network – Very slow to establish a TCP connection with the router

I am using macOS 11.4 and padavan firmware on the router.
It’s quite slow (a few to tens of seconds) when I connect to the router’s admin page from macOS, and tcpdump showed that a lot of tcp connections are stuck at the first handshake, the router didn’t reply with SYN/ACK after macOS sent SYN.

There’s no such problem when I connect to the router from another device or visit another website from macOS.

Are there special options/headers from macOS’ tcp package?

00:48:25.374383 IP mbp.lan.59304 > router.lan.http: Flags (S), seq 1796724219, win 65535, options (mss 1460,nop,wscale 6,nop,nop,TS val 1596083099 ecr 0,sackOK,eol), length 0
00:48:25.475394 IP mbp.lan.59304 > router.lan.http: Flags (S), seq 1796724219, win 65535, options (mss 1460,nop,wscale 6,nop,nop,TS val 1596083200 ecr 0,sackOK,eol), length 0
00:48:25.576576 IP mbp.lan.59304 > router.lan.http: Flags (S), seq 1796724219, win 65535, options (mss 1460,nop,wscale 6,nop,nop,TS val 1596083301 ecr 0,sackOK,eol), length 0
00:48:25.677740 IP mbp.lan.59304 > router.lan.http: Flags (S), seq 1796724219, win 65535, options (mss 1460,nop,wscale 6,nop,nop,TS val 1596083402 ecr 0,sackOK,eol), length 0
00:48:25.778906 IP mbp.lan.59304 > router.lan.http: Flags (S), seq 1796724219, win 65535, options (mss 1460,nop,wscale 6,nop,nop,TS val 1596083503 ecr 0,sackOK,eol), length 0
00:48:25.879255 IP mbp.lan.59304 > router.lan.http: Flags (S), seq 1796724219, win 65535, options (mss 1460,nop,wscale 6,nop,nop,TS val 1596083603 ecr 0,sackOK,eol), length 0
00:48:26.080421 IP mbp.lan.59304 > router.lan.http: Flags (S), seq 1796724219, win 65535, options (mss 1460,nop,wscale 6,nop,nop,TS val 1596083804 ecr 0,sackOK,eol), length 0
00:48:26.481605 IP mbp.lan.59304 > router.lan.http: Flags (S), seq 1796724219, win 65535, options (mss 1460,nop,wscale 6,nop,nop,TS val 1596084205 ecr 0,sackOK,eol), length 0
00:48:27.283921 IP mbp.lan.59304 > router.lan.http: Flags (S), seq 1796724219, win 65535, options (mss 1460,nop,wscale 6,nop,nop,TS val 1596085006 ecr 0,sackOK,eol), length 0
00:48:28.885169 IP mbp.lan.59304 > router.lan.http: Flags (S), seq 1796724219, win 65535, options (mss 1460,nop,wscale 6,nop,nop,TS val 1596086607 ecr 0,sackOK,eol), length 0
00:48:32.086355 IP mbp.lan.59304 > router.lan.http: Flags (S), seq 1796724219, win 65535, options (mss 1460,sackOK,eol), length 0
00:48:32.099170 IP router.lan.http > mbp.lan.59304: Flags (S.), seq 4020057176, ack 1796724220, win 14600, options (mss 1460,nop,nop,sackOK), length 0
00:48:32.099295 IP mbp.lan.59304 > router.lan.http: Flags (.), ack 1, win 65535, length 0
00:48:33.432798 IP mbp.lan.59304 > router.lan.http: Flags (P.), seq 1:2, ack 1, win 65535, length 1: HTTP
00:48:33.466137 IP router.lan.http > mbp.lan.59304: Flags (.), ack 2, win 14600, length 0

concurrency – Managing concurrent TCP connections with Go, Docker and Kubernetes

I need to consume several APIs concurrently. In order to do that I decided to containerize each API client code and manage them using Kubernetes. Some of those APIs need to be “walked”. They basically have this one endpoint from which you get more endpoints and so on. These “trees” are not that deep, but are constantly changing so hard coding them is not an option. Main challenge is limiting the number of open TCP connections. If I just spawn a goroutine as soon as I get the endpoints program will die because of too many open file descriptors. So the obvious solution is to implement a worker pool. The question is how big should it be?

As far as my understanding of these technologies goes, whole Kubernetes cluster has it’s own limit of open TCP connections, so the sum of connections on each container should not exceed it. And I should also be able to set maximum number of TCP connections for Docker containers. I think that somehow getting the system limit and then making a worker pool of that size makes sense.

man in the middle – Tool for injecting data in existing tcp connection

I would like to perform arp spoofing on an existing tcp connection between a server and a client and perform a mitm attack. In addition to altering existing packets, I would like to be able to inject my own packets into the connection without disturbing the legitimate flow of packets. As I understand, this would require handling seq and ack numbers that are out of sync between the client and the server, as the server will receive more packets than the client sent. Is there a good tool for this?

networking – iptables TCP Rules

iptables -t raw -F
iptables -t raw -I PREROUTING -j DROP -p tcp -m string --string "Mozil" --algo kmp --to 65535 -m tcp --dport 1000   # You can change the port here
iptables -t raw -I PREROUTING -j DROP -p tcp -m string --string "Saf" --algo kmp --to 65535 -m tcp --dport 1000
iptables -t raw -I PREROUTING -j DROP -p tcp -m string --string "Edge" --algo kmp --to 65535 -m tcp --dport 1000
iptables -t raw -I PREROUTING -j DROP -p tcp -m string --string "Oper" --algo kmp --to 65535 -m tcp --dport 1000
iptables -t raw -I PREROUTING -j DROP -p tcp -m string --string "Chrom" --algo kmp --to 65535 -m tcp --dport 1000
iptables -t raw -I PREROUTING -j DROP -p tcp -m string --string "Gecko" --algo kmp --to 65535 -m tcp --dport 1000
iptables -t raw -I PREROUTING -j DROP -p tcp -m string --string "Andr" --algo kmp --to 65535 -m tcp --dport 1000
iptables -t raw -I PREROUTING -j DROP -p tcp -m string --string "exch" --algo kmp --to 65535 -m tcp --dport 1000
iptables -t raw -I PREROUTING -j DROP -p tcp -m string --string "Fire" --algo kmp --to 65535 -m tcp --dport 1000
iptables -t raw -I PREROUTING -j DROP -p tcp -m string --string "Wind" --algo kmp --to 65535 -m tcp --dport 1000

if i try yo acces to http://127.0.0.1:1000/ it refuses the conn, but if i try https://127.0.0.1:1000 i could access, why? Thx by te way!

linux – How to add multiple IPs in one iptables command line? sudo iptables -A INPUT -p tcp –dport 22 ! -s 1.2.3.4 -j DROP

For example, My goal is Only allow allow only 1.2.3.4 and 11.22.33.44 to connect the ssh(port 22) of my server.

And I prefer this approach/command rather than others.

sudo iptables -A INPUT -p tcp --dport 22 ! -s 1.2.3.4 -j DROP

But I don’t know how to add another Allowed IP 11.22.33.44 in this command,

Could you give me a little bit help or tips?

Thanks.

How to block all outgoing tcp connections except for one port using iptables?

I have following questions

  1. How to block all TCP outgoing connections except one specific port, let’s say 10024 for an app with some uid or for the whole Android?
    2.How to block all UDP except for one specific port, let’s say 15000?
    3.How to block ALL incoming connections?
    4.How to block all Outgoing connections?

I have a rooted phone and I am very new to these concepts. Kindly Help

performance – TCP Handshake and TCP RTT when using VPN

From my server I’m measuring the TCP RTT and I was wondering what would be the difference between clients that use VPN compared to non-VPN clients.

So in the case of a non-VPN client the TCP session is established directly with the customer, which means that I’m actually measuring the RTT of the full path. What is happening with clients who connect through a VPN server?

Does the VPN server maintain two separate TCP sessions, one with the VPN client and one with HTTP server, or it just changes the IP headers and there’s only one TCP session between the HTTP server and the client? In the first case the TCP RTT would measure only a partial latency, which would be misleading.

For example, if a client is using NordVPN to connect to my server, is the TCP RTT that I observe the RTT to the NordVPN server or to the client?

Public TCP echo testing service?

I’m looking for a website that offers a simple “I send back everything you send me on TCP port X” service. This is nice, but it’s HTTP and not echoing. I really just want to open a connection (any port will do) and get sent back exactly the bytes that I sent. Actual packets or bad latency does not matter.

I don’t need a tutorial how to create/host my own. I’m sure other people have looked for something like this as well, so I suspect there may be such a service, though searching for it hasn’t yielded anything for me so far.

If you’re wondering why anyone would offer such a public service, consider that there are services like https://api.ipify.org that simply tell you your external IP. Maybe something like this also exists for my purpose.

Lastly, I wasn’t sure if this is the best SE network site for this question, so mods may feel free to move it to a more appropriate one if possible, or tell me.