Why does Linux not deliver data to applications when the packets come via a hotspot?
up vote
0
down vote
favorite
My goal is to intercept traffic with a MITM proxy. To do this, I configured my laptop to host a Wi-Fi hotspot, connected the smartphone, started the proxy, and configured the smartphone to use my laptop as proxy on this Wi-Fi network.
The host IP is 10.42.0.1 and the client 10.42.0.2. The proxy is listening on port 8080, any interface. It shows up correctly in netstat and I can netcat to it from localhost. The Android phone is configured to proxy via 10.42.0.1 port 8080.
From the phone, I can ping 10.42.0.1; in Wireshark I see the echo requests coming in and the responses going out.
When the phone sends a TCP or UDP packet, however, the system does not respond. When listening on the hotspot with netcat on UDP and sending UDP data from the phone, the data is not delivered to netcat. I can see the packet, with data, incoming in Wireshark, but the terminal remains blank. When listening on TCP, I can see in Wireshark the SYN packet coming in from the phone, but it is never acknowledged (no SYN+ACK response).
The hotspot (10.42.0.1) clearly has ARP and a route back or ICMP echo responses would not go out. There is no host firewall installed. The issue persists after a reboot.
What could be the problem?
networking networkmanager
asked Nov 29 at 13:21
Luc
1,0581123
add a comment |
up vote
0
down vote
favorite
My goal is to intercept traffic with a MITM proxy. To do this, I configured my laptop to host a Wi-Fi hotspot, connected the smartphone, started the proxy, and configured the smartphone to use my laptop as proxy on this Wi-Fi network.
The host IP is 10.42.0.1 and the client 10.42.0.2. The proxy is listening on port 8080, any interface. It shows up correctly in netstat and I can netcat to it from localhost. The Android phone is configured to proxy via 10.42.0.1 port 8080.
From the phone, I can ping 10.42.0.1; in Wireshark I see the echo requests coming in and the responses going out.
When the phone sends a TCP or UDP packet, however, the system does not respond. When listening on the hotspot with netcat on UDP and sending UDP data from the phone, the data is not delivered to netcat. I can see the packet, with data, incoming in Wireshark, but the terminal remains blank. When listening on TCP, I can see in Wireshark the SYN packet coming in from the phone, but it is never acknowledged (no SYN+ACK response).
The hotspot (10.42.0.1) clearly has ARP and a route back or ICMP echo responses would not go out. There is no host firewall installed. The issue persists after a reboot.
What could be the problem?
networking networkmanager
asked Nov 29 at 13:21
Luc
1,0581123
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
My goal is to intercept traffic with a MITM proxy. To do this, I configured my laptop to host a Wi-Fi hotspot, connected the smartphone, started the proxy, and configured the smartphone to use my laptop as proxy on this Wi-Fi network.
The host IP is 10.42.0.1 and the client 10.42.0.2. The proxy is listening on port 8080, any interface. It shows up correctly in netstat and I can netcat to it from localhost. The Android phone is configured to proxy via 10.42.0.1 port 8080.
From the phone, I can ping 10.42.0.1; in Wireshark I see the echo requests coming in and the responses going out.
When the phone sends a TCP or UDP packet, however, the system does not respond. When listening on the hotspot with netcat on UDP and sending UDP data from the phone, the data is not delivered to netcat. I can see the packet, with data, incoming in Wireshark, but the terminal remains blank. When listening on TCP, I can see in Wireshark the SYN packet coming in from the phone, but it is never acknowledged (no SYN+ACK response).
The hotspot (10.42.0.1) clearly has ARP and a route back or ICMP echo responses would not go out. There is no host firewall installed. The issue persists after a reboot.
What could be the problem?
networking networkmanager
asked Nov 29 at 13:21
Luc
1,0581123
My goal is to intercept traffic with a MITM proxy. To do this, I configured my laptop to host a Wi-Fi hotspot, connected the smartphone, started the proxy, and configured the smartphone to use my laptop as proxy on this Wi-Fi network.
The host IP is 10.42.0.1 and the client 10.42.0.2. The proxy is listening on port 8080, any interface. It shows up correctly in netstat and I can netcat to it from localhost. The Android phone is configured to proxy via 10.42.0.1 port 8080.
From the phone, I can ping 10.42.0.1; in Wireshark I see the echo requests coming in and the responses going out.
When the phone sends a TCP or UDP packet, however, the system does not respond. When listening on the hotspot with netcat on UDP and sending UDP data from the phone, the data is not delivered to netcat. I can see the packet, with data, incoming in Wireshark, but the terminal remains blank. When listening on TCP, I can see in Wireshark the SYN packet coming in from the phone, but it is never acknowledged (no SYN+ACK response).
The hotspot (10.42.0.1) clearly has ARP and a route back or ICMP echo responses would not go out. There is no host firewall installed. The issue persists after a reboot.
What could be the problem?
networking networkmanager
networking networkmanager
asked Nov 29 at 13:21
Luc
1,0581123
asked Nov 29 at 13:21
Luc
1,0581123
asked Nov 29 at 13:21
Luc
1,0581123
asked Nov 29 at 13:21
Luc
1,0581123
asked Nov 29 at 13:21
Luc
1,0581123
1,0581123
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
While writing the question I realized that, although I knew it couldn't be a firewall because I had none installed, and it couldn't be iptables because they wouldn't persist past a reboot, I realized that I did not actually check that no iptables rules were set.
# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:isakmp
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:8528
It turns out that something, probably NetworkManager in its infinite wisdom, decided to add some rules for us, happy to unexpectedly supply a firewall.
A workaround is to kill some rules and reset the default policy:
# iptables -L --line-numbers
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT udp -- anywhere anywhere udp dpt:bootps
2 ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
3 ACCEPT udp -- anywhere anywhere udp dpt:domain
4 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
5 DROP all -- anywhere anywhere state INVALID
# iptables -D INPUT 5
# iptables --policy INPUT ACCEPT
I cannot find any reference to any of this in the NetworkManager documentation or even source code. I don't know what this port 8528 is that it seems to allow by default (it's not registered nor referenced anywhere) and I can't quickly find the relevant code that calls iptables, or find any relevant settings to stop it from firewalling the connection. Perhaps NetworkManager calls some other software that subsequently installs this?
answered Nov 29 at 13:21
Luc
1,0581123
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
While writing the question I realized that, although I knew it couldn't be a firewall because I had none installed, and it couldn't be iptables because they wouldn't persist past a reboot, I realized that I did not actually check that no iptables rules were set.
# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:isakmp
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:8528
It turns out that something, probably NetworkManager in its infinite wisdom, decided to add some rules for us, happy to unexpectedly supply a firewall.
A workaround is to kill some rules and reset the default policy:
# iptables -L --line-numbers
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT udp -- anywhere anywhere udp dpt:bootps
2 ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
3 ACCEPT udp -- anywhere anywhere udp dpt:domain
4 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
5 DROP all -- anywhere anywhere state INVALID
# iptables -D INPUT 5
# iptables --policy INPUT ACCEPT
I cannot find any reference to any of this in the NetworkManager documentation or even source code. I don't know what this port 8528 is that it seems to allow by default (it's not registered nor referenced anywhere) and I can't quickly find the relevant code that calls iptables, or find any relevant settings to stop it from firewalling the connection. Perhaps NetworkManager calls some other software that subsequently installs this?
answered Nov 29 at 13:21
Luc
1,0581123
add a comment |
up vote
0
down vote
While writing the question I realized that, although I knew it couldn't be a firewall because I had none installed, and it couldn't be iptables because they wouldn't persist past a reboot, I realized that I did not actually check that no iptables rules were set.
# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:isakmp
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:8528
It turns out that something, probably NetworkManager in its infinite wisdom, decided to add some rules for us, happy to unexpectedly supply a firewall.
A workaround is to kill some rules and reset the default policy:
# iptables -L --line-numbers
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT udp -- anywhere anywhere udp dpt:bootps
2 ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
3 ACCEPT udp -- anywhere anywhere udp dpt:domain
4 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
5 DROP all -- anywhere anywhere state INVALID
# iptables -D INPUT 5
# iptables --policy INPUT ACCEPT
I cannot find any reference to any of this in the NetworkManager documentation or even source code. I don't know what this port 8528 is that it seems to allow by default (it's not registered nor referenced anywhere) and I can't quickly find the relevant code that calls iptables, or find any relevant settings to stop it from firewalling the connection. Perhaps NetworkManager calls some other software that subsequently installs this?
answered Nov 29 at 13:21
Luc
1,0581123
add a comment |
up vote
0
down vote
up vote
0
down vote
While writing the question I realized that, although I knew it couldn't be a firewall because I had none installed, and it couldn't be iptables because they wouldn't persist past a reboot, I realized that I did not actually check that no iptables rules were set.
# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:isakmp
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:8528
It turns out that something, probably NetworkManager in its infinite wisdom, decided to add some rules for us, happy to unexpectedly supply a firewall.
A workaround is to kill some rules and reset the default policy:
# iptables -L --line-numbers
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT udp -- anywhere anywhere udp dpt:bootps
2 ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
3 ACCEPT udp -- anywhere anywhere udp dpt:domain
4 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
5 DROP all -- anywhere anywhere state INVALID
# iptables -D INPUT 5
# iptables --policy INPUT ACCEPT
I cannot find any reference to any of this in the NetworkManager documentation or even source code. I don't know what this port 8528 is that it seems to allow by default (it's not registered nor referenced anywhere) and I can't quickly find the relevant code that calls iptables, or find any relevant settings to stop it from firewalling the connection. Perhaps NetworkManager calls some other software that subsequently installs this?
answered Nov 29 at 13:21
Luc
1,0581123
While writing the question I realized that, although I knew it couldn't be a firewall because I had none installed, and it couldn't be iptables because they wouldn't persist past a reboot, I realized that I did not actually check that no iptables rules were set.
# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:isakmp
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:8528
It turns out that something, probably NetworkManager in its infinite wisdom, decided to add some rules for us, happy to unexpectedly supply a firewall.
A workaround is to kill some rules and reset the default policy:
# iptables -L --line-numbers
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT udp -- anywhere anywhere udp dpt:bootps
2 ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
3 ACCEPT udp -- anywhere anywhere udp dpt:domain
4 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
5 DROP all -- anywhere anywhere state INVALID
# iptables -D INPUT 5
# iptables --policy INPUT ACCEPT
I cannot find any reference to any of this in the NetworkManager documentation or even source code. I don't know what this port 8528 is that it seems to allow by default (it's not registered nor referenced anywhere) and I can't quickly find the relevant code that calls iptables, or find any relevant settings to stop it from firewalling the connection. Perhaps NetworkManager calls some other software that subsequently installs this?
answered Nov 29 at 13:21
Luc
1,0581123
answered Nov 29 at 13:21
Luc
1,0581123
answered Nov 29 at 13:21
Luc
1,0581123
answered Nov 29 at 13:21
Luc
1,0581123
1,0581123
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1379415%2fwhy-does-linux-not-deliver-data-to-applications-when-the-packets-come-via-a-hots%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
