Re: Nmap questions concering my router
From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 08/23/05
- Next message: Moe Trin: "Re: Nmap questions concering my router"
- Previous message: Nicky: "Re: Penetration test requested!"
- In reply to: Nicky: "Re: Nmap questions concering my router"
- Next in thread: Nicky: "Re: Nmap questions concering my router"
- Reply: Nicky: "Re: Nmap questions concering my router"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 22 Aug 2005 20:40:27 -0500
In the Usenet newsgroup comp.security.firewalls, in article
<1124641534.845241.326930@g44g2000cwa.googlegroups.com>, Nicky wrote:
>You mean eth0 needs only to know 10.0.0.138's MAC address to talk to?
>Ok, but does one NIC can have more than 1 ip address?
>I want to read the file but i dont have it.
It's a bit off topic - but down at the Ethernet level, the packets are
addressed using the MAC address. As for the HOWTOs, go to
http://ibiblio.org/pub/linux/docs/HOWTO/
http://en.tldp.org/HOWTO/HOWTO-INDEX/howtos.html
ftp://ftp.physics.auth.gr/pub/mirrors/ibiblio
>So IP Masquerading handles outbound traffic only while Port Forwrding
>handles inbound traffic? Thats the distinction?
>
>If it is so, is it acceptable to say that:
>
>IP Masquerading = Source NAT
>Port Forarding = Destination NAT?
That's the simple version, yes. Once a connection is established, then
NAT occurs in both directions. Think about that - you want to connect
out, so your router masquerades for you. But a TCP connection is two-way,
so the remote site has to be able to reply to you, and the router does a
dynamic port forwarding back to your system so that the connection is
complete.
>>> b) What benefits a computer to try to send data to itself to 127.0.0.1
>>> ? Waht for?
>>
>> It gives a standard location to "talk" to.
>Sorry i didnt understand that at all as to what does have to do with
>127.0.0.1 neither how 127.0.0.1 help us with soemthing.
The application only need to worry about connecting to a network, and
have that move the packets to the desired (other) application on the
system. We don't have to care what that other application is, or how
it may differ from other applications - we just send data to a network
address.
>> Remember this picture?
>>
>> Ethernet_header IP_header TCP_header GET mumble.foo.bar/baz.html CRC
>>
>> The IP address in the IP header is 83.151.221.52. The address that is in
>> the Ethernet header is the MAC address of the 10.0.0.138 interface. The
>> IP address of 10.0.0.138 isn't found in any header at all.
>
>Yes. But the MAC address couldnt have been directly the 83.151.221.52's
>one , could it?
No, because you are not on the same network. You can only reach addresses
on your network directly (without using a gateway), and you can only reach
addresses that are not on your network by using a gateway, to transfer the
packets to some other network that will (eventually) reach the remote
network that has that remote address.
>It has to pass from 10.0.0.138 first because the routing table says so?
Yes, because 10.0.0.138 has been defined as the gateway address on your LAN.
>What happens if we alter the routing table by changing the gateway from
>10.0.0.138 to 83.151.221.52
How do you reach 83.151.221.52? It is not on 10.0.0.0/24. To reach ANY
address that is not on 10.0.0.0/24, you need to be able to send packets to
a host on 10.0.0.0/24, and let it forward them to the "remote" network.
>>> If iam not mistaken there is a rule sayign that 2 interfaces can talk
>>> only if they are part of the same subnet, otherwise thay cant!
>>
>> No - exactly the opposite is true.
This is the same problem discussed above - two interfaces ON THE SAME
COMPUTER have to be on different networks. On the other hand, two
interfaces ON DIFFERENT COMPUTERS must be on the same network to talk.
>> a person has two or more interfaces
on the same computer
>> and puts them all on the same network (example 10.0.0.1/eth0,
>> 10.0.0.2/eth1, 10.0.0.3/eth2), and then wonders why the computer only uses
>> one.
The problem here is that the computers get confused about which address to
use. If I try to talk to 'Nicky', and 'Nikos' answers, those names are not
the same, so I think this is two conversations. How am I to know 'Nicky'
and 'Nikos' are the same person? They have different IP addresses ;-)
If 'Nikos' answers, the packets have his IP address (even though on your
local wire, you may relay the packet from 'Nicky' to the router, but I
won't know that).
>OK, NOW iam confused!
>Up until now i though that 2 nics(eth)
on different computers
> must be on the same subnet in
>order to be able to cumminicate without the need of a router, who's job
>is to interconnect 2 differenent netwroks in order for the 2 remote
>hosts to communicate.
Yes. And what I thought you were referring to was two NICs in the same
computer. To talk to these to, the computer would use the loopback or
internal interface.
>The router is needed for the 2 hosts to be able to "talk" because they
>are in different subnets.
>
>If they werent in different subntes they are considered to be on the
>same wire so they can "talk" directly through the hub.
Yes and Yes.
>Also if it aint too much trouble i appreciate if you can give an
>example of yhe 3 NICS above being on the same pc and also being ton the
>same network.
Without "special" or "extra" software, when there are multiple interfaces
on the same computer on the same network, the computer will _listen_ to
all addresses (and may listen using just one interface to receive all
three - depends on the O/S), but when it talks, it only uses one
interface (depends on O/S - may be the first one configured, or may be
the last). The other NICs may be unplugged, and while the statistics
would show only one interface being used, packets addressed to all
addreses would be received.
>> I don't know. DNS seems to indicate there is only one host,
>
>You mean one host has been assigned 8 different public ip addresses?
No, only looks like one computer active, the other addresses not in use.
>Buw is this possible?
It's possible, and if done right, you would not know. If done wrong, it
probably would not work.
>Up until now i thought that 1 ip address can only have several
>different hostnames(aliases) not the other way around cause i thought
>that 1 NIC has 1 hardware address(MAC) and 1 software address(ip
>address).
Advanced subject - yes it is possible, but it's complex.
>> I suspect the addresses are actually in someone's hosting service,
>> rather than at the hotel.
>I dont quite follow...
Many Internet computers are not located where the hostname says. A
hotel is not expert at running computers, so they may rent a computer
from a special ISP called a hosting service. An example would be a company
called 'rackspace.com' who operates a number of locations, each with
several hundred to several thousand computers. They provide a large
bandwidth connection, good power, security, and well trained people to
keep an eye on things.
>>>> No - packets sent to your router's internal ip address only go to
>>>> the router - because the IP address is the DESTINATION, not the next
>>>> stop along the way.
>> The IP address is where the packet is going to reach the application
>> you want to use (web server, news server, DNS, what-ever). If you send
>> a packet to the router's internal address, you want to talk to something
>> that is running on the router.
>Yes and in that case the mac address of the routers internal!
>But the ethernet packet couldnt be destined directly to the routers
>external could it?
But it won't reach the external interface. You send it from "inside" to
the internal interface of the router. The IP packet is inspected to see
who we want to send it to, and that is 83.151.221.52... wait a minute,
that's me!!! Push this up the stack, there is no reason to send it on
another hop (which would go on the loopback anyway), so we can save some
CPU cycles.
Old guy
- Next message: Moe Trin: "Re: Nmap questions concering my router"
- Previous message: Nicky: "Re: Penetration test requested!"
- In reply to: Nicky: "Re: Nmap questions concering my router"
- Next in thread: Nicky: "Re: Nmap questions concering my router"
- Reply: Nicky: "Re: Nmap questions concering my router"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
