[Pkg-netmeasure-discuss] scamper sniff: sniff_state_alloc: could not get dl: Success

Matthew Luckie mjl at luckie.org.nz
Sun Feb 11 21:20:26 GMT 2024 

I am not sure exactly why scamper gets two copies of the echo reply on 
the loopback interface.  But just to tie this one off, the intended use 
case of this functionality is reverse traceroute, which wants to capture 
echo replies at the specified address, and ICMP error messages (time 
exceeded, etc) where the source address in the quoted IP packet in the 
error message has the specified address, and some other system is 
sending packets spoofing that address as their source address.  It is 
straight forward to change the code to do something else in addition to 
this behavior if that is of particular interest.

I had a quick check:

system A with address 192.168.3.28
scamper -o test.warts -I "sniff -S 192.168.3.28 -c 4 icmp[icmpid] == 1"

system B with a different address:
scamper -I "ping -c 4 -S 192.168.3.28 -F 1 -O spoof 192.172.226.122"

system A:
sc_wartsdump test.warts
list id 0, name default, descr "default"
cycle start, list default 0, cycle 0, time Mon Feb 12 09:57:04 2024
sniff 192.168.3.28
  list id: 0, name: default
  cycle id: 0
  user-id: 0
  start: Mon Feb 12 09:57:04 2024 158096
  finish: Mon Feb 12 09:57:27 2024 716199
  limit-pktc: 4, limit-time: 60s, icmp-id 1
  result: limit-pktc, pktc: 4
    0 20.489132 192.172.226.122 -> 192.168.3.28
      0x0000:  4500 0058 0000 4000 3701 dcb9 c0ac e27a
      0x0010:  c0a8 031c 0000 3c3b 0001 0000 c0a8 031b
      0x0020:  0000 0000 0000 0000 0000 0000 0000 0000
      0x0030:  0000 0000 0000 0000 0000 0000 0000 0000
      0x0040:  0000 0000 0000 0000 0000 0000 0000 0000
      0x0050:  0000 0000 0000 0000
    1 21.510116 192.172.226.122 -> 192.168.3.28
      0x0000:  4500 0058 0000 4000 3701 dcb9 c0ac e27a
      0x0010:  c0a8 031c 0000 3c3a 0001 0001 c0a8 031b
      0x0020:  0000 0000 0000 0000 0000 0000 0000 0000
      0x0030:  0000 0000 0000 0000 0000 0000 0000 0000
      0x0040:  0000 0000 0000 0000 0000 0000 0000 0000
      0x0050:  0000 0000 0000 0000
    2 22.533386 192.172.226.122 -> 192.168.3.28
      0x0000:  4500 0058 0000 4000 3701 dcb9 c0ac e27a
      0x0010:  c0a8 031c 0000 3c39 0001 0002 c0a8 031b
      0x0020:  0000 0000 0000 0000 0000 0000 0000 0000
      0x0030:  0000 0000 0000 0000 0000 0000 0000 0000
      0x0040:  0000 0000 0000 0000 0000 0000 0000 0000
      0x0050:  0000 0000 0000 0000
    3 23.558086 192.172.226.122 -> 192.168.3.28
      0x0000:  4500 0058 0000 4000 3701 dcb9 c0ac e27a
      0x0010:  c0a8 031c 0000 3c38 0001 0003 c0a8 031b
      0x0020:  0000 0000 0000 0000 0000 0000 0000 0000
      0x0030:  0000 0000 0000 0000 0000 0000 0000 0000
      0x0040:  0000 0000 0000 0000 0000 0000 0000 0000
      0x0050:  0000 0000 0000 0000
cycle stop, list default 0, cycle 0, time Mon Feb 12 09:57:27 2024

The code seems to be working as I intended (which might not be precisely 
what the man page contains).

On 10/02/24 13:07, Marek Küthe wrote:
> Hello,
> 
> In addition to the previous e-mail, I now also have problems with sniff
> at `::1`. The packets now seem to be recorded twice. If I set `-c 10`,
> only 5 packets are actually accepted. I think this is because I am both
> sending and receiving on lo. However, as far as I understand the
> scamper man page, only receiving packets are recorded. Am I making a
> mistake here?
> 
> Man page:
> ```
> sniff: capture a subset of packets **arriving** at the host using a
> subset of tcpdump-style filter expressions.
> ```
> 
> ```
> $ scamper -O warts -o test.warts -I "sniff -S ::1 -c 10 icmp[icmpid] == 1"
> $ sc_warts2pcap -o test.pcap test.warts
> $ tcpdump -r test.pcap
> reading from file test.pcap, link-type RAW (Raw IP), snapshot length 65535
> 00:01:10.768614 IP6 localhost > localhost: ICMP6, echo reply, id 1, seq 1, length 64
> 00:01:10.768614 IP6 localhost > localhost: ICMP6, echo reply, id 1, seq 1, length 64
> 00:01:11.781370 IP6 localhost > localhost: ICMP6, echo reply, id 1, seq 2, length 64
> 00:01:11.781371 IP6 localhost > localhost: ICMP6, echo reply, id 1, seq 2, length 64
> 00:01:12.795107 IP6 localhost > localhost: ICMP6, echo reply, id 1, seq 3, length 64
> 00:01:12.795108 IP6 localhost > localhost: ICMP6, echo reply, id 1, seq 3, length 64
> 00:01:13.808204 IP6 localhost > localhost: ICMP6, echo reply, id 1, seq 4, length 64
> 00:01:13.808206 IP6 localhost > localhost: ICMP6, echo reply, id 1, seq 4, length 64
> 00:01:14.824526 IP6 localhost > localhost: ICMP6, echo reply, id 1, seq 5, length 64
> 00:01:14.824528 IP6 localhost > localhost: ICMP6, echo reply, id 1, seq 5, length 64
> ```
> 
> Greetings
> Marek Küthe
>

More information about the Pkg-netmeasure-discuss mailing list