From: Patrick McHardy <kaber@trash.net>
To: John McGowan <jmcgowan@inch.com>, mike@infonexus.com
Cc: linux-kernel@vger.kernel.org, Maillist netdev <netdev@oss.sgi.com>
Subject: Re: Kernel 2.6.13: TCP (libnet?)
Date: Wed, 31 Aug 2005 00:36:36 +0200 [thread overview]
Message-ID: <4314DF74.1030402@trash.net> (raw)
In-Reply-To: <20050830194107.GA11652@localhost.localdomain>
John McGowan wrote:
> Kernel 2.6.13: TCP (libnet?)
>
> Broken libnet?
>
> KERNEL: linux-kernel@vger.kernel.org
> LIBNET 1.1 (c) 1998 - 2004 Mike D. Schiffman <mike@infonexus.com>
>
> I don't like spam. I track spamvertized sites. Many only respond to TCP
> packets sent to port 80. I need a TCP traceroute (traceroute using TCP/SYN
> packets).
>
> I have four such programmes.
>
> 1: Hping in traceroute mode.
> Poor. If it hits a router which does not respond, it just sits
> and waits.
> 2: LFT
> OK.
> a: Does not work in Fedora Core2 - without patching.
> The source code expects a header of zero bytes in the
> pcap output of zero bytes (hard coded in the source).
> My captures have a "linux cooked capture" header of sixteen bytes.
> Changing an offset from zero to sixteen gets it to work.
> b: Requires traffic on the interface.
> It seems it gets into a loop and awaits some traffic.
> It examines it - if it is data it expects it uses it.
> If it is other data from other programmes accessing the 'net
> it does nothing with it.
> In both those cases it moves on and starts over.
> What if there is no traffic? Unless there is something for it
> either to use or ignore, it seems to hang. To get it to work
> I have to, say, read the NY Times online while running it.
> (I believe the traceproto site mentions doing something to
> get around the timeout problem)
> Output is OK - but I don't really like it.
> 3: Tcptraceroute
> I have used this since kernel 2.2 through 2.4
> (older version with older version of libnet) and
> 2.6.5, 2.6.7, 2.6.9, 2.6.10, 2.6.11, 2.6.12
> It was my favourite until I got traceproto.
> 4: Traceproto
> I have used this in kernels 2.4,
> 2.6.5, 2.6.7, 2.6.9, 2.6.10, 2.6.11, 2.6.12
> Good.
>
>
> In kernel 2.6.13: [patching 2.1.12 with the patch file]
>
> Standard "traceroute" works.
> LFT works.
> HPING works (also in traceroute mode).
> tcptraceroute fails.
> traceproto (tcp or udp mode) fails.
>
> How do they fail?
>
> A TCPDUMP shows that they do send out the packets.
> I do get back ICMP "time exceeded" error messages.
> They no longer recognize them.
>
> Something that had never changed before has now changed
> and has broken traceproto and tcptraceroute.
[netdev CC'ed]
Could you provide tcpdump dumps and your .config file please?
prev parent reply other threads:[~2005-08-30 22:36 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-08-30 19:41 Kernel 2.6.13: TCP (libnet?) John McGowan
2005-08-30 21:00 ` Alan Cox
2005-08-30 20:33 ` Randy.Dunlap
2005-08-30 22:36 ` Patrick McHardy
2005-08-30 22:36 ` Patrick McHardy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4314DF74.1030402@trash.net \
--to=kaber@trash.net \
--cc=jmcgowan@inch.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mike@infonexus.com \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.