.send works well on Mac OS X with ICMP, not on Debian 8 or CentOS 7

Question

.send works well on Mac OS X with ICMP, not on Debian 8 or CentOS 7

alfredballe opened this issue 6 years ago · 7 comments

Testing this simple example for "duplicate" packet:

var Cap = require('cap').Cap;
var decoders = require('cap').decoders;
var PROTOCOL = decoders.PROTOCOL;

var c = new Cap();
var device = Cap.findDevice('10.0.1.6');
var filter = 'icmp and dst net 1.2.3.4';
var bufSize = 10 * 1024 * 1024;
var buffer = Buffer.alloc(65535);

var linkType = c.open(device, filter, bufSize, buffer);

c.setMinBytes && c.setMinBytes(0);

c.on('packet', function(nbytes, trunc) {
var raw_packet_data = buffer.slice(0, nbytes)

try {
// send will not work if pcap_sendpacket is not supported by underlying device
c.send(raw_packet_data, raw_packet_data.length);
c.close();
} catch (e) {
console.log("Error sending packet:", e);
}
});

Works well on Mac OS X, not on either Debian 8 or CentOS 7.
Guess it's not directly node-cap, but something else.

But help would be appreciated.

Answer 1 · 2018-12-08T22:54:37.000Z

Can you expand on this a bit? Do you get an error message? Nothing at all? Something else?

Answer 2 · 2018-12-09T11:26:08.000Z

I think answer is in a question:

try {
>> // send will not work if pcap_sendpacket is not supported by underlying device
c.send(raw_packet_data, raw_packet_data.length);

Answer 3 · 2018-12-09T20:41:36.000Z

What I meant is c.send() throwing an error? Silently failing? Something else? The comment does not answer that. "not work" could mean different things.

This is important because if it's an issue with the OS (no send access on the device) an error should be raised if it's not currently.

Answer 4 · 2018-12-10T09:32:20.000Z

No error is thrown. I've tried to ellaborate here:
https://stackoverflow.com/questions/53702640/pcap-sendpacket-doesnt-send-actual-packet

Answer 5 · 2018-12-10T09:34:03.000Z

Code in question on Node.JS:

var Cap = require('cap').Cap;
var c = new Cap();
var device = Cap.findDevice('10.0.1.6');
var filter = '(icmp or udp or tcp) and src net 100.96.0.0 mask 255.252.0.0';
var bufSize = 10 * 1024 * 1024;
var buffer = Buffer.alloc(65535);
 
var linkType = c.open(device, filter, bufSize, buffer);
 
 
// To use this example, change Source Mac, Sender Hardware Address (MAC) and Target Protocol address
var buffer = Buffer.from([
0x06, 0xCC, 0x72, 0x84, 0xD7, 0x79, 0x06, 0x27, 0xE2, 0xF1, 0xDD, 0x1D, 0x08, 0x00, 0x45, 0x00,
0x00, 0x54, 0x7C, 0xE7, 0x00, 0x00, 0x77, 0x01, 0x52, 0x4F, 0x08, 0x08, 0x08, 0x08, 0x64, 0x60,
0x00, 0x03, 0x00, 0x00, 0x2B, 0xC2, 0x0B, 0x24, 0x00, 0x04, 0x0A, 0x2C, 0x0E, 0x5C, 0x00, 0x00,
0x00, 0x00, 0xE8, 0xBA, 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15,
0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25,
0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
0x36, 0x37
]);
 
try {
  // send will not work if pcap_sendpacket is not supported by underlying `device`
  c.send(buffer, buffer.length);
} catch (e) {
  console.log("Error sending packet:", e);
}

Answer 6 · 2018-12-10T09:35:06.000Z

So using node-cap does see the packet I'm trying to send.
tshark shows the packet on -i eth0, but not with -i any.

The client doesn't see the packet on any interface.

Answer 7 · 2018-12-10T14:30:58.000Z

Seems not related to node-cap.