knocker icon indicating copy to clipboard operation
knocker copied to clipboard
verified publisher icon rougeth

Multiple ports not working

Open QkiZMR opened this issue 6 years ago • 4 comments

For example if I want to send knocks on few ports with knocker -d 1000 -p tcp somehost.example.com 123 456 789 command only first knock is sent. All other didnt reach target server.

QkiZMR avatar Jun 13 '19 12:06 QkiZMR

Hey @QkiZMR, do you still have this issue? I couldn't reproduce it.

Running the example_server.py, I'm able to knock all the 3 ports:

❯ python knocker.py -d 1000 -p tcp localhost 59580 59581 59582
knock... knock...

Server output:

❯ python example_server.py
Listening ports: 59580 59581 59582
Ping on 59580
Ping on 59581
Ping on 59582

rougeth avatar May 15 '20 23:05 rougeth

Need to check it because I don't use it since didn't work for me.

QkiZMR avatar May 16 '20 05:05 QkiZMR

Still not working but now I checked traffic with tcpdump, not only log files of knockd service like last time. It's even worst that I thought. First log from tcpdump is from working app, works as expected:

 root  /  var  log  tcpdump -n  port 123 or port 456 or port 789                                     tcpdump: verbose output suppressed, use -v or -vv for full protocol decode                               listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes                                20:03:00.631581 IP 5.173.156.15.20778 > 123.45.50.9.123 Flags [S], seq 1751808396, win 65535, options [mss 1424,sackOK,TS val 117028758 ecr 0,nop,wscale 9], length 0                                           20:03:01.750699 IP 5.173.156.15.20780 > 123.45.50.9.456: Flags [S], seq 2502359276, win 65535, options [mss 1424,sackOK,TS val 117029092 ecr 0,nop,wscale 9], length 0                                           20:03:02.950371 IP 5.173.156.15.20782 > 123.45.50.9.789: Flags [S], seq 968692455, win 65535, options [mss 1424,sackOK,TS val 117029434 ecr 0,nop,wscale 9], length 0

Then I checked with knocker and this is tcpdump output:

20:03:28.470823 IP 5.173.156.15.51801 > 123.45.50.9.123: Flags [S], seq 3988535611, win 65535, options [mss 1424,sackOK,TS val 117037105 ecr 0,nop,wscale 9], length 0                                           20:03:29.510794 IP 5.173.156.15.51801 > 123.45.50.9.123: Flags [S], seq 3988535611, win 65535, options [mss 1424,sackOK,TS val 117037406 ecr 0,nop,wscale 9], length 0                                           20:03:29.510872 IP 5.173.156.15.51800 > 123.45.50.9.456: Flags [S], seq 1731991619, win 65535, options [mss 1424,sackOK,TS val 117037423 ecr 0,nop,wscale 9], length 0                                           20:03:30.549656 IP 5.173.156.15.51800 > 123.45.50.9.456: Flags [S], seq 1731991619, win 65535, options [mss 1424,sackOK,TS val 117037724 ecr 0,nop,wscale 9], length 0                                           20:03:30.549789 IP 5.173.156.15.51795 > 123.45.50.9.789: Flags [S], seq 973576454, win 65535, options [mss 1424,sackOK,TS val 117037741 ecr 0,nop,wscale 9], length 0                                            20:03:31.589639 IP 5.173.156.15.51795 > 123.45.50.9.789: Flags [S], seq 973576454, win 65535, options [mss 1424,sackOK,TS val 117038042 ecr 0,nop,wscale 9], length 0

That's why I saw only first packet in logs because rest was not matched. It looks like knocker is sending double packets.

QkiZMR avatar May 18 '20 18:05 QkiZMR

I'm checking knocker on Termux environment, knocker installed by pip

QkiZMR avatar May 18 '20 18:05 QkiZMR