FUN WITH LINUX

Phoning home - In a nice way

30 January 2016

I own one host with a dynamic ip and I’am using dyndns to find this host. But from time to time the dyndns-provider changes it’s fingerprint and this host is unable to propergate it’s ip. In such situations I am unable to connect since I don’t know the current ip. I could change the dyndns-provider and just get a stable one, but i don’t wanna lose the domainname and it just happens from time to time. So I want to find out the new ip of my host even if dyndns fails.

Phoning home

I got the idea that the host can just send me it’s ip from time to time. I was thinking about different approaches and I really wanted to implement this without using any daemon. So I came to ICMP. If I just get ICMP-Requests from time to time, I would be able to read the IP using tcpdump or ngrep(or iptables). ICMP-datagrams are quite lightweight and don’t need to establish any session.

Identifying the packets

The main problem is to identify the packets. If many different ICMP-packets are hitting a host, which one is the packet we are looking for? ICMP can carry data so I just fill the data-section with a uniqe fingerprint and I am able to find my packet.

Sending ICMP-Packets with data

For sending my customized ICMP-packets I will use hping3:

root@alice:~# echo "Ground Control To Major Tom" > /opt/icmp-payload.txt
root@alice:~# wc -c /opt/icmp-payload.txt 
28 /opt/icmp-payload.txt
root@alice:~# hping3 --icmp -c 5 -d 28 --file /opt/icmp-payload.txt bob.example.com
HPING bob.example.com (eth0 ): icmp mode set, 28 headers + 28 data bytes
len=56 ip=BOBIP ttl=53 id=38048 icmp_seq=0 rtt=22.5 ms
len=56 ip=BOBIP ttl=53 id=38257 icmp_seq=1 rtt=21.1 ms
len=56 ip=BOBIP ttl=53 id=38413 icmp_seq=2 rtt=21.4 ms
len=56 ip=BOBIP ttl=53 id=38460 icmp_seq=3 rtt=21.2 ms
len=56 ip=BOBIP ttl=53 id=38613 icmp_seq=4 rtt=20.8 ms

--- bob.example.com hping statistic ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 20.8/21.4/22.5 ms

First I created the file /opt/icmp-payload.txt and filled it with the text “Ground Control To Major Tom”. After that I used the wc command to find the size of the payload(28). And then I sent out 5 packets(-c 5) with the payload length 28(-d 28) and the payload(–file /opt/icmp-payload.txt) to bob.example.com

Reading the Messages

Bob can search for icmp-datagrams with the payload “Ground Control” using ngrep:

root@bob ~ # ngrep -d eth0 -q "Ground Control"
interface: eth0 (BOBIP/255.255.255.192)
match: Ground Control

I ALICEIP -> BOBIP 8:0
  .P..Ground Control To Major Tom.                                                                                                                             

I BOBIP -> ALICEIP 0:0
  .P..Ground Control To Major Tom.                                                                                                                             

I ALICEIP -> BOBIP 8:0
  .P..Ground Control To Major Tom.                                                                                                                             

I BOBIP -> ALICEIP 0:0
  .P..Ground Control To Major Tom.                                                                                                                             

I ALICEIP -> BOBIP 8:0
  .P..Ground Control To Major Tom.                                                                                                                             

I BOBIP -> ALICEIP 0:0
  .P..Ground Control To Major Tom.                                                                                                                             

I ALICEIP -> BOBIP 8:0
  .P..Ground Control To Major Tom.                                                                                                                             

I BOBIP -> ALICEIP 0:0
  .P..Ground Control To Major Tom.                                                                                                                             

I ALICEIP -> BOBIP 8:0
  .P..Ground Control To Major Tom.                                                                                                                             

I BOBIP -> ALICEIP 0:0
  .P..Ground Control To Major Tom.       

Make it periodically

To make this work periodically we can finally create a cronjob on alice:

*/5 * * * * /usr/sbin/hping3 --icmp -c 5 -d 28 --file /opt/icmp-payload.txt bob.example.com > /dev/null 2>&1

Now Alice is sending every 5 minutes 5 pings to bob. Bob can easily find out the address of alice using ngrep.

[ Sysadmin  Tricks  Network  ]
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 Unported License.

Copyright 2015-present Hoti