| |
| |
| |
|
Comments:
<0> hi, i want to simulate a very poor connection but i can't seem to find anything in netfilter to replace a certain part of a packet with random data
<1> well, that's probably because there isn't anything to do that. You could try using libipq (or libnetfilter_queue, the replacement) to capture packets, then re-emit them with errors
<0> ok thanks
<2> how do i tell iptables to use the state packet-matching extension?
<2> never mind, found it in a newer man page
<3> gug
<4> gug :)
<5> heya folks
<5> I got a strange situations with ip_queue, when I compare packets sniffed by ethereal or tcpdump I got a different ordering with my python script that uses ipqueue
<5> is this a case where libpcap reorder the packets, when ipqueue juste show me packets as they arrive ?
<5> or just the opposite ? I'm quite confused with that behavior
<6> matth: I can't think of any such behaviour
<6> although, if you run conntrack, ip_queue will probably show you the already-defragmented packets
<6> depending on where you queue, though
<5> I queue in the forward rule
<5> s/rule/chain/
<6> matth: that's after defragmentation, if you have conntrack loaded
<5> I don't have conntrack loaded actually
<6> matth: then I don't see what would reorder your packets
<5> gotta RTFS then, thanks for the suggestions LaF0rge
<5> I was wrong
<5> I *have* ip_conntrack
<5> ok, so what I'm looking for is to plug in somewhere where packets are not reordered and still be able to send them to userspace for inspection
<7> Are there any ipv6 conntrack or even just state modules?
<8> gug
<5> actually I don't get how packets are reordered. For example, when the clients sends 10 ACK paquets to the server (as seen in tcpdump/ethereal) and the server reply to those, the ipqueue app will show the reply after the third packet.
<5> What I'm trying to avoid is to buffer packets and reorder them on the fly as it is already slow atm
<6> you are at an intermediate router, yes?
<5> yes the only one
<6> matth: please try to put a timeline and a detailed description in an email
<5> okay I'll do that
<6> i'll look into it. but on irc it will take ages to actually find out what you are trying to do and what is going on
<8> hehe.. http://www.google.com/trends?q=netfilter&ctab=1
<4> xkr47: what do you deduce from that? :)
<8> nothing in particular :)
<9> /mode +flameme
<10> Hello everyone... I need some help with a log file.. I want to know why the MAC address in a log is longer than my MAC address. Are both mac addresses combined? (IN interface and remote mac addr).. ?
<10> the log is a firestarter log... so is iptables related, right?
<11> both macaddresses are combined
<11> but there's two extra bytes at the beginning as well
<10> Can you ellaborate on that Gandalf_ ?
<11> first 08 for ethernet and for example 06 which is arp
<11> iirc
<10> All right Gandalf_ i got the 08:00 at the end.... So i know the first block of the mac=is my mac address... I want to be sure that the other part is the mac of the "attacker"... (removing the leading bytes that you mentioned...)
Return to
#netfilter
or
Go to some related
logs:
ubuntu x includes
#python
the following packages have unresolvable dependencies
#lisp
#perl
#linuxhelp
opensuse 10.1 adding ifolder repository
nvidia nfore linux x86_64
hardening xubuntu
gnome-power-manager + swsusp2
|
|