Why does Linux not deliver data to applications when the packets come via a hotspot?











up vote
0
down vote

favorite












My goal is to intercept traffic with a MITM proxy. To do this, I configured my laptop to host a Wi-Fi hotspot, connected the smartphone, started the proxy, and configured the smartphone to use my laptop as proxy on this Wi-Fi network.



The host IP is 10.42.0.1 and the client 10.42.0.2. The proxy is listening on port 8080, any interface. It shows up correctly in netstat and I can netcat to it from localhost. The Android phone is configured to proxy via 10.42.0.1 port 8080.



From the phone, I can ping 10.42.0.1; in Wireshark I see the echo requests coming in and the responses going out.



When the phone sends a TCP or UDP packet, however, the system does not respond. When listening on the hotspot with netcat on UDP and sending UDP data from the phone, the data is not delivered to netcat. I can see the packet, with data, incoming in Wireshark, but the terminal remains blank. When listening on TCP, I can see in Wireshark the SYN packet coming in from the phone, but it is never acknowledged (no SYN+ACK response).



The hotspot (10.42.0.1) clearly has ARP and a route back or ICMP echo responses would not go out. There is no host firewall installed. The issue persists after a reboot.



What could be the problem?










share|improve this question


























    up vote
    0
    down vote

    favorite












    My goal is to intercept traffic with a MITM proxy. To do this, I configured my laptop to host a Wi-Fi hotspot, connected the smartphone, started the proxy, and configured the smartphone to use my laptop as proxy on this Wi-Fi network.



    The host IP is 10.42.0.1 and the client 10.42.0.2. The proxy is listening on port 8080, any interface. It shows up correctly in netstat and I can netcat to it from localhost. The Android phone is configured to proxy via 10.42.0.1 port 8080.



    From the phone, I can ping 10.42.0.1; in Wireshark I see the echo requests coming in and the responses going out.



    When the phone sends a TCP or UDP packet, however, the system does not respond. When listening on the hotspot with netcat on UDP and sending UDP data from the phone, the data is not delivered to netcat. I can see the packet, with data, incoming in Wireshark, but the terminal remains blank. When listening on TCP, I can see in Wireshark the SYN packet coming in from the phone, but it is never acknowledged (no SYN+ACK response).



    The hotspot (10.42.0.1) clearly has ARP and a route back or ICMP echo responses would not go out. There is no host firewall installed. The issue persists after a reboot.



    What could be the problem?










    share|improve this question
























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      My goal is to intercept traffic with a MITM proxy. To do this, I configured my laptop to host a Wi-Fi hotspot, connected the smartphone, started the proxy, and configured the smartphone to use my laptop as proxy on this Wi-Fi network.



      The host IP is 10.42.0.1 and the client 10.42.0.2. The proxy is listening on port 8080, any interface. It shows up correctly in netstat and I can netcat to it from localhost. The Android phone is configured to proxy via 10.42.0.1 port 8080.



      From the phone, I can ping 10.42.0.1; in Wireshark I see the echo requests coming in and the responses going out.



      When the phone sends a TCP or UDP packet, however, the system does not respond. When listening on the hotspot with netcat on UDP and sending UDP data from the phone, the data is not delivered to netcat. I can see the packet, with data, incoming in Wireshark, but the terminal remains blank. When listening on TCP, I can see in Wireshark the SYN packet coming in from the phone, but it is never acknowledged (no SYN+ACK response).



      The hotspot (10.42.0.1) clearly has ARP and a route back or ICMP echo responses would not go out. There is no host firewall installed. The issue persists after a reboot.



      What could be the problem?










      share|improve this question













      My goal is to intercept traffic with a MITM proxy. To do this, I configured my laptop to host a Wi-Fi hotspot, connected the smartphone, started the proxy, and configured the smartphone to use my laptop as proxy on this Wi-Fi network.



      The host IP is 10.42.0.1 and the client 10.42.0.2. The proxy is listening on port 8080, any interface. It shows up correctly in netstat and I can netcat to it from localhost. The Android phone is configured to proxy via 10.42.0.1 port 8080.



      From the phone, I can ping 10.42.0.1; in Wireshark I see the echo requests coming in and the responses going out.



      When the phone sends a TCP or UDP packet, however, the system does not respond. When listening on the hotspot with netcat on UDP and sending UDP data from the phone, the data is not delivered to netcat. I can see the packet, with data, incoming in Wireshark, but the terminal remains blank. When listening on TCP, I can see in Wireshark the SYN packet coming in from the phone, but it is never acknowledged (no SYN+ACK response).



      The hotspot (10.42.0.1) clearly has ARP and a route back or ICMP echo responses would not go out. There is no host firewall installed. The issue persists after a reboot.



      What could be the problem?







      networking networkmanager






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 29 at 13:21









      Luc

      1,0581123




      1,0581123






















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote













          While writing the question I realized that, although I knew it couldn't be a firewall because I had none installed, and it couldn't be iptables because they wouldn't persist past a reboot, I realized that I did not actually check that no iptables rules were set.



          # iptables -L
          Chain INPUT (policy DROP)
          target prot opt source destination
          ACCEPT udp -- anywhere anywhere udp dpt:bootps
          ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
          ACCEPT udp -- anywhere anywhere udp dpt:domain
          ACCEPT tcp -- anywhere anywhere tcp dpt:domain
          DROP all -- anywhere anywhere state INVALID
          ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
          ACCEPT all -- anywhere anywhere
          ACCEPT icmp -- anywhere anywhere
          ACCEPT udp -- anywhere anywhere udp dpt:isakmp
          ACCEPT esp -- anywhere anywhere
          ACCEPT ah -- anywhere anywhere
          ACCEPT tcp -- anywhere anywhere tcp dpt:8528


          It turns out that something, probably NetworkManager in its infinite wisdom, decided to add some rules for us, happy to unexpectedly supply a firewall.



          A workaround is to kill some rules and reset the default policy:



          # iptables -L --line-numbers
          Chain INPUT (policy DROP)
          num target prot opt source destination
          1 ACCEPT udp -- anywhere anywhere udp dpt:bootps
          2 ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
          3 ACCEPT udp -- anywhere anywhere udp dpt:domain
          4 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
          5 DROP all -- anywhere anywhere state INVALID
          # iptables -D INPUT 5
          # iptables --policy INPUT ACCEPT


          I cannot find any reference to any of this in the NetworkManager documentation or even source code. I don't know what this port 8528 is that it seems to allow by default (it's not registered nor referenced anywhere) and I can't quickly find the relevant code that calls iptables, or find any relevant settings to stop it from firewalling the connection. Perhaps NetworkManager calls some other software that subsequently installs this?






          share|improve this answer





















            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "3"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1379415%2fwhy-does-linux-not-deliver-data-to-applications-when-the-packets-come-via-a-hots%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            0
            down vote













            While writing the question I realized that, although I knew it couldn't be a firewall because I had none installed, and it couldn't be iptables because they wouldn't persist past a reboot, I realized that I did not actually check that no iptables rules were set.



            # iptables -L
            Chain INPUT (policy DROP)
            target prot opt source destination
            ACCEPT udp -- anywhere anywhere udp dpt:bootps
            ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
            ACCEPT udp -- anywhere anywhere udp dpt:domain
            ACCEPT tcp -- anywhere anywhere tcp dpt:domain
            DROP all -- anywhere anywhere state INVALID
            ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
            ACCEPT all -- anywhere anywhere
            ACCEPT icmp -- anywhere anywhere
            ACCEPT udp -- anywhere anywhere udp dpt:isakmp
            ACCEPT esp -- anywhere anywhere
            ACCEPT ah -- anywhere anywhere
            ACCEPT tcp -- anywhere anywhere tcp dpt:8528


            It turns out that something, probably NetworkManager in its infinite wisdom, decided to add some rules for us, happy to unexpectedly supply a firewall.



            A workaround is to kill some rules and reset the default policy:



            # iptables -L --line-numbers
            Chain INPUT (policy DROP)
            num target prot opt source destination
            1 ACCEPT udp -- anywhere anywhere udp dpt:bootps
            2 ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
            3 ACCEPT udp -- anywhere anywhere udp dpt:domain
            4 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
            5 DROP all -- anywhere anywhere state INVALID
            # iptables -D INPUT 5
            # iptables --policy INPUT ACCEPT


            I cannot find any reference to any of this in the NetworkManager documentation or even source code. I don't know what this port 8528 is that it seems to allow by default (it's not registered nor referenced anywhere) and I can't quickly find the relevant code that calls iptables, or find any relevant settings to stop it from firewalling the connection. Perhaps NetworkManager calls some other software that subsequently installs this?






            share|improve this answer

























              up vote
              0
              down vote













              While writing the question I realized that, although I knew it couldn't be a firewall because I had none installed, and it couldn't be iptables because they wouldn't persist past a reboot, I realized that I did not actually check that no iptables rules were set.



              # iptables -L
              Chain INPUT (policy DROP)
              target prot opt source destination
              ACCEPT udp -- anywhere anywhere udp dpt:bootps
              ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
              ACCEPT udp -- anywhere anywhere udp dpt:domain
              ACCEPT tcp -- anywhere anywhere tcp dpt:domain
              DROP all -- anywhere anywhere state INVALID
              ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
              ACCEPT all -- anywhere anywhere
              ACCEPT icmp -- anywhere anywhere
              ACCEPT udp -- anywhere anywhere udp dpt:isakmp
              ACCEPT esp -- anywhere anywhere
              ACCEPT ah -- anywhere anywhere
              ACCEPT tcp -- anywhere anywhere tcp dpt:8528


              It turns out that something, probably NetworkManager in its infinite wisdom, decided to add some rules for us, happy to unexpectedly supply a firewall.



              A workaround is to kill some rules and reset the default policy:



              # iptables -L --line-numbers
              Chain INPUT (policy DROP)
              num target prot opt source destination
              1 ACCEPT udp -- anywhere anywhere udp dpt:bootps
              2 ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
              3 ACCEPT udp -- anywhere anywhere udp dpt:domain
              4 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
              5 DROP all -- anywhere anywhere state INVALID
              # iptables -D INPUT 5
              # iptables --policy INPUT ACCEPT


              I cannot find any reference to any of this in the NetworkManager documentation or even source code. I don't know what this port 8528 is that it seems to allow by default (it's not registered nor referenced anywhere) and I can't quickly find the relevant code that calls iptables, or find any relevant settings to stop it from firewalling the connection. Perhaps NetworkManager calls some other software that subsequently installs this?






              share|improve this answer























                up vote
                0
                down vote










                up vote
                0
                down vote









                While writing the question I realized that, although I knew it couldn't be a firewall because I had none installed, and it couldn't be iptables because they wouldn't persist past a reboot, I realized that I did not actually check that no iptables rules were set.



                # iptables -L
                Chain INPUT (policy DROP)
                target prot opt source destination
                ACCEPT udp -- anywhere anywhere udp dpt:bootps
                ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
                ACCEPT udp -- anywhere anywhere udp dpt:domain
                ACCEPT tcp -- anywhere anywhere tcp dpt:domain
                DROP all -- anywhere anywhere state INVALID
                ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
                ACCEPT all -- anywhere anywhere
                ACCEPT icmp -- anywhere anywhere
                ACCEPT udp -- anywhere anywhere udp dpt:isakmp
                ACCEPT esp -- anywhere anywhere
                ACCEPT ah -- anywhere anywhere
                ACCEPT tcp -- anywhere anywhere tcp dpt:8528


                It turns out that something, probably NetworkManager in its infinite wisdom, decided to add some rules for us, happy to unexpectedly supply a firewall.



                A workaround is to kill some rules and reset the default policy:



                # iptables -L --line-numbers
                Chain INPUT (policy DROP)
                num target prot opt source destination
                1 ACCEPT udp -- anywhere anywhere udp dpt:bootps
                2 ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
                3 ACCEPT udp -- anywhere anywhere udp dpt:domain
                4 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
                5 DROP all -- anywhere anywhere state INVALID
                # iptables -D INPUT 5
                # iptables --policy INPUT ACCEPT


                I cannot find any reference to any of this in the NetworkManager documentation or even source code. I don't know what this port 8528 is that it seems to allow by default (it's not registered nor referenced anywhere) and I can't quickly find the relevant code that calls iptables, or find any relevant settings to stop it from firewalling the connection. Perhaps NetworkManager calls some other software that subsequently installs this?






                share|improve this answer












                While writing the question I realized that, although I knew it couldn't be a firewall because I had none installed, and it couldn't be iptables because they wouldn't persist past a reboot, I realized that I did not actually check that no iptables rules were set.



                # iptables -L
                Chain INPUT (policy DROP)
                target prot opt source destination
                ACCEPT udp -- anywhere anywhere udp dpt:bootps
                ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
                ACCEPT udp -- anywhere anywhere udp dpt:domain
                ACCEPT tcp -- anywhere anywhere tcp dpt:domain
                DROP all -- anywhere anywhere state INVALID
                ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
                ACCEPT all -- anywhere anywhere
                ACCEPT icmp -- anywhere anywhere
                ACCEPT udp -- anywhere anywhere udp dpt:isakmp
                ACCEPT esp -- anywhere anywhere
                ACCEPT ah -- anywhere anywhere
                ACCEPT tcp -- anywhere anywhere tcp dpt:8528


                It turns out that something, probably NetworkManager in its infinite wisdom, decided to add some rules for us, happy to unexpectedly supply a firewall.



                A workaround is to kill some rules and reset the default policy:



                # iptables -L --line-numbers
                Chain INPUT (policy DROP)
                num target prot opt source destination
                1 ACCEPT udp -- anywhere anywhere udp dpt:bootps
                2 ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
                3 ACCEPT udp -- anywhere anywhere udp dpt:domain
                4 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
                5 DROP all -- anywhere anywhere state INVALID
                # iptables -D INPUT 5
                # iptables --policy INPUT ACCEPT


                I cannot find any reference to any of this in the NetworkManager documentation or even source code. I don't know what this port 8528 is that it seems to allow by default (it's not registered nor referenced anywhere) and I can't quickly find the relevant code that calls iptables, or find any relevant settings to stop it from firewalling the connection. Perhaps NetworkManager calls some other software that subsequently installs this?







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Nov 29 at 13:21









                Luc

                1,0581123




                1,0581123






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Super User!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.





                    Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                    Please pay close attention to the following guidance:


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1379415%2fwhy-does-linux-not-deliver-data-to-applications-when-the-packets-come-via-a-hots%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    "Incorrect syntax near the keyword 'ON'. (on update cascade, on delete cascade,)

                    Alcedinidae

                    Origin of the phrase “under your belt”?