I have an RFID receiver that constantly sends UDP packets to port 5757. When connected over ethernet to my desktop, all packets are received and valid (confirmed with Wireshark), and there is no issue. When I connect the receiver via ethernet to my laptop, not one UDP packet is received.
Things I have tried:
I have connected the laptop to the desktop over ethernet, and have sent UDP packets via netcat in both directions. Netcat has no issues with sending/receiving the data.
I've also captured and saved the RFID UDP packets on the desktop, and played them back using bittwist, first on the desktop, and had no issues capturing them in Wireshark(desktop). Then I copied the saved packets over to the laptop, played them back using bittwist, and had zero UDP packets captured in Wireshark(laptop).
Finally, I updated the ethernet driver and had the same results.
Any help would be greatly appreciated.
Related
When broadcasting in a wireless environment, does the packet spread through the AP? or directly from the device?
I installed an AP that was not connected to the Internet and connected the devices to the AP. And one device sent a broadcast packet.
The broadcast packets were successfully transmitted.
By the way, when I connected the lan line directly to the AP and watched nic with wireshark, I could see that the above packets were caught.
If the device connected to the AP sends a broadcast message, will this message be spilled directly from the device's nic, or is it going through the AP and messaging the AP?
Suppose we have a WiFi network with one AP, and two clients (A and B). If Client A wants to send a packet of any kind to Client B, that traffic goes through the AP first.
The AP is functionally equivalent to an Ethernet switch, where Client A and Client B are connected to different ports, even if they're located in the same room as each other. The data must flow to the switch first. There, the switch will inspect the destination MAC address and forward the packet on to whatever port(s) it should go to.
In the WiFi case, the client sends packets to the AP. The AP inspects the packet and sees that its destined for the BSSID (functionally equivalent to the Ethernet MAC address) of another client. So, the AP transmits that packet so that the other client can receive it. If the packet is addressed to something on the connected Ethernet, then the packet goes out as an Ethernet packet.
In the case of a UDP broadcast, the target MAC/BSSID address is FF:FF:FF:FF:FF:FF. It still goes through the AP though. The AP receives this packet from Client A and then reransmits it to all clients while also sending it out any connected Ethernet.
Trying to reverse an engineer a program that communicates with a device through a COM PORT. From monitoring the program, it sends 4 bytes of 0x00 and then the device replies back with the same and switches to flash mode. When I send the same bytes, the device does not respond, and in fact, no matter what I send, the serial port monitor says 0x00 is being written.
I've tried several different com port monitors, tried several different baud rates, flush com port before sending the command. Nothing seems to work. What could cause this type of issue?
no matter what I send, the serial port monitor says 0x00
From what you describe it seems like the serial sniffer you use is faulty.
Serial port sniffer I'm using successfully is this Serial Analyzer.
where does the wireshark capture the packets in the linux kernel? If an output packet is captured by wireshark , will the packet be sent out definitely through corresponding interface?
In other words, could an output packet that captured by wireshark be dropped before it is sent out?
where does the wireshark capture the packets in the linux kernel?
On UN*Xes, it uses libpcap, which, on Linux, uses AF_PACKET sockets. (On Windows, it uses WinPcap, which is a driver plus a port of libpcap to use the driver.)
If an output packet is captured by wireshark , will the packet be sent out definitely through corresponding interface?
No. The networking stack hands the packet to the appropriate AF_PACKET sockets and to the driver; the driver might drop the packet (for example, if, on an Ethernet, it got multiple collisions and gave up) even though the packet was delivered to the AF_PACKET socket.
In other words, could an output packet that captured by wireshark be dropped before it is sent out?
Yes. See above.
I want to capture packets from other computers on my network. I have 3 computers in total on same SSID and I want to capture packets off these 2 other computer. How to?
I have tried using wireshark but it only shows packets that being sent to/from my computer not from other computers.
I am using backtrack5.
The 3 computers must be all connected to the same router. Hence, "sharin" packets. Use Wireshark and you'll be able to capture packets. Make sure you are connected through a cable to your router, and not via wireless.
Im new to the networking world and I'm trying to use wireshark to get a hang of how packets are sent from my machine etc. Hence this question might be a dumb one.
When I open the wireshark packet analyzer GUI (on windows 7) there is a source and destination column. It shows packets where source IP is not mine and the destination IP is not mine either. Why is this happening? My network interface card should be receiving and sending only packets addressed to/sent from my IP address, right?
(attaching a screenshot. My IP address is 10.177.255.186)
Thanks.
On a small LAN all packets are generally broadcast to everyone. By broadcast I mean that the data is physically sent to everyone. When received the network interface determines if the packet was sent to you by looking at the address.
Using Wireshark your network interface can be set into promiscuous mode which means that all packets are captured and sent from the network interface to the CPU. This allows programs like Wireshark to record all those packets and not just the ones addressed for your computer.
Edit: However the packets don't have to be sent to all computers. A hub can be used to connect multiple computers together and acts as just a repeater meaning all packets are always sent everywhere (except on the wire where the packet came from). A switch however is similar but smarter.
If three computers A, B and C are connected to a switch and A sends a packet to B then the packet will first arrive at the switch. If the switch knows what wire B is connected to then it will only send it down that wire. If it doesn't know it sends it everywhere and later if B replies to A the switch will figure out what wire B is on. This means that C will generally never get to see any of the messages sent between A and B once the switch knows what wires A and B are on.