every ping get responded by local address - networking

I was trying to ping some websites from my laptop but every time i got response from my wifi router.
But When I Connect My Cellphone with the same router ping and other thing works fine.
By pinging Google (from my laptop) I got the following output:
PING google.com.ib-wrb304n.setup.in (192.168.2.1) 56(84) bytes of data.
64 bytes from _gateway (192.168.2.1): icmp_seq=1 ttl=64 time=3.10 ms
64 bytes from _gateway (192.168.2.1): icmp_seq=2 ttl=64 time=8.29 ms
64 bytes from _gateway (192.168.2.1): icmp_seq=3 ttl=64 time=11.9 ms
64 bytes from _gateway (192.168.2.1): icmp_seq=4 ttl=64 time=8.54 ms
64 bytes from _gateway (192.168.2.1): icmp_seq=5 ttl=64 time=8.56 ms
64 bytes from _gateway (192.168.2.1): icmp_seq=6 ttl=64 time=7.82 ms
64 bytes from _gateway (192.168.2.1): icmp_seq=7 ttl=64 time=8.52 ms
64 bytes from _gateway (192.168.2.1): icmp_seq=8 ttl=64 time=8.42 ms
64 bytes from _gateway (192.168.2.1): icmp_seq=9 ttl=64 time=8.45 ms
also all apt requests failing due to this.
but if i connect my laptop to my cellphone's wifi it works fine.
i've tried reinstalling my os also by downloading fresh iso files.
But Nothing Seems To Work


It looks like it has no GW, so it arps for Google, the router replies with it's MAC via proxy ARP, and then to the pings. Check your config, arp cache and ISP.


Basically, if you clear the arp cache and then ping google, only the GW ARP entry should re-appear. (first close your browser and all other connections, of course) EXAMPLE:
Mac_3.2.57$sudo arp -d -a
10.0.0.14 (10.0.0.14) deleted
10.0.0.229 (10.0.0.229) deleted
10.0.0.255 (10.0.0.255) deleted
224.0.0.251 (224.0.0.251) deleted
239.255.255.250 (239.255.255.250) deleted
Mac_3.2.57$arp -a
Mac_3.2.57$ping google.com
PING google.com (172.217.165.142): 56 data bytes
64 bytes from 172.217.165.142: icmp_seq=0 ttl=57 time=20.942 ms
64 bytes from 172.217.165.142: icmp_seq=1 ttl=57 time=21.516 ms
64 bytes from 172.217.165.142: icmp_seq=2 ttl=57 time=20.725 ms
64 bytes from 172.217.165.142: icmp_seq=3 ttl=57 time=19.750 ms
^C
--- google.com ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 19.750/20.733/21.516/0.637 ms
Mac_3.2.57$arp -a
? (10.0.0.1) at 5c:76:95:eb:28:43 on en0 ifscope [ethernet]
Mac_3.2.57$

Related

AWS Site-To-Site: able to ping from AWS to on-prem, but from on-prem to AWS not working

I haven't been able to solve this problem for a few days, I've followed millions of tutorials online but I couldn't find anything about it.
I have an EC2 instance that has as private ip: 172.31.27.40.
I have only one VPC (the default one, with 3 subnets).
This is my SG:
On prem I have ip address (public): 1.2.3.4.
I created a customer-gateway (with on-prem public ip), a virtual-private-gateway (to which I attached the vpc) and the site-to-site connection.
My 2 tunnels are UP , in Static-Routes I added 192.168.0.0/24 (my on prem subnet).
I am using the aws-updown.sh script in the ipsec configuration.
My ipsec config:
conn Tunnel1
auto=start
left=%defaultroute
leftid=1.2.3.4
right=(Outside IP address Tunn1)
type=tunnel
leftauth=psk
rightauth=psk
keyexchange=ikev1
ike=aes128-sha1-modp1024
ikelifetime=8h
esp=aes128-sha1-modp1024
lifetime=1h
keyingtries=%forever
leftsubnet=192.168.0.0/24
rightsubnet=172.31.0.0/16
dpddelay=10s
dpdtimeout=30s
dpdaction=restart
## Please note the following line assumes you only have two tunnels in your Strongswan configuration file. This "mark" value must be unique and may need to be changed based on other entries in your configuration file.
mark=499
## Uncomment the following line to utilize the script from the "Automated Tunnel Healhcheck and Failover" section. Ensure that the integer after "-m" matches the "mark" value above, and <VPC CIDR> is replaced with the CIDR of your VPC
## (e.g. 192.168.1.0/24)
leftupdown="/usr/local/sbin/ipsec-notify.sh -ln Tunnel1 -ll *******/30 -lr ******/30 -m 499 -r 172.31.0.0/16"
This is my route table:
From EC2:
[root#ip-***** ec2-user]# ping 192.168.0.58
PING 192.168.0.58 (192.168.0.58) 56(84) bytes of data.
64 bytes from 192.168.0.58: icmp_seq=1 ttl=64 time=7.82 ms
64 bytes from 192.168.0.58: icmp_seq=2 ttl=64 time=7.84 ms
64 bytes from 192.168.0.58: icmp_seq=3 ttl=64 time=7.76 ms
64 bytes from 192.168.0.58: icmp_seq=4 ttl=64 time=10.8 ms
From On prem:
root#****:/home/utente# ping 172.31.27.40
PING 172.31.27.40 (172.31.27.40) 56(84) bytes of data.
From 169.254.**** icmp_seq=1 Destination Host Unreachable
From 169.254.**** icmp_seq=2 Destination Host Unreachable
From 169.254.**** icmp_seq=3 Destination Host Unreachable
From 169.254.**** icmp_seq=4 Destination Host Unreachable
Can you help me?

Curl (56) Recv failure: Connection reset by peer [TCP Retransmission]

Network topology
PC1:
Env: Centos 8.2 Linux compute-31 4.18.0-240.22.1.el8_3.x86_64 #1 SMP Thu Apr 8 19:01:30 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
IP: 10.0.0.31
ping is ok
[root#compute-31 ~]# ping 10.10.10.82
PING 10.10.10.82 (10.10.10.82) 56(84) bytes of data.
64 bytes from 10.10.10.82: icmp_seq=1 ttl=63 time=0.741 ms
From 10.0.0.1: icmp_seq=2 Redirect Host(New nexthop: 10.0.0.210)
64 bytes from 10.10.10.82: icmp_seq=2 ttl=63 time=0.404 ms
64 bytes from 10.10.10.82: icmp_seq=3 ttl=63 time=0.429 ms
64 bytes from 10.10.10.82: icmp_seq=4 ttl=63 time=0.389 ms
64 bytes from 10.10.10.82: icmp_seq=5 ttl=63 time=0.412 ms
^C
--- 10.10.10.82 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 133ms
rtt min/avg/max/mdev = 0.389/0.475/0.741/0.133 ms
telnet is ok
[root#10.0.0.31 ~]# telnet 10.10.10.82 9100
Trying 10.10.10.82...
Connected to 10.10.10.82.
Escape character is '^]'.
curl is not ok
[root#10.0.0.31 ~]# curl -v http://10.10.10.82:9100/metrics
* Trying 10.10.10.82...
* TCP_NODELAY set
* Connected to 10.10.10.82 (10.10.10.82) port 9100 (#0)
> GET /metrics HTTP/1.1
> Host: 10.10.10.82:9100
> User-Agent: curl/7.61.1
> Accept: */*
>
* Recv failure: Connection reset by peer
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer
traceroute is ok
[root#10.0.0.31 ~]# traceroute -n -I 10.10.10.82
traceroute to 10.10.10.82 (10.10.10.82), 30 hops max, 60 byte packets
1 10.0.0.1 0.172 ms 0.151 ms 0.146 ms
2 10.0.0.210 0.209 ms 0.289 ms 0.268 ms
3 10.10.10.82 0.600 ms 0.582 ms 0.590 ms
PC2:
Env: Windows 10
IP: 10.0.10.6
curl is ok
C:\Users\Jeffery>curl 10.10.10.82:9100/metrics
# HELP go_gc_duration_seconds A summary of the pause duration of garbage collection cycles.
# TYPE go_gc_duration_seconds summary
go_gc_duration_seconds{quantile="0"} 7.228e-06
go_gc_duration_seconds{quantile="0.25"} 8.679e-06
go_gc_duration_seconds{quantile="0.5"} 1.0364e-05
go_gc_duration_seconds{quantile="0.75"} 1.2266e-05
go_gc_duration_seconds{quantile="1"} 0.000641901
go_gc_duration_seconds_sum 0.139410267
go_gc_duration_seconds_count 11244
TRY1:
In the PC1(10.0.0.31), Change the route path to 10.0.0.210 ->10.10.10.82 by add new route route add -net 10.10.10.0 netmask 255.255.255.0 gw 10.0.0.210, problem solved! But why? What happend to 10.0.0.1?
PS: The old path is 10.0.0.1 ->10.0.0.210 -> 10.10.10.82
TRY2:
I found somethings in tcpdump, but I didn't find what caused it.
[root#10.0.0.31 ~]# tcpdump -n -i eno2 host 10.0.0.31 and 10.10.10.82 -w tcpdum.10.0.0.31

nc: connectx to 10.167.71.255 port 9000 (tcp) failed: Permission denied

I am trying to do some simple testing. I have the following simple program taken directly from https://docs.python.org/2/library/simplehttpserver.html
import SimpleHTTPServer
import SocketServer
import sys
address = sys.argv[1]
port = int(sys.argv[2])
Handler = SimpleHTTPServer.SimpleHTTPRequestHandler
httpd = SocketServer.TCPServer((address, port), Handler)
print "serving at port", port
httpd.serve_forever()
I run it as follows
$ python run-server.py 10.167.71.255 9000
serving at port 9000
but when I try to test the connection using nc on the same host I get below error:
$ nc -zv 10.167.71.255 9000
nc: connectx to 10.167.71.255 port 9000 (tcp) failed: Permission denied
also see below:
$ ping 10.167.71.255
PING 10.167.71.255 (10.167.71.255): 56 data bytes
64 bytes from 10.167.64.1: icmp_seq=0 ttl=64 time=10.039 ms
64 bytes from 10.167.71.230: icmp_seq=0 ttl=64 time=17.371 ms
64 bytes from 10.167.64.54: icmp_seq=0 ttl=64 time=20.518 ms
64 bytes from 10.167.66.7: icmp_seq=0 ttl=64 time=53.512 ms
64 bytes from 10.167.64.61: icmp_seq=0 ttl=64 time=63.255 ms
64 bytes from 10.167.70.222: icmp_seq=0 ttl=64 time=79.729 ms
64 bytes from 10.167.71.226: icmp_seq=0 ttl=64 time=82.209 ms
64 bytes from 10.167.64.1: icmp_seq=1 ttl=64 time=9.517 ms
64 bytes from 10.167.71.230: icmp_seq=1 ttl=64 time=51.154 ms
64 bytes from 10.167.64.54: icmp_seq=1 ttl=64 time=63.806 ms
64 bytes from 10.167.66.7: icmp_seq=1 ttl=64 time=69.370 ms
64 bytes from 10.167.64.61: icmp_seq=1 ttl=64 time=76.288 ms
64 bytes from 10.167.70.222: icmp_seq=1 ttl=64 time=92.728 ms
64 bytes from 10.167.71.226: icmp_seq=1 ttl=64 time=95.862 ms
64 bytes from 10.167.64.1: icmp_seq=2 ttl=64 time=12.934 ms
64 bytes from 10.167.71.230: icmp_seq=2 ttl=64 time=12.963 ms
64 bytes from 10.167.66.7: icmp_seq=2 ttl=64 time=92.860 ms
64 bytes from 10.167.64.61: icmp_seq=2 ttl=64 time=96.639 ms
64 bytes from 10.167.64.54: icmp_seq=2 ttl=64 time=109.596 ms
64 bytes from 10.167.70.222: icmp_seq=2 ttl=64 time=115.139 ms
64 bytes from 10.167.71.226: icmp_seq=2 ttl=64 time=117.198 ms
64 bytes from 10.167.64.1: icmp_seq=3 ttl=64 time=10.212 ms
64 bytes from 10.167.66.7: icmp_seq=3 ttl=64 time=11.361 ms
64 bytes from 10.167.70.222: icmp_seq=3 ttl=64 time=12.489 ms
64 bytes from 10.167.71.229: icmp_seq=2 ttl=64 time=1015.966 ms
64 bytes from 10.167.71.229: icmp_seq=3 ttl=64 time=12.709 ms
^C
--- 10.167.71.255 ping statistics ---
4 packets transmitted, 4 packets received, +22 duplicates, 0.0% packet loss
round-trip min/avg/max/stddev = 9.517/92.516/1015.966/188.465 ms

The problem here was that 10.167.71.255 was the broadcast address not the IP address. But the server did not throw any error listening to broadcast address.

localhost:8000 resolves to localhost and "this site can't be reached" but localhost:8000/services works

When I enter localhost:8000 in my Chrome browser, it redirects to localhost and gives me the ol' "This site can’t be reached - localhost refused to connect."
Going to localhost:8000/wp-admin and localhost:8000/services both work fine.
I am using Docker-Wordpress-Compose.
Here is my hosts file:
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
Here is what I get when I ping localhost
PING localhost (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.042 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.013 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.038 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.057 ms
64 bytes from 127.0.0.1: icmp_seq=4 ttl=64 time=0.049 ms
And when I ping localhost:8000
ping: cannot resolve localhost:8000: Unknown host

First do a netstat -pluton to show your open ports, if you don't see your 8000 port maybe it's because you didn't open it with run -d --link database:database -p 8000:8080 wordpress, did you try with localhost:8000/wordpress ? And check in your apache2.conf if you're allowed to connect.

Problem with pinging broadcast address

When I try to ping the broadcast address on my LAN, it shows ICMP replies from only 3 hosts, everytime, even though there many hosts connected to the LAN.
For the broadcast address, I did
$ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:1b:38:09:0b:26
inet addr:172.30.120.152 Bcast:172.30.127.255 Mask:255.255.248.0
inet6 addr: fe80::21b:38ff:fe09:b26/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:831096 errors:0 dropped:0 overruns:0 frame:0
TX packets:13022 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:66620362 (66.6 MB) TX bytes:3099025 (3.0 MB)
Interrupt:21 Base address:0x2000
I used the Bcast addr 172.30.127.255 to ping everyone...
$ping -b 172.30.127.255
WARNING: pinging broadcast address
PING 172.30.127.255 (172.30.127.255) 56(84) bytes of data.
64 bytes from 172.30.120.1: icmp_seq=1 ttl=255 time=0.809 ms
64 bytes from 172.30.120.62: icmp_seq=1 ttl=64 time=1.06 ms (DUP!)
64 bytes from 172.30.120.50: icmp_seq=1 ttl=255 time=3.97 ms (DUP!)
64 bytes from 172.30.120.1: icmp_seq=2 ttl=255 time=0.364 ms
64 bytes from 172.30.120.62: icmp_seq=2 ttl=64 time=0.412 ms (DUP!)
64 bytes from 172.30.120.50: icmp_seq=2 ttl=255 time=1.48 ms (DUP!)
64 bytes from 172.30.120.1: icmp_seq=3 ttl=255 time=0.452 ms
64 bytes from 172.30.120.62: icmp_seq=3 ttl=64 time=0.506 ms (DUP!)
64 bytes from 172.30.120.50: icmp_seq=3 ttl=255 time=1.64 ms (DUP!)
Why is that only 3 hosts respond to my ping. Is this bcast address given by ifconfig not the one to be used?
I think this might be the reason why I am not able to carry out an amplification attack on a system on my LAN. I injected ICMP-echo packets with spoofed source address of my friend's host
and sent it to this broadcast address, and was disappointed to see that his bandwidth was not affected...
Kindly explain...

Some hosts simply don't respond to broadcast pings (for example, Windows is configured by default this way).

Because in example some implementations work by sending the broadcast to the preferred interface, not all of them. You need a relay to send to all interfaces. You may consider reading the RFC 919

Resources