Solved

sending network packets to yourself.

Posted on 2004-08-21
10
1,185 Views
Last Modified: 2013-12-23
Hello;
I want to learn how to work with a sniffer, by sending packets from myself to myself.
I know that there is a command to divert the packets to yourself through your router (instead of going "directly" from yourself to yourself).
I'm using windows XP.
What is that command ?? And what is the command to undo what you did(the diversion) ??
0
Comment
Question by:André123
  • 5
  • 5
10 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 11860120
> I know that there is a command to divert the packets to yourself through your router

how do you know there is such a command? could you please be more specific on this?

i believe you know the command PING. in fact, when the command is being executed, the packets go around between the two nodes, you can use sniffer program to verify it and see what is happening in depth.

hope it helps,
bbao
0
 

Author Comment

by:André123
ID: 11860559
Well, I thought it was something with arp;
but when I type "arp -a" I get this:
C:\Documents and Settings>arp -a
Interface: 192.168.1.100 --- 0x2
  Internet Address      Physical Address      Type
  192.168.1.1           00-0f-66-4d-48-4c     dynamic

so, that would mean that even the packets I send to myself go through my router, which can't be the case (or it wouldn't be logical, I think).

So, it's probably not arp, but I don't know what it is...


0
 
LVL 37

Expert Comment

by:bbao
ID: 11860649
yes, everytime you invoke the command, the above result appears. what you can learn from it are the followings:

1) your host IP is 192.168.1.100
2) your router IP is 192.168.1.1, its MAC address is 00-0f-66-4d-48-4c
3) your host just contacted with the router in TWO mins

since your default gateway receives all outgoing traffic to the external network (the internet), your host talks with it frequently, so that ARP command gives you the result, although you might think that you are doing nothing with the network. remember, some of your network programs, such icq, msn, email client and browser silently access the internet without explicit notifications, so your router's MAC address is kept in the ARP cache almost all the time because your host often silently sends packets through the router.

if you can stop all the network programs on your computer, after 2 minutes, you may see nothing appears in the arp -a result.

so it does not mean the packets you send to yourself have been diverted to your router, for example, any requests to 127.0.0.1 will not send to the router, forever. hehe ;)

hope it helps,
bbao
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:André123
ID: 11860662
Hi;
and, if I send it to 192.168.1.100 (is also myself), will it go through the router ??
If not, what should I do to make it go through the router ??

Thanks
0
 
LVL 37

Accepted Solution

by:
bbao earned 125 total points
ID: 11860701
> if I send it to 192.168.1.100 (is also myself), will it go through the router ??
NO

> If not, what should I do to make it go through the router ??
every packet which destination is to yourself will NOT be sent to other hosts even the router. if you want to receive some packets initiated (not sent) from you, just try to communicate with a host behind your router (e.g. on the internet), or just PING that host, then you can see the acknowledge packages or data packages will be sent from the host to your computer through the router.

btw, why do you want to see the loopback packets through the router? :)

cheers,
0
 

Author Comment

by:André123
ID: 11860786
>btw, why do you want to see the loopback packets through the router? :)
I'm just playing...
(it's nothing with "netstat -r" neither???)

Thanks for all your help.
0
 
LVL 37

Expert Comment

by:bbao
ID: 11860802
"netstat -r" gives the routing table of your computer,the same result as "route print". i am thinking if you want to know how many TCP/UDP sessions you are holding, if so "netstat -a" is it. for more information, just issue "netstat -?" for help. thanks for your grade and points. :)

cheers,
bbao
0
 

Author Comment

by:André123
ID: 11861329
glad you're glad.
PS.:
this also doesn't works:
C:\Documents and Settings\aa>route PRINT
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0f 66 44 f5 0f ...... Wireless-G Notebook Adapter - Packet Scheduler
iniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1   192.168.1.100       20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
      192.168.1.0    255.255.255.0    192.168.1.100   192.168.1.100       20
    192.168.1.100  255.255.255.255        127.0.0.1       127.0.0.1       20
    192.168.1.255  255.255.255.255    192.168.1.100   192.168.1.100       20
        224.0.0.0        240.0.0.0    192.168.1.100   192.168.1.100       20
  255.255.255.255  255.255.255.255    192.168.1.100   192.168.1.100       1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None

C:\Documents and Settings\aa>route DELETE 192.168.1.100
The route specified was not found.

C:\Documents and Settings\aa>route DELETE host 192.168.1.100
route: bad destination address host

C:\Documents and Settings\aa>route DELETE host 192.168.1.255
route: bad destination address host

C:\Documents and Settings\aa>route delete 192.168.1.100
The route specified was not found.
0
 
LVL 37

Expert Comment

by:bbao
ID: 11861337
route delete 0.0.0.0 mask 0.0.0.0 192.168.1.100
0
 

Author Comment

by:André123
ID: 11861549
thanks a lot. This seems to work indeed.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

823 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question