It occurred the Dropped packet with checking ifconfig command tool. The Dropped counted up with a lot of volumes.
$ ifconfig eth0
eth0 Link encap:イーサネット ハードウェアアドレス 4c:72:b9:f6:27:a8
inetアドレス:192.168.1.102 ブロードキャスト:192.168.1.255 マスク:255.255.255.0
inet6アドレス: fe80::4e72:b9ff:fef6:27a8/64 範囲:リンク
UP BROADCAST RUNNING MULTICAST MTU:1500 メトリック:1
RXパケット:2745254558 エラー:0 **損失:1003363** オーバラン:0 フレーム:0
TXパケット:7633337281 エラー:0 損失:0 オーバラン:0 キャリア:0
衝突(Collisions):0 TXキュー長:1000
RXバイト:1583378766375 (1.5 TB) TXバイト:10394167206386 (10.3 TB)
So I'll use ethtool to raise the network buffer value.
$ sudo ethtool -g eth0
Ring parameters for eth0:
Cannot get device ring settings: Operation not supported
I can't confirm eth0 status.
And, I don't understand what the ring is.
is this Virtual Machine ?
So from the symbols you pasted I assume there is drop on the RX.
You need to rise the RX ring buffer with ethtool -G eth0 rx 4096
Show more info ethtool -i eth0 and netstat -s
There is a lot more tuning to eth0 than just ring buffers.
Try to rise net.core.netdev_max_backlog.
Check it with sysctl net.core.netdev_max_backlog and set the new value with sysctl -w net.core.netdev_max_backlog=numberhere.
EDIT:
Please also show card HW info
sudo lshw -C network
google for Cannot get device ring settings r8169
Related
I am trying to capture the DHCP frames for analysis using the following command in my mac book.
sudo tshark -i en0 -f "port 67 or port 68" -a duration:300 -w /tmp/dump.pcap
I use the following command to get all the fields of all protocols in the packet but it is not printing any value. Is the capture filter option for the DHCP frame is correct? Any help is appreciated?
sudo tshark -T text -r /tmp/dump.pcap -V
Answer
Yes, your commands are OK. Maybe no DHCP packets arrived and therefore not captured. Try to force a DHCP activity by commands in second teminal window of the same device:
sudo dhclient -r
sudo dhclient
Warning: Do not apply these commands if you are connected remotely. First command releases the IP address and your connection will be interrupted without a possibility to put second command and get address back remotely.
Some details concerning data capture
The thsark filters have the same syntax as Wireshark.
Threre exist 2 (or 3) filter types:
capture filter, -f tshark option: It selects which packets will be captured and which not. This is useful e.g. for getting lower capture file size.
display filter, -Y tshark option: It selects which packets will be displayed from all captured ones.
You can combine both types.
Examples:
tshark -i eth0 -n -Y "ip.addr==8.8.8.8"
tshark -i eth0 -n -Y "ip.addr==8.8.8.8" -f "udp port 53"
tshark -i eth0 -n -Y "ip.addr==8.8.8.8 and udp.port==53"
All packets are captured, but only the 8.8.8.8 IP address packets are displayed.
Only the DNS packets are captured, and only the 8.8.8.8 IP address packets from captured are displayed.
All packets are captured, but only the 8.8.8.8 IP address packets having UDP port 53 (i.e. DNS) are displayed. Compare different syntax of the port filtering between the display and the capture filters in line above.
All other options like -a, -b, -w, -s can be applied too.
The tcpdump application is usefull too. It is available in most Linux systems even very small or special. It does not have a display filter option. Only capture filters can be applied. Other options are missing: -a, -b ...
sudo tcpdump -i eth0 -w /tmp/dhcp.pcap "udp port 67 or udp port 68"
I'm trying to configure the network via /etc/network/interfaces here's my file:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug usb0
iface usb0 inet dhcp
# The wifi network interface
iface wlxf4f26d13b2bd inet manual
hwaddress ether 2a:bf:x9:53:38:9d
wpa-driver nl80211
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
but when I try to activate the device with ifup wlxf4f26d13b2bd I get:
> RTNETLINK answers: Device or resource busy ifup: failed to bring up
> wlxf4f26d13b2bd
I'm not using NetworkManager.
This is the verbose output of ifup:
ifup -v wlxf4f26d13b2bd
ifup: configuring interface wlxf4f26d13b2bd=wlxf4f26d13b2bd (inet)
/bin/run-parts --exit-on-error --verbose /etc/network/if-pre-up.d
run-parts: executing /etc/network/if-pre-up.d/macchanger
run-parts: executing /etc/network/if-pre-up.d/wireless-tools
run-parts: executing /etc/network/if-pre-up.d/wpasupplicant
wpa_supplicant: terminating wpa_supplicant daemon via pidfile /run/wpa_supplicant.wlxf4f26d13b2bd.pid
Stopped /sbin/wpa_supplicant (pid 1568).
wpa_supplicant: removing /run/sendsigs.omit.d/wpasupplicant.wpa_supplicant.wlxf4f26d13b2bd.pid
wpa_supplicant: wait for wpa_cli to attach
wpa_supplicant: wpa-driver nl80211
wpa_supplicant: /sbin/wpa_supplicant -s -B -P /run/wpa_supplicant.wlxf4f26d13b2bd.pid -i wlxf4f26d13b2bd -W -D nl80211 -c /etc/wpa_supplicant/wpa_supplicant.conf -C /run/wpa_supplicant
Starting /sbin/wpa_supplicant...
wpa_supplicant: creating sendsigs omission pidfile: /run/sendsigs.omit.d/wpasupplicant.wpa_supplicant.wlxf4f26d13b2bd.pid
wpa_supplicant: ctrl_interface socket located at /run/wpa_supplicant/wlxf4f26d13b2bd
/sbin/ip link set dev wlxf4f26d13b2bd address 2a:bf:x9:53:38:9d
RTNETLINK answers: Device or resource busy
ifup: failed to bring up wlxf4f26d13b2bd
I solved the issue. The problem was that it was trying to change the MAC address after the wpa_supplicant configuration; The order of commands in the file is not respected. The simple solution is either to set the mac address with pre-up macchanger -m inside the iface stanza or to invoke macchanger before wpa-supplicant.
Thanks!
I tried to filter layer 2 multicast packet (no IP header) generated by GOOSE protocol.
The commands below are used (ebtable and iptables) but did not work. Can anyone please give some advice?
I used ebtables because i readed that iptables can't open packet who dont have ip header (layer 3 minimum). The packet were sent from machine A to machine B (client/server software).
a. ebtables -A INPUT -j DROP
ebtables -A OUTPUT -j DROP
b. iptables -A INPUT -m pkttype --pky-type multicast -j DROP
iptables -A OUTPUT -m pkttype --pky-type multicast -j DROP
I tried all the commands above, but i can't stop my multicast packet (DROP was just used for test purpose)
Thank you in advanced...
For the one's who are in the same probleme in the future, i manage to resolve the probleme, first, you should now that iptables can't filter protocole who don't use ip header, so in my case, my protocole is layer 2 (like arp), the best tool for that is ebtables.
The DROP test that i already realise didn't work because i used ebatbles in a normale inerface, and this is a probleme for ebtables, he don't accept it, you should configure an bridge interface before using ebtables.
This the command i typed to creat bridge:
brctl addbr br0
brctl stp br0 off
brctl addif br0 eno16777736
ifconfig br0 10.0.0.131 netmask 255.255.255.0
ifconfig eno16777736 0 0.0.0.0
ip route add default via 10.0.0.1
ebtables -t broute -A BROUTING -j DROP
Hop this will help some one in the future
I have a Linux (3.14.36) embedded board acting as a WiFi AP.
The WiFi chipset doesn't support monitoring mode.
My laptop(the client) is connected to this board by WiFi
The WiFi AP is acting as a network bridge to another computer, and doesn't provide an IP adress to the client (the WiFi AP only has the MAC address of the client)
I want to monitor the signal strengh of the connection WiFi AP <-> Client and be able to trigger a "refresh" of the signal strengh value.
Doing : iw dev wlan0 station dump gives me :
Station xx:xx:xx:xx:xx:xx (on wlan0)
inactive time: 123820 ms // <-- The problem
rx bytes: 10291
rx packets: 60
...
signal: -65 dBm // What I want to refresh
...
I understood that the signal strengh is updated every time there is a network activity. (So, in the example above, it has been refreshed 123s ago).
How can I force a refresh of this value ? (By forcing the AP to send "something" to the client for example) Knowing that the board/WiFi driver/WiFi device doesn't support tools such as iwconfig
For anyone finding this thread now:
I had this issue and my solution was to ping the device before doing the iw dump, e.g.
Get the list of of connected MAC addresses:
iw dev wlan0 station dump | grep 'signal' | awk '{print $2}'
Then get the IP address from these MAC addresses (alternatively you could use arp):
ip neigh | grep 'ma:ca:dd:re:ss:ss' | awk '{print $1}'
Then ping each of those:
ping -c 1 'IP.address'
Then get the refreshed signal for that MAC address
iw dev wlan0 station get 'ma:ca:dd:re:ss:ss' | grep 'signal' | awk '{print $2}'
I wrapped all this up in a Python script and it seemed to give reliable data.
I'll give it a try:
You're embedded so I guess you have busybox. You have no IP but you may then use arping (if this applet is not configured in your busybox build, change the config) to send something small and useless that may wake up the thing. What IP to use for your ARP requests? Well it seems you can use a "dummy" IP.
I'm running this on a PC but I do have busybox with its arping, and I use a wired interface, but here is the concept:
jbm#sumo:~/sandbox/iw$ sudo busybox arping -w 1 -U -I eth0 0.0.0.0
ARPING to 0.0.0.0 from 192.168.1.66 via eth0
Sent 2 probe(s) (2 broadcast(s))
Received 0 reply (0 request(s), 0 broadcast(s))
The useful thing is that though the "dummy" IP, I can check with tcpdump that the arp requests do actually go on the wire (or in the air in your case):
jbm#sumo:~$ sudo tcpdump -i eth0 -v arp
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
10:42:20.111100 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 0.0.0.0 (Broadcast) tell sumo, length 28
10:42:21.111206 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 0.0.0.0 (Broadcast) tell sumo, length 28
^C
2 packets captured
2 packets received by filter
0 packets dropped by kernel
So sending ARP request on your wireless interface may be enough to "wake up" your connection and refresh your RSSI.
EDIT:
See the interesting uses and properties of IP 0.0.0.0 here:
https://en.wikipedia.org/wiki/0.0.0.0
EDIT 2:
Re-thinking about it, I realized there will be a problem if your wireless interface does not have an IP itself. Which, if I'm not mistaking, may not necessarily be case in your bridging configuration. In such case, arping will not have a source address to build its request packets (nor will know how to listen for responses), and will fail.
But you can create your own "mini-unidirectional arping", using an AF_PACKET socket and build your own ARP request packet with a dummy/random source IP address. It will be unidirectional because the response to your forged ARP request, if any, would go to to the random source IP which may and preferably should not exist. But it the principle of just awaking your wireless connection by sending "something", that may do the trick.
For inspiration on how to code this "mini-unidirectional arping", have a look at busybox implementation from its udhcpc/udhcpd (it's simpler than the full-blown arping busybox applet):
https://git.busybox.net/busybox/tree/networking/udhcp/arpping.c#n38
The from_ip parameter is what you want to forge. You can use your actual MAC as from_mac, just for the sake of dignity :-) You don't even have to wait for a response (starting line 89), so that would be something like 50 lines of C code + a little main if you want to add a few options to it.
I am currently designing a linux driver for a pure IPv6 driver. Is there any way to make the kernel module only support IPv6 and can only be assigned IPv6 address? What is the commands in linux to set the address?
Thanks
Adding IP:
Using ip command:
$sudo /sbin/ip -6 addr add 2001:0db8:0:f101::1/64 dev eth0
Using ifconfig command:
$sudo /sbin/ifconfig eth0 inet6 add 2001:0db8:0:f101::1/64
Deleting IP:
Using ip
$sudo /sbin/ip -6 addr del 2001:0db8:0:f101::1/64 dev eth0
Using ifconfig
$sudo /sbin/ifconfig eth0 inet6 del 2001:0db8:0:f101::1/64