220 762462a8c4d Microsoft ESMTP MAIL Service, Version: 6.0.2600.5949 ready at Fri, 12 May 2010 18:04:20 +0800 EHLO SAYHELLO VRFY TEST@LOCALHOST test \ sdfsafsd How can I fix it?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >