I'm doing research on bigdata. For that, I have developed a network with several nodes exchanging UDP unicast and multicast packets. There are UDP packets with 33792 bytes and Ack packets with 37 bytes. MTU is set to 1500. Everything works fine for a little, lets say 300 to 5000 packets exchanged. Then suddenly some machine receives the packet (I can see it with tcmpdump -i any -vvv -XX -e -s 64 > dump.txt 2>&1). But the application socket doesn't receive it (select doesn't wake up).
I'm using IPv4 sockets with TTL set to 1, i.e. Local network.
After nights trying to solve I end up setting:
sudo sysctl -w net.core.wmem_max=134217728
sudo sysctl -w net.core.rmem_max=134217728
sudo sysctl -w net.ipv4.udp_mem=1638400 1638400 1638400
sudo sysctl -w net.core.somaxconn=4096
sudo sysctl -w net.core.netdev_max_backlog=262144
sudo sysctl -w net.core.optmem_max=134217728
sudo sysctl -w net.ipv4.udp_rmem_min=65535
sudo sysctl -w net.ipv4.udp_wmem_min=65535
The client sockets set SO_SNDBUF to 134217728 (128 M), and server socket sets SO_RCVBUF to same value.
But looks like still haven't solved the problem. Any thoughts??? .... TIA
Actually it seems it solved the problem. Anyone wanting to in details (advantages/disadvantages/tradeoffs) the sysctl values I set is very welcome tough.
You have to join the multicast group to reliably receive multicast packets.
On UN*X this is done with something like
struct ip_mreq mreq;
setsockopt(s, IPPROTO_IP, IP_ADD_MEMBERSHIP, &mreq, sizeof(mreq));
The pitfall is that if something is not set up correctly (or does not work properly, e.g. a switch) you will be able to receive multicast traffic for some time, and then, out of a sudden, it stops. So when you receive packets you 'cannot' draw the conclusion "everything is ok".
Also: All the potentially transparent infrastructure in your network (e.g. level 2 switches == normal switches) need to support the IGMP version your OS is using.
Related
I have a system with arch linux running OVS. I also have a controller running in the same box. I have the following setup:-
ovs-vsctl set-controller br-int tcp:192.168.1.201:6633
I was hoping to use tshark( tshark 2.2.8) to capture the openflow using the following command:-
sudo tshark -i br-int -d tcp.port==6633,openflow -O openflow_v4
it dumps all the all the flows that is flowing in the system but no packetIn openflow messages. I did confirm packetIn message was received by the controller. ( pasting the last few lines:-)
EVENT ofp_event->EventOFPPacketIn
packet in 1237689849893337 b8:27:xx:xx:yy:yy:zz ff:ff:ff:ff:ff:ff:3
I also understand from the tshark document that by default it uses the port 6653 for openflow.
tshark -G decodes | grep -i openflow
tcp.port 6653 openflow
However I was in the impression that I can still look for openflow traffic by using the following capture command:-
https://wiki.wireshark.org/OpenFlow
tshark tcp port 6633
This also doesn't work as no events are captured though I can see the controller receiving lots of events..
would greatly appreciate any help here.
My guess would be that you're not listening on the correct interface. Try the following:
sudo tshark -i any -d tcp.port==6633,openflow -O openflow_v4
If that doesn't work, it's possible your controller and switch are not communicating using OpenFlow 1.3. To make sure you see everything, try:
sudo tshark -i any -d tcp.port==6633
Details. Unless there's something particular in your setup, packets from Open vSwitch to the controller and back do not go through the bridge. Since both ends of the communication are on the same host, packets are probably going through the loopback interface:
sudo tshark -i lo -d tcp.port==6633
I was able to reproduce your setup and issue to confirm my answer with Open vSwitch 2.5.2 and Floodlight (master branch). I can see packets passing through on the loopback interface with both tcpdump and tshark.
I have a Raspberry PI and a Wi-Pi wireless dongle.
I want to connect the PI to the computer using Remote Desktop Connection via wireless.
But I'm not sure how to get the IP of the Raspberry (without having access to the router), that I need to connect to it.
Now I get into router's page and see what IP it assigned to the pi, and use it to connect
But my goal is to be able to use it on the "field", using the phone's "internet sharing" option, to connect the PI and laptop to it, and then connect to pi from the laptop.
How can I get the IP address that the phone gave to the PI?
You could make your Raspberry Pi speak its IP-address, like described here.
First, install the espeak package:
$ sudo apt-get install espeak
Then, create a init script:
$ sudo vi /etc/init.d/sayIPbs
Paste the following content into it:
#! /bin/sh
# /etc/init.d/sayIPbs
## Some things that run always
# Carry out specific functions when asked to by the system
case "$1" in start)
echo "Starting script sayIPbs "
sleep 5
public=`curl ifconfig.me`
private=`hostname -I`
string="public address is $public and private address is $private"
echo $string | espeak -s 120 -v en-uk
sleep 2
echo $string | espeak -s 120 -v en-uk
;; stop)
echo "Stopping script sayIPbs"
;; *)
echo "Usage: /etc/init.d/sayIPbs {start|stop}"
exit 1
;;esac
exit 0
Finally, issue these commands:
$ cd /etc/init.d
$ sudo chmod a+x sayIPbs
$ sudo update-rc.d -f sayIPbs defaults
$ sudo reboot
Plug in some headphones and listen to the ip address which will be read out at the end of the boot process.
You should configure your raspy to have always the same ip address. Try to edit your interfaces.man file with nano or cat command with your own parameters as shown below. Remember to reboot after editing:
pi#raspberrypi ~ $ cat /etc/network/interfaces.man
auto lo
iface lo inet loopback
iface eth0 inet static
address 192.168.1.69
netmask 255.255.255.0
gateway 192.168.1.1
auto wlan0
allow-hotplug wlan0
iface wlan0 inet static
address 192.168.1.67
netmask 255.255.255.0
gateway 192.168.1.1
wpa-passphrase password
wpa-ssid myssid
I found that I can use nmap to "scan" the network for connected devices, and it will give me a list of devices and their assigned IP.
And since there's max 3 devices connected, the list is short and easy to read.
nmap -sP 192.168.1.1/24
Using just a button and an LED, I have written a script that gets the IP address of the Raspberry pi, and then blinks the LED repeatedly to show the IP address of the Raspberry Pi. I just count the blinks, note them down on paper, and then I have the IP address. It seems silly, but works with Just 2 I/O pins.
Use static IP on you pi by editing on /etc/network/interfaces. but, on the other way, you can also install network scanner on your phone.
Bit late answer, but I had similar issue intitially. Solved my problem in the following way:
Use the Unix terminal commands to identify the IP and the MAC address of wi-fi or ethernet port (ifconfig)
set up your router to always allocate a address to these respective network connections. use range outside what would be automatically generated with DHCP
Whenever you connect that raspberry Pi to your network it will automatically be allocated that address. I also put sticker on the pi with the mac and IP address. Especially useful if you are running it without screen and keyboard.
This question is following this one: Sockets working in openSUSE do not work in Debian?
When working with sockets on my Debian system, I have to use nc -l -p port_number to simulate the server I want to talk with. If I'm using nc -l port_number, it will fail when using the socket connect function and strerror(errno) will say "Connection refused".
Netcat without -p option is working great on other Linux distributions, what should I change on my configuration?
Do not adjust your set. There are multiple implementations of netcat out there; not all of them behave the same.
In particular, the "traditional" version of netcat, which is probably what you have installed on your Debian system, will end up doing something totally unexpected if you omit the -p ("port") flag: it will end up treating the last argument as a hostname, pass it to inet_aton(), which will convert it to a nonsensical IP address (e.g, 1234 will become 0.0.4.210), and will then proceed to ignore that IP address and listen on a socket with an automatically assigned (probably random) port number.
This behavior is obviously silly, so some other implementations of netcat will assume you meant -p. The one you're using doesn't, though, so pass the -p option.
I agree with duskwuff that it is better to just use the -p option everywhere, but to answer your question:
The one thing you have to do is install a netcat that supports the syntax you want. I know the netcat-openbsd package supports it. I know the netcat-traditional package does not. There's also a netcat6 package, which also doesn't. You can then explicitly request the OpenBSD version of netcat like so:
nc.openbsd -l 4242
Optionally you may use the alternatives system to set this version of netcat to run when you issue the nc command:
update-alternatives --set nc /bin/nc.openbsd
This will be done automatically for you if this is the only netcat you've installed.
Finally, you may, again optionally, remove the netcat you don't like (netcat-traditional or netcat6).
I have a list of remote machines in a text files. Can I know their MAC addresses using nmap ?
If you're using nmap, MAC addresses are only available if you're on the same network segment as the target. Newer versions of nmap will only show the MAC address to you if you're running as root.
i.e.:
sudo nmap -sP -n 192.168.0.0/24
Use snmp-interfaces.nse nmap script (written in lua) to get the MAC address of remote machine like this:
nmap -sU -p 161 -T4 -d -v -n -Pn --script snmp-interfaces 80.234.33.182
Completed NSE at 13:25, 2.69s elapsed
Nmap scan report for 80.234.33.182
Host is up, received user-set (0.078s latency).
Scanned at 2014-08-22 13:25:29 Арабское время (зима) for 3s
PORT STATE SERVICE REASON
161/udp open snmp udp-response
| snmp-interfaces:
| eth
| MAC address: 00:50:60:03:81:c9 (Tandberg Telecom AS)
| Type: ethernetCsmacd Speed: 10 Mbps
| Status: up
| Traffic stats: 1.27 Gb sent, 53.91 Mb received
| lo
| Type: softwareLoopback Speed: 0 Kbps
| Status: up
|_ Traffic stats: 4.10 Kb sent, 4.10 Kb received
In current releases of nmap you can use:
sudo nmap -sn 192.168.0.*
This will print the MAC addresses of all available hosts. Of course provide your own network, subnet and host id's.
Further explanation can be found here.
Some scripts give you what you're looking for. If the nodes are running Samba or Windows, nbstat.nse will show you the MAC address and vendor.
sudo nmap -sU -script=nbstat.nse -p137 --open 172.192.10.0/23 -oX 172.192.10.0.xml | grep MAC * | awk -F";" {'print $4'}
if $ ping -c 1 192.168.x.x
returns
1 packets transmitted, 1 received, 0% packet loss, time ###ms
then you could possibly return the MAC address with arping, but ARP only works on your local network, not across the internet.
$ arping -c 1 192.168.x.x
ARPING 192.168.x.x from 192.168.x.x wlan0
Unicast reply from 192.168.x.x [AA:BB:CC:##:##:##] 192.772ms
Sent 1 probes (1 broadcast(s))
Received 1 response(s)
finally you could use the AA:BB:CC with the colons removed to identify a device from its vendor ID, for example.
$ grep -i '709E29' /usr/local/share/nmap/nmap-mac-prefixes
709E29 Sony Interactive Entertainment
nmap can discover the MAC address of a remote target only if
the target is on the same link as the machine nmap runs on, or
the target leaks this information through SNMP, NetBIOS etc.
Another possibility comes with IPv6 if the target uses EUI-64 identifiers, then the MAC address can be deduced from the IP address.
Apart from the above possibilities, there is no reliable way to obtain the MAC address of a remote target with network scanning techniques.
Yes, remember using root account.
=======================================
qq#peliosis:~$ sudo nmap -sP -n xxx.xxx.xxx
Starting Nmap 6.00 ( http://nmap.org ) at 2016-06-24 16:45 CST
Nmap scan report for xxx.xxx.xxx
Host is up (0.0014s latency).
MAC Address: 00:13:D4:0F:F0:C1 (Asustek Computer)
Nmap done: 1 IP address (1 host up) scanned in 0.04 seconds
I'm not cool enough to be able to comment on a post.
so I guess I need to make a new post.
However the above recommendation of
"sudo nmap -sn 192.168.0.0/24"
is the best quickest method to get the all the MACs for the IPs on your
local network/vlan/subnet
What the OP doesnt mention, is the only way to get the MAC address
this way, you MUST use sudo(or other super user privs i.e. windows admin)
the command
nmap -sn 192.168.0.0/24 will discover hosts on your network, however will not return the MACs as you are not in SU mode of operation.
Just the standard scan will return the MAC.
nmap -sS target
With the recent version of nmap 6.40, it will automatically show you the MAC address. example:
nmap 192.168.0.1-255
this command will scan your network from 192.168.0.1 to 255 and will display the hosts with their MAC address on your network.
in case you want to display the mac address for a single client, use this command make sure you are on root or use "sudo"
sudo nmap -Pn 192.168.0.1
this command will display the host MAC address and the open ports.
hope that is helpful.
Not using nmap... but this is an alternative...
arp -n|grep -i B0:D3:93|awk '{print $1}'
I'm trying to capture packets from my iPhone app. It does not use HTTP to communicate, but a custom protocol to connect with my server. I can not use Paros to monitor the packets sent.
Is it possible to proxy the date through wireshark just like you can with Paros for http?
You can't proxy the data through Wireshark, per se; the problem is to have Wireshark running somewhere where it can see the traffic passing by. (If you had command line only, you could run tcpdump and capture packets, and then load the dump file into Wireshark somewhere else that had a UI.)
Are you on a Mac? If so, plug your mac into ethernet so that it has an internet connection (or connection to your server, anyway). Then share your Mac's internet connection over its wifi. Connect to this wifi point using your iPhone. Run Wireshark on the Mac (promiscuous mode enabled), then use your iPhone app and watch Wireshark. No need to mess around with servers or forwarding X11 connections! You could do something very similar with a Windows PC too.
The best solution that works:
Connect your device thru USB and type these commands:
rvictl -s UDID (UDID = id of device, 32 chars, you can locate it in iTunes or 'Devices & Simulators' in Xcode)
sudo launchctl list com.apple.rpmuxd
sudo tcpdump -n -t -i rvi0 -q tcp
OR just sudo tcpdump -i rvi0 -n
If rvictl is not working install Xcode (or see -bash : rvictl: command not found, Mac book pro OS X 10.7.5 & Xcode 4.6)
For more info:
Remote Virtual Interface
http://useyourloaf.com/blog/2012/02/07/remote-packet-capture-for-ios-devices.html
Run wireshark on the server - you'll see the traffic there.