Here we go. WARNING, First time setting up SEQ. ( Flame away )

Issue: No packets seen from SEQ box running Full install of Redhat 8.0

Read every frigen post/faq I can find about this topic..

Conclusion is: my new Hub doesn’t seem to be just a Hub

Topology:

Internet (dial-up External serial US Robotics) ( Random IP)
|
Nexland ISB Pro 400 (switch, router, firewall) 192.168.0.1
|
Network Everywhere NH1005-WM 5-port Hub (brand new $30.00 POS from wally world)
| |
Redhat 8.0 (192.168.0.3) and Windows XP Pro (192.168.0.2) (connected to ports 2 and 3 of the hub with the uplink coming from the router)

When testing by tcpdump –I eth0 | grep 192.168.0.2
It will not receive any packets, although I am able to ping the windows box with out issue


The install went seamless from the http://www.macsrule.com/~seqfaq/seq-faq.html section.


Does anyone know or have an idea if it’s the Hub and/or is there anything else I can try, that might be able to further point me in the right direction?

Thanks

Hmm, I googled that hub model number you gave and can't find anything. Sounds to me like it's a switch though. Does it have activity lights on it? Do all the lights blink when you have network traffic on one machine, or just the one that the active machine is plugged into? Do you have a friend that runs Seq whose hub you can check with? This is the most likely problem because your network appears to be set up properly.

Oh, and just to be clear, your connection from your router to the hub is from a regular port in the router and the uplink port in the hub, not the other way around, right?

One last thing...does your hub have an uplink button or switch on it? If so, make sure it's in uplink mode and not "normal" mode. This probably isn't your problem though, as you wouldn't be able to get to the Internet if it wasn't right.

Also, please realize that even if you get it seeing packets properly, it still won't work at the moment. It's been broken since the Feb 3 patch.

Thanks for the quick response.

The Hub does have activity lights for each port, which im now noticing that they do blink independently of each other when transmitting / receiving.

And I don’t know anyone that’s running SEQ currently or has a hub for that matter.

As for the router, it is running from a regular port to the uplink section of the Hub. There is no switch or setting for that, just looks like you just have to put it in position 1 for uplink to happen.

Did try another thing to test the connection: tcpdump port 26000 did show activity when running the sniffer from winXP.

Anyways this Hub will be making a trip back to the store.. Is there any model out there that seams to be reliable for its intended use?

Thanks again

I thought I would throw in my 2 cents to save you some money. First and foremost- from my experience- ALL recent Linksys hubs are switches in SOME way.

Let me explain: I was under the impression that if both computers (win and linux) were connected at 100mbps, there was no issue even though the hub was 10/100. Wrong! Regardless of the speed, the SEQ box could never get the packets.

This is the interesting part. For some reason (*throws his hands up in the air*) my SEQ box could pick up various packets from my win box because the router was shooting some packets BACK at the SEQ box. Reasons unknown.

What I've found to be a reliable solution is to find the crappiest, cheapest, slowest hub (10mbps) you can find and use that. Viola! Both my win box and SEQ box were forced down to 10mbps and sniffing packets went off without any problems.

As for brands- I *think* my crappy hub is an old D-Link but I'm not positive (its in the attic atm) Just stay away from all the new-fangled ones- they are evil switches in disguise!

Compuboy86

If the activity LEDs on the "HUB" blink independently ... its most likely a switch :/

Hmmm i have not tried it, but this seems to be worth a look ;)

http://www.linuxjournal.com/article.php?sid=5869&mode=thread&order=0



Methods to Sniff on a Switch
As mentioned earlier, a switch is certainly more secure than a hub when it comes to sniffing, but it is certainly not immune. The following methods are used to sniff the traffic on a switch:


ARP Spoofing: We have explained earlier how ARP is used to obtain the MAC address of the destination machine with which we wish to communicate. The ARP is stateless, you can send a ARP reply, even if one has not been asked for and such a reply will be accepted. Ideally, when you want to sniff the traffic originating from a machine, you need to ARP spoof the gateway of the network. The ARP cache of that machine will now have a wrong entry for the gateway and is said to be "poisoned". This way all the traffic from that machine destined for the gateway will pass through your machine. Another trick that can be used is to poison a hosts ARP cache by setting the gateway's MAC address to FF:FF:FF:FF:FF:FF(also known as the broadcast MAC). There are various utilities available for ARP spoofing. An excellent tool for this is the arpspoof utility that comes with the dsniff suite. Using arpspoof to poison the ARP cache of a machine is accomplished by giving the command:

[root@tachyon dhar]# arpspoof -t 203.199.66.243 203.199.66.193
0:80:ad:7c:7:3a 52:54:5:f3:95:1 0806 42: arp reply 203.199.66.193 is-at 0:80:ad:7c:7:3a
0:80:ad:7c:7:3a 52:54:5:f3:95:1 0806 42: arp reply 203.199.66.193 is-at 0:80:ad:7c:7:3a

The -t flag specifies the target whose ARP cache we wish to poison, and the other argument is the IP address of the gateway that we wish to spoof. Now all the data destined for the gateway from the target machine will have to pass through our machine. Before you ARP spoof the gateway, however, it is essential to turn on IP Forwarding for your machine. This can be done by giving the command:


[root@tachyon dhar]# echo 1 > /proc/sys/net/ipv4/ip_forward
[root@tachyon dhar]# cat /proc/sys/net/ipv4/ip_forward
1
[root@tachyon dhar]#

If the cat command returns a value of 1, then IP Forwarding has been enabled; if it returns 0, it means IP Forwarding has not been enabled.


MAC Flooding: Switches keep a translation table that maps various MAC addresses to the physical ports on the switch. As a result of this, a switch can intelligently route packets from one host to another, but it has a limited memory for this work. MAC flooding makes use of this limitation to bombard the switch with fake MAC addresses until the switch can't keep up. The switch then enters into what is known as a `failopen mode', wherein it starts acting as a hub by broadcasting packets to all the machines on the network. Once that happens sniffing can be performed easily. MAC flooding can be performed by using macof, a utility which comes with dsniff suite.

[root@tachyon dhar]# macof
77:6b:e1:6e:5e:8c 93:2d:ed:45:f9:e3 0.0.0.0.45702 > 0.0.0.0.11000: S 1847390231:1847390231(0) win 512
84:a4:d3:57:ef:8 12:56:52:42:dc:95 0.0.0.0.16630 > 0.0.0.0.3031: S 1484147693:1484147693(0) win 512
88:f0:9:3f:18:89 d:86:53:53:d7:f8 0.0.0.0.15535 > 0.0.0.0.7466: S 293820390:293820390(0) win 512




Hmm nice Utility for that :) -
not tried too (i still use my old Intel 100 MBit only Hub for SEQ :p)

ettercap: http://ettercap.sourceforge.net/index.php?s=home

Warning: don't try that at work or in any public network environment i.E. University ... it will be considered as an attack !!

Originally posted by Tristatic

As for the router, it is running from a regular port to the uplink section of the Hub. There is no switch or setting for that, just looks like you just have to put it in position 1 for uplink to happen.


This sounds like it could be the problem, you should be going from the uplink port on the router to a regular port on the hub. I have a Linksys router and hub and have it set up like this with no probs at all. Most hubs I've played with, if you tried to make traffic go into the hub thru the uplink port, nothing happens. I'm not familiar with that model, so can't comment directly on it.

Good luck!

Since im useing the backup connection feature of the Router (which is the serial modem) to make the connection to my ISP. I am unable to connect anything in the Modem ( uplink ) port on the Nexland ISB Pro 400, seems it will try negate the external modem connection when polling for a connection on the Ethernet side.

What I thought about trying is, make a crossover connection from the router in port 5 to the Hub on port 5. Never tried it but, its always worth a shot..

At work now, so ill try some more stuff later this evening..

Thanks for all your help. After reading this Forum for quite some time and seeing all the “Flame Posts”, I thought for sure I was going to get some flak being my first time..

EDIT PART : Since SEQ isnt working now for anyone, what is the most i can expect from SEQ? ie. reading packets, showing zone, my character info, and so on ?

O-well

Have a good day

I don't want to start an argument, but FYI, my setup is exactly opposite Deminq's. Regular port in the router, uplink port in the hub. My current hub is a D-Link DSH-5 (that's Dual Speed Hub 5 port). It's a 10/100 true hub and works great. They don't make it anymore, but you can find it in various places still. I have also used a Netgear EN104TP. That's a 10mBit only 4 port hub and I believe you can still get them at Big_Computer_Store_01. Port 1 is the uplink port, and make sure you have the uplink button pushed in. The think I really didn't like about the Netgear (other than 10mBit only) is that the ports are in the front. Your cables will block your activity lights, and having the cables in the front is just awkward for me.

On your other question, Seq is currently broken entirely. It doesn't work at all. The GUI will open up and the console will get spammed with errors, and probably eventually a seg fault. Keep your eye on the announcements section for an update, most likely after the LoY release.

Originally posted by LordCrush
If the activity LEDs on the "HUB" blink independently ... its most likely a switch :/


Most hubs only blink an LED when that node is sending data, so you'll still have lights blinking independantly.

When you send a file from one machine to another, both nodes will be blinking because of the fact that the recieving end still sends lots of acknowledgements.

Additionally, to comment on some of the other stuff.

Some hubs auto-sense whether a port is connected to a normal node other another hub/switch. Usually there's just one port that will do this.

You can always use a crossover cable too, and in fact most high end switches don't have special uplink ports, you must use these special cables.

The big problem with packet sniffing on any new hub today is that they are usually switches. My friend just got a 5 port CompUSA $20 special, and it ended up being a switch. It seems as though the manufacturers are all making switching boards now, so it's cheaper for them to just manufacture all switches and call some of them "hubs" and make them cheap.

What you could do in this setup is:

Modem
|
Router (192.168.0.1)
|
eth0 of linux box (192.168.0.2)
eth1 of linux box (192.168.1.1)
|
Windows box (192.168.1.2)

You could put 2 NIC's in your linux box, NAT through it (which will be NATed again by your router, but not a big deal). You could use a crossover cable between eth1 on the linux box and the Windows box, or a switch.

A new cheap NIC is the only cost, and if you have another NIC hanging around you can use that. I've never met a NIC that Linux didn't support.

Quick update, took back the wanna-be Hub to wally world.
and stoped buy our local computer/electronics store ( hastings ) and found this Hub made for Xbox and PS/2's. paid $34.00 for it, get it home didnt change a thing towards my connection, and bam up and running, SEQ is now getting spamed from EQ

Company is Gamester
Product is called Lan-Party

its very new, this is the only place i can find that sells it. Gamesterusa.com doesnt even have the product listed yet. And the best thing about it: it even comes with 4 12ft bright neon green cat 5 cables....

http://www.buy.com/retail/games/product.asp?sku=50013279

Thanks for all your help everyone, now just waiting for an update..

Take care..

Originally posted by compuboy86
I thought I would throw in my 2 cents to save you some money. First and foremost- from my experience- ALL recent Linksys hubs are switches in SOME way.

Let me explain: I was under the impression that if both computers (win and linux) were connected at 100mbps, there was no issue even though the hub was 10/100. Wrong! Regardless of the speed, the SEQ box could never get the packets.


thats not a linksys issue, its just the way it is, for everyone, since 100mbit ethernet was created.

All 10/100 hubs are really a 10 mbit hub and a 100 mbit hubbed, which are then switched together.

the differences between 10 and 100 make it so you cannot just connect them together the way non-switched ethernet is, and so you have to switch betwen the two.

you'll find posts on this issue dating back to when this board first went up, and on the old boards, and even on the old old HQ boards, its not anything remotely resembleing an undiscussed, unknown or new issue. redux to the max.

so, either get a 10mbit only hub, or force the seq and eq box to the same speeds.

or make the seq box a nat gateway, and stop worrying about whats a switch and what isnt.