Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 30777 - net-analyzer/rain doesn't seem to work
Summary: net-analyzer/rain doesn't seem to work
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High major
Assignee: SpanKY
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-10-09 12:33 UTC by Ioannis Aslanidis (RETIRED)
Modified: 2003-10-22 00:25 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ioannis Aslanidis (RETIRED) gentoo-dev 2003-10-09 12:33:30 UTC 
net-analyzer/rain installs correctly but doesn't seem to work. I have tried 
TCP, UDP and ICMP flows and none of them works. I used it against a target 
machine equiped with ethereal and no packets seamed to reach the host. I am 
wondering wether rain is a fake application. Does anyone know what's going on?

Reproducible: Always
Steps to Reproduce:
1. rain -t 192.168.0.1

Actual Results:  
Packets never reach the target, not even through a direct way.

Expected Results:  
Packets should actually get to the host.
Comment 1 SpanKY gentoo-dev 2003-10-18 20:51:08 UTC 
works here ...
root@vapier 0 root # ifconfig eth3
eth3      Link encap:Ethernet  HWaddr 00:60:F5:07:07:BB  
          inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
root@rux0r 0 root # ifconfig eth2
eth2      Link encap:Ethernet  HWaddr 00:60:F5:06:1D:ED  
          inet addr:192.168.1.3  Bcast:192.168.1.255  Mask:255.255.255.0
root@vapier 0 root # rain -t rux0r

[ rain 1.2.8r2 by Evil (mystic@tenebrous.com) ] [pid:6652]

source host/port: 127.0.0.1 / 420
target host/port: rux0r / netbios-dgm
packet style....: TCP (no flags set)

Showering infinite (0.5k) drops; Hit CTRL+C to stop

root@rux0r 0 root # tcpdump not port 22 and host vapier -i eth2
tcpdump: listening on eth2
23:50:01.931046 vapier.420 > 192.168.1.3.netbios-dgm: . 435945472:435945987(515)
win 56
23:50:01.943030 vapier.420 > 192.168.1.3.netbios-dgm: . 435945472:435945987(515)
win 56
23:50:01.955032 vapier.420 > 192.168.1.3.netbios-dgm: . 435945472:435945987(515)
win 56
23:50:01.967032 vapier.420 > 192.168.1.3.netbios-dgm: . 435945472:435945987(515)
win 56
23:50:01.979038 vapier.420 > 192.168.1.3.netbios-dgm: . 435945472:435945987(515)
win 56
23:50:01.991049 vapier.420 > 192.168.1.3.netbios-dgm: . 435945472:435945987(515)
win 56
Comment 2 Ioannis Aslanidis (RETIRED) gentoo-dev 2003-10-19 02:54:11 UTC 
Could it be that my firewall (iptables using shorewall) blocks outgoing packages?
That happened me once when using special scans with nmap.
Comment 3 SpanKY gentoo-dev 2003-10-19 23:12:29 UTC 
why dont you flush iptables on both boxes and set default policies to ACCEPT
and then see if it works
Comment 4 Ioannis Aslanidis (RETIRED) gentoo-dev 2003-10-22 00:25:42 UTC 
All right, it was my shorewall configuration that it was incorrect.
Doing the following solved the problem:

*****
Edit /etc/shorewall/shorewall.conf and change "NEWNOTSYN=No" to "NEWNOTSYN=Yes"
then restart Shorewall.

Add this command to your /etc/shorewall/start file:

run_iptables -D OUTPUT -p ! icmp -m state --state INVALID -j DROP
*****