Obvious problem with UDP key xfer from XP box to ShowEQ box

**Primer_J** · 01-05-2003, 01:52 PM

Today I FTP'ed in the new libEQ.a and CVS'ed in the new verion of showeq and compiled. I then downloaded and compiled the Keyring sniffer. Configured the keyring.ini file to indicate the port I chose which happened to be 47373 and also tossed in the linux boxes ip.

Made sure the offset lined up with the latest one which it did. made sure the md5sum on the libEQ.a was correct.

Fired up showeq and inputed the key port as 47373 - hit save preferences. Show EQ seems like it is working correctly as it is detected the EQ client and went into GPS mode with correct maps etc.

Fired up keyring. Keyring seems like it is functioning correctly, it spits out the correct key and confirms the key has been sent to the linux boxes correct IP and port. Zone out, keyring picks it up and spits out another key and says it sent to the linux box.

The problem is... NO DECODE. So I then use the option in showeq to manually input the key which keyring displayed. I type it in and I get a decode!

So this leads me to believe there is a communication problem with the xfer of that 8 bit key to the linux box. I am running mandrake 8.2 and I would be safe to call myself a linux greenhorn.

I do not have tcpdump installed to do further troubleshooting but is it possible that my box is so tight that the ports might be blocked? Or is there something else I forgot to configure? I read thru many threads and I saw many a people with what it sounded like this same problem.

Thanks

**baelang** · 01-05-2003, 07:53 PM

Originally posted by Primer_J
I do not have tcpdump installed to do further troubleshooting but is it possible that my box is so tight that the ports might be blocked? Or is there something else I forgot to configure? I read thru many threads and I saw many a people with what it sounded like this same problem.

yes, that is likely. check any firewall configuration you may have and be sure to open up the port you chose.

or, you can use some form of file transfer to get the key to seq.

another possible problem is if your linux box acts as a router. showeq only listens on one interface, so if it is listening for EQ packets on the public interface, it won't recieve the key on the private interface.

**cheese_poker** · 01-06-2003, 01:01 PM

I do not have tcpdump installed to do further troubleshooting

Trust me, spend the time to get TCPDUMP working. My Redhat 7.2 box did not have this installed either. But after a day or two searching, installing, compiling, etc. it finally worked. It is a very useful tool to determine whether the packets are making it to the SEQ box.

Search here on tcpdump, and on the web. It takes time, but you'll be happier in the long run.

Good Luck.

**Tardiss** · 01-23-2003, 01:40 PM

My setup is like this:

----internet--->modem----->hub-----> browsing pc
| |
| |
WinXP with EQ<-------| |--------ShowEQ

My winxp has its own IP from my ISP while the other 2 use 192.168.0.xxx ip's and they use the WinXP as a gateway from its 2nd NIC. I can ping my ShowEQ box from my EQ box but the key isn't getting to it and I use Keyring v2.2 TCPDump isn't showing that it gets anything from my EQ pc relating to the Key.

PS. The diagram didn't come out to well but the WinXP with EQ and the ShowEQ box are both coming off the hub as well.

Cheers

**S_B_R** · 01-23-2003, 03:32 PM

Code:

----internet--->modem----->hub-----> browsing pc 
                           || 
                           || 
WinXP with EQ<-------------||------------>ShowEQ

Is that what you ment?

**lane** · 01-24-2003, 10:32 AM

Don't think that would work if he is using the PC as the router. Maybe this:

Code:

----internet--->modem----->browsing pc--->hub 
                                          || 
                                          || 
WinXP with EQ<----------------------------||--------->ShowEQ

Going to recap some things:
1. You are getting GPS, so you don't have a switch in disguse.
2. The decode works if you enter manually, so the key grabber is fine.
3. You can ping back and fourth between the two devices on the hub, so you have good hardware (confirmed by 1,2).

You have probably already checked the port numbers a few times on both boxes. You could try changing that number but I don't think it will make a difference.

I would also suggest getting TCPDUMP running and see if you are even getting the packet. I don't know how you couldn't be, but that is where you are at. I guess if you compiles keyring something could be foobar and it's not sending the key. Also, check the IP address and make sure you are not sending to the EQ computer by mistake.

Also, you don't really have to send the packet to the seq computer, it just has to pass by it like the EQ traffic.

-Lane

**Mr Guy** · 01-26-2003, 07:36 PM

I'm having the same problem.

I can get decode when I type in the key keyring shows on the screen.

tcpdump sees the packet with the key in it.

Port is 11969

I have no clue what to try now, there is no error message on the ShowEQ side, it just says:

set_decoder_key:User specified key port: 11969

---------------------------------------------------

Edit:

This was fixed for me when I told keyring to send the packet to an address across the linux box. IE I told it to send the UDP to sourceforge instead of directly to the linux box. I still don't know why.

**Arrendek** · 01-29-2003, 11:22 AM

My guess is firewall rules. I saw this because the linux box is running it by the firewalling rules if it is being sent to that box, but if the box just ignored it, obviously it won't be going by the firewall. Showeq can see it when you send it to a different box because of the way it snaggs packets out of the passing stream.

Hope that helped.

Arrendek

**baelang** · 01-29-2003, 02:24 PM

Originally posted by Mr Guy
This was fixed for me when I told keyring to send the packet to an address across the linux box. IE I told it to send the UDP to sourceforge instead of directly to the linux box. I still don't know why.

As i have stated many times, SEQ only listens to one interface.

so, if your SEQ/Linux box also acts as your router, it listens for EQ traffic on the public interface. But the key is being sent to the private interface, which SEQ is not listening to. So it dosen't get the key.

What you did was give it an IP address that is routed out the public interface...which SEQ overhears.

The actual IP address that you give keyring does not matter, so long as it is routed over the subnet that SEQ is listening to.

**Mr Guy** · 01-29-2003, 05:39 PM

So if I give it the address of eth0 instead of the internal eth1 it'll hear it?

zedaprime · 01-31-2003, 09:13 AM

I am not the biggest Linux expert in the world, but SEQ does not care about interfaces. All it knows about is IP addresses. It sounds like there is a firewall blocking the SEQ from getting the packets.

There are two things I would do if I were you. The first is to run the 'netstat -anu'. That should give you a listing of all the open UDP ports. If you do not see 47373 listed it an SEQ problem. If I were you I would install tcpdump and do this command "tcpdump 'port 47373'". If tcpdump never sees the key my guess would be that you have a firewall setup.

I have had the exact same problem and that is how I figured it out. Hope that helps

**Cryonic** · 01-31-2003, 10:22 AM

Uh, SEQ does care about interfaces. It doesn't put all the NICs in promisc mode when it is running, just the NIC specified to it to look for traffic. If you feed it the wrong NIC it doesn't catch all the traffic (this is why you specify the NIC connected to your internal network when the SEQ box is your router/gateway).

Thread: Obvious problem with UDP key xfer from XP box to ShowEQ box

Thread Tools

Rate This Thread

Display

Obvious problem with UDP key xfer from XP box to ShowEQ box

Re: Obvious problem with UDP key xfer from XP box to ShowEQ box

Same problem

Re: Same problem

Thread Information

Users Browsing this Thread

Posting Permissions