Decode

[Tardiss]

Anyone know of any way to get the key from my Windows (EQ running) pc to my linux (showeq running) pc? I use Keyring v2.2 and it is sending the key but linux just isn't getting it or decoding it. I tried tcpdump and there is no reference to the key being sent. I've checked with tail -f /var/log/messages and no reference to the key being sent there either. On the Windows XP pc I see it saying it is sending the key but no luck. I don't have programming skills to compile one of the other sniffers that is why I use Keyring.

My windows pc is the gateway so it has 2 nics and one is for my local network which the linux pc is on. Any ideas on how I can get it to send it?

I see this so I know it is looking for it:

Initializing Packet Capture Thread:
Filtering packets on device eth0, IP host xxx.xxx.xxx.xxx <-- example

but this shows up right before the map loads in showeq:

WARNING: NewCorpseCode (4a40) (dataLen:2 != sizeof(newCorpseStruct):34)!
EQPacket::dispatchZoneData():CharProfileCode:Not Decoded


I have the port set correctly in showeq to search for but still no good.

i am using Redhat 8 right out the box with QT 3.0.6 and the newest CVS ShowEQ and libEQ.a

Any ideas?

[permafrost]

The problem seems to exist in the transfer fo the key from your windows box to your ShowEQ box. In the DOS prompt you run the sniffer from, can you ping your ShowEQ box?


permafrost

[baelang]

There is a pretty good chance that you have some sort of firewalling software installed as part of your "out of the box" redhat install.

also make sure that your windows box is routing the packets to the proper interface. (check that you can ping form one to the other, in both directions)

[Tardiss]

I've checked many times and have no problem pinging back and forth between the pc's. I've looked all over, in X-Windows, and cannot find anything that deals with Firewalls to see if one is installed or running. I use the Gnome desktop. Any ideas where it would be located? I did check and Proxy isn't running.

Cheers

[Tardiss]

I did run Lokkit and set it to NO firewall and rebooted and still have the same results.

Cheers

[jbarrio5]

With the price of hardware routers and hubs so cheap now, my recomendation to you is to get yourself a DSL/Cable modem router ($40) and a hub ($20). The reason I suggest that you get a hub also, is due to the fact that most routers today are also switches, so better get that hub while they still make them.
Another solution would be to use your linux box as your router, put that second nic card in your linux box, I sugest that you use Firestarter for your routing configuration, http://firestarter.sourceforge.net/ its the easyest to configure, I know, I used it for quite some time, plus it makes a very nice firewall.
Hope this helps.

[Cryonic]

FYI - Even with iptables running on the Linux box, a NIC in promisc mode will still be able to see all those packets that the firewall is supposed to drop.

I know this because I run Snort and have iptables enabled on the machine to prevent it from doing stupid things (like talking out the listening interface and revealing itself). It still receives all the packets even though some of them should be blocked by the firewall.

Since snort is dependant on libpcap to capture packets (just like SEQ), then running a firewall will not keep SEQ from seeing the packets.

[Tardiss]

Seeing the packets is no problem, its Showeq getting the key that is the problem. Its not getting the key for some reason.

Cheers

[Tyro]

My windows pc is the gateway so it has 2 nics and one is for my local network which the linux pc is on

Sounds like your configuration is:
Internet --> Cable/DSL modem --> Win XP (EQ) --> possible hub --> Linux (SEQ) /possible other computers

Is this correct?

[who_me_use_seq]

That was the way I read that too Tyro, but he claims to be getting packets, so I figured that couldn't actualy be the configuration. /shrug