I am using a Juniper firewall device that our incoming internet connection receives, then a switch that connects a bunch of servers that is connected to the firewall.
For some reason, some of the traffic between the hosts connected to the switch are showing up as sessions on the Juniper firewall. The hosts are using the same network address. I thought the traffic should be strictly going through the switch to other host, not out to the firewall and then back to the switch then the host.
I created a test environment, with a small switch, and the traffic between the hosts did not show up on the firewall sessions.
Is there anything particular to the Cisco SG200-50 that would cause traffic bound from one port to another, same network address, to be sent out to the firewall before switching the traffic to the other port?
The switch will not be looking at the layer-3 packet, it only delivers known unicasts to the port where the destination MAC address is located. It will flood unknown unicasts and broadcasts to all switch ports, including the router. To the switch, the router is just another host.
I have seen this when one or more hosts have either an incorrect mask or an incorrect gateway configured.
Related
MacOS version: Mojave
I have a program listening on a local port(2080). I would like to forward all network requests to this program.
In order to accomplish this, I have configured the Wi-Fi network service to use a socks5 proxy as well as dns server pointing to local host.
This works as long as the Wi-Fi network service is connected to any network, regardless wether that network is connected to the internet. (For instance, a chromecast).
Is there a way to force the packages to the program without having to connect to a network?
Previous attempts include creating a network service attached to the lookback device, lo0, with the proxy and dns settings as before (couldn't get any packets to be routed through the program, network panel says not connected) And installing tun/tap discussed in this question.(Virtual network interface in Mac OS X).
The device will show up in ifconfig, but not in network services after editing the SystemConfiguration/preferences.plist
Any guidance is welcomed.
Nevermind I figured it out. The Tun/Tap will work, just need to configure the virtual network service with correct DNS and proxy settings.
Good day
Do you have any idea how to find WIFI routers or devices which is connected to specific LAN sockets in network?
I am try find this devices from logs Elasticsearch + Kibana namely
https://www.elastic.co/guide/en/beats/packetbeat/current/configuration-interfaces.html
With this solution I have problem with set up : packetsbeats.
Other solution which I found is : WireShark or Advanced IP Scanner or Angry IP.
With this solution /tools is problem with default setting of routers / devices which is lock ports. Its mean I can get all IPs or MACs in network but how I will get know which is IPs or MACs belonging to Routers / NTB / Mobiles ect..?
From this reason I decide find routers in network from logs by Kibana.
Do have any idea or did you make something like me?
Thanks
Wi-Fi (IEEE 802.11) is a layer-1/2 protocol, but routing is a layer-3 function, so there really is no such thing as a Wi-Fi router. There are some routers that have Wi-Fi interfaces, but they are routing a layer-3 protocol, e.g. IPv4, not Wi-Fi. Ports are layer-4 addresses for some layer-4 protocols, e.g. UDP, and they have nothing to do with routing layer-3 packets.
A router is simply a host on a layer-2 LAN. The configured gateway for your host is usually a router. The gateway is the host on a LAN to which your host sends packets destined to a different network.
Determining which hosts on a LAN are routers is a problem because you have no way to know which hosts are actually routers. You can have multiple routers on a LAN, but your host will be configured with one as its default gateway.
If you want to determine which host is the gateway for your host, then you should look at the configuration of your host, not at any particular host on the LAN.
I am splitting an application into a tray application and a Windows Service and I want to use TCP to communicate between the two*. They will both be running on the same machine.
My question is do firewalls block TCP communication between applications running on the same machine? I want to know whether firewalls are something I need to worry about when testing.
(*note that I want to use TCP instead of named pipes for communication because the apps might one day run on separate computers but that will be far in the future)
The primary objective of the firewall is to control the incoming and the outgoing network traffic! Firewall's are designed to work on IP or PORT basis.
So yes, it is 100% capable of blocking connection on same machine.(I guess you are using Class A IP [127.x.y.x] address used mainly for loopback testing and interprocess communication on the local computer).
Some firewall are preconfigured not to block local machine connection while other are configured to block them. But either way a firewall can be configured to allow/deny such connection.
If I have a UDP server repeatedly receiving requests from the same client machine, when might the client's incoming IP address change even though the user is actually still on the same machine and has not done anything deliberate to change her IP address?
I can think of two cases: (1) packets are coming in via proxy servers that use a pool of different IP addresses, and (2) the client machine is using a dynamically assigned IP address that has expired and been reassigned to a new IP address.
Are there any other cases?
Is it a mobile client? If so, it could change networks. For example -
A phone switching b/w 3G and wi-fi
A laptop changes wi-fi networks (this is infrequent though)
I have a local server written in C++ listening to inbound TCP connects using plain socket ::accept() and UDP recvfrom(). I have two problems with this that I wish to solve:
Can I programatically make Windows let me open the accept socket without it automatically being blocked by the Windows (software) firewall?
Are there any ports I can use that will allow my packets to pass through both Windows firewall and external firewall? Port 80 is often taken by things like Skype, but are there others? Will most external firewalls typically by default allow incoming UDP and TCP connects on port 80?
Thanks!
In general, network routers need Port Forwardng enabled for the listening port, and firewalls need the listening port opened. If you are using a uPNP-enabled firewall/router, then you can dynamically set up those settings programmmably via the uPNP API. But more times than not, uPNP is either disabled or unavailable, requiring manual settings by the firewll/router admin.