Newbie alert with no TCP/IP knowledge... I am trying to set up a production test rig for testing an embedded 6-way ethernet switch by populating an XP PC with 6 NIC cards. I've started with two NICs just to prove the point, both on the same subnet, manual IP addresses of 172.16.0.1 / 172.16.0.2. The routing table (route print) shows (I believe) two loopback entries :
=====================================================
172.16.0.0 255.255.255.0 172.16.0.1 172.16.0.1
172.16.0.0 255.255.255.0 172.16.0.2 172.16.0.2
172.16.0.1 255.255.255.255 127.0.0.1 127.0.0.1
172.16.0.2 255.255.255.255 127.0.0.1 127.0.0.1
172.16.255.255 255.255.255.255 172.16.0.1 172.16.0.1
172.16.255.255 255.255.255.255 172.16.0.2 172.16.0.2
=====================================================
I would like to remove the loopback entries and replace them with "always external" routing entries.. i.e. if you ping 172.16.0.1 the packets use adapter 172.16.0.2, and are routed by the switch back to 172.16.0.1 and if you ping 172.16.0.2 the packets leave 172.16.0.1, and get routed by the switch back to 172.16.0.2, thereby doing a rudimentary connectivity test of the cables, the switch IC, magnetics etc.
A command of :
route add 172.16.0.1 mask 255.255.255.255 172.16.0.2 (which seems to me to be uniquely specifying the use of 172.16.0.2 to send packets to a destination 172.16.0.1) fails with "The route addition failed: The route parameter is incorrect"
While : route add 172.16.0.2 mask 255.255.255.255 172.16.0.1 is accepted but I can't then ping 172.16.0.2
I did find some really good explanations in your old posts of meanings of each line in the table, but I'm obviously not quite understanding what is going on. I'm slightly concerned that the auto-generate route table has specified two adapters as gateways, but I don't know enough to understand the implications.
Ultimately, with 6 NICs in the box, I'd like to be able to make a table that will enable me to exercise every port on the switch.
many thanks
David
You can use ping to do this. First setup the NICs to have static IP addresses. I'll give you an example with 2 NICs. NIC1 is set to 192.168.0.2 and NIC2 is 192.168.0.1. Then run the command:
ping 192.168.0.2 –s 192.168.0.1 –t
I think you'll find that if you unplug the external loopback cable the test will fail and if you plug it back in again, it will pass. For more help on ping, type ping -?
You may have to disable Windows Firewall to let the ping traffic through.
Related
What could explain why an EC2 instance running Windows 10 does not consistently have access to its own metadata or userdata?
I know the userdata is set correctly because the exact same script was used for about thirty launches of t2.nano and c4.xlarge instances: the t2.nano never encountered any issue reading the metadata, but out of three attempts with a c4.xlarge only one had access to it. The script only differed by the name of instance (as per git history at least).
I followed the instructions below, and even from a Powershell, the Uri fails to load (cf. Figure 2).
Any hint is appreciated.
There is a script call InitializeInstance.ps1 that resets some configuration information.
For example, if the instance has changed subnets it might not work correctly due to cached routing rules. The InitializeInstance.ps1 can correct this.
We experienced the same issue on a Windows 2016 server on EC2. We noticed that the default gateway on the 169 IPs routes (persistent) where pointing at a non-existing (old?) gateway IP.
We changed the routes to the default gateway of the primary adapter, after that Instance Metadata started to work and AmazonSSMAgent service is running again.
Old situation:
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.3.129 172.16.3.152 15
....
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
169.254.169.254 255.255.255.255 172.16.0.129 15
169.254.169.250 255.255.255.255 172.16.0.129 15
169.254.169.251 255.255.255.255 172.16.0.129 15
Notice the gateway on the persistent routes for 169 to point at an IP, which is not the default for 0.0.0.0. This 172.16.0.129 is also not pingable.
After changing the routes using route CHANGE:
route CHANGE 169.254.169.254 MASK 255.255.255.255 172.16.3.129 METRIC 15 IF 4 /P
route CHANGE 169.254.169.250 MASK 255.255.255.255 172.16.3.129 METRIC 15 IF 4 /P
route CHANGE 169.254.169.251 MASK 255.255.255.255 172.16.2.129 METRIC 15 IF 4 /P
Where:
172.16.3.129 is the default gateway on the primary network interface. This will be different on each instance.
And 4 at then end METRIC 15 IF 4 is the interface ID of primary adapter, listed in interface list on route PRINT, this could also be different on each instance.
We now have:
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.3.129 172.16.3.152 15
....
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
169.254.169.254 255.255.255.255 172.16.3.129 15
169.254.169.250 255.255.255.255 172.16.3.129 15
169.254.169.251 255.255.255.255 172.16.3.129 15
===========================================================================
This is basically what the for mentioned ProgramData/Amazon/EC2-Windows/Launch/Module/Scripts/Add-Routes.ps1 script does.
Can't edit John Rotenstein so I'll add it here,
This issue was solved at my end by initialise the instance again,
it happen when you created an image in one subnet or vpc and launch it in a different one.
Warning this would change the admin password, make sure you have access to the required key to get the new password at console.
In order to initialise the instance only once run:
C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\InitializeInstance.ps1 -Schedule
in order to initialise it every boot run
C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\InitializeInstance.ps1 -SchedulePerBoot
the docs: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2launch.html
after running it, reboot the instance, get a new password from the console, rdp inside and you can get metadata and use aws s3 cli / powershell with the attached instance IAM role
I want to get the port number and ip address of a server
For ip address i can
ping the xyz.com and to get the ip address resolved.
but how do i include the port number
From this Serverfault answer:
You can't ping ports, as Ping is using ICMP which doesn't have the
concept of ports. Ports belong to the transport layer protocols like
TCP and UDP. However, you could use nmap to see whether ports are open
or not
nmap -p 80 example.com
Edit: As flokra mentioned, nmap is more than
just a ping-for-ports-thingy. It's the security auditers and hackers
best friend and comes with tons of cool options. Check the doc for all
possible flags.
Try:
telnet xyz.com 80
If it's showing output like
Connected to xyz.com.Escape character is '^]'.
Means your domain (xyz.com) is listening on port 80.
I have a macbook, connected with ethernet, and wifi.
A site (lets call it facebook) is blocked on one of the interface (ethernet)
but is open on the other (wifi), on the other hand eth is better (fastest and more reliable than the wifi) so I use eth as a priority interface (on top of network preferences), but in this way there is no access to the blocked site.
I would know if there is a way to say to the operating system or browser or other
software components that it must use the connection of wifi if and only if a connection on :80 over eth fail. this would be perfect...or any other means to solve the problem..
It's a matter of configuring a proper proxy?
Thanks in advance.
You could modify routing table to pass traffic to given host or network through chosen gateway.
List your routing table:
$ netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 10.0.0.1 UGSc 15 0 en0
default 192.168.0.1 UGScI 1 0 en1
[...]
In this case en1 is wifi. So to use wifi connection to a host x.x.x.x, route traffic to this host through 192.168.0.1 gateway:
sudo route add -host x.x.x.x 192.168.0.1
Or better add routing to entire network used by given service:
sudo route add -net x.x 192.168.0.1
The downside is that it may be difficult to determine an ultimate list of IPs, networks used by the service.
See man route.
After connecting to the business network I have no internet access.
route print shows:
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.132.222 192.168.132.166 121
0.0.0.0 0.0.0.0 On-link 10.100.10.26 31
<... snip ...>
Through these commands:
route delete 0.0.0.0 mask 0.0.0.0 192.168.132.222
route add 0.0.0.0 mask 0.0.0.0 192.168.132.222 metric 1
I am able to then access both internet AND the business network.
I am wondering: Is there a way to define that via Shrew Settings?
The answer given by user416930 is correct, but a little unclear, so here it is spelled out a little better.
In Shrew Soft VPN Access Manager, go to Edit > Properties > Policy > Select.
Uncheck "Obtain Topology Automatically or Tunnel All".
Click "Add". Add the network used by your VPN.
If you are unclear what VPN your network is using:
Open command prompt and type "ipconfig /all".
Look for the entry with "Screw Soft Virtual Adapter".
Shrew Soft VPN Acess Manager>Edit>Properties>Policy>Select(Maintain Persistent Security Assosiacations),Add(10.0.0.0,/255.0.0.0)
I hope this isn't too basic a question. The title kind of asks it all. :-)
The ping command will allow strict source routing so you can specify the default gateway to use on the way out. (This assumes your interfaces have distinct gateways i.e. are on different networks)
ping -k 192.169.1.1 microsoft.com
^ default gateway for desired interface
Using WMI Win32_PingStatus you can do the same thing where you specify SourceRoute and SourceRouteType (This is essentially the same as using ping -k)
Alternatively:
If your network interfaces are on the same network, like a LAN card and a wireless adapater
you can add a custom ROUTE to your machine, which can send all traffic through a specific interface.
From ROUTE HELP:
route ADD 207.46.0.0 MASK 255.255.0.0 192.168.1.1 METRIC 3 IF 2
destination^ ^mask ^gateway metric^ ^
Interface^
ping also has an option in Windows:
-S srcaddr Source address to use.
So you can do something like
ping 10.10.10.1 -l 0 -S 192.168.1.1
where 10.10.10.1 is the destination address and 192.168.1.1 is the address of the source adapter