LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-30-2003, 08:50 PM   #1
imarunner
LQ Newbie
 
Registered: Apr 2001
Posts: 8

Rep: Reputation: 0
How to intentionally drop packets?


I want to test an applications ability to deal with randomly or systematically dropped packets. I'd like to intentionally drop a packet only on a specific port at various intervals.... could be based on time or count I suppose.

Anyone know how I might do this?
 
Old 12-30-2003, 10:13 PM   #2
phobox
Member
 
Registered: Dec 2003
Location: Columbus, OH USA
Distribution: Debian Knoppix Kanotix Sidux
Posts: 73

Rep: Reputation: 15
Try an iptables rule such as:

iptables -A INPUT -i eth0 -m limit 20 -p tcp --dport 20000 -j DROP

Last edited by phobox; 12-30-2003 at 10:15 PM.
 
Old 12-31-2003, 12:31 AM   #3
imarunner
LQ Newbie
 
Registered: Apr 2001
Posts: 8

Original Poster
Rep: Reputation: 0
I've been reading the netfilter docs thinking iptables might provide what I'm looking for. Apparently -m limit doesn't take arguments. I get this message when trying the rule suggested.

Bad argument `20'
 
Old 12-31-2003, 12:43 AM   #4
imarunner
LQ Newbie
 
Registered: Apr 2001
Posts: 8

Original Poster
Rep: Reputation: 0
Upon further review... looks like there are a couple of optional arguments
--limit and --limit-burst. From reading the docs I don't really understand what these do but I'll experiment with the --limit argument and see what happens.
 
Old 12-31-2003, 07:03 AM   #5
ugge
Senior Member
 
Registered: Dec 2000
Location: Gothenburg, SWEDEN
Distribution: OpenSUSE 10.3
Posts: 1,028

Rep: Reputation: 45
The limit module is used to match only a certain amount of packets.
-m limit --limit 5 would match the first 5 packet then ignore the rest.
This is usually used for logging purposes. For example log the first 5 packets of a DoS attack, then ignore the rest or maybe drop then to prevent the attack from succeeding.
 
Old 12-31-2003, 09:10 AM   #6
phobox
Member
 
Registered: Dec 2003
Location: Columbus, OH USA
Distribution: Debian Knoppix Kanotix Sidux
Posts: 73

Rep: Reputation: 15
That depends on what you set the limits at. Obviously it wouldn't make much sense to accept 5 packets and then drop the rest forever. The limit burst recharges over time to allow the pakcets back in, and if set low enough, like --limit 10/s which would have a default --limit-burst 5 the first 5 would match the rule, then only 1 every 6sec would match.
If nothing comes in within 6sec then the --limit-burst is raised from 0 to
1, and so on every 6sec.

So a commands like:

iptables -A INPUT ACCEPT
iptables -A INPUT -i eth0 -m limit --limit 10/s -p tcp --dport 20000 -j DROP

Would drop the first 5 packets, and then drop 1 packet every 6 seconds provided the packets are coming in at 10/second or more.

Please someone correct me if I am wrong about this.

Last edited by phobox; 12-31-2003 at 09:21 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Ability to sniff, process and drop packets kidskc Linux - Networking 1 08-18-2005 02:40 AM
drop packets for specific port with iptables ohcarol Linux - Security 1 07-03-2005 11:48 AM
drop incoming/outgoing packets using iptables doshiaj Linux - Security 1 06-08-2004 11:38 AM
how to drop all packets to one host with the default rule of accept dan5009 Linux - Security 1 08-20-2003 06:55 PM
why does the kernel drop packets ? mr.moto Linux - Networking 3 12-08-2002 01:47 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:00 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration