[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1729
  • Last Modified:

sending network packets to yourself.

Hello;
I want to learn how to work with a sniffer, by sending packets from myself to myself.
I know that there is a command to divert the packets to yourself through your router (instead of going "directly" from yourself to yourself).
I'm using windows XP.
What is that command ?? And what is the command to undo what you did(the diversion) ??
0
André123
Asked:
André123
  • 5
  • 5
1 Solution
 
bbaoIT ConsultantCommented:
> I know that there is a command to divert the packets to yourself through your router

how do you know there is such a command? could you please be more specific on this?

i believe you know the command PING. in fact, when the command is being executed, the packets go around between the two nodes, you can use sniffer program to verify it and see what is happening in depth.

hope it helps,
bbao
0
 
André123Author Commented:
Well, I thought it was something with arp;
but when I type "arp -a" I get this:
C:\Documents and Settings>arp -a
Interface: 192.168.1.100 --- 0x2
  Internet Address      Physical Address      Type
  192.168.1.1           00-0f-66-4d-48-4c     dynamic

so, that would mean that even the packets I send to myself go through my router, which can't be the case (or it wouldn't be logical, I think).

So, it's probably not arp, but I don't know what it is...


0
 
bbaoIT ConsultantCommented:
yes, everytime you invoke the command, the above result appears. what you can learn from it are the followings:

1) your host IP is 192.168.1.100
2) your router IP is 192.168.1.1, its MAC address is 00-0f-66-4d-48-4c
3) your host just contacted with the router in TWO mins

since your default gateway receives all outgoing traffic to the external network (the internet), your host talks with it frequently, so that ARP command gives you the result, although you might think that you are doing nothing with the network. remember, some of your network programs, such icq, msn, email client and browser silently access the internet without explicit notifications, so your router's MAC address is kept in the ARP cache almost all the time because your host often silently sends packets through the router.

if you can stop all the network programs on your computer, after 2 minutes, you may see nothing appears in the arp -a result.

so it does not mean the packets you send to yourself have been diverted to your router, for example, any requests to 127.0.0.1 will not send to the router, forever. hehe ;)

hope it helps,
bbao
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
André123Author Commented:
Hi;
and, if I send it to 192.168.1.100 (is also myself), will it go through the router ??
If not, what should I do to make it go through the router ??

Thanks
0
 
bbaoIT ConsultantCommented:
> if I send it to 192.168.1.100 (is also myself), will it go through the router ??
NO

> If not, what should I do to make it go through the router ??
every packet which destination is to yourself will NOT be sent to other hosts even the router. if you want to receive some packets initiated (not sent) from you, just try to communicate with a host behind your router (e.g. on the internet), or just PING that host, then you can see the acknowledge packages or data packages will be sent from the host to your computer through the router.

btw, why do you want to see the loopback packets through the router? :)

cheers,
0
 
André123Author Commented:
>btw, why do you want to see the loopback packets through the router? :)
I'm just playing...
(it's nothing with "netstat -r" neither???)

Thanks for all your help.
0
 
bbaoIT ConsultantCommented:
"netstat -r" gives the routing table of your computer,the same result as "route print". i am thinking if you want to know how many TCP/UDP sessions you are holding, if so "netstat -a" is it. for more information, just issue "netstat -?" for help. thanks for your grade and points. :)

cheers,
bbao
0
 
André123Author Commented:
glad you're glad.
PS.:
this also doesn't works:
C:\Documents and Settings\aa>route PRINT
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0f 66 44 f5 0f ...... Wireless-G Notebook Adapter - Packet Scheduler
iniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.100       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.1.0    255.255.255.0    192.168.1.100   192.168.1.100       20
    192.168.1.100  255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.1.255  255.255.255.255    192.168.1.100   192.168.1.100       20
        224.0.0.0        240.0.0.0    192.168.1.100   192.168.1.100       20
  255.255.255.255  255.255.255.255    192.168.1.100   192.168.1.100       1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None

C:\Documents and Settings\aa>route DELETE 192.168.1.100
The route specified was not found.

C:\Documents and Settings\aa>route DELETE host 192.168.1.100
route: bad destination address host

C:\Documents and Settings\aa>route DELETE host 192.168.1.255
route: bad destination address host

C:\Documents and Settings\aa>route delete 192.168.1.100
The route specified was not found.
0
 
bbaoIT ConsultantCommented:
route delete 0.0.0.0 mask 0.0.0.0 192.168.1.100
0
 
André123Author Commented:
thanks a lot. This seems to work indeed.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now