As the title says, i need a packet filtering (Firewall) and packet editing API for windows
I did a lot of google search and find some packet filtering API
like
1.Winpcap
2.WIPFW
3.Pktfilter
but nothing for packet editing, seems like i have to write a kernel level driver to achieve this...I know some programming but dont know how to program a driver
I know that i can do this in linux using iptables.
is there is anything equivalent to iptable in windows?
is there is any API for windows to do packet filtering (Firewall) and editing the packet?
(basically i trying to edit the source ip in packet's ip header so that i can make the packets to use different network interface)
I don't want to write any kernel level driver for that because i don't know how to do that.
Somebody help me.
From XP onwards, Windows has come with a firewall.
XP, 2k & 2k3 can be configured on the cli using "netsh firewall ...." and on later versions of Windows, it's "netsh advfirewall ....".
Here's a link with an intro - http://blog.commandlinekungfu.com/2009/05/episode-30-twiddling-with-firewall.html.
You could write a powershell script also to integrate with the Windows firewall. Here's some sample configuration http://blogs.technet.com/b/jamesone/archive/2009/02/18/how-to-manage-the-windows-firewall-settings-with-powershell.aspx
Related
I have a Win11 laptop and I installed Yabe and was easily able to explore bacnet objects on my home thermostat. I'm trying to duplicate this on a Linux Laptop. My issue is that Yabe is not finding my thermostat on the Linux machine.
I'm running Linux Mint 21 Cinnamon 5.4.12. I installed Mono and downloaded Yabe. I am running with command "mono ./Yabe.exe". The Win11 laptop rules out thermostat setup/network issues. In the Yabe log window I get a message that says "error loading plugins". I did't try to install any plugins so I don't know where this is coming from and I'm not sure if it's even the root cause. Initially I just left the Yabe folder in my downloads folder. I also moved it to /usr/bin but that didn't solve anything. Any suggestions would be appreciated. I would really like not to have to use Win11 as it is a memory hog.
A similar question was raised on sourceforge but the answers have not helped me.
https://sourceforge.net/p/yetanotherbacnetexplorer/discussion/general/thread/1e78874922/?limit=25
Thank you for the suggestions. I ran Wireshark capture with filter "udp and port 47808" and received i-Am 100001 from the thermostat at 192.168.0.150 which is the static address I assigned. Like I said, since I literally have a Win-11 laptop sitting beside this one with Yabe installed and it sees the thermostat just fine, that rules out most network router issues. Also, I currently have the Linux firewall turned off. I believe it must be some bug with the Yabe installation on this version of Linux. I keep wanting to get away from Windows and rely solely on Linux and then I run into issues like this that make me realize why it's not universally adapted in industry.
At least for Windows, I believe that the plug-in DLLs are not strictly necessary/important; and you could drop the relevant plug-in DLLs alongside the 'YABE.exe' binary (- within the same folder); I've included a picture of plug-in DLLs' filenames.
Is both the (BACnet) client machine and server/thermostat machine using a public IP address, or at least a private IP address within the same subnet/network address range?
Have you got a Linux (and/or Windows) firewall blocking communication?
Can you see the 47808 port # open using the 'NMap' tool?
Also - for generic reference, an answer of mine for a half-similar question (- some points are could also be relevant here):
Things worth considering :-
Tools such as YABE, VTS and Wireshark - to learn from the success cases/successful instances of communication.
The network card (NIC) that your tools and/or libraries are using/selecting to send the ('service' request) messages - e.g. definitely don't mix routable addresses with non-routable 'private' addresses (between the BACnet 'client' IP & the 'server' IP).
(UDPv4-only) 'Broadcasts' will only work upon the local network (- if a BBMD is not present & correctly set-up to relay the broadcast on to another part/hop of the "internetwork"/connected networks).
If you're unlucky - with a particular device, your client port just might have to be 47808/0xBAC0; and just possibly for the broadcasts too.
Also try directed/'unicast' traffic/'service' requests too - e.g. attempting to read the device object instance # (DOIN) of a target device; check you've got/are specifying the correct DOIN when targeting/firing a request at a device.
Does the target device have a BACnet router or BACnet gateway in front of it (- therefore would also need the inclusion of a DNET & DADR paired values as part of addressing it)?
If so, are you talking the same variant of BACnet, e.g. IP - as in BACnet/IP between both the (BACnet) 'client' & 'server'/serving device?
If it's a commercial/enterprise device, does it have a IP whitelist - to allow for the processing of incoming requests?
I was using WSL to run ROS commands, and at a point i had to enable system to respond to broadcast icmp requests (for a multi master kind of a setup) i.e. on linux i had to make sure
cat /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
returns 0. but WSL does not contain such a file, so i was thinking of enabling it on windows. All the sources i have gone through suggest me to add a rule to firewall but my system is not responding to broadcast ping even when my system's firewall is turned off(domain, private and public have been turned off same with my buddy who is no the same network). i am using an android phone's mobile hotspot to check this.
it would be great if someone could help me on this.
thanks in advance.
I asked something similar
I don't know how to do it purely on WSL. But on windows you have to start the "TCPSVCS.EXE" process. located on System32
Simple question - how to map serial port (serial2USB as /dev/ttyUSB0) to XenApp with Citrix receiver 13 on Linux (Ubuntu 13)?
With Citrix receiver 12, I can run connection manager (wfcmgr) and map desired port in preferences, but CR13 dont have this manager. I tried to manually edit wfclient.ini and put there these lines (copied from wfclient.ini used by CR12):
LastComPortNum=1
ComPort1=/dev/ttyUSB0
But nothing happened. In addition, I found this link so maybe I should ask: How to redirect USB devices? (and throw away this COM antique)
So, lines in wfclient.ini are correct but I was operating with incorrect information that unix kernel v.2.4.20 (and higher) contains drivers for TFDI devices. Truth is that these drivers are in kernel v.2.6.31 (and higher). I should have to check dmesg... sigh
I have an old 2800 series router with ios 12.4(10) that I need to monitor traffic on an interface. Issue is the version of ios installed doesn't support traffic capture. I would love to update ios, but I'm not the one running the project. I didn't find any methods on capturing for my version of ios.
My solution was to run tcpdump on the node to the switch. Only problem is, that server doesn't have tcpdump and I cannot install it. Next solution is to compile from source and run tcpdump from usb (proving to be a bit tricky). My next approach is to remotely log into the router, view the traffic, and save to a file. I don't know the command to do that unfortunately and all the commands on the cisco support site are for newer ios versions.
I'm no networking guru and I'm very unfamiliar with ios commands. I need a way to monitor the traffic between the node and the router.
FYI:
When I say monitor, I mean I want to see the header, destination, port, etc. not just a packet accounting.
I don't think the router can do what you're asking. However if you are using a cisco switch to connect your router to your host, you can mirror (it's called 'Span port' on new switches) a port or a vlan to another port and sniff the data there.
As I don't know your switch model, I can only point you to this cisco doc that lists the config for all of them.
Hope this helps,
Alex
What is the exact model? I thought 2800 should be a router, not a switch.
If it is a router, you can use netflow to see IP and ports(but not full header), another option is debug ip packet, however you must be careful not to kill the router by extensive debugging.
I need to know when a specific pc (which I know ip and MAC) is plugged on the LAN. I want to avoid all polling mechanisms, is it possible under linux to achieve this ? Maybe by sniffing icmp packet?
Thx
If you are in control of the gateway, you can just sniff traffic and see if there's any from/to that host (through MAC or IP address).
If not, things get complicated, and some sort of polling is needed in most cases - in a switched network, you generally won't see the traffic destined for another host; the surest way of checking "online-ness" would be ARP, possibly by using arping (or doing the ARP requests yourself and sniffing the traffic for ARP replies).
Note that neither of these approaches are "sure-fire" - with tools like powernap, (temporarily) offline hosts can appear to be online.
You can use NMAP to scan your network with a simple ping type scan to see what hosts are online and not. This is a polling mechanism, but unless you can program the routers/switches in your network to tell your when MAC or IP address XYZ has started sending traffic, I don't know of any other way to do this.