Tuesday, March 22, 2011

Testing out the old ethernet ping through Wireshark

Currently I have an empty ethernet gem. So after talking to Victor (thank you! quotes in here are Victor's words), I tested the old ethernet code before sticking it into my gem..

The big picture: Create some bytes from my mac address to flow through the ethernet card, and wireshark should capture this flow.

Today I tested out what Victor already wrote, for a minimum ethernet pinging. Later I should take his code and improve on it.

Outline of Testing Victor's Ethernet Pinging Code
  1. Install the scratchpad rubygem with rake install.
  2. Try the ether_ping command
  3. See if the ping is caught on Wireshark
More details on 2:
bin/ether_ping calls the ethernet code. When you install the gem, you get the files in its bin/ on your path. So the bin/ file
- sets things up
- reads command-line args
- and calls up the ethernet code

More details on 3:
Wireshark is used to debug, and you can click on the packets to see the data. All you need is the basic functionality of capturing.
I asked a question: Shouldn't the data be coming/going from the server or the P chip?
Victor answened: Layers. The ethernet layer doesn't care about who sends data to whom. The ethernet layer takes an ethernet card, a mac address, a bunch of bytes and puts the bytes on the wire.

Details of Testing Victor's Ethernet Pinging Code (highlighted commands are the final steps, skipping over me talking about errors)

  1. git pull in my local copy of Victor's scratchpad rubygem to update it. (Your latest entry from git log should match the newest update on scratchpad's github version)
  2. rake install

    (in /home/haoqili/Desktop/rails/secureSt/scratchpad)
    Successfully built RubyGem
    Name: scratchpad
    Version: 0.0.1
    File: scratchpad-0.0.1.gem
    Executing "ruby -S gem install ./pkg/scratchpad-0.0.1.gem":
    ruby -S gem install ./pkg/scratchpad-0.0.1.gem
    Fetching: eventmachine-0.12.10.gem (100%)
    Building native extensions. This could take a while...
    Fetching: ffi-1.0.7.gem (100%)
    Building native extensions. This could take a while...
    Fetching: json-1.5.1.gem (100%)
    Building native extensions. This could take a while...
    Successfully installed eventmachine-0.12.10
    Successfully installed ffi-1.0.7
    Successfully installed json-1.5.1
    Successfully installed scratchpad-0.0.1
    4 gems installed
    Installing ri documentation for eventmachine-0.12.10...
    Installing ri documentation for ffi-1.0.7...
    Installing ri documentation for json-1.5.1...
    Installing ri documentation for scratchpad-0.0.1...
    Installing RDoc documentation for eventmachine-0.12.10...
    Installing RDoc documentation for ffi-1.0.7...
    Installing RDoc documentation for json-1.5.1...
    Installing RDoc documentation for scratchpad-0.0.1...
    I was puzzled why it says 4 gems installed even though scratchpad only has 1 .gemspec. Victor told me that "it probably needed to install dependencies since this is the first time you installed it".
  3. Type ether_ping, and the output tells you how to use it:
    Usage: /home/haoqili/.rvm/gems/ruby-1.9.2-p136/bin/ether_ping net_interface ether_type dest_mac data
    net_interface: name of the Ethernet interface, e.g. eth0
    ether_type: packet type for the Ethernet II frame, in hex (2 bytes)
    dest_mac: destination MAC for the ping packets, in hex (6 bytes)
    data: ping packet data, in hex (0-padded to 64 bytes)
  4. Victor gave me ether_ping eth0 88B7 001122334455 aa00112233, which was his test command for ether_ping. The ether_type Ethernet II frame is "88B7", which is "in the range of experimental protocols, but you can pretty much use anything that's not IP and you won't confuse your system." He also told me all the other exeprimental etherent II frames "are 4 numbers somewhere around the one I picked.". So I tried ether_ping eth0 88B7 001122334455 aa00112233, which gave:
    /home/haoqili/.rvm/gems/ruby-1.9.2-p136/gems/scratchpad-0.0.1/lib/scratchpad/ethernet/raw_ethernet.rb:11:in `initialize': Operation not permitted - socket(2) (Errno::EPERM)
    from /home/haoqili/.rvm/gems/ruby-1.9.2-p136/gems/scratchpad-0.0.1/lib/scratchpad/ethernet/raw_ethernet.rb:11:in `new'
    from /home/haoqili/.rvm/gems/ruby-1.9.2-p136/gems/scratchpad-0.0.1/lib/scratchpad/ethernet/raw_ethernet.rb:11:in `socket'
    from /home/haoqili/.rvm/gems/ruby-1.9.2-p136/gems/scratchpad-0.0.1/lib/scratchpad/ethernet/ping.rb:59:in `initialize'
    from /home/haoqili/.rvm/gems/ruby-1.9.2-p136/gems/scratchpad-0.0.1/bin/ether_ping:21:in `new'
    from /home/haoqili/.rvm/gems/ruby-1.9.2-p136/gems/scratchpad-0.0.1/bin/ether_ping:21:in `<top (required)="">'
    from /home/haoqili/.rvm/gems/ruby-1.9.2-p136/bin/ether_ping:19:in `load'
    </top>

    Puzzled at the output, Victor told me to "sudo", because an "EMPERM is an OS-level error", not something that's wrong with the command I put. I then attepted sudo ether_ping eth0 88B7 001122334455 aa00112233, but it failed as well.
    [sudo] password for haoqili:
    sudo: ether_ping: command not found
    • bin/enable_pcacp: Victor said btw that "in the scratchpad gem there's a script [bin/enable_pcacp] that gives Ruby the right access bits so you don't have to sudo all the time to talk to the ethernet."
    • After I did sudo enable_pcap, I got: [sudo] password for haoqili: sudo: enable_pcap: command not found.
    • Victor: it's issuing setcap. So try setcap and see what it tells you to install: sudo setcap, output-ing sudo setcap usage: blahbalh Note <filename> must be a regular (non-symlink) file.
    What could be wrong with ether_ping that neither sudo-ing it or not works? Continue reading ...
  5. I tried which ether_ping, yielding /home/haoqili/.rvm/gems/ruby-1.9.2-p136/bin/ether_ping, instead of /usr/bin/ether_ping! CULPRINT FOUND! Fixing this should fix ether_ping! But it took me a while to fix it.
  6. ether_ping is pointed to the wrong location because I was using rvm (Victor is so smart), "so it installed scratchpad in one of your gemsets. You need to install it in the system rubygems, rvm use system, then rake install" To which I suggested of simply stop using rvm, but Victor said "rvm is useful, you'll need to make sure your thing works in 1.8.7 and 1.9.2. So it's good to use it in general. It doesn't do well with sudo though."
  7. But I got confused on what to do exactly, so Victor told me for now to just "remove the rvm import from your bash profile and use the system ruby for now like you suggested" rvm --default use system note the dash is actually 2 dashes. It worked:
    find: warning: you have specified the -maxdepth option after a non-option argument -name, but options are not positional (-maxdepth affects tests specified before it as well as those specified after it). Please specify options before other arguments.

    Now using system ruby.
    find: warning: you have specified the -maxdepth option after a non-option argument -name, but options are not positional (-maxdepth affects tests specified before it as well as those specified after it). Please specify options before other arguments.

    Now using system ruby.
  8. Now I have to rake install, but first I encountered a program when doing rake install:
    (in /home/haoqili/Desktop/rails/secureSt/scratchpad)
    Jeweler (or a dependency) not available. Install it with: gem install jeweler
    rake aborted!
    Don't know how to build task 'install'

    (See full trace by running task with --trace)
  9. As suggested, I did: sudo gem install jeweler, outputting:
    Fetching: git-1.2.5.gem (100%)
    Fetching: jeweler-1.5.2.gem (100%)
    Successfully installed git-1.2.5
    Successfully installed jeweler-1.5.2
    2 gems installed
    Installing ri documentation for git-1.2.5...
    Installing ri documentation for jeweler-1.5.2...
    Installing RDoc documentation for git-1.2.5...
    Installing RDoc documentation for jeweler-1.5.2...
  10. rake install for reals this time!
    (in /home/haoqili/Desktop/rails/secureSt/scratchpad)
    Successfully built RubyGem
    Name: scratchpad
    Version: 0.0.1
    File: scratchpad-0.0.1.gem
    Executing "ruby1.8 -S gem install ./pkg/scratchpad-0.0.1.gem":
    ruby1.8 -S gem install ./pkg/scratchpad-0.0.1.gem
    Fetching: eventmachine-0.12.10.gem (100%)
    Building native extensions. This could take a while...
    Fetching: ffi-1.0.7.gem (100%)
    Building native extensions. This could take a while...
    Fetching: json-1.5.1.gem (100%)
    Building native extensions. This could take a while...
    Successfully installed eventmachine-0.12.10
    Successfully installed ffi-1.0.7
    Successfully installed json-1.5.1
    Successfully installed scratchpad-0.0.1
    4 gems installed
    Installing ri documentation for eventmachine-0.12.10...
    Installing ri documentation for ffi-1.0.7...
    Installing ri documentation for json-1.5.1...
    Installing ri documentation for scratchpad-0.0.1...
    Installing RDoc documentation for eventmachine-0.12.10...
    Could not find main page README
    Could not find main page README
    Could not find main page README
    Could not find main page README
    Installing RDoc documentation for ffi-1.0.7...
    Installing RDoc documentation for json-1.5.1...
    Installing RDoc documentation for scratchpad-0.0.1...
  11. ether_ping eth0 88B7 001122334455 aa00112233 still gives this error like before
    /usr/lib/ruby/gems/1.8/gems/scratchpad-0.0.1/lib/scratchpad/ethernet/raw_ethernet.rb:11:in `initialize': Operation not permitted - socket(2) (Errno::EPERM)
    from /usr/lib/ruby/gems/1.8/gems/scratchpad-0.0.1/lib/scratchpad/ethernet/raw_ethernet.rb:11:in `new'
    from /usr/lib/ruby/gems/1.8/gems/scratchpad-0.0.1/lib/scratchpad/ethernet/raw_ethernet.rb:11:in `socket'
    from /usr/lib/ruby/gems/1.8/gems/scratchpad-0.0.1/lib/scratchpad/ethernet/ping.rb:59:in `initialize'
    from /usr/lib/ruby/gems/1.8/gems/scratchpad-0.0.1/bin/ether_ping:21:in `new'
    from /usr/lib/ruby/gems/1.8/gems/scratchpad-0.0.1/bin/ether_ping:21
    from /usr/bin/ether_ping:19:in `load'
    from /usr/bin/ether_ping:19
  12. So instead do sudo ether_ping eth0 88B7 001122334455 aa00112233
    Pinging 001122334455...
    looking great so far!

    I stop it with CTRL+C because "it's a ping tool so it expects a response back. There won't be a response because there isn't anyone listening at that MAC [001122334455] so it'll hang forever."
    Pinging 001122334455... ^C/usr/lib/ruby/gems/1.8/gems/scratchpad-0.0.1/lib/scratchpad/ethernet/ping.rb:82:in `recv': Interrupt
    from /usr/lib/ruby/gems/1.8/gems/scratchpad-0.0.1/lib/scratchpad/ethernet/ping.rb:82:in `ping'
    from /usr/lib/ruby/gems/1.8/gems/scratchpad-0.0.1/bin/ether_ping:26
    from /usr/lib/ruby/gems/1.8/gems/scratchpad-0.0.1/bin/ether_ping:23:in `loop'
    from /usr/lib/ruby/gems/1.8/gems/scratchpad-0.0.1/bin/ether_ping:23
    from /usr/bin/ether_ping:19:in `load'
    from /usr/bin/ether_ping:19
  13. I open up Wireshark with sudo wireshark and start capturing "eth0". I run the above sudo ether_ping command again hoping something would show up, but it didn't. Again, I ask Victor to help because he knows everything about this project and is always patient with me asking questions. Victor says: "it may reject the packet because it's not formatted for wifi. Point ether_ping to a lan card, eth* [eth0 works]." But I did point it to eth0. "Maybe it doesn't work without a cable in it. I don't think I ever tested without a cable."
  14. Plug in a Ethernet cable into your computer! Don't do wireless!
  15. This command should work (finally!):
    sudo ether_ping eth0 88B7 001122334455 aa00112233

    In Wireshark, you should see:


    Click on it and click on "data" look! "aa00112233" is right there!!! Good job!!


Posted by HaoQi Li at 3/22/2011 12:28:00 AM
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)