Madwifi With Packet Injection

I know this package has been out of date for the longest time now and I adopted it the other day in hopes of just getting it to work with some simple updates. Well I have had no such luck with it being an easy fix. Right now I am just kinda messing with the package to see if I can get it work from subversion builds of madwifi but I have been kinda busy. I am just making this thread to see who all is interested in it aside from me and if anyone can help me out. I will have more info on the status after I class later today.

Injection is working here with provided madwifi from core, besides that it's also working with ath5k from 2.6.27. Both tested with AR5212.
Last edited by anrxc (2008-10-20 20:21:27)

Similar Messages

Wifi packet injection?

I was wondering if the new late 2011 MBA had packet injection ability on it's wifi device.
Does anyone know if the wifi driver with Lion allows this?
I was thinking of buying a MBA 11 inch for on the go surfing and work related solutions.

Perhaps the Nexus has a better antenna or the way you held it could have maintained a better line of sight to the wifi accesspoint? Wifi is 'polarized' so you can sometimes get better (or worse) reception by rotating the antenna through 90º.
It's also possible that the router was too busy when you tried the Mac & iPhone but then was less busy when you tried the Nexus.
Interference could be another reason (portable phones, microwaves, other radio transmitting devices can potentially interfere).
Being too close to an accesspoint (or another transmitting client) can also cause trouble.
Wifi networks can also be configured to 'channel hop' to try to get better signal to noise ratio, this means you may have used different channels on the different devices and may not be comparing like to like. It could also have been another neighboring accesspoint that decided to move away from that channel that helped the Nexus speed up.
It's tough to say, the only real way to test accurately is to have control of the accesspoint so you can control how many clients are connected.
For what it's worth there are a few wifi graphing apps on Android that can indicate how many other networks are around you… (there are also free ones IIRC).
https://play.google.com/store/apps/details?id=com.metageek.inSSIDer&hl=en
I'd disable wifi on the other devices and try one device at a time & move around to see if one part of the room has better reception.

B43 packet injection

I have bcm4311 which is supported. Looked over here here and here and I only see 2.6.26 patches, and I have 2.6.27 kernel version. Will 2.6.26 patch work or will I mess something up in the process?
My guess it then that this:
cd /usr/src/wireless-testing
sudo wget http://patches.aircrack-ng.org/b43-injection-2.6.26-wl.patch
sudo wget http://patches.aircrack-ng.org/mac80211_2.6.26-wl_frag.patch
sudo patch -p1 < b43-injection-2.6.26-wl.patch
sudo patch -p1 < mac80211_2.6.26-wl_frag.patch
sudo make net/mac80211/mac80211.ko drivers/net/wireless/b43/b43.ko
drivers/net/wireless/b43legacy/b43legacy.ko
sudo -s
make modules_install
is all that needs to be done to make packet injection work or is there anything else I need to do?
And lastly - no, I'm not trying to break into my neighbours or anyone elses network, don't really have any need for such actions. I just want to try it on my own AP to learn more..
thank you
Last edited by pootzko (2008-11-10 08:52:18)

for successful injection, AP you're trying to crack has to have at least one client connected to it. and after that client makes some bandwidth, you 'steal and replicate' one of the packages it made, and with aireplay send it over and over... about 40 000 packages is enough
just follow this steps and it should work.
the thing I overlooked is when you start airmon-ng start wlan0 <channel> it made another interface mon0 which you then need to use, but i think that's not the problem in your case

WRT54GS slamming Cable modem with Packets

I'm having trouble with my WRT54GS locking up my Cable Modem. TWC says its slamming the cable modem with too many packets. Is there any way to check this on my end? Full story below.
A little about my set up. I have Time Warner Cable business class Roadrunner service. 5 Static IPs. 4 being used at the moment. The Cable modem has a 4 port switch built in. Port 1 has a month or so old WRT54GS router v7 latest firmware (Gateway mode, Channel 6). Port 2 goes to my Sonicwall Barracuda them my internal network which also has WRT54GS router v7 latest firmware (Router mode, Channel 1). Both routers are sitting next to each other. Ports 3 & 4 have a Vonage Router hooked to each of them.
I started having trouble April 5 with the Internet being down that morning, then that night and falling morning. I power cycled the Cable modem to restore service. Called Time Warner Cable after the third reset. They told me that didn't see anything wrong from their end and I should call them when it is down. I did this and they said they would send someone out the next morning Friday. They came out on Friday morning and Checked cable which the tech said was fine so he replaced the Cable modem around 11:30. Fifteen minutes after he left the internet went down. I called TWC again. They did diagnostics on the cable modem from their end and saw that whatever was hooked up to port 1 was sent out 400 packets/sec. I think they said the cable modem could only handle 300. Port 1 is connect a WRT54GS v7 (latest firmware). We are using it for our Blackberries from Cincinnati Bell for WIFI and UMA service (like T-Mobiles @Home service) for VoWiFi. I turned off all the phones but the router was still slamming the modem with packets. I turned off the WiFi just in case someone hacked our WPA2 key. Still slamming the router with packets with only my laptop hardwired to it for setting up the router. I turned off the router and the modem wasn't getting hammered anymore. Port 2 which is my internal network was only up to 150 after open a lot of TV shows. Ports 3 & 4 nothing. I disconnected the WRT54GS hooked to Port 1.
15 minutes after I got off the phone with TWC internet goes down. They send out a tech on Saturday to check the line again. he sees a slight problem on the line but it should not be causing a problem which the first guy might have thought. But since I am having trouble he goes outside and checks the connections. He finds loose connection and a bad line cap (blocking cable TV). He fixes the connections and replaced the line cap. He comes back inside and rechecks the line. Everything is great no more fluxation of signal or packet loss. I hook the WRT54GS back but it still takes down the modem. So I figure that it's just bad. So I take the WRT54GS from my internal network and set it up to match the one for the Blackberries it's replace. I install a WAP54G on the internal network in it's place. I can't get my Blackberry to get a UMA connection and doing Google searched find this page
http://www.blackberryfaq.com/wiki/index.php/Linksys_Router_Tips
I set up my router and Assess point with the setting from the above except the channel setting leaving them on channel 6 & 1 so they don't interfere with each other. Set: Fragment Threshold : 2304 (256-2346), RTS Threshold : 2304 (0-2347) and Beacon Interval : 50 (20-1024 ms). I also Enable WMM QOS. My phone connects and internet seems to be staying up Saturday Evening. I come to work Sunday afternoon and Internet is still up. I check my phone I have UMA signal and everything is right with the world. 20 minutes later internet goes down. I unplug the WRT54GS and power cycle the cable modem. I am now waiting to see it the internet will stay up without any WRT54GS hooked up.
I have not had a problem before and both Linksys are not even 6 months old. I have read review were people have had trouble with the WRT54GS. Were some people have no trouble will other all kinds of trouble.

As you said cable connected to the pc is working fine!!...connect modem to the router WRT54GS...reset the router once (30 secs) in such a way that Power light on the router is blinking...power cycle complete network i.e., unplug modem & router power cable for 30 secs...plug in modem power cable once lights are solid green plug in the power cable to the router...its important that after upgrading firmware resetting the router is important...so try this & it should deifnately work.Do the wireless & advanced wireless settings as router is currently in default settings.
Also, you want to connect your access point WAP54G to the router & open the setup page of WAP54G using 192.168.1.245 do the wireless settings & try connecting to the wireless router & then check....should work.

Kernel cnfiguration to get packet injection working with iwl4965

Hello,
I'm trying to configure my kernel to be able inject packets with intel wifi card using iwl4965 driver.
According to this: http://aircrack-ng.org/doku.php?id=iwlagn i need configre wifi options like this:
Networking -> Wireless :
[M] Improved wireless configuration API
[*] nl80211 new netlink interface support
[*] Wireless extensions
[M] Generic IEEE 802.11 Networking Stack (mac80211)
[M] Generic IEEE 802.11 Networking Stack (DEPRECATED)
[M] IEEE 802.11 WEP encryption (802.1x)
[M] IEEE 802.11i CCMP support
[M] IEEE 802.11i TKIP encryption
[M] Software MAC add-on to the IEEE 802.11 networking stack
So I fetched the kernel from abs and tried to configure it via make menuconfig. But i don't see these options. All i have there is this:
--- Wireless │ │
│ │ <M> Improved wireless configuration API │ │
│ │ [ ] cfg80211 regulatory debugging │ │
│ │ [ ] cfg80211 DebugFS entries │ │
│ │ [ ] Old wireless static regulatory definitions │ │
│ │ -*- Wireless extensions │ │
│ │ [*] Wireless extensions sysfs files │ │
│ │ {M} Common routines for IEEE802.11 drivers │ │
│ │ [ ] lib80211 debugging messages │ │
│ │ <M> Generic IEEE 802.11 Networking Stack (mac80211) │ │
│ │ [*] enable powersave by default │ │
│ │ Rate control algorithm selection ---> │ │
│ │ -*- Enable LED triggers │ │
│ │ [ ] Export mac80211 internals in DebugFS │ │
│ │ [ ] Select mac80211 debugging features --->
Am I just dumb and missing something or what's the problem? .)
Thank you.
Last edited by _dunmer (2009-10-29 12:15:46)

There is special support for Matrox in mplayer: -vo mga and -vo xmga
Run 'mplayer -vo help', see if those mentioned above are on the list. If not, you'll need to compile mplayer yourself. Though I have no idea what exactly the requisites are to get those working. If you can't get those to work, you're limited to fbdev which is indeed much slower than Xv, because colorspace conversion and scalign need to be done in software. So get vo mga working.

Trouble with bpf packet injection

I am using OSX 10.4.9 power-pc Darwin Kernel Version 8.9.0
I am using libpcap 0.9.5, which uses the BPF api to capture and inject packets. Essentially, I need raw access to the Ethernet network. The problem I am encountering is that when I inject a packet using a bpf-write() command, subsequent bpf-read() commands see the injected packet. I tried avoiding this using the BIOCSSEESENT which disabled capture of all locally generated packets. But it only worked for the OS-stack generated packets, and not the packets I was generating via the bpf write() function.
Looking at the FreeBSD kernel, they solve the problem using a BIOCFEEDBACK setting, which disables the capture operating bpf-read()ing the packets you put in via bpf-write().
My questions are:
1. Is there some BIOCFEEDBACK equivalent on the MacOS that I am unaware of?
2. If not, is there some way I can edit the BPF source code on this version of the kernel, and run my own BPF?
3. If not, what is the proper way to request Apple to fix this shortcomming?
Thanks
-David

I don't know much about this, but the Darwin kernel is very similar to FreeBSD. Indeed, in Activity Monitor, if you do a "Info" about processses, you can see the number of Unix and BSD system calls they make.
Try using the BIOCFEEDBACK setting on OS X. It may not work, but it's worth a try.
~D

Madwifi with aircrack patch PKGBUILD

Hi,
I have just edited and published my first PKGBUILD. It's the madwifi drivers with a patch applied to enable package injection (Only for security-testing on my own WLAN, of course). The injection worked without a hitch on the Backtrack live CD, but I can't seem to get it working on Arch.
When I start aireplay-ng it says its capturing an injecting ARPs, but it doesn't actually do it.
Here the link to the AUR page of the custom package.
http://aur.archlinux.org/packages.php?d … ns=&SeB=nd
Thanks!

Edit: stupid comment...
Last edited by Allan (2008-01-09 13:34:16)

Problem with packet data with E5

Last night every thing was OK, I was able to connect to internet using my phone
but today I tried to connect but I get this msg
"packet data: packet data not available .check network services"
I called the company and they sent me the configuration and I saved it but nothing changed .....
Any ideas ??

Straight Talk with AT&T USA (APN: tfdata) or T-Mobile US (APN: wap.tracfone)?
Lauraboop wrote:
how this all this could happen just from taking out the battery.
Well, you had to take out the battery while it was running. Then, a lot of fancy things can happen like a file-system corruption or just a SIM re-detection. The latter could load new configurations. The former would require the Nokia Software Recovery Tool on a Windows computer. Anyway, that is very, very rare – let us hope this is fixable by just changing the settings.

Directory structure for JSF with EJB3 injection

I currently have a relatively simple JSF application with the following structure:
ROOT
|
|--index.jsp
|--jsp
|     |--index.jspx
|     |--TopMenu.jspx
|     |--Details.jspx
|
|--META-INF
|--WEB-INF
|      |--classes
|            |--example
|                    |--beans
|                    |--model
|                    |--tags
|      |--lib
|      |--tlds
|      |--web.xml
|      |--faces-config.xmlNow, I need to add a session bean that will be injected into a JSF managed bean, but I don't know where to put it. Actually, I don't know how should a driectory structure look like for an enterprise application which envlves jsp, jsf, servlets and ejb. Can anyone give me an example or point me to a document where I can learn this?

After further reading, I must say I'm more confused than ever before.
I've been looking into the examples provided with Sun's Java EE tutorial and what bothers me is that the only mention of EJB in xmls was in the application.xml where EJB's JAR (along with web app's WAR) was listed as a module:
<module>
<web>
<web-uri>dukesbank-war.war</web-uri>
<context-root>/bank</context-root>
</web>
</module>
<module>
<ejb>dukesbank-ejb.jar</ejb>
</module>,
but what if the web app was not deployed within the same EAR, instead calling the already-deployed EJB? It would have to have a reference to it in it's web.xml, wouldn't it? But, for some reason, I could find no example for this. The only mention of EJBs within web.xml was with <ejb-ref> which seems to be meant for EJB 2 as it requires references to EJB's home and remote interfaces... So, my question would be, what element do I need to add to web.xml to be able to inject an EJB 3 through @EJB annotations, if that particular EJB has already been deployed? Do I need to add anything at all, or is the annotation itself enough (i.e. it stands as a replacement for <ejb-ref>)? Is this app server dependent?
Also, I keep seeing that EJB injection into JSF managed beans is not supported on JBoss, but then again, I keep seeing the opposite... I really need some guidance on this...
If I'm making no sense here, please tell me so...

Trying to troubleshoot with Packet Trace

Hi Folks,
Having a bit of issues, i am trying to access a http/https server from the Guest interface (10.10.10.0/24) to the Inside interface (192.168.190.0/24)
I can ping the server, but when i try to access it with http/https.. no luck
So when i am on the 192.168.190.0/24 network i have no problem using http/https to the server.
Inside: Security level 100 (VLAN1)
Guest: Security level 40    (VLAN23)
ASA version: 8.0(4)
ASDM version: 6.1(5)57
I have attached an image when trying to troubleshoot the access list entry from the 10.10.10.1 to 192.168.190.1.
But for some reason the packet is dropped..So i am wondering if i am able to ping the server when i am on the 10 network. Well then the rule shouldn't be wrong right?
Any tips and tricks, i prob missed something
Thanks
Shane

Yes sorry about that, you were right the output in the CLI is much better
Yeah and your were right about the .1, my bad Feel stupid..
I tried with 10.10.10.10 to 192.168.190.27 and the packet was allowed
Here is the output from
# packet-tracer input inside tcp 10.10.10.10 12345 192.168.190.27 443
Phase: 1
Type: CAPTURE
Subtype:
Result: ALLOW
Config:
Additional Information:
MAC Access list
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 3
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 4
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in   192.168.190.0   255.255.255.0   inside
Phase: 5
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
So i see that its drop at Phase 5..
I added another rule on the inside interface
Allow packet from the guest network to 192.168.190.27 which is the https server.
Get the output:
Phase: 1
Type: CAPTURE
Subtype:
Result: ALLOW
Config:
Additional Information:
MAC Access list
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 3
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 4
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in   192.168.190.0   255.255.255.0   inside
Phase: 5
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group Outgoing in interface inside
access-list Outgoing extended permit tcp 10.10.10.0 255.255.255.0 host 192.168.190.27 object-group DM_INLINE_TCP_4
object-group service DM_INLINE_TCP_4 tcp
port-object eq www
port-object eq https
Additional Information:
Phase: 6
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 7
Type: NAT-EXEMPT
Subtype: rpf-check
Result: ALLOW
Config:
match ip inside 192.168.190.0 255.255.255.0 inside 10.10.10.0 255.255.255.0
    NAT exempt
    translate_hits = 0, untranslate_hits = 1
Additional Information:
Phase: 8
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
nat (inside) 1 192.168.190.0 255.255.255.0
match ip inside 192.168.190.0 255.255.255.0 inside any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
Additional Information:
Phase: 9
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
static (inside,outside) x.x.x.x 192.168.190.27 netmask 255.255.255.255
match ip inside host 192.168.190.27 outside any
    static translation to x.x.x.x
    translate_hits = 739399, untranslate_hits = 2012692
Additional Information:
Phase: 10
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 11
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 36837297, packet dispatched to next module
Phase: 12
Type: ROUTE-LOOKUP
Subtype: output and adjacency
Result: ALLOW
Config:
Additional Information:
found next-hop 192.168.190.27 using egress ifc inside
adjacency Active
next-hop mac address 000c.2946.f8e5 hits 85
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: allow

Netstat not reporting input errors with packets that have bad checksums ?

Greetings,
Is netstat not reporting any checksum errors ? I have a number of Macs reporting checksum errors when sniffing the local net. I would think that these should be reported by netstat as input errors, or collisions right ?
But it doesn't currently. See below for sample, its occurring across protocols, tcp, and udp. Usually this error is a bad ethernet port or cabling, and sometimes a sw issue. Working on eliminating the switches, router, and dsl modem by doing more testing.
But is netstat broke ? I havent seen any errors from netstat since @ 3yrs ago.
length 64, bad cksum 0 (->f9fe)!)
One other question, can one monitor firewire 400/800 ports or usb with netstat ? Its not listed with man pages or netstat -h
Thanks in advance

Im am using two commands to view the data;
netstat -I en0 2;
(no errors in or out)
and tcpdump with the verbose -v argument
( reports the cksum ( these are CRC's right, not IP header checksum ? )
At the very bottom is the netstat -s output, otherwise a snippet of tcpdump ; replaced the IP's with xxxx's to protect the innocent
Thanks for your help.....
===========================
18:13:37.101690 IP (tos 0x0, ttl 64, id 8134, offset 0, flags [DF], proto TCP (6), length 957, *bad cksum 0 (->68d8)!)* xxxxxxxxxx > xxxxxxxxxxxxxxx: P 8689:9594(905) ack 1 win 65535 <nop,nop,timestamp 1438111158 3084046213>
18:13:37.136653 IP (tos 0x0, ttl 57, id 26778, offset 0, flags [DF], proto TCP (6), length 52) xxxxxxxxxx > xxxxxxxxxxxxxxx: ., cksum 0xd4bc (correct), ack 5793 win 17376 <nop,nop,timestamp 3084046248 1438111158>
18:13:37.172381 IP (tos 0x0, ttl 57, id 26779, offset 0, flags [DF], proto TCP (6), length 52) xxxxxxxxxx > xxxxxxxxxxxxxxx: ., cksum 0xc3a0 (correct), ack 7241 win 20272 <nop,nop,timestamp 3084046284 1438111158>
18:13:37.207358 IP (tos 0x0, ttl 57, id 26780, offset 0, flags [DF], proto TCP (6), length 52) xxxxxxxxxx > xxxxxxxxxxxxxxx: ., cksum 0xb285 (correct), ack 8689 win 23168 <nop,nop,timestamp 3084046319 1438111158>
18:13:37.230968 IP (tos 0x0, ttl 57, id 26781, offset 0, flags [DF], proto TCP (6), length 52) xxxxxxxxxx > xxxxxxxxxxxxxxx: ., cksum 0xa395 (correct), ack 9594 win 26064 <nop,nop,timestamp 3084046342 1438111158>
18:13:37.313545 IP (tos 0x0, ttl 57, id 26782, offset 0, flags [DF], proto TCP (6), length 1500) xxxxxxxxxx > xxxxxxxxxxxxxxx: . 1:1449(1448) ack 9594 win 26064 <nop,nop,timestamp 3084046415 1438111158>
18:13:37.322422 IP (tos 0x0, ttl 57, id 26783, offset 0, flags [DF], proto TCP (6), length 1500) xxxxxxxxxx > xxxxxxxxxxxxxxx: . 1449:2897(1448) ack 9594 win 26064 <nop,nop,timestamp 3084046415 1438111158>
18:13:37.322440 IP (tos 0x0, ttl 64, id 8135, offset 0, flags [DF], proto TCP (6), length 52, *bad cksum 0 (->6c60)!)* xxxxxxxxxx > xxxxxxxxxxxxxxx ., *cksum 0xaec3 (incorrect (-> 0xff42)*, ack 2897 win 65160 <nop,nop,timestamp 1438111159 3084046415>
18:13:37.331285 IP (tos 0x0, ttl 57, id 26784, offset 0, flags [DF], proto TCP (6), length 1500) xxxxxxxxxx > xxxxxxxxxxxxxxx: . 2897:4345(1448) ack 9594 win 26064 <nop,nop,timestamp 3084046415 1438111158>
18:13:37.334407 IP (tos 0x0, ttl 57, id 26785, offset 0, flags [DF], proto TCP (6), length 646) xxxxxxxxxx > xxxxxxxxxxxxxxx: P 4345:4939(594) ack 9594 win 26064 <nop,nop,timestamp 3084046415 1438111158>
18:13:37.334421 IP (tos 0x0, ttl 64, id 8136, offset 0, flags [DF], proto TCP (6), length 52, *bad cksum 0 (->6c5f)!*) xxxxxxxxxx > xxxxxxxxxxxxxxx: ., *cksum 0xaec3 (incorrect (-> 0xf5d1)*, ack 4939 win 65535 <nop,nop,timestamp 1438111159 3084046415>
===============================
netstat -s
tcp:
7470 packets sent
2868 data packets (671900 bytes)
0 data packets (0 bytes) retransmitted
0 resends initiated by MTU discovery
3534 ack-only packets (101 delayed)
0 URG only packets
0 window probe packets
657 window update packets
411 control packets
7918 packets received
3225 acks (for 672008 bytes)
185 duplicate acks
0 acks for unsent data
4489 packets (2652174 bytes) received in-sequence
7 completely duplicate packets (7347 bytes)
0 old duplicate packets
0 packets with some dup. data (0 bytes duped)
291 out-of-order packets (412273 bytes)
0 packets (0 bytes) of data after window
0 window probes
1 window update packet
1 packet received after close
0 discarded for bad checksums
0 discarded for bad header offset fields
0 discarded because packet too short
207 connection requests
12 connection accepts
0 bad connection attempts
0 listen queue overflows
219 connections established (including accepts)
231 connections closed (including 9 drops)
2 connections updated cached RTT on close
2 connections updated cached RTT variance on close
0 connections updated cached ssthresh on close
0 embryonic connections dropped
3222 segments updated rtt (of 3193 attempts)
2 retransmit timeouts
0 connections dropped by rexmit timeout
0 persist timeouts
0 connections dropped by persist timeout
0 keepalive timeouts
0 keepalive probes sent
0 connections dropped by keepalive
2199 correct ACK header predictions
4128 correct data packet header predictions
0 SACK recovery episodes
0 segment rexmits in SACK recovery episodes
0 byte rexmits in SACK recovery episodes
0 SACK options (SACK blocks) received
275 SACK options (SACK blocks) sent
0 SACK scoreboard overflow
udp:
360 datagrams received
0 with incomplete header
0 with bad data length field
0 with bad checksum
21 dropped due to no socket
65 broadcast/multicast datagrams dropped due to no socket
0 dropped due to full socket buffers
0 not for hashed pcb
274 delivered
390 datagrams output
ip:
8278 total packets received
0 bad header checksums
0 with size smaller than minimum
0 with data size < data length
0 with ip length > max ip packet size
0 with header length < data size
0 with data length < header length
0 with bad options
0 with incorrect version number
0 fragments received
0 fragments dropped (dup or out of space)
0 fragments dropped after timeout
0 packets reassembled ok
8278 packets for this host
0 packets for unknown/unsupported protocol
0 packets forwarded (0 packets fast forwarded)
0 packets not forwardable
0 packets received for unknown multicast group
0 redirects sent
7869 packets sent from this host
0 packets sent with fabricated ip header
0 output packets dropped due to no bufs, etc.
8 output packets discarded due to no route
0 output datagrams fragmented
0 fragments created
0 datagrams that can't be fragmented
0 tunneling packets that can't find gif
0 datagrams with bad address in header

Troubleshooting Public Servers with packet-trace.

Hi, I'm new to Cisco, I've tried googling my problem but cannot find anything.
I am trying to setup Public Servers and my config looks great, but it doesn't work. I tried to packet-trace my config and I get an ALLOW when I use the same port from my source, but if I try with a different port, I get a DROP. I can't find where I can tell it to use any port from the source. Did I missed something?
ASA5510, Firmware : 9.1, ASDM : 7.5
SAME SOURCE PORT (Port 88 to Port 88)
Result of the command: "packet-tracer input outside tcp 123.123.123.1 88 W.W.W.13 88 detailed"
Phase: 1
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
object network MYOFFICE-PVR-PRIVATE-IP
nat (inside,outside) static MYOFFICE-PVR-PUBLIC-IP
Additional Information:
NAT divert to egress interface inside
Untranslate W.W.W.13/88 to A.A.A.254/88
Phase: 2
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group outside_access_in in interface outside
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_0 any object MYOFFICE-PVR-PRIVATE-IP
object-group service DM_INLINE_SERVICE_0
service-object object MYOFFICE-PVR-88
service-object object MYOFFICE-PVR-9000
Additional Information:
Forward Flow based lookup yields rule:
in id=0xacefb350, priority=13, domain=permit, deny=false
   hits=3, user_data=0xaa490880, cs_id=0x0, use_real_addr, flags=0x0, protocol=6
   src ip/id=0.0.0.0, mask=0.0.0.0, port=88, tag=0
   dst ip/id=A.A.A.254, mask=255.255.255.255, port=88, tag=0, dscp=0x0
   input_ifc=outside, output_ifc=any
Phase: 3
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xaca012b8, priority=1, domain=nat-per-session, deny=true
   hits=10478473, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
   src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
   dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
   input_ifc=any, output_ifc=any
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xace37850, priority=0, domain=inspect-ip-options, deny=true
   hits=7278021, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
   src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
   dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
   input_ifc=outside, output_ifc=any
Phase: 5
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
class-map class-default
match any
policy-map global_policy
class class-default
inspect icmp
service-policy global_policy global
Additional Information:
Forward Flow based lookup yields rule:
in id=0xad53bef0, priority=70, domain=inspect-icmp, deny=false
   hits=214393, user_data=0xad53b418, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
   src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
   dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
   input_ifc=outside, output_ifc=any
Phase: 6
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xad4981d0, priority=13, domain=ipsec-tunnel-flow, deny=true
   hits=65468, user_data=0x0, cs_id=0x0, flags=0x0, protocol=0
   src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
   dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
   input_ifc=outside, output_ifc=any
Phase: 7
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
nat (inside,outside) source dynamic any interface
Additional Information:
Forward Flow based lookup yields rule:
out id=0xacef3c40, priority=6, domain=nat-reverse, deny=false
   hits=4577, user_data=0xacef2a38, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
   src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
   dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
   input_ifc=outside, output_ifc=inside
Phase: 8
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xaca012b8, priority=1, domain=nat-per-session, deny=true
   hits=10478475, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
   src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
   dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
   input_ifc=any, output_ifc=any
Phase: 9
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xace84c40, priority=0, domain=inspect-ip-options, deny=true
   hits=6598652, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
   src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
   dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
   input_ifc=inside, output_ifc=any
Phase: 10
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 6654364, packet dispatched to next module
Module information for forward flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_tcp_normalizer
snp_fp_inspect_icmp
snp_fp_translate
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Module information for reverse flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_translate
snp_fp_tcp_normalizer
snp_fp_inspect_icmp
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: allow
DIFFERENT SOURCE PORT (Port 6000 to Port 88)
Result of the command: "packet-tracer input outside tcp 123.123.123.1 6000 W.W.W.13 88 detailed"
Phase: 1
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
object network MYOFFICE-PVR-PRIVATE-IP
nat (inside,outside) static MYOFFICE-PVR-PUBLIC-IP
Additional Information:
NAT divert to egress interface inside
Untranslate W.W.W.13/88 to A.A.A.254/88
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0xacefccb0, priority=11, domain=permit, deny=true
   hits=307712, user_data=0x5, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
   src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
   dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
   input_ifc=outside, output_ifc=any
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule

Never mind, I got it
object service MYOFFICE-PVR-88
service tcp source range 1 65535 destination eq 88

EtherChannel with Packet Tracer

I tried in Packet Tracer to bundle 4 links between 2 switches, each switch is connected to a host.
when I try to ping from host to other, it pings and successful, but when I try to disconnect a cable, which the selected link by the PAgP, it says Request timed out.
and it can't ping till I return that cable back again, what is the problem?

Hello, i have packet tracer 6.2, and i use Switches 3560(L3), my portchannel have two ports, when i reload de Switch1, after to startup the Switch appear this message
%EC-5-CANNOT_BUNDLE2: Fa0/1 is not compatible with Po1 and will be suspended (trunk encap of Fa0/1 is auto Po1 is dot1q)
%EC-5-CANNOT_BUNDLE2: Fa0/2 is not compatible with Po1 and will be suspended (trunk encap of Fa0/2 is auto Po1 is dot1q)
Do you Know what is the problem
CONFIG S1
interface Port-channel 1
switchport trunk allowed vlan 10,20
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0/1
channel-protocol pagp
channel-group 1 mode auto
switchport trunk allowed vlan 10,20
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0/2
channel-protocol pagp
channel-group 1 mode auto
switchport trunk allowed vlan 10,20
switchport trunk encapsulation dot1q
switchport mode trunk
CONFIG S2
interface Port-channel 1
switchport trunk allowed vlan 10,20
switchport trunk encapsulation dot1q
switchport mode trunk
interface FastEthernet0/1
channel-protocol pagp
channel-group 1 mode desirable
switchport trunk allowed vlan 10,20
switchport mode trunk
interface FastEthernet0/2
channel-protocol pagp
channel-group 1 mode desirable
switchport trunk allowed vlan 10,20
switchport mode trunk
Thanks

PB G4 to WRT54G Ping Times with Packet Loss!!???

This morning when I woke up my PB G4, my Airport couldn't find my network. Found out that my father had turned off the modem and router because his Dell, which is wired to the router, had slow connection to the network (10 MB/ps or less, I think). I tried using Internet Connect using the assigned Network name and entering the WPA Personal password with no luck. So I then reset the router, configured to it's original settings and my fathers Dell got a better connection but my PB has gotten slower in connecting to sites and the page loading is considerably slower. Looked at iStumbler and it shows a lower signal and now it's showing noise, where before there was none. I ran a ping test to the router and got this.
--- 192.168.1.1 ping statistics ---
100 packets transmitted, 98 packets received, 2% packet loss
round-trip min/avg/max/stddev = 1.536/2.495/26.476/3.414 ms
The router is a WRT54G v5 with the latest firmware that I had just reflashed.

I reset my router, changed the channel to 11 and disabled the SSID. That setting got a better but still iffy ping time with no noise.
I tried your suggestion and got this, along with some noise.
--- 192.168.1.1 ping statistics ---
100 packets transmitted, 99 packets received, 1% packet loss
round-trip min/avg/max/stddev = 1.596/4.201/33.784/6.652 ms
Any other ideas?

Need Help with Packet Loss and routing Loop perhaps???

Hi,
I am running into a very odd situation. One of our highly critical systems (172.18.1.2/16) is losing connection intermittently for brief periods of time (1minute, 3 minute, 50 seconds and so on).
I have gathered some information that I would like to share with you guys:
The switch is a 3560 (Show version is in ShowVersion.txt)
default gateway is 172.18.10.254/16 (virtual IP in an HSRP , packet capture is done on the active node)
I have noticed that pings to one of the default gateways drop infrequently (more frequently from machines on 172.18.0.0/16) segment.
total number of machines on 172.18.0.0/16 do not exceed 200
I have captured packets on Interface Vlan1 and I found something very weird, perhaps pointing to a routing loop??? (see capture.png) The ICMP request comes and hits the 172.18.10.254 with TTL of 128 TWICE! then packet capture shows that same packet with TTL decremented by one TWICE! again and again until it reaches TTL of 1 and then it responds with a reply.
At times it completely ignores the requests and causes a request timed out.
I am confused and need help in right direction. I really appreciate it.
can you also confirm if the multiple packets mean routing loop somewhere?
Thanks

Could you post a copy of your HRSP config and the results of a #show standby?
Thanks

Madwifi With Packet Injection

Similar Messages

Maybe you are looking for