I have two virtual machines running on the same host and they are both in the same NAT Network. I started a fake bacnet device on one VM (say VM1) using the utility script volttron/scripts/scalability-testing/virtual-drivers/bacnet.py.
The device started up fine. Now from another VM (say VM2) on the same host and same NAT Network I ran the scan_bacnet.py but my fake device on VM1 is not getting listed.
I verified that the ip address on the BACpypes.ini file has the correct address of the host running the scan_bacnet.py script. I also changed the address in BACpypes.ini to include subnet mask (10.0.2.15/24) still no luck.
Below is the content of my BACpypes.ini on file on VM2
[BACpypes]
objectName: Betelgeuse
address: 10.0.2.15/24
objectIdentifier: 599
maxApduLengthAccepted: 1024
segmentationSupported: segmentedBoth
vendorIdentifier: 15
This is the command I ran in VM1 to start the fake bacnet device
python bacnet.py bacnet_registry.csv 10.0.2.5
I am able to ping from one VM to another and running a tcpdump on the source VM shows that the scan_bacnet.py is sending the whois request to the other VM. Running tcpdump on the destination VM shows that the machine is receiving the whois request yet the fake bacnet device isn't receiving the whois request.
What am I doing wrong?
You need to include the subnet mask in the virtual device command line:
python bacnet.py bacnet_registry.csv 10.0.2.5/24
Also you should check the firewall setting on both VMs. CentOS, for instance, defaults to blocking all incoming traffic. (You will still see it in the output tcpdump.) For BACnet you need to open udp port 47808 for all traffic (broadcast and direct).
Related
I'm using an dual-port NIC, Mellanox ConnectX-5, and the DPDK version is dpdk-stable-19.11.3. After configuration, the call of rte_eth_dev_count_avail() returns 2. But only one port of my ConnectX-5 NIC is connected to the other machine. All I can find is to init all available ports like this.
RTE_ETH_FOREACH_DEV(portid)
if (port_init(portid, mbuf_pool) != 0)
rte_exit(EXIT_FAILURE, "Cannot init port %u\n", portid);
Can dpdk selectively init ports? Or is there any way to make rte_eth_dev_count_avail() returning 1?
Another quick way to assign a particular port out all available ports to DPDK application by using DPDK tool dpdk-devbind.py and EAL port initialization will pick port which is assigned to UIO/VFIO kernel driver. Below are devbind script steps to identify port current status and how to bind required port to DPDK.
[root#linux usertools]# ./dpdk-devbind.py --status
Network devices using kernel driver
===================================
0000:00:03.0 '82540EM Gigabit Ethernet Controller 100e' if= drv=e1000 unused=vfio-pci
0000:00:04.0 '82540EM Gigabit Ethernet Controller 100e' if= drv=e1000 unused=vfio-pci
[root#linux usertools]# ./dpdk-devbind.py --bind=vfio-pci 00:04.0
[root#linux usertools]# ./dpdk-devbind.py --status
Network devices using DPDK-compatible driver
============================================
0000:00:04.0 '82540EM Gigabit Ethernet Controller 100e' drv=vfio-pci unused=e1000
Network devices using kernel driver
===================================
0000:00:03.0 '82540EM Gigabit Ethernet Controller 100e' if= drv=e1000 unused=vfio-pci
[EDIT-1] based on the updated question from author, the request is identify from the available DPDK ports which is connected? as mentioned above answer one needs to use rte_eth_link_get
Yes one can selectively init ports by passing the right PCIe Bus:Device:Function address as a whitelist. Hence only desired ports will pop up in the application.
How to do it:
create a dummy application to take in all DPDK port.
Initialize and start the dpdk ports. Check for link-state and create port-mask (global variable) which filters in application logic.
Invoke rte_eth_dev_stop & rte_eth_dev_close for link down ports.
Invoke rte_eal_cleanup.
Use the port-mask, as an argument for execv to invoke your desired DPDK application.
this way you can run your application with valid ports to it.
But relying on rte_eth_link_get is tricky because
if the other end is connected to dpdk-pktgen, first your DPDK application has to init the NIC locally.
if connected to linux box, the nic has to be bought up first with ifconfig [other nic] up
at times one needs to check link.link_speed if its valid.
certain PMD needs write to PCIe mapped register, hence has to dev_configure and port_init to get a reliable reading for link status.
Hence safest and recommended way to use is identify the NIC PCIe B:D:F in Linux driver and then whitelist the ports by using option -w for the desired port under igb_uio/virtio-pci. This can be done by bind all NIC back in linux by
lshw -c network -businfo will list NIC and PCIe Bus:Device:Function with kerel device name and driver.
use ethtool [eth device name] | grep Link to identify the link is connected.
for reference, you can use https://github.com/vipinpv85/DPDK-APP_SAMPLES/blob/master/auto-baseaddr-selector.c as template for dummy applciation.
I wanted to try localhost in my mobile, so I can see if it is really responsive cause in the chrome there are only few selections like iPad,etc.. so My PC has a mobile hotspot. Is it possible to share my localhost to the connected devices?
Why are you using your PC as mobile hotspot? Isn't there another network that both your PC and other devices can connect to and find each other on?
Either way, localhost is just a shorthand for the local loopback IP address (127.0.0.1), which is used for a computer to handle network requests to itself. Now, if the other devices can connect to the PC, then all you need to do is find out what your IP address on the local network is, if XAMPP's Apache server is listening for requests on the network and if any local Firewall isn't blocking access.
(Windows)Before you do anything else, make sure Windows IIS isn't running! It occupies the default http port (80) and is going to cause problems if it's there!
First up, figuring out your IP address:
(Windows)Open the commandprompt (start -> search cmd.exe or run and enter cmd) // (Linux/Unix/Mac)Open a terminal
(Windows)run ip-config and look for the line that specifies your IPv4 address, write it down if you have to // (Linux/Unix/Mac)run ifconfig and look for the line stating inet.
Either way, this address probably looks like 192.168.X.Y
Next, check to see if Apache is listening
As this is often the default setting, it probably is. So grab any other device connected on the same network and open a browser
In the address bar type the 192.168.X.Y IP address of the PC running XAMPP
If you don't see an error, go to your files and enjoy!
If you do get an error, change the config for Apache (httpd.conf) and search for a line containing "Listen 80", if you can't find it then it's probably listening to 0.0.0.0:80 and you need to edit that line to "Listen 80" as that will allow it to listen to all addresses on the network.
Finally, you can't reach it so check if your firewall is blocking access. This is usually Windows firewall not trusting anything that doesn't carry a Microsoft label
Go to Control Panel > Windows Firewall > Allow a program to communicate through windows firewall > Add another program Name: http Port: 80
If it still doesn't work and you're running Windows, refer to this Stack Overflow question as you are not the first person that has trouble setting things up.
Yesterday I successfully performed a MITM attack by ARP poisoning between my router and my Windows7 computer. I used Ettercap on a Linux machine.
However, today, running the same command does not work anymore. It looks like Ettercap cannot reach my computer, which IP is 192.168.0.17.
Here is what I got :
We can see that the only host added to the list is the router one (192.168.0.1)... What I don't understand is that it was working few hours ago.
I noticed also another thing.
using the command
sudo arpspoof -i wlp20s0 -t 192.168.0.17 192.168.0.1
The ARP poisonning DOES work this time. But now the problem is that it is acting like a DDOS on my victim... It completely loses internet connection.
And before it was not, it was working as expected.
So I guess something has changed on my victim computer but I cannot figure what.
Thank you.
IP forwarding is the ability for an operating system to accept incoming network packets on one interface, recognize that it is not meant for the system itself, but that it should be passed on to another network, and then forwards it accordingly.
From https://openvpn.net/faq/what-is-and-how-do-i-enable-ip-forwarding-on-linux/
When you perform MITM packets that don't match your IP are being sent to you and are not passed on correctly so the victim can reach out to the internet. With IP forwarding enabled your computer will reroute the packets correctly and the attacked computer will have access to the internet.
On Linux if I remember correctly:
echo 1 > /proc/sys/net/ipv4/ip_forward
will fo the job.
Arp replies are stored in cache, so first of all do some tricks here:
Remove arp cache from windpws with cmd.
(Cause the first priority is the cache and if host cant find the mac address it will generate an ARP request,then your router will repliy with ARP reply)
issue this command to see arp table:
arp -a
When you do Mitm with arp spoof and your computer looses internet connectivity it might be your DNS misconfiguration.
You ll need to enable dns server.
(If wan to brows web pages)
Try to do it with ettercap and enable arp poision and dns spoof module.
I have succesfully built the CoAP protocol example for ARM mbed (https://developer.mbed.org/teams/sandbox/code/coap-example/file/0681e205d0e9/) on a K64F board. It comes out of the box, except for the server name (coap.me) changed to an internal IP address.
I see that it runs correctly and connects to the network:
[EasyConnect] Using Ethernet
[EasyConnect] Connected to Network successfully
[EasyConnect] IP address 192.168.1.15
[EasyConnect] MAC address 0e:43:54:d9:7c:71
Connected to the network. Opening a socket...
Calculated message length: 11 bytes
Starting server
Sent 11 bytes to coap://192.168.1.10:5683
I have set a computer that can connect to it. It can ping correctly to the board and I see that the ARP is negotiating with the correct MAC address.
I have launched an NMAP test and I see that the port is closed:
PORT STATE SERVICE
5683/udp closed unknown
If I set a CoAP client in the computer (Copper) I see no connection in the terminal.
What I am missing?
Moving this to the answer section as well, in case someone else runs into this problem.
If you want to use an mbed OS 5 device as a UDP server, make sure to call .bind() on the socket.
I am developing an NDIS 6 filter driver of Win7 and Win8 for WinPcap and Nmap. As you know, Nmap is a network scanner. A requirement of Nmap is to capture localhost packets like "ping 127.0.0.1", so that Nmap can test the local machine itself, too. However, it seems that the localhost packets will just return in the TCP/IP stack and never comes to the NDIS layer. Is there any way to resolve this issue? Like adding a loopback adapter or what? Thanks.
You'll need a WFP callout to capture layer-3 loopback packets. TCPIP has a fast-path for loopback that never reaches layer-2 in NDIS.
You can capture localhost (127.0.0.1) traffic in Windows by using raw sockets. There is a great tool called RawCap that sniffs localhost and saves the captured packets in the PCAP format.
http://www.netresec.com/?page=RawCap