The few times I've needed a packet manipulator, SnifferPro has worked fine for me. The idea I was shooting for (please keep in mind that yesterday I was working on 3 hours of sleep and no caffeine) was to put together a layer 3 broadcast with a layer 2 unicast address, specifically the destination MAC of the router's ethernet interface. That, combined with some packet debugging or accounting on the far router, could tell you if the router forwards traffic to the ip helper address because the layer 2 destination addy is all F's, or if it forwards to the ip helper addres because the layer 3 destination address is the subnet's broadcast addy.
I suppose if I'm that curious I should get off my arse and set up such a scenario here, but I let someone else label the cables in my pod, and I'm still working on fixing it... right now the classroom where we keep the routers has v.35 and cat5 cables strewn all over the place. Argh. Hal Logan Network Specialist / Adjunct Faculty Computing and Engineering Technology Manatee Community College > -----Original Message----- > From: R. Benjamin Kessler [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, November 07, 2001 5:18 PM > To: Logan, Harold; [EMAIL PROTECTED] > Subject: RE: IP helper address and subnet broadcast [7:25485] > > > Depends on what you're trying to do...the utility I used here is just > "nmap" - see www.insecure.org (note: this is a bit of a > "hacking" tool, so > use with caution). > > This is basically a port scanning tool, you can specify a > remote subnet to > scan but you give it the range of addresses to probe, I don't > see why you > couldn't probe a remote host that just happened to have the > same address as > the subnet broadcast somewhere. > > I guess by definition, if you've got a default gateway > configured and are > sending traffic to a remote subnet you'll have the local router's MAC > address as the destination. > > If you're looking to do something a bit more elaborate you > can try to use a > Sniffer to manufacture a string of packets but it is probably > more trouble > than it's worth. I'm sure that there are plenty of hacker > tools that will > do this but you'll probably need to go lurking on some > different lists to > find them... > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Logan, Harold > Sent: Wednesday, November 07, 2001 2:32 PM > To: [EMAIL PROTECTED] > Subject: RE: IP helper address and subnet broadcast [7:25485] > > > Interesting... By any chance do you have a packet manipulator > available? > For added fun you could put together a frame with a destination IP of > the subnet's broadcast addy, and a destination MAC of the routers MAC > address... > > > > -----Original Message----- > > From: R. Benjamin Kessler [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, November 07, 2001 2:03 PM > > To: [EMAIL PROTECTED] > > Subject: RE: IP helper address and subnet broadcast [7:25485] > > > > > > I setup a remote unix box running nmap and had it send > > packets to the subnet > > broadcast address (in my case 192.168.72.255). I configured > > my router with > > an ip helper command (sending to a single host). I > executed the nmap > > command with and without IP directed broadcast configured on > > the router > > interface and didn't see any difference. > > > > Running a sniffer-like device on the target (of the ip helper > > command) I was > > able to verify the receipt of the packets sent via nmap. > > > > Given a network similar to the following: > > > > +-------+ +-------+ > > -----| rtr a |--------| rtr b |----- > > e0 +-------+ e1 e1 +-------+ e0 > > > > My understanding of directed-broadcast is that if a packet > > sourced from rtr > > a's e0 network is sent to the broadcast address of rtr b's > > e0; rtr b will > > forward it if directed-broadcast is enabled and drop if not. > > > > IP helper impacts packets heading out (from the router) to > > the interface in > > question not packets inbound. > > > > To take this discussion a step further, the IP helper > > function processes > > packets sent to the MAC-layer broadcast address for the > > specified protocols. > > A packet sent to the local IP broadcast address (10.10.255.255 in > > Priscilla's example) will have the same MAC-layer destination > > address as a > > packet sent to 255.255.255.255. > > > > Comments, questions? Anyone think my logic is all wet? > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > > Priscilla Oppenheimer > > Sent: Tuesday, November 06, 2001 9:43 PM > > To: [EMAIL PROTECTED] > > Subject: Re: IP helper address and subnet broadcast [7:25485] > > > > > > I know how IP helper address, directed broadcasts, NetBIOS, > etc. work. > > (NetBIOS session service doesn't broadcast, by the way, and > > in fact uses > > TCP not UDP, so I doubt that it needs to be added to the > > list. It's used > > between a client and server after the client has mapped the > > NetBIOS name to > > the server's address.) > > > > The question is: will the router (with IP helper address) > > forward if the > > source sends to a subnet broadcast such as 10.10.255.255 > > instead of sending > > to 255.255.255.255? Nowhere does the documentation say that > > it won't, so I > > guess it will. > > > > Note that I am not asking about the forwarding of directed > > broadcasts. The > > IP helper address is configured with an actual server's > address, not a > > directed broadcast address. > > > > I'm not looking for the boring answers to the boring questions. The > > question is not the same one that you have seen many times. ;-) > > > > Priscilla > > > > At 10:09 PM 11/6/01, Erick B. wrote: > > >Priscalla, > > > > > >They need to enable one more 'ip forward-protocol udp' > > >globally for this to work, as well as enable > > >directed-broadcast on target router interface where > > >ip-helper is forwarding to. > > > > > >Also, I replied to nrf on this as well in more detail > > >just explaining helper-address and > > >directed-broadcasts. > > > > > >Default ports forwarded: > > > > > >Trivial File Transfer (TFTP) (port 69) > > >Domain Name System (port 53) > > >Time service (port 37) > > >NetBIOS Name Server (port 137) > > >NetBIOS Datagram Server (port 138) > > >BootP datagrams (port 67) > > >TACACS service (port 49) > > > > > >The one missing is: > > > > > >netbios-ss - Netbios session service (port 139) > > > > > >Also, I have done this and it works. > > > > > >Erick > > > > > >--- Priscilla Oppenheimer wrote: > > > > This message came to me offline. The Cisco > > > > documentation doesn't answer the > > > > question, but some of you might know. > > > > > > > > In a Windows environment, there are hosts that are > > > > sending WINS queries to > > > > an IP subnet broadcast address such as > > > > 10.10.255.255. These are UDP/IP > > > > packets destined to the UDP port 137 (NetBIOS Name > > > > Service). > > > > > > > > Will a router configured with an IP helper address > > > > forward these? We know > > > > that it will forward 255.255.255.255 broadcasts, but > > > > will it forward subnet > > > > broadcasts? > > > > > > > > The person posing the question does have a Sniffer. > > > > That's how he knows > > > > that these broadcasts are occurring. But presumably > > > > he doesn't have access > > > > to the other side of the router to see if these are > > > > getting forwarded. > > > > > > > > By the way, it's an H-node so it also sends a WINS > > > > directed packet, so > > > > presumably this isn't a troubleshooting question. I > > > > think it's just a > > > > curiosity question, with some concern about the > > > > extra traffic to the > > > > address of the server configured with the IP Helper > > > > address command. > > > > > > > > Thanks! > > > > > > > > Priscilla > > > > > > > > > >__________________________________________________ > > >Do You Yahoo!? > > >Find a job, post your resume. > > >http://careers.yahoo.com > > ________________________ > > > > Priscilla Oppenheimer > > http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=25699&t=25485 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
