How to determine the subnet mask of a network using the minimum number of ICMP echo requests?
If you know how to generate a ICMP Mask Request, you should receive a ICMP Mask Reply. It should take only 1 request.
ICMP is used for error checking to see if a host exists...I am not 100% sure if you can do a lookup to check the subnet mask...unless you got the protocol usage mixed up.... I think it's the ARP protocol that you are mixing up with...
Hope this helps,
Best regards,
Tom.
Sorry to ruin, but you can not determine the subnet mask using ICMP...
I don't know if there is a real way to find out beside asking the LAN router (probably using SNMP)
Related
I was trying to connect to a router and the IP address for that device had and IP address with 80::80 at the end of it.I just wanted to know what it was and in what scenarios it would be used?
Thank you in advance
That's an IPv6 address. :: is replaced by an appropriate number of zeroes (it's a shorthand notation).
I am working on project using libpcap. Now, I need to know the direction of packet (inbound or outbound) once I got the packet in callback function. I am going to write the methods to compare IP and MAC address between client and these information extract from packet. Am I right?
Could you please help me some comments or advices on this problem?
Thank you for your time.
The source or target IP address is sufficient. If the source is local, it's outbound. If the target is local, it's inbound. If neither, it's a promiscuous sniff.
I'm using a PXI 8109 running Pharlap OS.
I'm trying to use the second ethernet interface of my PXI to send UDP and TCP packets.
Here the configuration of my two ethernet interfaces:
eth0 (primary):
IP : 10.0.0.3
subnet mask : 255.0.0.0
eth1 :
IP : 192.168.10.9
subnet mask : 255.255.255.0
For UDP, I have no problems, packets are sent to the second interface as I want. I think it work because there is a "net address" input on the "UDP Open" VI so the system can choose the right interface.
For TCP, I use the "TCP Open connection" VI but there is no this kind of input. And it is not working : I assume the system is trying to use the primary interface but it can't route packets...
For information, my two networks are physically independant.
Can you help me finding out what's going on ? Is it possible to use TCP on the second ethernet interface ?
TCP open is meant to open a connection to another computer, if you feed a valid (in one of the two subnets) TCP address it should open a connection on that specific interface.
I assume you need to use the TCP listener function and according to this KB article, you can specify on which address you want to listen. So yes, you should be able to use a specific ethernet interface.
disclaimer: I am not sure if all this info is valid on Pharlap as well.
Basically, the decision which NIC to use is up to the OS and I believe that normally it would choose based on the subnet of the address you're trying to connect to and those of the NICs - I don't know what the IP address is (maybe it's in the subnet of the wrong card?), but the subnets of the NICs certainly appear to be different from each other (10.0.0.0 and 192...).
On Windows, I believe you can set the routing tables to have some more control of this (although I don't know if you would be able to force something to go through the "wrong" NIC), but I have no idea how much control you would have over this on Phar Lap. I would suggest some searching. Here are a couple of relevant links:
http://forums.ni.com/t5/LabVIEW/RT-How-do-I-use-two-independent-Ethernet-ports/td-p/721269
http://forums.ni.com/t5/LabVIEW/Communicating-through-two-ethernet-ports-on-the-same-computer/m-p/1509450#M565374
I finally solved my problem. This was not related to the TCP connection ...
I was using a property node "Value (signaling)" to trigger the TCP connection and it seems that this is not supported on RT Targets.
This is why it was working on localhost.
Thanks for the help anyway ;)
Are there any sources where I can find different pcaps samples for IP fragmented data (WireShark compatible)?
See the files attached to the following Wireshark bug reports for examples of IP fragmentation.
I would note that IP fragmentation is IP fragmentation regardless of the
payloads carried over IP;
What are you looking for that you wish to see "IP fragmentation of FTP data, images, files, etc" ?
Is it actually TCP re-assembly that you wish to look at ?
Bug 2651: sas.cap
Bug 713: nfs_udp.pcap
Take a look at the Wireshark Sample Captures wiki and search for fragments... for instance, they have the Teardrop overlapping IP fragment attack
Sending that to PCs would lock up an unpatched Windows 95 machine...
EDIT
If you want to see general IP fragmentation, I can't think of a capture offhand, but you can simulate IP fragmentation with creative use of tcprewrite under *nix.
I'm trying to confirm a user a unplugged my embedded device from a network before performing some maintenance. I'm considering "ping"ing all IP address on my sub-net, but that sounds crude. Is there a broadcast/ARP method that might work better?
You can try a broadcast ping (this is from linux):
ping -b 255.255.255.255
Another option is to download Nmap and do a ping-scan.
You could use nmap. It's still crude, but at least it's using a tool designed to do it so you don't have to spend time on it.
If you can't get reliable link state information from your Ethernet device (which most chipsets should support these days, BTW...), sending an ARP request for each IP on your local subnet is a decent substitute. The overhead is minimal, and as soon as you get a single response, you can be sure you're still connected to a network.
The only possible problem I see here, is that if your device is on a /8 subnet, it can take quite a while to loop through all 4294967296 possible IPs. So, you may want to consider some optimization, such as only sending ARP requests for your default gateway, as well as all IPs currently in your ARP table.
If there's a peer you know you were connected to recently you could try pinging or arping that first. That could cut down on the traffic you're generating.
you could also run tcpdump -n to see what's active on the network too.
Not receiving any responses to ICMP pings or ARP requests is not a 100% guarantee that there's no network connection. For instances, there might be devices on the network that are firewalled off.
EDIT: May be you could access some lower-level information on your embedded device to check whether the network interface has its link up without actually sending any data.
Is there any chance that your device supports UPnP or Bonjour? Beside of the low-level protocols your should also have a look at these protocols which support some kind of plug-&-Play functionality. A UPnP device for example sends a message on the LAN before it is switched off (though, this doesn't help if it is just removed by unplugging it...).