I am using an STM32F407VG which acts as a simple webserver. I have an html file on an sd card which is 1611 bytes. When I use a file thats below 1415 bytes the page loads fine on the web browser, but anything above that does not. So I was wondering is there any limitations on the number of bytes that can be written to the ethernet controller??
Thanks.
According to 802.3 ethernet standards you should be able to send 1500 (payload) size of MTU. This MTU is encapsulated inside ethernet header but lets not go there because this will get stripped off when the packet touches ethernet.
Ideally if you ping a hostname, the packet format should look like following: 1472 + 20 IP header + 8 ICMP header = 1500. But For me my home router adds another header called PPPoE and it looks like this: 1464 + 20 IP header + 8 ICMP header + 8 PPPoE header = 1500.
You can test it as well using following command:
Windows: ping hostname -f -l sizeofdata
BSD: ping -D -s sizeofdata hostname
Linux: ping -M do -s sizeofdata hostname
Now, for you its 1415, this you need to check what other application headers that are getting added. Also, DF bit is set or not, this could also cause a problem. The DF stands for "Don't Fragment" and packets larger than the MTU have to be fragmented to be transmitted.
Related
I used winpcap and I got errors on "pcap_sendpacket", I fragmented the packet in little IP packets with the size of the MTU and did not work even wireshark didnt show errors in the packets which I fragmented.
Now I have this question, Can windivert inject packets larger than MTU? I need to know that before try to disable the "large send offload", if I disable that will me be able to send packet with winpcap larger than MTU, and with windivert? Is the only way to solve this?.
Sometimes in my program I have to fordward packet which I receive in winpcap with a size of 2300 bytes and my MTU has 1500 and It fails. If i receive the packet with windivert and send it with windivert will I have errors? Is a solution to disable the LSO?.
Regards.
Now I have this question, Can windivert inject packets larger than MTU?
Yes you should be able to "inject" it. However, the packet may be dropped (IPv6) or fragmented (IPv4) by the network en route to the destination.
Background:
I am sending data by mina web socket (https://issues.apache.org/jira/browse/DIRMINA-907) which is already patched the buf issue..
I used to send the json message through the web socket around 50 bytes.. sometimes, it will goes up to 70 bytes...
The problem is:
at initial, the IOBuffer.capacity() is 2048 --> 2048 --> 1024 --> 1024 -> 512 -> 512 -> 256 -> 256 -> 128 -> 128 -> 64 -> 64 -> 64 -> 64
If the json message becomes 70 bytes. It will split into two message in messageReceived(IoSession session, Object message). Is there any way that i can solve this problem.
I can store the incomplete message, but it will raise another issue such as 2 json messages or 1 valid json message with 1 invalid json message.
Thanks.
I'm assuming you are using TCP with MINA. When a big message is sent over TCP it gets split into smaller chunks to fit into smaller packets. TCP makes sure that the packet data arrives in the correct order when it arrives at it's destination.
What's happening is that your JSON message gets split while being sent over the network. Even though it arrives at the destination in order, you need to put together the two chunks.
The MINA user guide has a good example of how to accomplish this, it should help you out. You can find it here
Finally, i solve it by adding
acceptor.getSessionConfig().setMinReadBufferSize(2048);
into my code.
Set the minimum read buffer to prevent the message split into 2 pieces..
I know that it is not a prefect solution. but my message won't larger than 2K.
jython234 suggested solution is not fit for my need.
I`m writing packet generator right now. Testing it with wireshark and VM. I have an exercise on my checklist to sent 3 packets in a row:
1. TCP on 80 port, with SYN=1 and MF=1 flags.
2. TCP on 135 port, with SYN=1 and MF=1 flags.
3. TCP on 80 port, with MF = 0 and offset = 24.
I`m sending all the packets with the same ID field on IP layer.So as I understand Wireshark should try to reassemble these packets.
But will it reassemble packets from different ports?And what should we get as final result?
All I get is 3 IPv4 packets.
http://cs625124.vk.me/v625124860/10bf5/BQFUbKT7zVs.jpg
Addition: I mentioned, that if I change offset of last TCP-packet to 16, than we got a bit different kind of traffic.:
We got one HTTP or continuos packet. And here is wrong checksum. I tried to copy correct checksum to the first TCP packet and then I got RST, so i think that WireShark interpreted SYN from 1-st packet:
http://s28.postimg.org/z3w7ibhjx/image.png
So could you please explain me, was the last result correct? I would appreciate any help. Sorry if it is something basic. It`s my first expirience of writing WinForm application and using Pcap.Net library too. Thanks in advance!Sorry for links, have no reputation(
First, a TCP session is defined by the tuple:
Side A's IP address.
Side A's Port.
Side B's IP address.
Side B's Port.
If you have packets with different tuples, they will not be part of the same TCP session.
You get a RST when the server closes the session.
It is likely the server doesn't like getting SYN packets from port 21 (FTP) to its port 80 (HTTP).
I'm sending out probe requests using scapy. It works perfectly fine on my desktop but when I send it out from scapy, using the exact same code, the packets arrive malformed. I'm watching them in wireshark.
The malformed one has a Logical-Link Control layer and the bits are all just out of order. I don't really know how else to put it. The source and destination mac addresses are both offset by a few bits. The packet is twice as large, I'm just really baffled.
For example
in scapy, my destination address is "aa:bb:cc:dd:ee:ff"
In the packet capture, the destination is "00:00:00:aa:bb:cc"
EDIT:
The packets show up fine on my laptop in wireshark, but in wireshark on my desktop is where there is an issue.
sendp(Dot11(addr1=dest,
addr2=source,
addr3=source)/
Dot11ProbeReq()/
Dot11Elt(ID="SSID",info='test')/
Dot11Elt(ID="Rates", info='\x02\x04\x0b\x16\x0c\x12\x18$')/
Dot11Elt(ID="ESRates", info='0H`l')/
Dot11Elt(ID="DSset", info='\x06'),
iface='wlan0', count=3)
EDIT: I believe the issue is because scapy is sending the wrong type/subtype.
The packet should have
Type/subtype: Probe Request (0x04)
but the packet in wireshark displays
Type/subtype: Data (0x20)
Monitor mode was not initiated correctly. The packets became malformed when not sent over a monitor interface.
try
sendp(RadioTap()/
Dot11(addr1=dest,
addr2=source,
addr3=source)/
Dot11ProbeReq()/
Dot11Elt(ID="SSID",info='test')/
Dot11Elt(ID="Rates", info='\x02\x04\x0b\x16\x0c\x12\x18$')/
Dot11Elt(ID="ESRates", info='0H`l')/
Dot11Elt(ID="DSset", info='\x06'),
iface='wlan0', count=3)
I am most likely missing something here, but the PCAP specification does not show the sender IP address and PORT of the packet captured.
Is there a way that I can know who sent the packet in the PCAP file?
http://wiki.wireshark.org/Development/LibpcapFileFormat
As per what EJP said, you will have to parse the packet data yourself. See the tcpdump.org link-layer header type page for a list of the values for the network field in the file header and the corresponding format of the headers at the beginning of the packet data.
You need to look at those headers to determine whether the packet is an IP packet; if it is, then you need to parse the IPv4 or IPv6 header (depending on whether the headers indicate that it's an IPv4 or IPv6 packet, or, alternatively, on whether the "version" field in the header is 4 or 6 - the "version" field appears in the same location in the IPv4 and IPv6 header; for LINKTYPE_RAW, you would have to look at the "version" field, as there are no headers in front of the IPv4 or IPv6 header) to find the source IP address. See RFC 791 for the form of the IPv4 header; see RFC 2460 for the form of the IPv6 header.
If you want port numbers, you will have to check the "Protocol" field of the IPv4 header, or check the "Next header" field of the IPv6 header and handle extension headers, to determine what protocol is being carried on top of IP. See the IANA Protocol Numbers registry for the values of that field; TCP is 6 and UDP is 17. If the protocol is TCP, see RFC 793 for the format of the TCP header; if the protocol is UDP, see RFC 768 for the format of the UDP header.
Or you might want to use an existing packet parsing library, such as libtrace for C or C++ or other libraries for other languages (I think they may exist for Perl, Python, C#, and Java, for example), as that may let you avoid doing a lot of the above.
(For that matter, you shouldn't need to be looking at the pcap format specification; you should be using libpcap/WinPcap to read the pcap file, as that also means your program may be able to read some pcap-ng files as well, if it's using a sufficiently recent version of libpcap.)
The packet origin is in the IP packet itself. So it doesn't need to be in the PCap headers as well.
I was able to get the IP address and port numbers of both source and destination endpoints using the below Github example:
https://github.com/arisath/Pcap-dissection/blob/master/PcapDissector.java