Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
New to using IPTables as I am, I have a question which I am hoping stackoverflow can help with before I take the IPTables man file and doing something I regret...
I have an IPtables rule which blocks incoming requests when a specific connection limit is reached:
iptables -A INPUT -p tcp --syn --dport 7000 -m connlimit --connlimit-above 3500 --connlimit-mask 0 -j REJECT
My question is, would it be possible to block a ICMP (PING) responses when connections on port 7000 reach a certain limit?
Thanks in advance.
The answer is no. If you want to block ICMP, please use -p icmp instead of -p tcp.
The is one more thing should clarity: ICMP is layer3 protocol, but port number is defined in layer4. So you never find port number concept with ICMP.
(You can check ICMP packet format here : RFC 792)
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I'm using freebsd 10.4
what argument i can use in tcpdump to match only certain UDP port?
is it -i parameter ?
this is what i already reviewed https://www.freebsd.org/cgi/man.cgi?tcpdump(1)#end
The option -i is for the interface from the man page:
-i interface
--interface=interface
Listen on interface. If unspecified, tcpdump searches the sys-
tem interface list for the lowest numbered, configured up inter-
face (excluding loopback), which may turn out to be, for exam-
ple, ``eth0''.
In the same man page you have some examples like:
To print all IPv4 HTTP packets to and from port 80, i.e. print only
packets that contain data, not, for example, SYN and FIN packets and
ACK-only packets. (IPv6 is left as an exercise for the reader.)
tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
Probably it is not the simplest one but can give you an idea to achieve what you are looking for.
Let's say you want to capture DNS request, UDP port 53 on your main interface em0, this could be a starting point:
tcpdump -i em0 'udp port 53'
Now if you want to go further you could use Wireshark over ssh, give a try to:
wireshark -k -i <(ssh user#host sudo tcpdump -i em0 -U -w - not tcp port 22)
or in another way (in this case using PF interface pflog):
ssh use#server sudo tcpdump -i pflog0 -U -w -| wireshark -k -i -
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
I wonder if any existing protocols for device discovery like Bonjour, UPnP or multicast DNS provide this option. Pointing to some sample code would greatly help.
You tagged your question with "Linux". Therefore I don't know if your question is Linux-specific or if you want to know a "generic" answer.
The "generic" answer:
Theoretically you can send all IPv4 messages to the Ethernet broadcast address (FF:FF:FF:FF:FF:FF) - even unicast packets.
It might be possible to send some unicast packet (such as a "ping" request) as broadcast ethernet frame (but the "destination address" in the IP packet set correctly). Then you can read out the "source MAC address" from the answer's ethernet frame.
However the receiver of the "ping" packet will probably send an ARP request to query for your IP address. So the computer querying for the MAC address has to implement ARP answers anyway.
I just tried to send a "ping" request to my WLAN router using the way I described above. The WLAN router does send an ARP request...
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
to settle an argument at work.
Is it possible, in theory, to create a network protocol with ports higher than 65535 and get it approved by IANA ?
if not, why not ?
Yes. It is possible to create one with an arbitrary number of ports.
Getting it approved by IANA (and IETF, ISO and whoever else are concerned) is just a matter of getting enough people to use your wonderful new invention. Which is extremely unlikely but not theoretically impossible.
If you are using TCP or UDP on top of IP, then no. Both TCP and UDP only use 16 bits for the port number. If you are using some other protocol suite such as IPX/SPX, then it depends on that protocol. If you are making your own protocol, then you can do whatever you want. Getting it approved by IANA is a different story.
http://en.wikipedia.org/wiki/Transmission_Control_Protocol
http://en.wikipedia.org/wiki/User_Datagram_Protocol
2^16 = 65536 different ports
Since computer numbers start counting at 0, this leaves 65535 as the max.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
How to find the software used by the port 80 in windows?
If you are looking for something as simple as knowing if a program is using a particular port on your computer, you can use the command netstat -b -a on Windows. If netstat is not enough, use TCPView
You may need some network analysis tools. It is fairly common to use a tool (or combination of tools) that perform port scanning as well as packet sniffing. By analyzing the packets, you can determine what is being communicated.
EDIT: Possible duplicates:
How can you find out which process is listening on a port on Windows?
What port is a given program using?
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I need to block this ip 188.43.64.80.
iptables -A OUTPUT -p ALL -d 188.43.64.80 -j DROP
This rule work for my local computer - i can't ping this ip.
But it's not working for computers which connected to me
- they can ping this ip.
How can I make this rule to work in my network?
My network preferences - Internet from eth0.
Network from wlan0.
It's in the OUTPUT chain, which only affects packets that this machine is outputting. You want to add a similar rule to the FORWARD chain which affects packets this machine is forwarding.