my connection to specific server fails and I cannot determine the reason.
I've looked into Wireshark for generated tcpdump file but I cannot conclude anything except that there are lot of ACK success messages.
https://github.com/veljkosbbb/tcpdump/raw/main/traffic.pcap
Can someone please give me the hint what is wrong with this connection? I cannot find any useful descriptive message that could clarify this issue.
Thank you!
Related
I want to program something, that's quite similar to a firewall, a firewall that only lets the request through if it's the second try from the same IP.
But in order to do that, i have to inspect the package header, without opening the tcp connection/stream and returning a ACK. The rust std library doesn't have any way, as far as i know, to do that.
So how could i refuse a connection depending on the IP in rust?
Any help would be appreciated
First off, there a similar question with the same issue here, but there is no answer, so I rewrote the question once again in more detail.
I am connected to an SMSC, and I noticed that there are a lot of messages are not delivered to us, we asked the SMSC to check the routing and it was fine, but SMSC noticed that there are too many connections established from your side to his side, although, we have one single connection only.
I was using NowSMS SMPP Client application to handle the connectivity, then, the SMSC asked me to change the application although I was thinking that NowSMS had no issues as I am using it 7 years ago, however, I asked NowSMS's team to investigate by opening a support ticket.
Later, I had to change NowSMS and install Kannel on a new Linux machine, after getting connected over Kannel to the SMSC, we got the same issue once again, and when I read all Kannel's logs, I found "System error (104): Connection reset by peer" which makes me, logically, to open a new connection with the SMSC. Accordingly, I suggested to have a live TCP trace from both sides at the same time, and I found the below packet in Wireshark trace file:
As you see, this is a RST/ACK from SMSC to me without requesting RST or anything from my side, and when I asked them why do you send RST/ACK or why do you RST the connection, I didn't get any useful answere, but they told me to read more about the RST/ACK and RST and I have no idea about networking, but when I read, I found that I had no control on RST connection as there was no requests from my side to the SMSC asking for the same. They always guid me to this post and what I see that it doesn't belong to me.
NOW: I just need to know what should I do or what should I ask whom about? As, I asked the Data Center's team about the same, and they confirmed that the VPN between me and the SMSC works normally without any exceptions. I believe, that there is no issue in application layer, but I cannot recognize the root of the issue.
P.S. Kannel's log file, and both TCP Trace file are here
Ask them to activate the Enquire link packet in order to drop inactive connections. It's clearly a problem from their side.
I am a student and today for a lab, we were asked to install and use Wireshark. The installation went well, I installed the correct version, installed WinPcap, and the program started without any issues.
I was connected to the University's Wifi and as part of our lab we had to visit http://www.cas.mcmaster.ca/~rzheng/course/CAS4C03W17/Labs/INTRO-wireshark-file1.html and answer questions about the data captured in Wireshark.
Problem is, I am not getting any get or post requests, filtering by http.request.method == "GET" shows nothing, and http.request.method == "POST" shows nothing as well. Filtering by http shows the 200 OK and 304 Not Modified (if I refresh).
I was the only one in my lab who had this problem, and my instructor wasn't able to figure it out. He saved and sent me his output which has Get and Post requests so I can continue my work.
Did anyone have this problem before or have any idea on how to solve it? I can upload the saved outputs if you think it would help. Thanks!
Capture sample looks like it's filtered, since it contains only packets sent to your PC IP address. What is missing:
There is not a single outgoing packet, despite they are obviously on the net. E.g. there are "TCP acknowledge" packets received by PC in capture file, but packets sent by PC, which are acknowledged by them, aren't shown.
Not a single incoming broadcast/multicast packet. This situation is possible, but not very likely.
So there is some trouble with sniffer setup on your site. Possible explanations:
accidentally configured capture filter (don't mix with display filter)
Some interfering software is installed. Example of the same complaint
Method to determine if issue is gone: apply !(ip.dst == YOUR_IP_ADDR) display filter and check if packets output isn't empty on visiting any web page. Possible plan of troubleshooting:
check capture filter
check different network card (e.g. non-wireless connection)
check wireshark operability in pure environment (e.g. liveUSB)
try removing suspected interfering software
when I type wget http://yahoo.com:80 on unix shell. Can some one explain me what exactly happens from entering the command to reaching the yahoo server. Thank you very much in advance.
RFC provide you with all the details you need and are not tied to a tool or OS.
Wget uses in your case HTTP, which bases on TCP, which in turn uses IP, then it depends on what you use, most of the time you will encounter Ethernet frames.
In order to understand what happens, I urge you to install Wireshark and have a look at the dissected frames, you will get an overview of what data belongs to which network layer. That is the most easy way to visualize and learn what happens. Beside this if you really like (irony) funny documents (/irony) have a look at the corresponding RFCs HTTP: 2616 for example, for the others have a look at the external links at the bottom of the wikipedia articles.
The program uses DNS to resolve the host name to an IP. The classic API call is gethostbyname although newer programs should use getaddrinfo to be IPv6 compatible.
Since you specify the port, the program can skip looking up the default port for http. But if you hadn't, it would try a getservbyname to look up the default port (then again, wget may just embed port 80).
The program uses the network API to connect to the remote host. This is done with socket and connect
The program writes an http request to the connection with a call to write
The program reads the http response with one or more calls to read.
i am using raw sockets to create my own socket. i need to set the tcp_checksum.
i have tried a lot of references but all are not working (i am using wireshark for testing).
could you help me please.
by the way, i read somewhere that if you set tcp_checksum=0. then the hardware will calculate the checksum automatically for you. is this true? i tried it, but in wireshark the tcp_checksum gives a value of 0X000 and says tcp offload. i also read about tcp offloading, and didn't understand, is it only that wireshark cannot check an offloaded tcp checksum, but there is a correct one??
EDIT: i realized that if you set tcpChecksum to 0, then the network card will set it and not the operating system. i was testing using wireshark and a virtual machine, so this explains why the checksum is 0x000 (since the packet is not even passing to the network card.)
but i am still curious about calculating the tcp_checksum manually... any help or links?
This article tries to explain how it's done.
Another place worth taking a look at is for Linux kernel sources, start from the file net/ipv4/tcp__ipv4.c