How to get Scapy using adaptive ping with fragmented packets - ping

Is there any way to use adaptive ping option with Scapy? I need to send ICMP packets with flood interval for testing purposes.
Ping tool is not an option, because has adaptive ping yes, but cannot be send fragmented packets (except with -s option specifying bigger size than MTU for the interface) - however I am interested not in to send all the fragments, just some of them, it is why Scapy tool can do that but not ping.

Related

Acces Point unavailable by ICMP Ping Zabbix Monitoring

Using Zabbix 4.2 I detect that a device, more specifically, an Access Point, shows an alert saying that, the mentioned device is unavailable by ICMP Ping.
Does this mean that the mentioned device is offline or that it has been turned off?

How to sent HTML code of more than 1500 bytes via Ethernet in a fragments?

I had written a code for micro-controller in which HTML text is sent on a LAN to browser via Ethernet,the code works fine until the Ethernet frame size exceed to 1500 bytes.
Is there any way of sending HTML text to browser successfully in a fragments via Ethernet?
CASE: If text is fragmented prior sending!
The Browser in this case only display's first part of text fragment. While the rest fragments aren't updated on the browser.
Any support in this regard would be appreciated!
I'm assuming you are using a TCP stack and have not attempted to write the TCP/IP headers directly with your own code on the device. Then your problem most likely has to do with the Ethernet MTU (maximum transmission unit).
MTU is the maximum payload that can be transmitted (and received) by all devices on the network. Typical MTU size is 1500 bytes, but unfortunately it is common to have networks that require a lower MTU (e.g. when PPPoE or VLAN headers get added at some point). Usually it is just a configuration problem. Most Ethernet hardware supports MTUs well over 1500 bytes.
What usually happens is that as soon as TCP attempts to send a packet that is too large, it gets dropped at some point (sender, receiver, switch or router). A packet sniffer like Wireshark will do TCP analysis and tell you about suspected packet loss and TCP retransmission attempts.
It's TCP that is is splitting a stream into packets, so the TCP stack needs to know what the MTU is. On Linux the TCP stack it will get this setting from the network interface. You can see the current value with ip link or ifconfig. It needs to be configured on both sides of TCP the connection, but your problem should go away by just setting a lower MTU in the TCP stack of the embedded device.
In addition to that, IP fragmentation can happen when a router wants to forward a frame from a network with high MTU to a network with lower MTU (or if it has added another Ethernet header, and the frame is now too large). Unless you are using a very poorly implemented IP stack that doesn't support fragmentation, this should not be a problem. (But it's wasting bandwidth.) Depending on the flags, the router may then send an ICMP message to notify the sender about the problem. But if there is a firewall in-between that drops ICMP packets this will not work, and result in retransmission attempts without lowering the MTU.

How ping command work

in order to code a program, i need to know how the ping command is working.
I need to know, if a command ping -c1 "something" is executed, how many ipv4 packets and ethernet frames will be created ? considering that every cache is empty
thanks..
The ping command uses ICMP packets. In order to code a ping command you need to be able to send and receive ICMP packets.
In windows, this is done using winsock raw socket support. Here is an example of a ping using raw sockets.
In Linux, you just need sockets support. Here is a stack overflow question about how to do ICMP packets in Linux.
Or you can find a library that implements this for you.
Reply from 192.168.2.10: bytes=32 time<1ms TTL=128 - **Computer is on OS kernel still in memory**
Request timed out. - **OS is shutdown/Firewall blocking ICMP**
Reply from 192.168.2.10: Destination host unreachable. - **Computer powered off. Physical network active**
Here is the ping command explained for troubleshooting

TCPDump and TCPReplay to record and replay requests to application servers

Can TCPDump and TCPReplay be used to record(tcpdump) network traffic coming in to a application server/webserver/queue application etc., and then replayed using the dump on TCPReplay?
Let's say I setup a apache server and use TCPDump to capture the entire network traffic and dump it to a file. Now I run apache in a different machine and want to replay the traffic to this new apache server using the file. How can I achieve this?
I especially want to understand how TCPReplay would work in such a scenario. i.e. how would syn/ack responses work for TCP. How would a new a connection etc. be initiated?
Fred is right. Also, this question is answered in the Tcpreplay FAQ: http://tcpreplay.synfin.net/wiki/FAQ#Doestcpreplaysupportsendingtraffictoaserver
No, you cannot use Tcpreplay to replay traffic to a server. TCP sessions have random sequence numbers, and are fully stateful. Replaying previously recorded TCP traffic will be ignored by a server.

Possible for WebSocket client on browser to talk to TCP Socket server?

Is it possible to have a TCP Socket server running which accepts incoming connections from WebSocket clients? I have a TCP Socket server and I'd like to be able to test this in a browser. Is this possible?
Absolutely! That is the purpose of websockify.
Of course your WebSocket client application will need to be able to implement the protocol of the TCP server. For example, noVNC is a browser VNC client that implements the RFB protocol and by using websockify it can connect to a normal TCP based VNC server.
Disclaimer: I created both websockify and noVNC
TCP and WebSocket are not the same protocol or framing, so wiring them up blindly isn't going to work. Well ... technically, websocket is an upgrade of http which is layered on ssl (optionally) which in turn is layered on tcp.
TCP can be thought of as a stream of bytes, while WebSocket is a set frames.
WebSocket frames can be any of the following:
TEXT - consists of 1 or more frames making up a single UTF8 message
BINARY - consists of 1 or more frames making up a byte array message
CONTINUATION - used by TEXT and BINARY to piece together 2 or more frames.
PING - obvious
PONG - obvious
CLOSE - request a close/disconnect of the protocol.
In short, you'd need to implement the websocket protocol framing in order to have TCP wired up to websocket. And you'll need to implement basic HTTP UPGRADE in order to reach that point.