Re: Kernel 2.6.13: TCP (libnet?)
John McGowan wrote: > Kernel 2.6.13: TCP (libnet?) > > Broken libnet? > > KERNEL: linux-kernel@vger.kernel.org > LIBNET 1.1 (c) 1998 - 2004 Mike D. Schiffman <[EMAIL PROTECTED]> > > I don't like spam. I track spamvertized sites. Many only respond to TCP > packets sent to port 80. I need a TCP traceroute (traceroute using TCP/SYN > packets). > > I have four such programmes. > > 1: Hping in traceroute mode. >Poor. If it hits a router which does not respond, it just sits >and waits. > 2: LFT >OK. >a: Does not work in Fedora Core2 - without patching. > The source code expects a header of zero bytes in the > pcap output of zero bytes (hard coded in the source). > My captures have a "linux cooked capture" header of sixteen bytes. > Changing an offset from zero to sixteen gets it to work. >b: Requires traffic on the interface. > It seems it gets into a loop and awaits some traffic. > It examines it - if it is data it expects it uses it. > If it is other data from other programmes accessing the 'net > it does nothing with it. > In both those cases it moves on and starts over. > What if there is no traffic? Unless there is something for it > either to use or ignore, it seems to hang. To get it to work > I have to, say, read the NY Times online while running it. > (I believe the traceproto site mentions doing something to > get around the timeout problem) >Output is OK - but I don't really like it. > 3: Tcptraceroute >I have used this since kernel 2.2 through 2.4 >(older version with older version of libnet) and >2.6.5, 2.6.7, 2.6.9, 2.6.10, 2.6.11, 2.6.12 >It was my favourite until I got traceproto. > 4: Traceproto >I have used this in kernels 2.4, >2.6.5, 2.6.7, 2.6.9, 2.6.10, 2.6.11, 2.6.12 >Good. > > > In kernel 2.6.13: [patching 2.1.12 with the patch file] > > Standard "traceroute" works. > LFT works. > HPING works (also in traceroute mode). > tcptraceroute fails. > traceproto (tcp or udp mode) fails. > > How do they fail? > > A TCPDUMP shows that they do send out the packets. > I do get back ICMP "time exceeded" error messages. > They no longer recognize them. > > Something that had never changed before has now changed > and has broken traceproto and tcptraceroute. [netdev CC'ed] Could you provide tcpdump dumps and your .config file please? - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Kernel 2.6.13: TCP (libnet?)
On Maw, 2005-08-30 at 15:41 -0400, John McGowan wrote: > Kernel 2.6.13: TCP (libnet?) > > Broken libnet? > > KERNEL: linux-kernel@vger.kernel.org > LIBNET 1.1 (c) 1998 - 2004 Mike D. Schiffman <[EMAIL PROTECTED]> network bugs are best reported to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Kernel 2.6.13: TCP (libnet?)
On Tue, 30 Aug 2005, Alan Cox wrote: > On Maw, 2005-08-30 at 15:41 -0400, John McGowan wrote: > > Kernel 2.6.13: TCP (libnet?) > > > > Broken libnet? > > > > KERNEL: linux-kernel@vger.kernel.org > > LIBNET 1.1 (c) 1998 - 2004 Mike D. Schiffman <[EMAIL PROTECTED]> > > network bugs are best reported to [EMAIL PROTECTED] Correction!!! Please use netdev@vger.kernel.org -- ~Randy - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Kernel 2.6.13: TCP (libnet?)
Kernel 2.6.13: TCP (libnet?) Broken libnet? KERNEL: linux-kernel@vger.kernel.org LIBNET 1.1 (c) 1998 - 2004 Mike D. Schiffman <[EMAIL PROTECTED]> I don't like spam. I track spamvertized sites. Many only respond to TCP packets sent to port 80. I need a TCP traceroute (traceroute using TCP/SYN packets). I have four such programmes. 1: Hping in traceroute mode. Poor. If it hits a router which does not respond, it just sits and waits. 2: LFT OK. a: Does not work in Fedora Core2 - without patching. The source code expects a header of zero bytes in the pcap output of zero bytes (hard coded in the source). My captures have a "linux cooked capture" header of sixteen bytes. Changing an offset from zero to sixteen gets it to work. b: Requires traffic on the interface. It seems it gets into a loop and awaits some traffic. It examines it - if it is data it expects it uses it. If it is other data from other programmes accessing the 'net it does nothing with it. In both those cases it moves on and starts over. What if there is no traffic? Unless there is something for it either to use or ignore, it seems to hang. To get it to work I have to, say, read the NY Times online while running it. (I believe the traceproto site mentions doing something to get around the timeout problem) Output is OK - but I don't really like it. 3: Tcptraceroute I have used this since kernel 2.2 through 2.4 (older version with older version of libnet) and 2.6.5, 2.6.7, 2.6.9, 2.6.10, 2.6.11, 2.6.12 It was my favourite until I got traceproto. 4: Traceproto I have used this in kernels 2.4, 2.6.5, 2.6.7, 2.6.9, 2.6.10, 2.6.11, 2.6.12 Good. In kernel 2.6.13: [patching 2.1.12 with the patch file] Standard "traceroute" works. LFT works. HPING works (also in traceroute mode). tcptraceroute fails. traceproto (tcp or udp mode) fails. How do they fail? A TCPDUMP shows that they do send out the packets. I do get back ICMP "time exceeded" error messages. They no longer recognize them. Something that had never changed before has now changed and has broken traceproto and tcptraceroute. LIBNET? --- Do both tcptraceroute and traceproto rely on libnet? Does kernel 2.6.13 break libnet? What other programmes use libnet? I tried getting the latest libnet (Stable Version: 1.1.2.1), recompiling and then recompiling traceproto - this did not help. TRISKAIDEKAPHOBIA - Ah well ... this *is* 2.6.*THIRTEEN*, after all. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Kernel 2.6.13: TCP (libnet?)
Kernel 2.6.13: TCP (libnet?) Broken libnet? KERNEL: linux-kernel@vger.kernel.org LIBNET 1.1 (c) 1998 - 2004 Mike D. Schiffman [EMAIL PROTECTED] I don't like spam. I track spamvertized sites. Many only respond to TCP packets sent to port 80. I need a TCP traceroute (traceroute using TCP/SYN packets). I have four such programmes. 1: Hping in traceroute mode. Poor. If it hits a router which does not respond, it just sits and waits. 2: LFT OK. a: Does not work in Fedora Core2 - without patching. The source code expects a header of zero bytes in the pcap output of zero bytes (hard coded in the source). My captures have a linux cooked capture header of sixteen bytes. Changing an offset from zero to sixteen gets it to work. b: Requires traffic on the interface. It seems it gets into a loop and awaits some traffic. It examines it - if it is data it expects it uses it. If it is other data from other programmes accessing the 'net it does nothing with it. In both those cases it moves on and starts over. What if there is no traffic? Unless there is something for it either to use or ignore, it seems to hang. To get it to work I have to, say, read the NY Times online while running it. (I believe the traceproto site mentions doing something to get around the timeout problem) Output is OK - but I don't really like it. 3: Tcptraceroute I have used this since kernel 2.2 through 2.4 (older version with older version of libnet) and 2.6.5, 2.6.7, 2.6.9, 2.6.10, 2.6.11, 2.6.12 It was my favourite until I got traceproto. 4: Traceproto I have used this in kernels 2.4, 2.6.5, 2.6.7, 2.6.9, 2.6.10, 2.6.11, 2.6.12 Good. In kernel 2.6.13: [patching 2.1.12 with the patch file] Standard traceroute works. LFT works. HPING works (also in traceroute mode). tcptraceroute fails. traceproto (tcp or udp mode) fails. How do they fail? A TCPDUMP shows that they do send out the packets. I do get back ICMP time exceeded error messages. They no longer recognize them. Something that had never changed before has now changed and has broken traceproto and tcptraceroute. LIBNET? --- Do both tcptraceroute and traceproto rely on libnet? Does kernel 2.6.13 break libnet? What other programmes use libnet? I tried getting the latest libnet (Stable Version: 1.1.2.1), recompiling and then recompiling traceproto - this did not help. TRISKAIDEKAPHOBIA - Ah well ... this *is* 2.6.*THIRTEEN*, after all. - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Kernel 2.6.13: TCP (libnet?)
On Maw, 2005-08-30 at 15:41 -0400, John McGowan wrote: Kernel 2.6.13: TCP (libnet?) Broken libnet? KERNEL: linux-kernel@vger.kernel.org LIBNET 1.1 (c) 1998 - 2004 Mike D. Schiffman [EMAIL PROTECTED] network bugs are best reported to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Kernel 2.6.13: TCP (libnet?)
On Tue, 30 Aug 2005, Alan Cox wrote: On Maw, 2005-08-30 at 15:41 -0400, John McGowan wrote: Kernel 2.6.13: TCP (libnet?) Broken libnet? KERNEL: linux-kernel@vger.kernel.org LIBNET 1.1 (c) 1998 - 2004 Mike D. Schiffman [EMAIL PROTECTED] network bugs are best reported to [EMAIL PROTECTED] Correction!!! Please use netdev@vger.kernel.org -- ~Randy - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: Kernel 2.6.13: TCP (libnet?)
John McGowan wrote: Kernel 2.6.13: TCP (libnet?) Broken libnet? KERNEL: linux-kernel@vger.kernel.org LIBNET 1.1 (c) 1998 - 2004 Mike D. Schiffman [EMAIL PROTECTED] I don't like spam. I track spamvertized sites. Many only respond to TCP packets sent to port 80. I need a TCP traceroute (traceroute using TCP/SYN packets). I have four such programmes. 1: Hping in traceroute mode. Poor. If it hits a router which does not respond, it just sits and waits. 2: LFT OK. a: Does not work in Fedora Core2 - without patching. The source code expects a header of zero bytes in the pcap output of zero bytes (hard coded in the source). My captures have a linux cooked capture header of sixteen bytes. Changing an offset from zero to sixteen gets it to work. b: Requires traffic on the interface. It seems it gets into a loop and awaits some traffic. It examines it - if it is data it expects it uses it. If it is other data from other programmes accessing the 'net it does nothing with it. In both those cases it moves on and starts over. What if there is no traffic? Unless there is something for it either to use or ignore, it seems to hang. To get it to work I have to, say, read the NY Times online while running it. (I believe the traceproto site mentions doing something to get around the timeout problem) Output is OK - but I don't really like it. 3: Tcptraceroute I have used this since kernel 2.2 through 2.4 (older version with older version of libnet) and 2.6.5, 2.6.7, 2.6.9, 2.6.10, 2.6.11, 2.6.12 It was my favourite until I got traceproto. 4: Traceproto I have used this in kernels 2.4, 2.6.5, 2.6.7, 2.6.9, 2.6.10, 2.6.11, 2.6.12 Good. In kernel 2.6.13: [patching 2.1.12 with the patch file] Standard traceroute works. LFT works. HPING works (also in traceroute mode). tcptraceroute fails. traceproto (tcp or udp mode) fails. How do they fail? A TCPDUMP shows that they do send out the packets. I do get back ICMP time exceeded error messages. They no longer recognize them. Something that had never changed before has now changed and has broken traceproto and tcptraceroute. [netdev CC'ed] Could you provide tcpdump dumps and your .config file please? - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
