I am trying to modify the destination address for an incoming ping request at the switch using a POX controller. I use packet.next to modify the destination address. Once this address is modified I create a new packet with the incoming source IP and the new destination IP. But my pings aren't getting through. I also make sure that the nw destination of the message is modified before it is sent to the switch.
It will be really helpful if someone can help me solve this issue.
I'm using the l3_learning.py sample program present in Mininet.
I've added this condition in the handle_PacketIn function to the ifinstance(packet.next,arp).
My code
: : if str(packet.src)==str("00:00:00:00:00:19") and (inport)==19: packet.src = EthAddr("00:00:00:00:00:22") inport = 22 if str(packet.dst)==str("00:00:00:00:00:19") and inport==19: a1.protosrc = IPAddr("10.0.0.6") a1.hwsrc = EthAddr("00:00:00:00:00:22")
I then send an ARP packet.
I have changed the nw_dst using ofp.match() –
I figured out what I was doing wrong. Instead of programming flows I was directly trying to modify the packets to redirect to the hosts. That was why I was unable to get a ping response.
Related
I'm using plus-addressing on Exim to create an automated system - I will process emails based on the local part of the address. So eg:
From: me#eximdomain.com
To: robot+project-4#eximdomain.com
This works well - I can process it based on the To address (specifically project-4). But ideally I want to be able to BCC an email to this address, eg:
From: me#eximdomain.com
To: somebody#otherdomain.com
Bcc: robot+project-4#eximdomain.com
When I am checking the mailbox for robot, I see the message, but nowhere in the header is the actual address that got it there, ie robot+project-4#eximdomain.com - so I cannot process it.
Obviously I do not want somebody#otherdomain.com to be aware of this address; but when robot#eximdomain.com receives it, I want to know that it was actually BCCd to robot+project-4#eximdomain.com (in some/any header).
Is there any way to do this?
Figured this out, if anyone comes across this: added this option to my local delivery transport (Dovecot LMTP in my case):
envelope_to_add = true
It then generates an Envelope-to header containing the incoming address.
Ich have one assignment and I need a little help. I have infected.pcap and the following task:
Hardcoded IP addresses Sometimes, malware contains hardcoded IP addresses to download their payload or to communicate with their command and control (C&C) server. Find all such communication. Hint: Such IPs have no preceding DNS request.
I need to solve it with Bro script. This was my idea, but unfortunatelly all my connections have no DNS request:
#load base/protocols/dns/main.bro
event file_timeout(f: fa_file)
{
for ( cid in f$conns )
{
if(f$conns[cid]?$dns){
print f$conns[cid]$dns;
print "DNS";
}else {
print "No DNS";
}
}
}
Do you know maybe what is wrong with my code?
I would suggest that you're using the wrong event for this. The file_timeout only occurs if a file transfer was occurring and then stopped without completing. A much more interesting event correlation would be:
Track DNS address lookup responses (I would likely use event
dns_A_reply(c: connection, msg: dns_msg, ans: dns_answer, a:
addr)).
Record the addresses returned in a set; this will provide
you a set of all addresses that were discovered through a DNS query.
Examine outbound requests (where orig_h on the SYN is an internal
address)
Check to see if the address in id$resp_h is in the set of
addresses step 2. If it is, return, if it isn't,
generate a notice since you have an outbound connection attempt with
no corresponding DNS lookup.
I have already asked this question on the Splunk website but didn't get any reply. I hope Stack Overflow users can help me.
I want to blacklist events with the debug keyword in them, from host host1 and sourcetype source::type. Can anyone help me with this? I know I can blacklist events either from host or sourcetype but not from both.
Here is the configuration I have tried:
# Props.conf
[host::host1]
index=new-index
TRANSFORMS-set= setnull
#transforms.conf
[setnull]
REGEX = .*\s+Debug\s+.*
DEST_KEY = queue
FORMAT = nullQueue
This works best just for host1 but I want other sourcetypes from host1 with Debug to be whitelisted.
Your event most probably contains an identifier of either the host or the sourcetype. If that is the case, you need to factor that into your regex and do the property match against the other property (i.e. if host1 is contained in the event's text, than you filter against the sourcetype in props.conf)
If I remember correctly there is a (more complicated) way to chain queues where you put all events from host1 that contain debug into a temporary queue and then only send events with both host and sourcetype to the nullQueue.
I have tired to search how to send USSD command on Google.
I want to check may balance from operator.
All of the samples I have seen use commands like this:
"AT+CUSD=1,\"*140*1#\"\r\n";
It seems to be correct. I am using something like this that I think works. I have a D-Link GSM modem, and when I send this command using it, it makes some noise on my speaker, which I believe tells me something happened.
my modem have it's own windows application when i disconnected modem by my own application,i check it by modem's application and in USSD tab i can found the result of my commands that i sent by myself application.
then that command works fine but i 'm confuse what is happens when i sent my command it return me "OK" and do not return operator answer and how my modem's application can read that answer????????
i test these commands but can not get result and my modem just return somethings like this:
"AT+CUSD=1,\"*140*1#\"\r\n\OK\r\n" only.
1) "AT+CUSD=1,\"*140*1#\",15\r\n"
2) "AT+CUSD=1,\"*140*1#\",1\r\n"
3) "AT+CUSD=1,\"*140*1#\",15\r"
4) "AT+CUSD=1,\"*140*1#\",1\r"
5) "AT+CUSD=1,\"*140*1#\""
i think reading command's result maybe has difference command or i should set some config on my modem .
it is very interesting for me that my modem do not return error to me and always return OK.
You need to set the Message format to AT+CMGF=0, before sending your USSD Command. This is PDU Mode (http://www.smartposition.nl/resources/sms_pdu.html). I was stumped using AT+CMGF=1, which is Text mode, before I decided to try AT+CMGF=0.
Worked like Magic.
So:
Set Message Format to PDU (AT+CMGF=0)
Execute Your USSD Command (AT+CUSD=1,*544*2*3#,15) - example message
Read response from the Port.
I am assuming that you know already how to form your AT Commands and Read the response from the Port.
I found that my modem use more than one port and i should connect at the first port to send my command and listen to another port to get the USSD command's result
Try This using Hyperterm Serial Monitor Application ( https://www.hilgraeve.com/hyperterminal-trial/ )
First Convert Modem to PDU Mode :
AT+CMGF=0
Second USSD Code Send :
AT+CUSD=1,"#132#",15
( Use your Country Carrier Codes )
Finally Read Output from Terminal :)
i just use this "AT+CUSD=1,'*120#',15" in my country the USSD code is *120# but remember if you are using it withing a code you must add crlf character to the end hope this help
Is there a way to display the system ip address and port number in a text box that is generated dynamically???
I want the system to put the ip address into a text box according to the machine.
Siddharth
Since you mentioned a text box, I can only postulate that you are talking about a web browser, and in that case 99.9% of the time you are talking about http and then 99.999% of the time a TCP connection. This means that your connection will have a 4-Tuple consisting of the source ip:port and the destination ip:port. In most cases the port numbers are fairly standard (80) for the destination (client).
Then you get into the very common issues of NAT and the like, so again I think you need to clarify what type of ip address you want. The publicly routable ip address is obtained server side and the LAN address will be obtained from the localhost.
For the more interesting case (publicly routable ip) I would just use a server side script (python, PHP, C, etc...) to read the incoming ip address and then use a little ajax to set the value of the text box. I did something similar for a project and it worked really well. Our client program was written in Python and C but this will give you an idea...
# Returns the client's public IP address (past any NATs)
def get_public_ip():
return urllib.urlopen('http://ddih.org/ip.php').read().strip()
I think something like set the inner html... from that webpage...
Hope this helps.
Your system does not have a port number. Port numbers are a software concept to differentiate different IP or UDP applications that might want to listen for connections on your IP address.
Also, it is quite possible to have more than one IP address. In fact, your system almost always has two if you count the loopback address (127.0.0.1). Even if you don't these days even many consumer PC's have multiple ethernet jacks.
You didn't say you were using Win32 so I don't know that it will be useful to you, but here's some code I wrote once that puts all local IP addresses (loopback excepted) into a an MFC CComboBox. It's a bit more C-ish than I'd like to see these days, but here it is.
size_t const Max_Expected_Addresses = 20; // Something rediculous
unsigned long IPADDRTBL_Size = sizeof(DWORD) + sizeof(MIB_IPADDRROW) * Max_Expected_Addresses;
PMIB_IPADDRTABLE IP_Address_Table = (PMIB_IPADDRTABLE) malloc (IPADDRTBL_Size);
if (GetIpAddrTable (IP_Address_Table, &IPADDRTBL_Size, TRUE) == NO_ERROR) {
for (DWORD i = 0; i < IP_Address_Table->dwNumEntries; i++) {
// Skip the loopback.
if (IP_Address_Table->table[i].dwAddr == 0x0100007f) continue;
if (m_IP_Address == "") m_IP_Address = String_Address(IP_Address_Table->table[i].dwAddr);
m_IP_Address_List.AddString (String_Address(IP_Address_Table->table[i].dwAddr));
};
}
m_IP_Address_List is an MFC control defined as a CComboBox which gets filled in by this snippet.
m_IP_Address is a CString tied to an MFC textbox control (IIRC) which I use to store the currently selected (or first found on startup) IP address.