?
Solved

sending network packets to yourself.

Posted on 2004-08-21
10
Medium Priority
?
1,465 Views
Last Modified: 2013-12-23
Hello;
I want to learn how to work with a sniffer, by sending packets from myself to myself.
I know that there is a command to divert the packets to yourself through your router (instead of going "directly" from yourself to yourself).
I'm using windows XP.
What is that command ?? And what is the command to undo what you did(the diversion) ??
0
Comment
Question by:André123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 11860120
> I know that there is a command to divert the packets to yourself through your router

how do you know there is such a command? could you please be more specific on this?

i believe you know the command PING. in fact, when the command is being executed, the packets go around between the two nodes, you can use sniffer program to verify it and see what is happening in depth.

hope it helps,
bbao
0
 

Author Comment

by:André123
ID: 11860559
Well, I thought it was something with arp;
but when I type "arp -a" I get this:
C:\Documents and Settings>arp -a
Interface: 192.168.1.100 --- 0x2
  Internet Address      Physical Address      Type
  192.168.1.1           00-0f-66-4d-48-4c     dynamic

so, that would mean that even the packets I send to myself go through my router, which can't be the case (or it wouldn't be logical, I think).

So, it's probably not arp, but I don't know what it is...


0
 
LVL 37

Expert Comment

by:bbao
ID: 11860649
yes, everytime you invoke the command, the above result appears. what you can learn from it are the followings:

1) your host IP is 192.168.1.100
2) your router IP is 192.168.1.1, its MAC address is 00-0f-66-4d-48-4c
3) your host just contacted with the router in TWO mins

since your default gateway receives all outgoing traffic to the external network (the internet), your host talks with it frequently, so that ARP command gives you the result, although you might think that you are doing nothing with the network. remember, some of your network programs, such icq, msn, email client and browser silently access the internet without explicit notifications, so your router's MAC address is kept in the ARP cache almost all the time because your host often silently sends packets through the router.

if you can stop all the network programs on your computer, after 2 minutes, you may see nothing appears in the arp -a result.

so it does not mean the packets you send to yourself have been diverted to your router, for example, any requests to 127.0.0.1 will not send to the router, forever. hehe ;)

hope it helps,
bbao
0
Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.

 

Author Comment

by:André123
ID: 11860662
Hi;
and, if I send it to 192.168.1.100 (is also myself), will it go through the router ??
If not, what should I do to make it go through the router ??

Thanks
0
 
LVL 37

Accepted Solution

by:
bbao earned 500 total points
ID: 11860701
> if I send it to 192.168.1.100 (is also myself), will it go through the router ??
NO

> If not, what should I do to make it go through the router ??
every packet which destination is to yourself will NOT be sent to other hosts even the router. if you want to receive some packets initiated (not sent) from you, just try to communicate with a host behind your router (e.g. on the internet), or just PING that host, then you can see the acknowledge packages or data packages will be sent from the host to your computer through the router.

btw, why do you want to see the loopback packets through the router? :)

cheers,
0
 

Author Comment

by:André123
ID: 11860786
>btw, why do you want to see the loopback packets through the router? :)
I'm just playing...
(it's nothing with "netstat -r" neither???)

Thanks for all your help.
0
 
LVL 37

Expert Comment

by:bbao
ID: 11860802
"netstat -r" gives the routing table of your computer,the same result as "route print". i am thinking if you want to know how many TCP/UDP sessions you are holding, if so "netstat -a" is it. for more information, just issue "netstat -?" for help. thanks for your grade and points. :)

cheers,
bbao
0
 

Author Comment

by:André123
ID: 11861329
glad you're glad.
PS.:
this also doesn't works:
C:\Documents and Settings\aa>route PRINT
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0f 66 44 f5 0f ...... Wireless-G Notebook Adapter - Packet Scheduler
iniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.100       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.1.0    255.255.255.0    192.168.1.100   192.168.1.100       20
    192.168.1.100  255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.1.255  255.255.255.255    192.168.1.100   192.168.1.100       20
        224.0.0.0        240.0.0.0    192.168.1.100   192.168.1.100       20
  255.255.255.255  255.255.255.255    192.168.1.100   192.168.1.100       1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None

C:\Documents and Settings\aa>route DELETE 192.168.1.100
The route specified was not found.

C:\Documents and Settings\aa>route DELETE host 192.168.1.100
route: bad destination address host

C:\Documents and Settings\aa>route DELETE host 192.168.1.255
route: bad destination address host

C:\Documents and Settings\aa>route delete 192.168.1.100
The route specified was not found.
0
 
LVL 37

Expert Comment

by:bbao
ID: 11861337
route delete 0.0.0.0 mask 0.0.0.0 192.168.1.100
0
 

Author Comment

by:André123
ID: 11861549
thanks a lot. This seems to work indeed.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question