Solved

sending network packets to yourself.

Posted on 2004-08-21
10
1,125 Views
Last Modified: 2013-12-23
Hello;
I want to learn how to work with a sniffer, by sending packets from myself to myself.
I know that there is a command to divert the packets to yourself through your router (instead of going "directly" from yourself to yourself).
I'm using windows XP.
What is that command ?? And what is the command to undo what you did(the diversion) ??
0
Comment
Question by:André123
  • 5
  • 5
10 Comments
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 11860120
> I know that there is a command to divert the packets to yourself through your router

how do you know there is such a command? could you please be more specific on this?

i believe you know the command PING. in fact, when the command is being executed, the packets go around between the two nodes, you can use sniffer program to verify it and see what is happening in depth.

hope it helps,
bbao
0
 

Author Comment

by:André123
ID: 11860559
Well, I thought it was something with arp;
but when I type "arp -a" I get this:
C:\Documents and Settings>arp -a
Interface: 192.168.1.100 --- 0x2
  Internet Address      Physical Address      Type
  192.168.1.1           00-0f-66-4d-48-4c     dynamic

so, that would mean that even the packets I send to myself go through my router, which can't be the case (or it wouldn't be logical, I think).

So, it's probably not arp, but I don't know what it is...


0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 11860649
yes, everytime you invoke the command, the above result appears. what you can learn from it are the followings:

1) your host IP is 192.168.1.100
2) your router IP is 192.168.1.1, its MAC address is 00-0f-66-4d-48-4c
3) your host just contacted with the router in TWO mins

since your default gateway receives all outgoing traffic to the external network (the internet), your host talks with it frequently, so that ARP command gives you the result, although you might think that you are doing nothing with the network. remember, some of your network programs, such icq, msn, email client and browser silently access the internet without explicit notifications, so your router's MAC address is kept in the ARP cache almost all the time because your host often silently sends packets through the router.

if you can stop all the network programs on your computer, after 2 minutes, you may see nothing appears in the arp -a result.

so it does not mean the packets you send to yourself have been diverted to your router, for example, any requests to 127.0.0.1 will not send to the router, forever. hehe ;)

hope it helps,
bbao
0
 

Author Comment

by:André123
ID: 11860662
Hi;
and, if I send it to 192.168.1.100 (is also myself), will it go through the router ??
If not, what should I do to make it go through the router ??

Thanks
0
 
LVL 37

Accepted Solution

by:
Bing CISM / CISSP earned 125 total points
ID: 11860701
> if I send it to 192.168.1.100 (is also myself), will it go through the router ??
NO

> If not, what should I do to make it go through the router ??
every packet which destination is to yourself will NOT be sent to other hosts even the router. if you want to receive some packets initiated (not sent) from you, just try to communicate with a host behind your router (e.g. on the internet), or just PING that host, then you can see the acknowledge packages or data packages will be sent from the host to your computer through the router.

btw, why do you want to see the loopback packets through the router? :)

cheers,
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:André123
ID: 11860786
>btw, why do you want to see the loopback packets through the router? :)
I'm just playing...
(it's nothing with "netstat -r" neither???)

Thanks for all your help.
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 11860802
"netstat -r" gives the routing table of your computer,the same result as "route print". i am thinking if you want to know how many TCP/UDP sessions you are holding, if so "netstat -a" is it. for more information, just issue "netstat -?" for help. thanks for your grade and points. :)

cheers,
bbao
0
 

Author Comment

by:André123
ID: 11861329
glad you're glad.
PS.:
this also doesn't works:
C:\Documents and Settings\aa>route PRINT
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0f 66 44 f5 0f ...... Wireless-G Notebook Adapter - Packet Scheduler
iniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.100       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.1.0    255.255.255.0    192.168.1.100   192.168.1.100       20
    192.168.1.100  255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.1.255  255.255.255.255    192.168.1.100   192.168.1.100       20
        224.0.0.0        240.0.0.0    192.168.1.100   192.168.1.100       20
  255.255.255.255  255.255.255.255    192.168.1.100   192.168.1.100       1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None

C:\Documents and Settings\aa>route DELETE 192.168.1.100
The route specified was not found.

C:\Documents and Settings\aa>route DELETE host 192.168.1.100
route: bad destination address host

C:\Documents and Settings\aa>route DELETE host 192.168.1.255
route: bad destination address host

C:\Documents and Settings\aa>route delete 192.168.1.100
The route specified was not found.
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 11861337
route delete 0.0.0.0 mask 0.0.0.0 192.168.1.100
0
 

Author Comment

by:André123
ID: 11861549
thanks a lot. This seems to work indeed.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now