How to change Packet to look like a Windows packet?
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How to change Packet to look like a Windows packet?
I am having a problem connecting to the world. I have a Windows XP Home on one Partition and Mandrake Linux 9.1 on the other. Windows gets on fine but Linux goes no where. I have been thru all my settings and finally realized that nothing was wrong. I have been through almost all of my howto's and all online documentation. I now have a static ip and the correct driver. I realized though I can't Ping anything else on the network I can port scan using nmap with -P0 (no ping) option. As such I can see my local dns servers and the gateway.
I asked many of the local network admins and they had no idea why this was. After a few weeks I finally found one with an smart idea as to why this may be. The firewalls on the network might be configured as to filter out linux packets for secure reasons.
As we cannot change our firewall without facing the wrath of the government (I am a soldier out in middle of no where with at least 3 firewalls between me and the world) I have been trying to find a way to edit the outgoing packets from my computer so the read to the filters as a windows box .... little luck so far ... any suggestions ? or does this sound like a dead end?
You're sure about a firewall filtering linux packets??
I'm a network admin by trade, and i've allways assumed a packet is a packet.. it's just tcp and is'nt that a standard??
I could be wrong, and i'm not basing my answer on proof, but i would have thought a packet is a packet. Just data, unless there's a header that identify's the OS it's coming from.. Look into editing packet headers maybee??
Hope that made some sence, as i notice noone else gave an opinion yet.
If I remember right a packet is made of at least 2 layers the IP packet layer, which encloses the TCP packet layer. Then the data is enclosed in the tcp layer.
There is a couple lines in the header dealing with destination and source, but I don't remember what else.
I don't know if a editor will work have't found any yet, any suggestions?
And thanks for the support. Got any ICE you can send my way??
Install Ethereal and sniff the packets going out on a Linux box, and do the same on a Windows box. Try this using a standard ping. The packets should have an identical format (not necessarily identical contents because of machine identification). A packet is a packet is a packet, because every TCP/IP-capable operating system needs to speak a universal language. For more information, try looking up details on Transmission Control Protocol/Internet Protocol at http://www.faqs.org/
Last edited by Rumblefish; 08-27-2003 at 01:16 PM.
Hey there Soldier,
Rumblefish is exactly right. There are certian "fingerprinting" methods of finding out what OS you're using over a network, but most firewalls aren't going to filter this out. It's more likely that your problem lies elsewhere.
'Packets' traverse 7 layers in the OSI/ISO Model. Physical, Data Link, Network, Transport, Session, Presentation, and Application layers. There's no way to really "edit" packets in real time, as they're shooting across your network quite fast, and sometimes in fragments. You can do some pretty neat stuff with iptables' packet mangling though.
How far can you get your packets to go before they're dropped?
Also, there are DoD firewalls that drop icmps, so don't base this on icmp alone.
BTW Windows XP and Linux aren't authorized workstation OSs on the NIPRNet, if that's the network you're on. (Definately not authorized on "other"Net's)
I'm also deployed out to a 'desert region', so I feel your pain.
Distribution: Debian Jessie, FreeBSD 10.1 anything *nix to get my fix
Posts: 329
Rep:
I've been trying to learn something about designing & testing tcp/ip networks recently - i'm no expert yet but it seems to me that your problem is associated *not* with the filtering of packets from your linux box, but may have more to do with getting an ip address on booting under linux.
If your network has a cable modem, windows will get a dhcp ip address for a period. If this is the case, static ip address on linux boot will not allow you to access the net. You will have to set linux to boot the network interface with dhcp enabled.
im not sure what you would have to do if your using a normal modem.
The reason your linux machine can see everything on your network is probably because they are on the same ethernet segment (the wires plugged into a single shared hub).
If you're on cable or DSL chances are you have one IP address. You need a broadband router or a really rigged up routing table on your gateway box to get broadband to route properly. Remember also that your router setup has to match your system setup (if the router is set for DHCP, the system must be; if the router is set to expect a static IP, the system must have the corect IP and must be set up with the right routing table as well).
ok, ping requests do not contain OS information to my knowledge. if u cant ping, from one OS but can from another, you have other issues, not a router blocking Linux requests.
to add to what i just said and to build off what others have said:
routers only deal in TCP/IP or TCP/UDP (and other standard protocol stuff) that contain no information on the OS it came from. OS information would be deep down into the data layer (like a server getting the browser information from a client). For a router to figure out what OS a packet came from would involve 2 much overhead for that router to be a very good router. Ethernet frames (to add to the list) also do not contain OS info.
ok, ping requests do not contain OS information to my knowledge.
that's not entirely true. When you send a ping from windows, it's puts incrementing char codes in the data field (ex: abcde...) Linux does it a different way, other OS's have other methods. This is one way to "Fingerprint" an operating system based on the way it formulates packets. NMap has a good document on it's OS Fingerprinting method, if you're interested in reading more.
It isn't a cable modem he's dealing with, but the network probably does use DHCP, as it's a DoD standard for non-secure networks.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.