Re: [ilugd] Reading TCP packets
Raj Mathur [EMAIL PROTECTED] writes: OK, let me rephrase -- even if you can have packets for two different applications arriving on the same TCP port, actually doing so would be going against one of the basic design tenets of IP (the unique address/protocol/port identifier). I'd strongly recommend against such a setup. Apart from being totally incomprehensible to anyone else (or even to yourself 6 months after you set it up), it'll be impossible to replicate properly, and extremely fragile -- you don't write applications that break when a client upgrade changes the value of one bit in a packet somewhere. Is it fragile if iptables marks the packets in, say, unused bits of the tos settings of the tcp/ip packet just after the generator sends it? (I'm assuming this tag will traverse the net without problems so it can be filtered according to tos by iptables at the other end - I don't know how that may work in practice - it seems convenient. I'm sure you have a better idea than I do.) All in all, a horribly dirty hack which I personally wouldn't touch with a 20-metre barge pole. If it's documented how the marking is done and it traverses without causing hiccups, then it looks like a pretty clean hack (iptables being the only places the implementor has to do stuff), given the conditions the original poster has to follow. I'm almost inspired to test it out myself... PJ ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
Re: [ilugd] Reading TCP packets
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 PJ writes: Raj Mathur [EMAIL PROTECTED] writes: OK, let me rephrase -- even if you can have packets for two different applications arriving on the same TCP port, actually doing so would be going against one of the basic design tenets of IP (the unique address/protocol/port identifier). I'd strongly recommend against such a setup. Apart from being totally incomprehensible to anyone else (or even to yourself 6 months after you set it up), it'll be impossible to replicate properly, and extremely fragile -- you don't write applications that break when a client upgrade changes the value of one bit in a packet somewhere. Is it fragile if iptables marks the packets in, say, unused bits of the tos settings of the tcp/ip packet just after the generator sends it? (I'm assuming this tag will traverse the net without problems so it can be filtered according to tos by iptables at the other end - I don't know how that may work in practice - it seems convenient. I'm sure you have a better idea than I do.) Yes, this seems a good hack, but you need iptables (or pf or some other intelligent firewall) at the end of packet generating device or packet generating device should be configurable to allow user to set ToS byte. Never thought unused ToS bits can be used this way :) . OR other hack would be to filter on the basis of source address:source port (provided IPv4 address and TCP port used for sending packets from packet generator is static) of the packets. Ashish - -- ·-- ·- ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- -- -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkiK95IACgkQHy+EEHYuXnSGHQCfYJUcoXncWF1y91RiY0vbIClF de8AnjXf+dNUiVaibKgg0NjNlQyVJ9Fg =64Of -END PGP SIGNATURE- ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
[ilugd] Invitation to connect on LinkedIn
LinkedIn Ankit Sharma requested to add you as a connection on LinkedIn: -- Vinay, I'd like to add you to my professional network on LinkedIn. -Ankit View invitation from Ankit Sharma http://www.linkedin.com/e/qWyQOxWKoBniiga-E9SHaxMCNW6ih6nQ4y5zLL81tR/blk/675119170_2/cBYMdP4Vcj4RdPoLqnpPbOYWrSlI/svi/ -- DID YOU KNOW you can conduct a more credible and powerful reference check using LinkedIn? Enter the company name and years of employment or the prospective employee to find their colleagues that are also in your network. This provides you with a more balanced set of feedback to evaluate that new hire. http://www.linkedin.com/e/rsr/inv-27/ -- (c) 2008, LinkedIn Corporation ___ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/