Re: Nmap questions concering my router

From: Nicky (hackeras_at_gmail.com)
Date: 08/17/05


Date: 17 Aug 2005 06:55:35 -0700

Moe Trin wrote:

> >Now lets suppose thats someone sends data to my my routers, meaning my
> >router is receiving an incoming http connection request from a remote
> >host.
>
> What address does the package have? Is it addressed to the router? But
> no one lives or works there. Send a message to who ever sent the package
> that their package could not be delivered, because the address is wrong.
> (ICMP Type 3, Code 3 "Port Unreachable")

Yes, in order for the package to reach the web server application that
is running on my localhost it is have to have as dest ip the routers
external ip address. Otherwise it cant reach my pc and of course the
package cant have as dest ip my ethernat interface 10.0.0.1 because its
a private non-routable ip address.

> Is the package addressed to the Hotel? Which street address?
>
> >b) Where will the router send this request to? eth0, eth1 or eth2
>
> Which IP address is the packet addressed to?
>
> >and why?
>
> The router does not know that the three addresses reach the same hotel. It
> only knows to deliver the packet to the interface address.

Which one of the 3?

> >Does it send them to all interfaces(cards) simultaneously because he is
> >directly connected to them?
>
> No, it only goes to the interface that matches the address. The router does
> not know (or care) what computer is hiding behind the address.

But the dest ip address of the ip packer is addresses to the routes
external interface address. How can it possible know the ip addresses
behind the router to send to the one appropriate?!?

Am i missing soemthing here?!?

> >If this is the case what happens then? All the cards puts the same info
> >on the motherboards data bus? So when my web server is receiving them
> >it gets 3 imes the same http connection request?
>
> Was the package addressed to 'Nicky" or "Nikos" or "Nickos"? They might
> be the same person or computer, but they are different names - only the
> one that matches will get the package.

Same question as above!
How the sender can it possible know the ip addresses behind the router
to send to the one appropriate address?!? Our routers external ip
adress makes the contact so this same ip address is the dest ip when
the response comes.

> >c) Another question is why does the router has to have 2 interfaces and
> >not just 1 the external that we pay for?
>
> To separate the traffic. Mainly for security reasons, but also because a
> given network segment (the wire itself) can only have so many systems
> connected before there are to many people talking (trying to talk) on the
> same telephone at the same time.

LAN traffic form WAN traffic i guess.

> >so when some data from my localhost wants to reach a remote host, my eth0
> >(10.0.0.1) should first reach the routers internal ip address(10.0.0.138)
>
> Yes, BUT the packet does not get _addressed_ to the router. The address
> 10.0.0.138 never appears in/on the packet, because that is not the final
> destination. Your computer needs to send a packet to the Dai-ichi Hotel
> in Tokyo. It looks at the routing table, and finds that it knows how to
> send packets to itself, perhaps other computers on the local LAN (and that
> includes the router), and another address called a 'default route'. The
> idea of a default route is that if you don't know where to send a packet,
> you hand the packet to this gateway (in this case, the router), and hope
> that it knows what to do with it. But this is the network stack concept -
> the packet is addressed to "Dai-ichi.Hotel.Tokyo" with the correct IP
> address and all that. But your computer knows the HARDWARE address of the
> router (or uses the ARP protocol to find it), and the addresses of the
> packet ON THE WIRE are the hardware address of the destination (the router),
> and the MAC address of the interface that is sending it. When this packet
> reaches the router, these addresses are thrown away because they are now of
> no further use. The router looks at the destination IP address, and
> discovers it is "Dai-ichi.Hotel.Tokyo". But it can't reach "Tokyo", so it
> looks at it's own routing table, and finds the default route is to send it
> to the Hellinikon airport at Athens. So it creates a new wrapper around the
> IP packet with a destination address of the HARDWARE address of the Hellinikon
> Airport, and a source address of the interface that it has that is on the
> same road as the airport. When the packet reaches the airport, this wrapper
> is thrown away, and someone there looks at the destination IP address - it's
> going to "Tokyo", and they put it on the plane going to (perhaps) Singapore.
> The people there look at the destination address, and put it on the plane
> to Tokyo Narita, and ...
>
> Notice - all along this route, the IP packet was addressed to the
> "Dai-ichi.Hotel.Tokyo". It just got put into a basket (a packet on the
> wire), and carried from "here" to some intermediate stop along the way. When
> it got "there", the basket was thrown away, and the packet put into a new
> basket (on another "wire" going some where else), and carried to the next
> stop. At no point was your packet ever addressed to this or that airport,
> because that was not the final destination. The slaves who were carrying
> this packet - they don't care where it is going to end up, as their job is
> only to deliver it to the other end of the wire, or street, or plane ride.

Thank very nice and detaild information but i still have a question.
Why when an ip packet gets wrapped then thew sender and the recaiver
are marked with hardware addresses(MACs) and not like ip addresses ast
he initial package has?

> >If the router sees, by checking the packet's header, that the dest ip is
> >a pc insdie the local lan for example 10.0.0.2 then the data packer will
> >never reach the routers external interface but will be forwarded from the
> >internal ip address of the router to 10.0.0.2
>
> Yes. Your router MAY ALSO look at the packet and think "Why is this idiot
> sending a packet from 10.0.0.1 to 10.0.0.2 and giving it to _me_ to deliver?"

but can he act otherwise? ALL lan pc are directly connected to the
router and hence in order for 2 of them to communicate each other they
must have a route rule that tells them that for all LAN traffic must
use the router's internal ip address as gateway and then forward
traffic from there?

I dont see how they can communicate otherwise each other.

And one last thing how does the routing table sepearted which traffic
are LAN traffic so to use as gateway the router's internal ip and which
traffic is WAN traffic so to use as gateway the router's external ip
address?

And also in order for data to pass to the external ip address do they
have to pass from the internal first and then forward from there?

Thanks again for your help!



Relevant Pages

  • Re: UPNP/SSDP
    ... otherwise it's just a glorified packet filter with a set of rules. ... neither a NAT nor a router are referred to as packet filters. ... a NAT router for broadband internet does not do this, ... router to route traffic b/w two or more private networks and the internet. ...
    (microsoft.public.windowsxp.general)
  • Re: Iptables question on forwarded port with a router
    ... I'm connecting from my pc (let'a call its ip adress ip_1) to a linksys ... I can connect through ssh on port xxx to this destination pc but if I ... The blocked packet is an ICMP type 3, code 4 packet, being sent from ... the router to the destination pc. ...
    (comp.os.linux.networking)
  • Re: Nmap questions concering my router
    ... has only one interface, ... as having a chunk of space in the computer much like a hotel room. ... >is) directly connected to my router, which i dont set up a NAT yet. ... Which IP address is the packet addressed to? ...
    (comp.security.firewalls)
  • Re: IIS5 Passive FTP Networking problem (long)
    ... or do away with the router entirely (and the hardware based ... > had the ability to run an FTP server behind it without changing the IP ... The NAT changes the PASV response ... translate the address fields of a packet. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Strange MTU Problem
    ... Does the router know how to forward the ICMP ... On the local side, a packet has real source address and destination, ...
    (comp.os.linux.networking)