Suppose there are multiple WiFi networks, with names A1, A2, A3, ..., in a building. Computer C is connected to one of them. The user of the computer C is sending me packets and claiming to be using network A1 to send me the packets. Is there a way for me to confirm whether the user is telling the truth, i.e. confirm the name of the network computer C is connected to? How about the same question for LAN networks.
Thanks.
Each WIFI network is provided by a different WIFI access point. Each access point has it's own IP address. You could do a trace route from your computer towards the target, analyze the list of IP addresses you get from that trace, and determine which access point is in the list... if it appears in the list at all, which is not safe. If so, then you just need to find out, how to program a trace route...
Analyzing the IP packets won't help you much, as they don't contain any information about WIFI networks. The only other solution could be, if the computers were at different subnets.
Related
The setup is this:
We have a group of computers that have public ip addresses assigned to them so that they can access the internet. these computers are connected together forming a pure (trackerless) peer-to-peer network.
My understanding of the public ip address system is that those addresses are not unique to each router meaning that a router can have an ip address today and have a totally different one tomorrow or in the next hour or maybe a week from now.
The problem is what happens if nodes in the network have had their public ip address changed to a new one while they were not connected to the network. how are these nodes supposed to rejoin the network?? should each node maintain a list of all the public ip addresses of the all the nodes in the network and try to open a connection to each one of theme?? if yes what if the network has a million nodes, what about timeouts if the ip address is still the same but the connection failed for some reason??
Another problem arises when all the nodes have had their ip addresses changed simultaneously. how are they supposed to reassemble the network without any working ip addresses??
it would be appreciated if you could recommend books, articles or videos that explain how peer-to-peer apps like trackerless file sharing apps function on a more technical level (Nat traversal, and initial bootstrapping to the distributed hash table).
The fix is either to have a registrar at a well known address (i.e. not a peer) or seed each node with address of a number of peers (say, 10 or 100). I seem to recall a paper on this and it's was a relatively small number to find a live node in practice. When a peer boots up try to each peer till you find the network. Once you find one, you can get a current seed list and figure out which peers you want to connect to.
The other question that also comes up (along with NAT) is how do you connect to node behind a firewall. The term you want to look up is Hole punching.
If your nodes are on a lan you have broadcast options. This is how DHCP works for instance. You might want to check out Zero-configuration networking. Multicast might be an option on wan.
I am sorry if its basics, but I did not find the appealing answer for it over the Internet.
Why only MAC is used to transfer the packet to a device ? MAC address is only obtained by ARP for a specific IP address. So, why not just let the routers maintain IP addresses of the neighbouring routers and route packets using IP addresses of routers instead of MAC addresses ?
Why not redesign the architecture, to only use IP address for routing as well as moving the packet in the data link layer too ?
Why do we need MAC addresses?" Why can't network devices such as the routers just send the packet to the next router using the router's IP address?
Note : I know that MAC address is used to identify the system in a network. But you see the source never knew the MAC address of receiver. All it knew was its IP address and MAC address of next hop.
I'm reading Data Comm and Networking by Forouzan ( Ed 5) and it says that even routers have an IP address. So why use the mac address at all. The router can store the IP address of the source and route it to the next router .
EDIT : The question that I was getting as suggestion to this one does not answer my query. There are multiple counter points and proof that I have presented here which could have been done which is not answered by the one which is suggested. So please read my question before making any assumptions.
What do you think makes more sense: Having one protocol like Ethernet handle all the layer 2 details so that its layer 3 payload doesn't have to care, or force IP, ARP, WoL, IPX, MPLS, SLPP, and dozens more implement it on their own? The whole purpose of OSI layers is that upper layers need not know all the lower layer's details and lower layers need need not support the upper layer's features.
MAC addresses are used for the layer 2 protocol which encapsulates a layer 3 protocol. If all the necessary features were embedded into IP, then you'd be leaving other protocols to re-implement layer 2 routing on their own. This would be wildly inefficient.
I understand that it's different than a hub in that instead of packets being broadcasted to all devices connected to the device, it knows exactly who requested the packet by looking at the MAC layer.
However, is it still possible to use a packet sniffer like Wireshark to intercept packets meant for other users of the switch? Or is this only a problem with ethernet hubs that doesn't affect switches due to the nature of how a switch works?
On a slightly off topic side note, what exactly is classified as a LAN? For example, imagine two separate ethernet switches are hooked up to a router. Would each switch be considered a separate LAN? What is the significance of having multiple LAN's within the same network?
it knows exactly who requested the packet by looking at the MAC layer.
More exactly, the switch uses the MAC destination address to forward a frame to the port associated with that address. Addresses are automatically learned by looking at the MAC source address on received frames.
A switch is stateless, ie. is has no memory who requested which data. A layer-2 switch also has no understanding of IP packets, addresses or protocols. All a basic switch does is learn source addresses and forward by destination address.
is it still possible to use a packet sniffer like Wireshark to intercept packets meant for other users of the switch?
Yes. You'll need a managed switch supporting port mirroring or SPANning. This doesn't intercept frames, it just copies them to the mirror port. If you need to actually intercept frames you have to put your interceptor in between the nodes (physically or logically).
With a repeater hub, every bit is repeated to every node in the collision domain, making monitoring effortless.
what exactly is classified as a LAN?
This depends on who you ask and on the context. A LAN can be a layer-1 segment/bus aka collision domain (obsolete), a layer-2 segment (broadcast domain), a layer-3 subnet (mostly identical with an L2 segment) or a complete local network installation (when contrasted with SAN or WAN).
Adding to #Zac67:
Regarding this question:
is it still possible to use a packet sniffer like Wireshark to
intercept packets meant for other users of the switch?
There are also active ways in which you can trick the Switch into sending you data that is meant for other machines. By exploiting the Switch's mechanism, one can send a frame with a spoofed source MAC, and then the Switch will transfer frames destined to this MAC - to the sender's port (until someone else sends a frame with that MAC address).
This video discusses this in detail:
https://www.youtube.com/watch?v=YVcBShtWFmo&list=PL9lx0DXCC4BMS7dB7vsrKI5wzFyVIk2Kg&index=18
In general, I recommend the following video that explains this in detail and in a visual way:
https://www.youtube.com/watch?v=Youk8eUjkgQ&list=PL9lx0DXCC4BMS7dB7vsrKI5wzFyVIk2Kg&index=17
what exactly is classified as a LAN?
So indeed this is one of the least-well-defined terms in Computer Networks. With regards to the Data Link Layer, a LAN can be defined as a segment, that is - a broadcast domain. In this case, two devices are regarded as part of the same segment iff they are one hop away from one another - that is, they can switch frames in the second layer.
I am trying to create a program that will, on the raspberry pi, analyze all IP packets leaving a "Private" Network and if the packet destination is one that needs its packets encrypted, it should basically for lack of better term, intercept and encrypt that packet and then send it. All other packets for now can be dropped. SO i am just starting with it and I have gotten my pi to give me the information of incoming IP packets via TCPDump and Tshark.
I am trying to figure out how to, in C or in python, be able to compare the address of the packet to a known IP address and for now, just up a count or print that it was a match. I do not know if there is a library of functions I should install on the pi that can give me the address in a str or int, or could someone help me on the first step on how to make this function. Any documents, webpages, etc.
I would love any helping hints possible. If you need any more information please ask.
Thank You
Hello Networking Gurus,
I have a question about IP duplication and how this impact the associated switches (layer 2). Sorry, I don't have any resources available to test this. It would be great if someone can shed some lights of their experience on this.
If I have two servers (Linux), say A & B, serving exactly same contents and for some reason they both are assigned same IP address. To be more specific, if A already has an address IP.100 and B has another address IP.200. Now at this point everything seems working and the switch has proper MAC addresses stored. If, later, B also gets the address IP.100, how would this affect the switch's ARP cache? When B gets the new address I assume it broadcasts ARP? to inform the associated switch.
So the question is, Does the switch stores both machines' entries? or overwrites the existing with new? Is there any standard behaviour or proprietary switches reacts differently?
If a client, with no ARP cache, tries to connect to IP.100, which machine would it be forwarded to? A or B or none? If A OR B, can I say from client point-of-view, that there's no outage? (Assume this is a static website, with no login sessions etc)
Feel free to point any relevant documentation.
Thank you in advance.
In theory, you shouldn’t have two hosts talking on the same IP, unless they are participating in routing. Eg any-cast. As things will break.
Each host will have its own MAC address. If the switch is only doing layer two forwarding, then the switch only keeps track of MAC addresses. It is the end hosts or routers that track ARP entries.
If you move IP 100 to B, then the hosts will update their own ARP table.
But if A and B have 100 at the same time, this will cause issues.
Switch will not see any IP's and do not have arp cache for forwarding packets , it will had only mac address table map macs to ports and macs in your case will be unique
I actually think this is how multicast works.
Hosts obtain a multicast address and all of the devices share that same multicast address.
A switch will gather collections of Mac addresses to that same multicast in it's mac table.
I could be wrong though....Still learning.