I'm trying to test my WebSocket server in the face of an unreliable client connection.
I would like to be able, at any moment I choose, to forcefully drop a single WebSocket connection on the client side, without sending closing frames or a TCP FIN handshake. The browser itself cannot do this (right?) because it gracefully shuts down each WebSocket when a tab is closed. Other WebSocket connections from the same host (me in other browser windows) should not be affected.
My system is Ubuntu Linux 12.04; my browser is Chrome (but I could switch to any WebSocket-compatible browser to test this).
The server is using Ruby and em-websocket.
Options I've considered:
killall -9 $pid_of_tab but that's a bit rude, and the kernel apparently still closes the TCP connection
iptables firewall rules but that requires root, and it's hard to drop just one connection (from localhost) whilst keeping others alive
connecting from another machine, then unplugging the network cable or disabling the wifi
The last two would work, but it feels like there must be an easier way. Any ideas?
I suspect that you could do this pretty easily with Fiddler or WebScarab
Here's the iptables version (assuming the socket is served on localhost, port 3000):
To add a rule that drops all traffic:
$ sudo iptables -A INPUT -i lo -p tcp --dport 3000 -j DROP
To remove that rule again:
$ sudo iptables -D INPUT -i lo -p tcp --dport 3000 -j DROP
Related
Iperf3 uses two channels to communicate, one via TCP and the other via UDP.
When its going to communicate to another host, it uses the same port for both channels.
For example: If I tell it to connect to port 3000 on the host, the TCP channel will connect on the host's port 3000
and the UDP channel too.
I need to encapsulate the TCP communication into UDP datagrams, send over UDP to the host on port 3000 and then de-encapsulate
the TCP and demultiplex it so it gets delivered correctly at port 3000.
To achieve this, Im using socat to create a TCP-UDP tunnel like this (this tunnel is working!):
On the sender end:
socat -d tcp-listen:2000,reuseaddr,fork udp:54.226.25.18:3000
On the receiving end:
socat -d udp-listen:3000,reuseaddr,fork tcp:localhost:1080.
OK, now why I'm converting TCP to UDP and then from UDP to TCP again? I'm doing that because I was trying to use socks4, and it works
only with TCP. I was using it to encapsulate the TCP and UDP traffic into TCP, then I convert this TCP stream into UDP and send over
to the host with socat, like this:
On the sender end (tunnel+socks):
socat tcp-listen:2000 socks4a:localhost:54.226.25.18:3000 & socat tcp-listen:1080,reuseaddr,fork udp:54.226.25.18:3000 & nc localhost 2000
On the receiving end (tunnel):
socat udp-listen:3000,reuseaddr,fork tcp:localhost:1080 & nc -l 1080
This solution kinda works, this is what the receiving end receives:
�senderPcName54.226.25.18
But it only receives something the first time, when I send more data with netcat, nothing shows up on the receiving end.
Maybe this is happening because the way Im doing it theres nothing on the other side to open what is encapsulated into TCP and demultiplex it. This is my hunch, I might be wrong.
I tried to think on a solution using socks5 but I dont know how to send things through it (didn't find materials on how to do it) like I do with socks4 in this line:
socat tcp-listen:2000 socks4a:localhost:54.226.25.18:3000
I tried without success to install socat with socks5 support because it lacks files.
You can read about Iperf3's relevant behavior here:
https://github.com/esnet/iperf/issues/1019
Obs: I NEED to tunnel over UDP. And I can only use ONE UDP port.
Any pointers on how to solve this with socks or with something new altogether is greatly appreciated.
Summary of my problem: Iperf3 uses TCP and UDP to work. I can only use UDP. How to tunnel the TCP connection alongside UDP so it works without setting a real TCP connection?
You will need some kind of multiplexer solution to drive both UDP and TCP through the UDP channel.
When you have root privilege on both computers, you can establish a Socat tunnel:
On sending side:
sudo socat -d -d -d -d TUN:192.168.255.1/24,up UDP:54.226.25.18:2000,bind=:2000
On receiving side:
sudo socat -d -d -d -d TUN:192.168.255.2/24,up UDP-LISTEN:2000
You should now be able to ping 192.168.255.2 from sender and 192.168.255.1 from receiver.
For testing UDP, enter on receiver:
socat UDP-LISTEN:3000 -
On sender:
socat - UDP:192.168.255.2:3000
I'm running "sudo tcpdump -s 0 -A port 80" on my Linux system to monitor HTTP traffic. This works, but all of the traffic is gzipped. Is there any easy way to un-compress this on the fly so I can watch the traffic in real-time?
give tcpflow a try. This command is able to do what you want. Excerpt from man page:
Rather than showing packet-by-packet information, tcpflow reconstructs
the actual data streams
[...]
has a sophisticated plug-in system for decompressing compressed HTTP
connections
To have a live view, you would tell tcpflow to write to the console:
tcpflow -c -a port 80
I would like to communicate between two machines on the same network by using netcat. Basically I need to send some UDP frames from one machine to another on the same network.
I looked through netcat literature and found it is possible to send UDP frames, so first i tried between 2 Linux consoles on the same machine.
Next, I tried between 2 machines on the same network but this did not work.
Can someone please explain how can this be done or if there is some alternate method that can be used.
Thanks in advance!!
Make sure your firewalls allow UDP throughput.
iptables -A INPUT -p udp -m udp --dport 1:65535 -j ACCEPT
My rental server doesn't allow me to remote on via SSH, despite assuring me that everything is setup. How do I override RST packets on a Chromebook without using Python?
If I understand correctly, you want to drop TCP reset packets.
This blog post explains how to get a root shell and add an iptables rule.
Instead of the rule given in the article to get SSH access, try this rule:
iptables -I INPUT -p tcp --tcp-flags RST -j DROP
(Disclaimer: I don't know anything about chromebooks except that they run Linux.)
I have multiple HTTP servers running on the same machine. Only the nginx is listening to the HTTP port and forwards the requests to the other programs.
Now I'm adding a service that needs to receive post requests directly (without them being buffered). I already read that this isn't possible, though the posts are about a year old so I'm hoping there's a way to accomplish this in nginx 1.5.
Is there another way to have multiple HTTP server running on the same machine?
Edit: Every server has to answer requests from the http port. Which server handles the request is determined by the Hostname in the URL.
When your server has multiple IP's, You can bind services to explictly selected IP instead of default '*' or 0.0.0.0
When your clients can be segregated by their IP's, You can bind services to different ports and route packets using iptables:
iptables -A INPUT -p tcp --dport 80 -s 10.20.30.0/24 -j REDIRECT --to-port 81
Iptables can check not only headers, but also content via "-m string" extension.
You can have multiple processes on the same machine, call them HTTP servers, or anything else, the only "limit" is that they cannot listen in on the same port, they will each need to listen on a different port to work.
Otherwise they will complain that the port is already in use and "die".