As I do my project of "detection and prevention of black hole attack, I need to monitor the packet flow to the nighbouring node. That for, I need to use the promiscuous mode in AODV. I have found some tutorial in the following link but there too its not complete and i have never found any other material.
http://www.dcs.warwick.ac.uk/~adhoc1/nshowto1.html
http://greenw.blogspot.in/2006/08/support-promiscuous-mode-in-aodv.html
There is something like "// put your code here " in AODV::tap(const Packet *p) But I dont get what exactly I need to put there so that I will be able to monitor the packet flow.
It will be very helpful, if anybody can give some light to these, as I am very much towards the end of the course. Its bit urgent.
Thanking you.......
There are several ways to achieve this
Put that node which you want to monitor on hub port and you should plug in that hub on another port and use wireshark to watch traffic from or to that node.
If you both are on same switch use port mirroring to watch his traffic.
Linux has feature of prom mode.
Related
My actual goal is to monitor the traffic going through a zyxel USG60 switch (v4.15). For that I use zabbix.
The problem I got is that I actually monitor the interfaces of the switch, but I need to go deeper (if you know what I mean), in the term that my boss asked me if I could monitor on each interface, the different traffic port by port (I mean service, like port 80 is for http), to check precisely who is using bandwidth and for what.
I tried to see if snmp can do that, but it seems it didn't go further the interface level. Since I don't know where to start or search, I need your help and advice.
One last precision, the monitoring server will be run under ubuntu 14.04 .
You need to collect additional data using NetFlow/sFlow protocols to get the detailed traffic information.
I have an old 2800 series router with ios 12.4(10) that I need to monitor traffic on an interface. Issue is the version of ios installed doesn't support traffic capture. I would love to update ios, but I'm not the one running the project. I didn't find any methods on capturing for my version of ios.
My solution was to run tcpdump on the node to the switch. Only problem is, that server doesn't have tcpdump and I cannot install it. Next solution is to compile from source and run tcpdump from usb (proving to be a bit tricky). My next approach is to remotely log into the router, view the traffic, and save to a file. I don't know the command to do that unfortunately and all the commands on the cisco support site are for newer ios versions.
I'm no networking guru and I'm very unfamiliar with ios commands. I need a way to monitor the traffic between the node and the router.
FYI:
When I say monitor, I mean I want to see the header, destination, port, etc. not just a packet accounting.
I don't think the router can do what you're asking. However if you are using a cisco switch to connect your router to your host, you can mirror (it's called 'Span port' on new switches) a port or a vlan to another port and sniff the data there.
As I don't know your switch model, I can only point you to this cisco doc that lists the config for all of them.
Hope this helps,
Alex
What is the exact model? I thought 2800 should be a router, not a switch.
If it is a router, you can use netflow to see IP and ports(but not full header), another option is debug ip packet, however you must be careful not to kill the router by extensive debugging.
I am writing a linux kernel module for some tunnelling activity. The module will get packets from the networking stack and perform some operations on it. What is the best possible way to inject packets into the stack from the bottom(emulate ethernet packet arrival on wire) so that the packet traverses the entire receive path and is delivered to my module.
My module uses the kernel br_handle_frame_hook hook to get the packet which means that it cannot co-reside with the linux native bridge module. Any ideas will be appreciated.
Consider using NetFilter
http://www.phrack.org/issues.html?issue=61&id=13
TAP would be great, if you're working in user space, which you're not
I believe that TAP device is what you are looking for - a nice way to send/receive Ethernet packets from user-space
I recommend tap like #raber before me. I also recommend reading this excelet tutorial: http://backreference.org/2010/03/26/tuntap-interface-tutorial/ .
You asked whether you can make the tap non-programatically and then replay traffic into it. The answer is yes. Look for the 'persistency' options (which b.t.w. can also be done programatically with a short tool you can write yourself if you prefer not to download tools that can already do it). You may also want/need to define the user that may use the tap (or otherwise just sudo your operations).
I want to determine if a network card is enabled, up, and plugged in. Basically, I want to know if the network card will work. I need this information from with a C++ program, and would like to display an error message when the network isn't working properly. If possible I would like to avoid using shell commands to determine this information.
You can look at /sys/class/net/eth0/operstate where eth0 is your interface to see if it's up.
Look at /sys/class/net/eth0/carrier to see if there is a carrier.
Though I guess executing ifconfig and friends will give you more compatibility to *BSDs.
open AF_NETLINK socket
bind it to sockaddr_nl with nl_groups = RTMGRP_LINK
send message RTM_GETLINK to kernel
make poll/epoll on socket to read RTM_NEWLINK and RTM_DELLINK messages
you will receive initial interfaces list and its changes in future
Remember, on Linux "everything" is a file.
The best way would be to use the approved kernel<->userspace communication, namely sysfs, mounted at /sys. Network devices are linked at /sys/class/net
If you wish to use the ioctl interface, look at man netdevice
How do you want to identify the network card? You might try taking a look at /etc/udev/rules.d/70-persistent-net.rules which maps hardware MAC addresses into nice names (like eth0).
Then, when you have the nicer name, you can run things like ethtool eth0 to determine if it is [physically] connected (last line), ifconfig eth0 to determine if it is up (look for "UP BROADCAST..."), and if it has an IP address.
I'm willing to guess there are automatic libraries for this though; have you looked around? I'm not sure if there's easily accessible code in NetworkManager, but that should be a good first place to look.
Run through the output of getifaddrs, you can use the link layer for the MAC address to identify an adapter and check the ifa_flags for IFF_UP. Use AF_NETLINK for notifications about interface changes.
I have an ssh connection to a linux machine which is hibernated after some non-activity time.
I want to make it resume, how do I do that?
(writing to /dev/mouse to simulate mouse movement didn't do the trick)
A machine that is hibernating cannot come out of sleep without pressing the power button, or sending a magic packet if the ethernet adaptor has Wake On Lan (WOL) capability and the motherboard supports that. WOL packets can only be generated on the local network, not remotely from other networks.
-Adam
In addition to what Adam has stated, some motherboards support waking from various states when an interrupt is triggered.
The key here is which state you are referring to as hibernation; are you talking about an extremely low-power mode in hardware, or software hibernation where core memory is written to disk and the machine is turned off completely? If the latter, WOL is the only possibility; if the former, than you can tell your motherboard to watch for interrupts from various sources and you can use some other means to trigger a wake-up.
A good starting point for reading is the Wake-On-LAN article on Wikipedia.
To accomplish WOL you need a few things:
First, check the BIOS of the machine you're waking to see if it supports WOL. If it does, make sure it's turned on.
Then get a program that can send WOL packets:
In linux: sudo apt-get install wakeonlan
For windows just find one to download using google. There are probably 100 different apps that do it, I don't use Windows so I don't have one to reference.
If you want to receive WOL packets from outside of your local network. Configure your router to forward port 9 to 255.255.255.255 (IP Broadcast-To-All address).
For some really useful info on the WOL protocol as well as a sample capture file that can be loaded in wireshark, see this article.