Wolfgang:
Heya. Diving in again:
> to a)
> maybe to create a device group to show the bridge manually, then after
> that devices. In my case i connected the devices manual directly to
> network, and they show up, then i moved them back on the bridge (but
> they show now as not active)
Hurm. What vendor/model-number is your bridge/access-point? It
sounds like it's doing a lot more than just bridging to me; it sounds
as if it's acting as a router.
> to b)
> <snip>
> Yesterday, after your answer, i was playing around, found that the
> network card is not on the Me PC, but on the main PC. I switched all the
> servers on auditt off, but still it showed that 127.0.0.1 was connected.
> After a couple of reboots and different servers on and off, now it shows
> that the 127.0.0.1 is always connected, independent if the Me PC is
> switched on or off or the servers are running.
This is very interesting. Try this: restart Kaboodle on your main
PC with the shift-key held down (this forces it to re-discover your whole
network). While it's doing that, open a Windows command line and type
"arp -a" to see what the ARP cache is. Kaboodle uses this same information
to build its network database. Can you find the MAC address getting associated
with 127.0.0.1 in this list?
> to d) on XP it is WinPcap 3.1 beta3 (same on all my PC)
Hmmm. Try de-installing WinPcap 3.1-beta3, and "downgrading" it
to version 3.01. The guys at Polito.it changed how WinPcap 3.1-beta3
behaves, and it's been reported to break apps (like Nmap) which depend
on it. I'll make sure the next release of Kaboodle works with both modes
of WinPcap operation.
> to e)
> what i want to do is to have a pc on a corporate LAN
> (on the corporate LAN, you can not run kaboodle or winPcap, because i assume
> WinPcap is running in promiscuous mode and a security scanner on a corporate
> LAN would drive gracy, also with the flash ping etc.)
Yes, Kaboodle is easily detected on a corporate LAN running IDS
systems.
> so i would run sockscap (we have a socks server, or you could even use
> a socks tunneling service to get out of the corporate firewall)
>
> then you start kaboodle out of sockscap, this would bring the kaboodle
> via the socks server out on the internet, also there its not a good
> ideas to have kaboodle and WinPcap sneaking around.
>
> So for this reason i would like to have the possiblility to start
> kaboodle in a "passive" mode (no pinging, no winpcap etc0 and only when
> a tunnel is established via zebedee to my home network, you would
> switch kaboodle to "running mode' with all the sneaking around.
Yes, I think my "sub-LAN" plans for Kaboodle will support this.
cheers,
Scott
> On 22/Jun/2004 19:24:17, Scott C. Best wrote:
> > Wolfgang:
> >
> > Heya. Let me dive right into your questions:
> >
> > > a) seems to be when there is a wireless bridge in the network, kaboodle
> > > does not correctly identify the attached devices. Kaboodle shows a
> > > device with the IP adress of the wireless bridge (netgear) and the mac
> > > adress of the attached device. does not see port 80 on attached device.
> > > when attached device is connected directly to network with bridge it is
> > > detected correctly (this is the case with a Dlink camera, also a RIO
> > > receiver, and also a Lindows PC). Did not check what happens when there
> > > are more then one device is connected behind bridge. I have 3 wireless
> > > bridges in network (2x netgear, 1x Dlink, all act the same)
> >
> > In the current version, Kaboodle uses a MAC address as a unique
> > identifier for a device. So if the wireless bridge is "proxy ARP'ing" for
> > the devices behind it, it will get confused. I would guess that it will
> > display only one device with that MAC address: the one with the
> > numerically lowest IP address in the subnet.
> >
> > Given the lack of any other "permanent" identifier for a discovered
> > device (besides the MAC address), I'm not sure yet what a good solution
> > is. I'm investigating some methods of trying to detect what MAC addresses
> > a bridge acts as a proxy for.
> >
> > > b) also Kaboodle detects a device with IP 127.0.0.1 (how is this
> > > possible?) with a mac adress not existing on the network. This device is
> > > only detected when a PC with ME is on the network, this PC has a second
> > > network card, not installed, not connected to any network installed (mac
> > > not known).....i assume it sees this network card...no explanation for
> > > whatever reason (i can not check the mac adress at the moment of this
> > > not used network card to check if this is really the case)
> >
> > Do you see this error when Kaboodle is run on the WinME PC with
> > the two network cards? Or do you see this error when Kaboodle is running
> > on one of the other PC's, when the WinME PC is attached to the network?
> > The loopback address error might be an artifact of (a) above, when
> > Kaboodle thinks it has two devices with the same "unique" identifier.
> >
> > > c) this brings up the point that it would be nice to have the
> > > possibility to suppress the display of a device, like this or when a
> > > laptop is only visiting once your network and then can not be removed
> > > anymore.
> >
> > I call this a "Hidden List" functionality, to tell Kaboodle not
> > to display a group of devices. It should be in the 1.0 release.
> >
> > > Also to "join" two or more devices, for example the same laptop one
> > > time connected wireless and the next time wired, show up as separate
> > > devices.
> >
> > That's a good point.
> >
> > > d) Kaboodle works on w2k and ME with pcap (my main kaboodle runs on
> > > w2k), when installed on XP it seems only working when pcap is NOT
> > > installed. After I installed pcap, kaboodle only comes up, identifies
> > > the network and devices and then crashes and closes. (have not tried
> > > yet to uninstall pcap, if this solves the problem)
> >
> > Yikes. Which version of WinPcap?
> >
> > > e) i would like to connect from a external PC (external to my home
> > > kaboodle network) to my kaboodle network. As this PC is on a large
> > > network or directly on the internet, it would be great to switch of the
> > > detection function of kaboodle as long it is not connected via zebedee
> > > to my home kaboodle network via the VPN. Any way to do this ?
> >
> > Not yet, no. Right now, by default, Kaboodle can be used to
> > connect one entire network to another entire network, only. In future
> > releases, I plan to support "sub-LANs", so that when Kaboodle makes a
> > remote connection, only some of the devices on either side are exposed
> > to the other side. I think that's what you're looking for.
> >
> > Please let me know when you can about the (b) and (d)
> > clarifications. Thanks!
> >
> > -Scott
> >
> >
> >
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email sponsored by Black Hat Briefings & Training.
> > Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
> > digital self defense, top technical experts, no vendor pitches,
> > unmatched networking opportunities. Visit www.blackhat.com
> > _______________________________________________
> > Kaboodle-user mailing list
> > [EMAIL PROTECTED]
> > https://lists.sourceforge.net/lists/listinfo/kaboodle-user
> > To UNSUBSCRIBE, click on the above link.
> >
> >
> >
>
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Kaboodle-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/kaboodle-user
To UNSUBSCRIBE, click on the above link.
