Solved

sending network packets to yourself.

Posted on 2004-08-21
10
1,380 Views
Last Modified: 2013-12-23
Hello;
I want to learn how to work with a sniffer, by sending packets from myself to myself.
I know that there is a command to divert the packets to yourself through your router (instead of going "directly" from yourself to yourself).
I'm using windows XP.
What is that command ?? And what is the command to undo what you did(the diversion) ??
0
Comment
Question by:André123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
10 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 11860120
> I know that there is a command to divert the packets to yourself through your router

how do you know there is such a command? could you please be more specific on this?

i believe you know the command PING. in fact, when the command is being executed, the packets go around between the two nodes, you can use sniffer program to verify it and see what is happening in depth.

hope it helps,
bbao
0
 

Author Comment

by:André123
ID: 11860559
Well, I thought it was something with arp;
but when I type "arp -a" I get this:
C:\Documents and Settings>arp -a
Interface: 192.168.1.100 --- 0x2
  Internet Address      Physical Address      Type
  192.168.1.1           00-0f-66-4d-48-4c     dynamic

so, that would mean that even the packets I send to myself go through my router, which can't be the case (or it wouldn't be logical, I think).

So, it's probably not arp, but I don't know what it is...


0
 
LVL 37

Expert Comment

by:bbao
ID: 11860649
yes, everytime you invoke the command, the above result appears. what you can learn from it are the followings:

1) your host IP is 192.168.1.100
2) your router IP is 192.168.1.1, its MAC address is 00-0f-66-4d-48-4c
3) your host just contacted with the router in TWO mins

since your default gateway receives all outgoing traffic to the external network (the internet), your host talks with it frequently, so that ARP command gives you the result, although you might think that you are doing nothing with the network. remember, some of your network programs, such icq, msn, email client and browser silently access the internet without explicit notifications, so your router's MAC address is kept in the ARP cache almost all the time because your host often silently sends packets through the router.

if you can stop all the network programs on your computer, after 2 minutes, you may see nothing appears in the arp -a result.

so it does not mean the packets you send to yourself have been diverted to your router, for example, any requests to 127.0.0.1 will not send to the router, forever. hehe ;)

hope it helps,
bbao
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 

Author Comment

by:André123
ID: 11860662
Hi;
and, if I send it to 192.168.1.100 (is also myself), will it go through the router ??
If not, what should I do to make it go through the router ??

Thanks
0
 
LVL 37

Accepted Solution

by:
bbao earned 125 total points
ID: 11860701
> if I send it to 192.168.1.100 (is also myself), will it go through the router ??
NO

> If not, what should I do to make it go through the router ??
every packet which destination is to yourself will NOT be sent to other hosts even the router. if you want to receive some packets initiated (not sent) from you, just try to communicate with a host behind your router (e.g. on the internet), or just PING that host, then you can see the acknowledge packages or data packages will be sent from the host to your computer through the router.

btw, why do you want to see the loopback packets through the router? :)

cheers,
0
 

Author Comment

by:André123
ID: 11860786
>btw, why do you want to see the loopback packets through the router? :)
I'm just playing...
(it's nothing with "netstat -r" neither???)

Thanks for all your help.
0
 
LVL 37

Expert Comment

by:bbao
ID: 11860802
"netstat -r" gives the routing table of your computer,the same result as "route print". i am thinking if you want to know how many TCP/UDP sessions you are holding, if so "netstat -a" is it. for more information, just issue "netstat -?" for help. thanks for your grade and points. :)

cheers,
bbao
0
 

Author Comment

by:André123
ID: 11861329
glad you're glad.
PS.:
this also doesn't works:
C:\Documents and Settings\aa>route PRINT
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0f 66 44 f5 0f ...... Wireless-G Notebook Adapter - Packet Scheduler
iniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.100       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.1.0    255.255.255.0    192.168.1.100   192.168.1.100       20
    192.168.1.100  255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.1.255  255.255.255.255    192.168.1.100   192.168.1.100       20
        224.0.0.0        240.0.0.0    192.168.1.100   192.168.1.100       20
  255.255.255.255  255.255.255.255    192.168.1.100   192.168.1.100       1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None

C:\Documents and Settings\aa>route DELETE 192.168.1.100
The route specified was not found.

C:\Documents and Settings\aa>route DELETE host 192.168.1.100
route: bad destination address host

C:\Documents and Settings\aa>route DELETE host 192.168.1.255
route: bad destination address host

C:\Documents and Settings\aa>route delete 192.168.1.100
The route specified was not found.
0
 
LVL 37

Expert Comment

by:bbao
ID: 11861337
route delete 0.0.0.0 mask 0.0.0.0 192.168.1.100
0
 

Author Comment

by:André123
ID: 11861549
thanks a lot. This seems to work indeed.
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question