I have UDP network traffic arriving on my machine (OSC traffic from an iPad, to be exact) and I want two programs to be able to receive that traffic. The problem is that I can't bind to the same network port with two programs at once and I can't send to multiple ports with the iOS app I'm using. How can I solve this problem?
You can use the power of the command line for this. The following snippet uses socat (probably needs to be installed beforehand) and tee (should be preinstalled on any OS X or Linux).
socat -u UDP4-RECVFROM:8123,fork - | tee >(socat -u - UDP4-SENDTO:localhost:8223) | socat -u - UDP4-SENDTO:localhost:8323
Explanation: socat listens for traffic on UDP port 8123, pipes it to tee, which pipes it to two other instances of socat forwarding it to ports 8223 and 8323 on localhost respectively. With your two programs you need to listen to those ports on localhost.
While the answer with using socat is elegant it is not clear for me, what you are trying to do:
both programs should receive all parts of the traffic and they will only receive and not reply. This can be done with the proposed socat way
both program should receive all parts of the traffic and there reply will be mixed together (how?)
each of the programs should only receive parts of the traffic, e.g. the one which the other did not get. This should be possible if both of your programs use SO_REUSEADDR, SO_REUSEPORT. Replies will then be mixed together.
or do you actually want to communicate with each of the programs seperatly - then you would have to use either multiple sockets in the iOS app (which you don't want to do) or built your own protocol which does multiplexing, e.g. each message is prefixed with there target app and on the target machine a demultiplexer application will receive all packets and forward them to the appropriate application and wrap the replies back in the multiplexing protocol.
In summary: please describe the problem your are trying to solve, not only one small technical detail of it.
The problem is that I can't bind to the same network port with two programs at once
Yes you can. Just set SO_REUSEADDR and maybe SO_REUSEPORT on both of them before you bind.
Related
I'm debugging an IOT protocol between two essentially black boxes on my local network talking over a telnet connection. On either end, I can specify the IP address and port. I'd like to observe / record the data exchanged between the client and server.
I'm thinking a proxy running on my Mac laptop might work. I've done some research and experimentation with nc (BSD netcat). I can only figure out a working one-way pipe, and thus the protocol exchange does not happen between A and B.
Telnet TCP server (A) <===============> TCP Client (B)
Telnet TCP server (A) <===\ /==> TCP Client (B)
\ /
\ /
Proxy/Intercept (C) *
Using a feature in the server device (A), I can have two telnet connections active. Using this, I've been able to see the server's (A) responses to whatever Client (B) is commanding, but I cannot see the Client (B) commands. ~80% of the responses are a code meaning invalid command received, but a few are reasonable responses for what this thing should be doing. I can also note that that data rate is only about 4 Bytes / second, so I'd be happy to just watch this exchange live in a terminal.
To clarify: I can power-cycle the client (B), and it will re-establish a socket connection to the IP address and port of my choosing, so I'm not really thinking about a sniffing / Wireshark type solution.
I guess I'm hoping for a relatively straightforward solution run in the shell using existing standard tools. I suppose a small program could be written in Python or something to do this, but I hope that's overkill.
I need to exercise some hardware by sending a network traffic with it. While it is doing it I will probing some of the lines with an oscilloscope. Need to verify signaling. The problem is that I won't be able to connect to any server during the test. Many reasons for that, one of each is that hardware isn't complete yet.
Does anyone know if there is a away to generate network traffic with iperf without using a server? All I need is to just send some data, don't need to know if it was received. If there isn't can someone point me to a tool that can do that.
iperf UDP will do it you just need to make sure there is an arp entry for the destination (enter it manually) or use a multicast destination which doesn't require ARP, e.g. iperf -u -c 239.1.1.1 -b 10M
Using an embedded Linux development board, I need to put together a widget that does the following:
Reads packets in via physical serial port, and relays those packets to a number of IP addresses (up to 20 of them; with IP destinations read from a configuration file).
Also 'sniff' those serial packets using a custom program, perhaps written in c.
As someone with a programming background, the most obvious solution (to me) would be to create a c program from scratch to achieve the above. However, as this is something I need to throw together quickly, and because I need an excuse to learn more about existing Linux command-line programs and script writing (which I'm not so good at), I'm wondering if much of this could be achieved with existing command-line programs and a shell script. Then, the only part I write from scratch is my packet sniffer (call it sniffer.c).
I understand that netcat and socat can be used for relaying between devices and addresses, and I have started experimenting with both. The thought occurs to me that I could avoid having to develop and test TCP/IP software by running multiple instances of socat to relay serial data from the TTY port to remote IP addresses. Each instance of socat could handle a particular remote IP address.
Does this sound feasible, and if so, how could I effectively 'multiplex' a stream from /dev/ttyS0 (say) as the source for multiple instances of socat plus one instance of sniffer.c? Could one way be to relay data read from /dev/ttyS0 to a cache file, and then have my socat instances and sniffer.c all have a read-only access to that file?
We have about 30 clients connected to a single cable-modem/router (Fritzbox 6360). Some clients also connect to a TP-Link W-LAN Router which is also connected to the cable modem.
Sometimes the internet is very slow and we can see an continous upstream (6 MBit/s). Unfortunately we can not see which clients cause that traffic. The Fritz Box provides a functionality to capture network traffic and then analyze it with Wireshark.
Following interfaces can be captured by the cable modem:
Internet connection
Interface 0 ('internet')
Routing interface
Network interfaces
tunl0
cni0
lbr0
wan0
eth0
lan
erouter0
esafe0
And there is an option to launch DTrace (default parameters are)
-D -s -m -i256 -dect -dlc -c1 -c2 -c3 -c4 -c5 -nt3 -d2 -d3
We already captured different interfaces and tried to understand the data with Wireshark but without much success. What would be right way to see which Client is uploading Data at the moment?
In Wireshark, to get a list of IP addresses and what percentage of the trace each of the IP Addresses are taking up, go to Statistics->IP Addresses.. and click "Create Stat" in the box that pops up while leaving the the "Filter" option blank. You should be able to figure out which of your client ip is hogging up the most bandwidth with this.
For a visual comparison, click "Statistics->IO Graph", and in the second filter next to Graph 2, type "ip.src == x.x.x.x" (where x.x.x.x is the ip address of the uploader you suspect is taking up the most bandwidth) and click "Graph 2". This will give you a packets vs time graph. You can also filter out other ip addresses as well to display simultaneously in the same graph for comparison.
Edit: I would also suggest keeping an eye out for IPv6 addresses.
I've been using tcpdump for about a month now, and recently, it has stopped capturing any packets that were not sent to or from the computer running tcpdump. I've stripped down my command to just:
sudo tcpdump -i en2
I've checked my interfaces with ifconfig, and en2 is in "PROMISC" mode. When specifying a specific host as a filter, I only see a few "arp" messages but nothing compared to what is actually going on in the network.
Any ideas why this would be happening? Much appreciated if anyone can offer some advice!
Richard
ps, sorry for the re-post, i wanted to register this time! (new to s.o.)
Do you know what network equipment is used \ if there has been a change recently?
One possible explanation is that your computer is connected to a switch (and not a hub) the switch sends to your adapter only traffic intended to your MAC address, and broad casts (hence the ARP)
one way to check this is to send broad casts from other computers in the network (just use ping 255.255.255.255) and see if you can see anything.