SSH connection not established, but standard TCP/IP connection works - linux

I'm working on a custom yocto Linux for a Raspberry PI 3 and try to get the WIFI connection working with SSH. However when trying to connect from my PC (Ubuntu 19.10, SSH OpenSSH_8.0p1 Ubuntu-6build1, OpenSSL 1.1.1c 28 May 2019) to the PI on which Dropbear v2019.78 runs, the connection attempt times out. But only when I try this via SSH, and via wlan0. Other TCP/IP traffic works, and also using the same participants but with eth0. As this is for a robot, I would prefer to not use a tether though...
To try & debug this, I
enabled a serial console so I can work on the PI
disabled eth0
started a tcpdump on the PI (ip.host == 192.168.0.105)
started a tcpdump on the PC (ip.host == 192.168.0.106)
used a dirt-simple TCP/IP socket example written in Python (taken from https://realpython.com/python-sockets/#echo-server) to verify I can in fact communicate. The transmission is successful. I am aware that the example is lacking (no proper protocol etc), but that's not the point of it. It just works enough. The PI runs the server listening on port 2222.
attempted a SSH connection, it timed out.
I filtered the resulting PCAP down to contain just TCP, as there is other information (e.g. Dropbox discovery) that I don't think matters and might potentially be information leaking. On the host side (enp4s0-tcp-and-pi.pcap) I also filtered with ip.host == 192.168.0.105 to only contain any traffic to the PI.
Another note on my setup here: I use a TP-Link router which LAN ports the PC is connected to, and who provides the 2.4GHz WIFI for the PI. So both are part of the same subnet, and no special routing or anything is configured.
Also I stopped the dropbear daemon and adapted my Python code to use port 22. It works.
I'm only broadly aware of the inner workings of TCP, so I can't really make much sense of the things I see here. Any insights are more than welcome.
https://www.dropbox.com/s/5o4rqr5zdws2wq7/wlan0-tcp-only.pcap?dl=0
https://www.dropbox.com/s/amypjtk1nvja4qb/enp4s0-tcp-and-pi.pcap?dl=0

Related

How do I connect two computers using the same router?

I’m using the python socket module on a Mac.
How do I connect two computers using the same router? I need a TCP socket with fast data passing between.
When I tried just hooking two computers up by their private ip address, then I got a Connection Refused error. How do I do this?
You can check first whether connection is allowed between two devices by going to one device and running telnet.
telnet <Private-IP-of-Second-Device> <Port>
If this shows connected then connectivity is good and issue exists with the socket module you have written.
If this fails you can try checking the firewall by going to System Preferences > Security & Privacy > Firewall.

Raspberry pi refusing connection to bottle server

I'm trying to host a bottle server on my raspberry pi (4, zero w or zero 2 with newest pi os) to supply some configuration for a project.
The raspberry pi itself will not have internet access but will be its own wifi accespoint.
i set it up in the way the docs describe (search for "Setting up a Routed Wireless Access Point")
I have skipped the "Enable Routing and IP Masquerading" step because i don't need traffic to be rerouted to another network
The tutorial works fine and i'm able to connect to the hotspot. I'm also able to run the bottle server example and connect to it locally.
However, i'm not able to connect to it from a device that is connected to the hotspot. i'm getting an ERR_CONNECTION_REFUSED(when supplying the ip of the raspberry and port of the bottle server to the browser)
I don't really know where to start looking
Is there a firewall setting i missed?
Should i have done the "Enable Routing and IP Masquerading" step?
Is there something entirely different i need to look at?
Can someone point me in the right direction?
Try starting bottle on the 0.0.0.0 interface rather than localhost. That makes it listen for incoming connections on all interfaces, whereas if you start on localhost it only listens for connections from the local host.

UDP connection refused

This is what I am trying to do:
I have a windows computer and a Linux computer (ubuntu 16.10) connected to the same wireless router. The router is not connected to the Internet, as this might raise some security concerns (and we don't want the windows computer to talk to the net).
The windows computer is running a program that is supposed to stream data to an UPD port (say port 1234). Using the Microsoft TCPView utility I can see that the windows machine opens the port. In fact, it should allow connections from any IP address and any port (that's what the *'s mean in TCPView).
View of the TCPView Utility
When I try to find the open port on the windows machine from the Linux computer using nmap this is what happens:
Starting Nmap 7.01 ( https://nmap.org ) at 2017-01-30 16:50 EST
Nmap scan report for 192.168.0.164
Host is up (0.051s latency).
PORT STATE SERVICE
1510/udp open|filtered mvx-lm
MAC Address: 74:DE:2B:D8:26:24 (Liteon Technology)
At the very least, this tells me that the linux machine can see the windows machine (I can also ping it). However, I am not sure about the open|filtered state of the port. According to the Nmap manual:
Nmap places ports in this state when it is unable to determine whether
a port is open or filtered. This occurs for scan types in which open
ports give no response. The lack of response could also mean that a
packet filter dropped the probe or any response it elicited. So Nmap
does not know for sure whether the port is open or being filtered. The
UDP, IP protocol, FIN, NULL, and Xmas scans classify ports this way.
When I try to connect to the port using Python, an error occurs. This code
import socket
UDP_IP = "192.168.0.164"
UDP_PORT = 1234
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.bind((UDP_IP, UDP_PORT))
results in an error 'connection refused'. A little C++ client program that is supposed to read out the streamed data also fails to connect to the port. I am using Python now to test the accessibility of the port more quickly.
In contrast, connecting to TCP port 8080 works fine. Also, I have been sending data back and forth over TCP through the same router between other machines and using a range of ports.
Other important info:
The same errors occur if I switch off the firewall and virus scanner on the windows machine
I have added UDP port 1234 as an allowed connection in the advanced firewall settings of windows.
So, my questions are:
Does anybody have any suggestions about how to debug/solve this situation?
What's different between UDP and TCP that would cause TCP to work without a hiccup (in my past projects) and causes UDP to give me nightmares?
You are forgetting that UDP is not a connection-based protocol. It is a datagram protocol.
There is no way to distinguish between a server that is receiving UDP packets but not responding to them, from a server which is behind a firewall which drops those packets. This is why nmap is describing a port as open|filtered -- there is no way for it to tell the difference.
Your call to sock.bind is failing because you are trying to bind (that is, to start listening for packets!) to a port on a remote IP. This is impossible in general.
It turns out that my problems were two-fold
1) I did have a bad understanding of the UDP protocol. That's been rectified by the answers in the forum. For anyone interested in how to use UDP and Python to communicate between two computers, see this recipe: http://code.activestate.com/recipes/578802-send-messages-between-computers/
2) The windows program that I was trying to communicate with can not be used to to send data over UDP through wifi. Why? I don't know. I called the developer and that's what he told me.
Current status: the problem is not solved but is diagnosed as a combination of my lack of knowledge and an ideosyncratic windows program (see my original post above)
You are trying to bind to a non-local IP address. Use 0.0.0.0 instead of the target address you're using, and connect() or sendto() the target address.

LINUX tcpdump - About IPS and Ports when UDP packet monitoring

I have an online game server running on a vps with linux centos and it keeps dropping players to 0 from time to time, i have discarded problems with the application itself because it does not crash or anything, the players just get disconnected.
I was monitoring packets on my game server port with tcpdump and i caught when that happened and i noticed that an ip adress sent packets without the numerical port like usual (i belive the ip."number" is the ip.port), but is this IP.number the port?
look at the screenshoot:
http://postimg.org/image/6c4k2sdqp/
Differently of all the other normal connections it doesn't send the numerical port, and suddenly the packet listing on the tcpdump stops and my players get dropped from the server.
I was wondering if it was that wich made the connections get dropped for some reason
What's happening here is that the smart-lm port is found in the system services list:
❯❯❯ grep smart-lm /etc/services
smart-lm 1608/udp # Smart Corp. License Manager
smart-lm 1608/tcp # Smart Corp. License Manager
And so tcpdump is showing that instead of .1608 on the end. It may be a firewall between your network and the remote side (including a firewall or router on the remote side) that's causing the problem.

How can I tunnel Telnet connections between two interfaces?

I have the following network:
PC1 --|¯¯¯¯¯¯¯¯¯| |¯¯¯¯¯¯¯¯¯|-- board2
PC2 --| gateway |-- (eth0) [server] (eth1) --| gateway |
PC3 --|_________| |_________|-- board1
As you can see, the server (running Linux) has 2 interfaces so that the PCs and embedded boards are not on the same subnetwork.
I would like to develop a simple application (or use an existing one) that tunnels incomming Telnet connections from eth0 (using a specific port) to boards through eth1.
I don't have root privileges on the server, but I have a regular Unix account. I don't want the PCs to actually "log in" to the server; I just want them to pass through it to connect to the boards. The server has Python, PHP and Perl installed.
I want to support multiple connections. The port number could be used to forward the connection to the right board (say I have 10 boards, then the tunnel listens on ports 3000 to 3009).
I can imagine a simple Web application to do that, but I want a native Telnet connection that will support CTRL+C and all that stuff and allow you to use any terminal emulator on the PCs (i.e. PuTTY or another one), which run Windows.
Any help would be much appreciated.
It sounds like you're looking for a TCP proxy. A proxy accepts connections on one port, connects to another ip/port, and then passes traffic back and forth.
If you have xinetd on your system you already have what you need. The redirect directive for a service causes xinetd to open a connection to another host/port and act as a proxy. See this document for an example.
balance is another very simple proxy tool that will do what you need. This is probably easier to run as a non-root user, especially since it's configured entirely on the command line.
Since you're not root on your server you'll need to run these on ports > 1024, but otherwise you should be all set.

Resources