I know this may be an impossible question, since we are dealing with two different layers of the network, but is it possible to send a reply to an ARP request using PHP sockets?
If so how....such as What port and ip address would you connect the socket to? Again, I understand that arp doesn't use a port number...at least not that I can tell.
I want to do it in PHP, but for those that are going to question my intentions, it is ultimately for a program I am writing for a some piece of hardware. It seems that as though the NIC does not reply to ARP requests, so I want to generate the response manually.
Basically, the only sort of functions that would get me close are socket functions. UDP and TCP.
Oh, I forgot....if Arp is not possible with sockets, is it possible that when I broadcast an "A" record for my hostname, that I can give my MAC address to the router in some sort of dns answer, so the router can respond to arp requests for the hardware's ip address.
ARP runs on the link layer, sockets run on IP. If your host does not respond to ARP requests, it can never correctly receive TCP or UDP packets. You need to implement ARP in the operating system or network stack. It is not possible nor desirable to do so in PHP.
As Sjoerd says: no way through the 'normal' channels as ARP isn't even IP. But if you can call libpcap from PHP, you can use it to sniff ARP requests and also inject replies.
Reading your edits: DNS also won't help as it manages IP addresses, not MAC ones.
Related
I have a reactphp script opening multiple ports for listening. Code comes down to trying to open a socket on port x, if occupied choose port+1.
I've found that I can open multiple sockets for the same port without error message which makes the above method of finding a "free" port invalid:
var_dump($s1 = stream_socket_server("tcp://127.0.0.1:7777", $errno, $errstr));
var_dump($s2 = stream_socket_server("tcp://127.0.0.1:7777", $errno, $errstr));
Both calls return a resource with different id. Why does this happen and is it possible that a port already has an open socket from the same process (without keeping book on the sockets)?
PS.: Opening two sockets from different processes fails as expected.
Related questions: Multiple UDP Sockets to listen for specific source on the same port
Update
See https://3v4l.org/6eWY1, it seems the decribed behaviour applies to Windows versions of PHP only.
Have a look at this technique to test if a port is open.
I get the same results with your code and this technique works for me to identify if a port was already open by the same process.
That could be an option if you don't mind the overhead.
FYI I do not know PHP and I primarily use Linux, so your mileage may vary. It seems though that I might help you with some tcp knowledge. If you already know this, forgive me and ignore my answer ;)
So I don't know how you connected to your server socket and how your server handled the connection, but if it is programmed correctly your server will not occupy the port, hence blocking future connections. You can of course do that if you want to.
Normally when you create a server, you want to have 1 known port, so that multiple clients can connect to it (like port 80 for http). The server uses 'listen' to listen for connections, followed by an 'accept' and finally a 'close'. The accept makes sure that you can get multiple connections via your server port.
Btw:
you can find a free port by opening a socket on port 0.
you can handle multiple sockets via 'select'
a nice book to read up on sockets is Working with Tcp sockets by Jesse Storimer (FYI I don't have stocks, only the book ;). But there are many intros to socket programming if your google fu is with you.
I'm making a simple port scanner in PHP, and am trying to figure out how I'd request the name of the service I'm connecting to, similar to how Nmap is able to discover services.
I'm using fsockopen() to open the socket, so I'd use fwrite($socket, "WHAT SERVICE AM I COMMUNICATING WITH?") to ask the question, then listen using fgets($socket).
How do I ask the service what it is?
It's hard coded into the program what the different ports are for. The remote applications don't report them. There are tons of lists on the internet that provide this information.
Same thing for looking at standard services and responses from similar services on different OSs. That's how nmap guesses what OS it's talking to.
Here is a decent starting point.
Here is the source file with the port mappings for nmap.
The scary part is the code that tells which versions and such is running. That's here and I'm glad I don't have to write this :\
Last one, pretty sure this is the file that says how to guess which OS a remote computer is: here
I have a problem that is stuck in my mind for almost 24 hours, and at this moment I don't know how to fix it.
Here is the thing: I want to have one 'main' socket on my server that processes all incoming data and sends it to other clients using PHP. That part goes fine, but I want to connect with that socket using multiple subdomains, e.g. ex.example.com. The thing with this is, that you cannot connect with that subdomain unless you have a socket running on it, and that just fills up your ports and that is what I'm trying to prevent.
The best solution is to make Apache process the incoming TCP request, saves the data on which domain you are connecting, and then redirects the client to the main socket, which processes the received data and immediately acts when the client is accepted.
Honestly, I have no idea how to do this. I'm searching for hours, but the only thing I've found was something on Stackoverflow that got close to it: Apache - handling TCP connections, but not HTTP requests
But with that piece of script I am not able to save data (which domain you're using) and send it to the main socket.
I don't know if this can be done by Apache or if it is possible at all, or if there are any other workarounds.
Thank you :)
You are confused about subdomains. Sockets, TCP, and IP all know absolutely nothing about names. DNS wasn't invented until that networking stack had been around for years.
Thus, you can point any number of domains at a single "socket" port on a machine.
Apache can route an incoming request to different "webspaces" (i.e. virtual hosts) based on the destination IP address of the incoming connection(1) or the HTTP/1.1 "Host" header(2). The former was how virtual hosts used to be done but now almost everybody uses the latter.
(1) A machine can have multiple IP addresses even with a single network card but ports are unique to any given protocol on that machine. You point different domains to different addresses and define a reverse-mapping on the webserver so it can tell how the request began.
(2) The value of the "host" is the DNS name that was given to the browser. Since this value is passed explicitly to the webserver, that server doesn't need to rely on tricks like #1.
How can I send my own SYN and ACK packets to a server in php. I do not want the system to do anything, I would like to create my own packets, and send them myself to establish the TCP connection. Can this be done in php, or do I have to use C++ for this, or maybe python, or bash (shell script), which ever is easiest. And can some one direct me to a good place to learn what the contents of a SYN and ACK packet is exactly. I know a SYN packet has the IP address, and other details on where to send the server's ACK reply to.
Thanks,
macintosh264
Sounds like you're looking for a raw network library for PHP. A quick search turned up prnl. Support is likely to be uneven across operating systems, though; so-called "raw sockets" are sometimes considered to be sensitive items.
I am trying to limit traffic to my website so that people trying to screenscrape mass amounts of data will be blocked after a while. I am supposed to do this based on the IPs of incoming requests. I believe I have the IP-limiting functionality written but, I'm stumped on how I can test it. I need to be able to change my IP address many times, to simulate valid traffic. I also need to test >20 different IPs, so a proxy solution for each one will not work for me.
I am testing the code on my local machine (running Ubuntu) so I can change my server settings (Apache) if I need to for this test.
I'm behind a corporate network so I cannot change MAC address/ARP settings to be "re-assigned" a new IP. I was hoping for some sort of localhost IP-changing type thing, so I could take advantage of the fact that the server and client were the same machine.
Also, I was trying to avoid changing the code before it is rolled out to production servers, but that may be the best way to do it.
How can I set this up?
Well, what you could do is instead of actually checking the IP do something like this:
$ip = '1337.1337.1337.1337';
Instead of:
$ip = $_SERVER['REMOTE_ADDR']
And then go on to do your IP checking code.
So then when you are done you could make your $ip variable code look like this:
//$ip = '1337.1337.1337.1337';
$ip = $_SERVER['REMOTE_ADDR']
So you can easily turn on and off the "debug switch"
EDIT:
Or even make the IP dynamic:
$ips = Array('192.168.1.220', '120.843.592.86', '256.865.463.563');
$ip = $ips[rand(1,count($ips)-1)];
You can easily do that by running the following command on linux:
ifconfig eth0:0 127.0.0.2
ifconfig eth0:1 127.0.0.3
etc... (creating fake local interfaces)
You may have to configure apache to listen on those ips if you're not listening on 0.0.0.0 (all interfaces), then you can directly access those IPs.
If you want to use other ips, you can easily do that too, but remember to remove them once your tests are done.
This will only work from your local machine, to your local machine.
There are many ways you can test this. The easiest way imo would be to create a list of ARP entries where the IP addresses you are impersonating point to the MAC address of the server. You could then write a simple app that sets the src address to each of the impersonated IP addresses, connect and send whatever HTTP request you want. The server should reply just fine.
You want to consider doing this at the firewall level (if not the corp border firewall than a SW firewall on your host). There are many situations where an abusive host can still take down or affect performance on your site if you are only limiting them at the application level. They are still consuming sockets on and web server worker threads even though you end up rejecting them. You may even have some code that has some expense before the IP check. It really all depends on how lightweight your application is, but one thing is sure, a firewall, whether hardware or sw, can block unruly clients way more efficiently than your application can.
This answer is probably overkill for this application, but I like using tcpdump / libpcap, winpcap, and raw sockets for generating traffic. You not only have great control over the volume going to and from your application, you learn a lot about what you can expect firewall/traffic filter settings to do for you and what kinds of traffic is being blocked that you didn't expect (or that you don't want blocked).
use the random function and set limit to rand(0,255) and concat string in to the IP format. when ever you calling you will get new IP address