Questions tagged [packet]
The packet tag has no usage guidance.
99
questions
67
votes
2
answers
179k
views
iptables: difference between NEW, ESTABLISHED and RELATED packets
Part of a firewall on a server :
iptables -A INPUT -p tcp --dport 22 -m state NEW --state -m recent --set
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 100 --...
39
votes
5
answers
113k
views
How do you diagnose packet loss?
I realise this is very subjective and dependent on a number of variables, but I'm wondering what steps most folks go through when they need to diagnose packet loss on a given system?
15
votes
1
answer
26k
views
Why is the "don't fragment" flag set in https and ssh protocols?
I've found a lot of information specifying that this is the case, however, I am really looking for the reason behind this. Why is it necessary? Is it necessary?
8
votes
3
answers
91k
views
Excessive 'TCP Dup ACK' & 'TCP Fast Retransmission' causing issues on network. What's causing this?
I'm getting excessive TCP Dup ACK and TCP Fast Retransmission on our network when I transfer files over the MetroEthernet link. The two sites are connected by one sonicwall router, so the sites are ...
7
votes
1
answer
15k
views
Outbound Packets Dropping / Timeouts - Only with Azure
I have an issue with packets dropping to a third party data center in Florida, USA. The issue only occurs on Azure Virtual Machines, no matter which data center the VM is in. I've done the same tests ...
6
votes
1
answer
14k
views
iptables drop packet by hex string match
I got this packet captured with tcpdump but I'm not sure how to use the --hex-string param to match the packet. Can someone show me how to do it?
11:18:26.614537 IP (tos 0x0, ttl 17, id 19245, offset ...
5
votes
2
answers
10k
views
Can 3G networks be packet sniffed / analyzed?
Just wondering if 3G networks can be sniffed like public wifi networks, via wireshark for example (I'm almost sure this is not possible due to encryption, but I just want to make sure?)
5
votes
2
answers
10k
views
How is packet collision avoided in full duplex mode?
While working in full duplex mode, one can send and receive packets simultaneously. Why don't the packets collide?
5
votes
1
answer
21k
views
Linux bridge (brctl) is dropping packets
I have been researching this problem for a few days and have not found an answer yet. Your help will be really appreciated!
I have a few VMs (Virtual Machines) running on a physical server. The ...
5
votes
2
answers
7k
views
Configuring Frame Relay using a Switch Simulation - Packet Tracer
I have the following set up in Packet Tracer:
I am trying to configure frame-relay between the RTR-EDGE router, the RTR_ENG router and the RTR_SAL router using a frame-relay switch simulation (the ...
4
votes
1
answer
822
views
TCP sequence number and ACK number
Is the TCP sequence number just the ACK number + bytes received? Is it different when doing the 3-way handshake?
3
votes
4
answers
18k
views
Smaller network packets vs bigger packets - confused
Some are saying that bigger packets are better to send then smaller.
But in this app: http://media.pearsoncmg.com/aw/aw_kurose_network_2/applets/message/messagesegmentation.html
The lower the packet ...
3
votes
1
answer
2k
views
Check what the average packet size is in a network (what firewall/router should I get)
Is there any way to do this?
We are looking into buying a Fortigate 100D but are unsure if it will hold up to our requirements.
http://www.fortinet.com/products/fortigate/100D.html
While the ...
3
votes
1
answer
3k
views
Packet loss during TCP handshake
I have to implement a pseudo TCP handshake that leads into a file transfer. I have no problem doing the file transfer: simple send-acknowledge. What I can't wrap my head around is how to do the three ...
3
votes
1
answer
1k
views
Confusion about TCP packet analysis terms
I'm analyzing our network and have some confusion about the terms:
this is the 2-packet output from source to destination.
from these i have to get some features as describe, pls make me clear...
...
2
votes
3
answers
466
views
Is TCP header the same as TCP segment?
So, is a TCP header actually the same thing as a TCP segment? I was reading this page,
where it reads near the end that:
Even though it might seem they are, in most cases, when referring to
the ...
2
votes
2
answers
4k
views
PF: Block all, but one subnet firewall rule?
I'm trying to do something that I thought would be relatively simple: Block all the traffic to a test server, other than my company's subnet.
I've tried things along these lines (111.111.0.0 is my ...
2
votes
1
answer
7k
views
TCP Sequence & Acknowledgment numbers
I have looked through other questions on here involving the relevant topics, but I am still not clear on this.
I have just been reading this explanation of TCP sequence & acknowledgment numbers.
...
2
votes
2
answers
7k
views
Tracking actual packet path on a LAN
Is it possible to track the path a packet takes on a switched network. When I run a traceroute I get only the router and the destination. I know for a fact, however, that the packet must pass through ...
2
votes
1
answer
650
views
Inaccurate bandwidth limiting in altq queues
I'm setting up an environment where I have one Linux server, one OpenBSD router and one Linux client and I want to be able to limit how much bandwidth the client should be able to use.
I've been ...
2
votes
1
answer
5k
views
Transportation Layer vs Network Layer [closed]
I am a networking student, and I am learning about the OSI system for networks. The concepts for this system are all pretty complicated, but the main issue that I'm having is the main differences ...
2
votes
1
answer
3k
views
10GbE be2net low pktgen performance
I am testing the network performance of two workstations, each having 2.4GHz Xeon quad core processors and NC550SFP PCIe Dual Port 10GbE Server Adapters, linked back to back.
I've checked the ...
2
votes
0
answers
129
views
FreeBSD: redirect some UDP traffic from one port to another
I have some specialized DNS servers running on FreeBSD 11. A few people keep hammering on them and I would like to give them different answers. So I'd like to divert UDP traffic from those hosts from ...
2
votes
0
answers
431
views
Redhat 6.4 configured to log Martian packets but is not logging ll header
I am trying to investigate the source of martian packets I have been seeing on several servers connected to the same subnet. The logging of martian packets has been enabled in /etc/sysctl.conf.
...
1
vote
4
answers
4k
views
iptables : How to calculate how many bytes there're in a packet?
I'm working on a firewall and I would like to know how to calculate how many bytes there're in a packet or at least have an idea what the averages are.
When I googled it, 1500 bytes was mentioned a ...
1
vote
2
answers
754
views
What is Reverse Gossip Transfer Protocol?
Playing with wireshark, I see a bunch of packets that say something like
rgtp > https [ACK] Seq=???? Ack=?????? Win=????? Len=0
What is a Reverse Gossip Ttransfer Protocol? What is it used for, ...
1
vote
2
answers
77
views
Computer sleep and wake up announcement on a network
I wonder if there's some sort of network packet that announces a computer going to sleep or waking up again.
If not, can you think of reasons why this would be a bad idea?
1
vote
1
answer
740
views
Bad mask /30 for address 10.1.1.3 || Cisco P.T
So basically I'm having this issue while trying to configure the serial of 3 routers (router0, router1, router2) on Cisco Packet Tracer
I was able to configure both serials for router0 following this ...
1
vote
1
answer
1k
views
Is there is any tool/way to find out why packet is getting dropped due to an arp cache full?
My developer hypothesis is packet is getting dropped at arp layer. We increased the default value of neigh.default.gc_thresh3 1024 --> 2048 and now everything looks good. But I want to understand is ...
1
vote
1
answer
4k
views
iptables connlimit: exclude multiple IP addresses
I have currently this IPTABLES command:
iptables -A INPUT -s ! 192.168.0.2 -p tcp --syn -m connlimit [...] -j DROP
As far as I know, such rule limit some number of connections following various ...
1
vote
1
answer
115
views
How to find the linux user that sent the packet [duplicate]
Our server is compromised and we would like to know which accounts sent the malicious queries from our server. I used tcpdump to get this :
our.host.net.48194 > box5596.bluehost.com.http: Flags [P....
1
vote
1
answer
403
views
IPTables or alternate solution to block the first attempt to connect then allow further attempts from same IP
I have a unique situation in which a DDOS attack for a certain game is sending realistic player connection packets that seem to perfectly mimic a real player's connection packet.
These typically ...
1
vote
2
answers
17k
views
Intel 82579LM Gbit Ethernet Controller - magic packet (WOL) right after ping is not working
I am experiencing a very annoying and mysterious behavior when sending magic packets (for Wake On LAN) shortly after pinging an Intel 82579LM GigaBit Ethernet Controller (the onboard ethernet ...
1
vote
2
answers
349
views
What does "all packets that fall through to the default rule should be dropped" mean?
Does “all packets that fall through to the default rule should be dropped” mean that my iptables rule should drop everything at the start, like this?
# Set the default policy to drop
$IPT --policy ...
1
vote
1
answer
889
views
Forwarded Packets are received by namespace's veth0 but not received by application
I use libtins (It uses Pcap) to capture link layer packets and forward to a network namespace where the actual application runs on.
Client(Browser) -> Server -> Pcap -> Pcap Send -> br0 (...
1
vote
1
answer
133
views
Performing tasks and custom logic on network packets
I'm looking for a way to process packets in a Linux server in a particular fashion - I need to run some custom logic on every packet, then (possibly) take some actions on the packets and let the ...
1
vote
1
answer
2k
views
Accept ICMP packets (ping) with specific length - Iptable rules
I am going to filter Ping request to my server, and only accepts ping request with length 920.
ping -l 920 serrveraddress
I am using the following two command in iptables
iptables -A INPUT -p icmp -...
1
vote
1
answer
2k
views
Viewing the packet-size of an incoming IP
I have been looking for a sulution to this for a few hours. after no avail im asking for help here.
I need to watch my incoming packets by Size. in a format similar to:
IP SIZE
I have tried TCPDUMP ...
1
vote
1
answer
4k
views
VMWare-ESXi server dropping packets, shaky connection
I have a few virtual servers running on a VMWare-ESXi server. One of those is a mailserver running Windows server 2003, Has been running quite well for a while now. About 4 days ago, the mailserver ...
1
vote
0
answers
249
views
How can I maximize UDP Packet Size?
I am a gamer. I play UDP-based games. I want to increase the packet size. I know the UDP packet size is 1024 but i want to increase this packet size even more. I want to increase the performance I get ...
1
vote
0
answers
111
views
How to limit packets per unit time on a particular interface (for vms)
I am using kvm and virtuozzo virtualization on my servers and each having 10 vms.
I have to restrict DDOS attack from my VMS (i.e prevent VM from doing DDOS attack), I search on net and found that I ...
1
vote
0
answers
721
views
What's the expected behavior in TCP when hosts don't specify the MSS during handshake?
Let's suppose there are two hosts A and B and they are going to communicate over TCP. I am curious about the behavior of TCP related to MSS. Wikipedia says default value of MSS is 536. But, RFC-793 ...
1
vote
0
answers
48
views
Does tcpdump guarantee packet integrity?
In normal use of tcpdump without any parameter, does it guarantee?
tcpdump -i eth0 -w file.pcap
In using tcpdump rotating by time with -G parameter, does it guarantee?
tcpdump -i eth0 -w file.pcap -...
1
vote
2
answers
521
views
Openvpn fails behind firewall but another VPN Works
Well I have spent last 48 hours trying to debug this but I'm about to give up now.
Mobile carrier in our country has a daily social bundle in which we can use ONLY whatsapp, facebook and snapchat &...
1
vote
1
answer
744
views
How to send outgoing TCP packets on Windows through a remote Linux server?
Let's say I have a Windows computer and a Linux server. I'm looking for a way to route outgoing TCP packets on the Windows computer (all ports) through the Linux server.
The Linux server would have ...
1
vote
1
answer
3k
views
Understanding SoftEther VPN packet log
Help me to identify each part of a packet log from softether VPN.
for example, the below given is a packet log.
2017-06-07,23:40:20.888,SID-USER-[L2TP]-15,SID-SECURENAT-1,CA9DC6D826F0,00AC3A3F04D0,...
1
vote
0
answers
754
views
Route HTTP packets into tun/tap interface
What I simply want is to redirect all HTTP packet from any interface to my tun/tap interface. A scapy script will listen on this interface and do some treatments to these packets.
First, I created a ...
1
vote
0
answers
79
views
Split TCP packet - Data layer vs IPv4Layer
What is the different between split TCP packet in the Data layer compare to split the packet in IPv4Layer ?
1
vote
1
answer
151
views
Understanding ARP traces during OS load
Consider the following ARP packets captured while a unix machine was booting.
From the packets I understand that this machine whose MAC address is 00:22:22:22:22:22 is requesting information about ...
1
vote
2
answers
317
views
Server sending packets every 5 minutes to 3 IPs
Been noticing in our firewall logs that three connections are being constantly established every 5 minutes from our web server and trying to send a packet to destination port 43 (whois port) cycling ...