7E 21 45 00 00 4B 57 49 40 00 FA 06 85 77 C7 B6 78 0E CE D6 95 50 00 6E 04 9F 74 5B EE A2 59 9A 00 0E 50 18 24 00 E3 2A 00 00 2B 4F 4B 20 50 61 73 73 77 6F 72 64 20 72 65 71 75 69 72 65 64 20 66 6F 72 20 61 6C 65 78 75 72 2E 0D 0A 67 B2 7E
Start 7E
SEP 21
IP Header
45 00 00 4B 57 49 40 00 FA 06 85 77 C7 B6 78 0E CE D6 95 50
TCP Header 00 6E 04 9F 74 5B EE A2 59 9A 00 0E 50 18 24 00 E3 2A 00 00
Data 2B 4F 4B 20 50 61 73 73 77 6F 72 64 20 72 65 71 75 69 72 65 64 20 66 6F 72 20 61 6C 65 78 75 72 2E 0D 0A
FCS 67 B2
Stop 7E
TCP Header:
SRC_PORT=110
DEST_PORT=1183
EQ=745BEEA2
ACK=599A000E
DTO=5
FLG=18
WIND=9216
TCP_SUM=E32A
URP=0000 (No Options)
Data:+OK Password required for alexur\r\n
Control Flags
(FLG=18):FLG=00011000
Urgent Pointer URG=0
Acknowledgment ACK=1
Push Function PSH=1
Reset connection RST=0
Synchronization SYN=0
Finished data FIN=0
State = ACK-PSH
Monday, January 18, 2010
DNS MESSAGE EXAMPLE
SEND
7E FF 03 00 21 45 00 00 40 00 02 00 00 3C 11 E0 30 CE D9 8F 1F C7 B6 78 CB 04 6D 00 35 00 2C 0D 54 00 02 01 00 00 01 00 00 00 00 00 00 04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 00 01 00 01 C7 00 7E
Start 7E
Address FF 03
SEP 00 21
IP Header 45 00 00 40 00 02 00 00 3C 11 E0 30 CE D9 8F 1F C7 B6 78 CB 04 6D
UDP Header 00 35 00 2C 0D 54
DNS Header 00 02 01 00 00 01 00 00 00 00 00 00
DNS Message 04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 00 01 00 01
FCS C7 00
Stop 7E
IP Header
VER=4 IHL=5 TOS=0 TOL=64 ID=2 FLG=00 FRO=00 TTL=60 PRO=17 IP_SUM=E030 SRC=206.217.143.31. DEST=199.182.120.203. OPT=00000000
UDP Header
SRC_PORT=046D
DEST_PORT=0035
UDP_LEN=002C
UDP_SUM=0D54
DNS Header
ID=2 QR=0 OPCODE=0 AA = 0 TC=0 RD = 1 RA=0 Z =0 RCCODE=0 QDCOUNT=1 ANCOUNT=0 NSCOUNT=0 ARCOUNT=0
DNS Message
QNAME=04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 QTYPE=0001 QCLASS=0001
Client sends a UDP/IP packet with a DNS question (QR=0) as a standard query (OPCODE=0) with one entry (QDCOUNT=1). It does not include any resource in neither one of the answer, authority or additional records (ANCOUNT=0 NSCOUNT=0 ARCOUNT=0). The QNAME specifies the domain name of the resource the client is searching for (QNAME = popd.ix.netcom.com.). Note that the periods in the domain name are replaced by the length of the name that follows. The type and class of resource the client is searching for are QTYPE=1 (Host Address), QCLASS=1 (Internet).
7E FF 03 00 21 45 00 00 40 00 02 00 00 3C 11 E0 30 CE D9 8F 1F C7 B6 78 CB 04 6D 00 35 00 2C 0D 54 00 02 01 00 00 01 00 00 00 00 00 00 04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 00 01 00 01 C7 00 7E
Start 7E
Address FF 03
SEP 00 21
IP Header 45 00 00 40 00 02 00 00 3C 11 E0 30 CE D9 8F 1F C7 B6 78 CB 04 6D
UDP Header 00 35 00 2C 0D 54
DNS Header 00 02 01 00 00 01 00 00 00 00 00 00
DNS Message 04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 00 01 00 01
FCS C7 00
Stop 7E
IP Header
VER=4 IHL=5 TOS=0 TOL=64 ID=2 FLG=00 FRO=00 TTL=60 PRO=17 IP_SUM=E030 SRC=206.217.143.31. DEST=199.182.120.203. OPT=00000000
UDP Header
SRC_PORT=046D
DEST_PORT=0035
UDP_LEN=002C
UDP_SUM=0D54
DNS Header
ID=2 QR=0 OPCODE=0 AA = 0 TC=0 RD = 1 RA=0 Z =0 RCCODE=0 QDCOUNT=1 ANCOUNT=0 NSCOUNT=0 ARCOUNT=0
DNS Message
QNAME=04 70 6F 70 64 02 69 78 06 6E 65 74 63 6F 6D 03 63 6F 6D 00 QTYPE=0001 QCLASS=0001
Client sends a UDP/IP packet with a DNS question (QR=0) as a standard query (OPCODE=0) with one entry (QDCOUNT=1). It does not include any resource in neither one of the answer, authority or additional records (ANCOUNT=0 NSCOUNT=0 ARCOUNT=0). The QNAME specifies the domain name of the resource the client is searching for (QNAME = popd.ix.netcom.com.). Note that the periods in the domain name are replaced by the length of the name that follows. The type and class of resource the client is searching for are QTYPE=1 (Host Address), QCLASS=1 (Internet).
Monday, January 11, 2010
scriptaki που έγραψα για διαχείριση arp tables
@echo off
arp -a > list_of_arp_entries.txt
for /F "skip=3 tokens=1-3* delims= " %%i in (list_of_arp_entries.txt) do @echo %%i%%j%%k
pause
for /F "skip=3 tokens=1-3* delims= " %%i in (list_of_arp_entries.txt) do set str=%%i%%j %%k
set str=%str:dynamic=static%
@echo %str%>>list.txt
type list.txt
παίρνει το list_of_arp_entries.txt με περιεχόμενο π.χ
Interface: 192.168.1.2 --- 0x2
Internet Address Physical Address Type
192.168.1.1 00-23-48-79-4a-19 dynamic
και το μετατρέπει σε
192.168.1.1 00-23-48-79-4a-19 dynamic
έπειτα αλλάζει το dynamic σε static
και ταυτόχρονα το προσαρτεί στο αρχείο list.txt .
τέλος εμφανίζει τα περιεχόμενα του αρχείου list.
Με κατάλληλη χρήση της εντολής arp και του αρχείου list.txt μπορώ να αλλάξω τον arp table
σε ενα νεο script
arp -a > list_of_arp_entries.txt
for /F "skip=3 tokens=1-3* delims= " %%i in (list_of_arp_entries.txt) do @echo %%i%%j%%k
pause
for /F "skip=3 tokens=1-3* delims= " %%i in (list_of_arp_entries.txt) do set str=%%i%%j %%k
set str=%str:dynamic=static%
@echo %str%>>list.txt
type list.txt
παίρνει το list_of_arp_entries.txt με περιεχόμενο π.χ
Interface: 192.168.1.2 --- 0x2
Internet Address Physical Address Type
192.168.1.1 00-23-48-79-4a-19 dynamic
και το μετατρέπει σε
192.168.1.1 00-23-48-79-4a-19 dynamic
έπειτα αλλάζει το dynamic σε static
και ταυτόχρονα το προσαρτεί στο αρχείο list.txt .
τέλος εμφανίζει τα περιεχόμενα του αρχείου list.
Με κατάλληλη χρήση της εντολής arp και του αρχείου list.txt μπορώ να αλλάξω τον arp table
σε ενα νεο script
Παράδειγμα με syn - ack διαδικασία
When you are analyzing the sequence and acknowledgment process, keep in mind the following equation:
Sequence Number In + Bytes of Data Received = Acknowledgment Number Out
The following is a simplified explanation of how a sequenced communication may occur. (Remember that the acknowledgment number field contains the value of the next sequence number that is expected from the other side of the TCP communication.)
Host 1 ------>Sequence number 1 with 9 bytes of data Acknowledgment number field = 100
<------ Host 2 Sequence number 100 with no data (ACK) Acknowledgment number field = 10 (in 1 + 9 bytes of data)
Host 1 ------> Sequence number 10 with 5 bytes of data Acknowledgment number field = 100
<------ Host 2 Sequence number 100 with no data (ACK) Acknowledgment number field = 15 (in 10 + 5 bytes of data)
<------ Host 2 Sequence number 100 with 20 bytes of data Acknowledgment number field = 15
Host 1: -------> Sequence number 15 with no data (ACK) Acknowledgment number field = 120 (in 100 + 20 bytes of data)
Sequence Number In + Bytes of Data Received = Acknowledgment Number Out
The following is a simplified explanation of how a sequenced communication may occur. (Remember that the acknowledgment number field contains the value of the next sequence number that is expected from the other side of the TCP communication.)
Host 1 ------>Sequence number 1 with 9 bytes of data Acknowledgment number field = 100
<------ Host 2 Sequence number 100 with no data (ACK) Acknowledgment number field = 10 (in 1 + 9 bytes of data)
Host 1 ------> Sequence number 10 with 5 bytes of data Acknowledgment number field = 100
<------ Host 2 Sequence number 100 with no data (ACK) Acknowledgment number field = 15 (in 10 + 5 bytes of data)
<------ Host 2 Sequence number 100 with 20 bytes of data Acknowledgment number field = 15
Host 1: -------> Sequence number 15 with no data (ACK) Acknowledgment number field = 120 (in 100 + 20 bytes of data)
Thursday, December 17, 2009
παραδείγματα χρήσης συμβόλων σε command line
Symbol - Function - Example
>
Sends output to a named file. If file does not exist, it creates one. Overwrites existing file
command > somefile
>>
Appends output to contents of a named file or creates a file if none exists
command >> somefile
¦
Sends ("pipes") the output of command1 to the input of command2
command1 ¦ command2
&
Used to combine two commands. Executes command1 and then command2
command1 & command2
&&
A conditional combination. Executes command2 if command1 completes successfully
command1 && command2
¦¦
Command2 executes only if command1 does not complete successfully.
command1 ¦¦ command2
@
Used in batch files at the beginning of a line to turn off the display of commands
@echo off
Symbol - Function - Example
>
Sends output to a named file. If file does not exist, it creates one. Overwrites existing file
command > somefile
>>
Appends output to contents of a named file or creates a file if none exists
command >> somefile
¦
Sends ("pipes") the output of command1 to the input of command2
command1 ¦ command2
&
Used to combine two commands. Executes command1 and then command2
command1 & command2
&&
A conditional combination. Executes command2 if command1 completes successfully
command1 && command2
¦¦
Command2 executes only if command1 does not complete successfully.
command1 ¦¦ command2
@
Used in batch files at the beginning of a line to turn off the display of commands
@echo off
Monday, December 14, 2009
Cisco Product Quick Reference Guide
Στον παρακάτω σύνδεσμο θα βρείτε τον κατάλογο των προϊόντων της Cisco σε μορφή pdf. Είναι εξαιρετικά χρήσιμος μιας και εκεί θα βρείτε το σύνολο των βασικών χαρακτηριστικών όλων των συσκευών της, σε ένα και μόνο pdf. Πολλές φορές το επίσημο site της εταιρείας είναι λίγο χαοτικό και ειδικότερα η αναζήτηση προϊόντων.
Wednesday, December 9, 2009
έλεγχος λειτουργίας μιας υπηρεσίας με telnet
telnet to a specific port
Telnet, by default, uses port 23. Ports are specific channels for network services and clients to use so that you can have more than one connection at once. Eg telnet works on port 23, ftp works on port 21, web(http) works on port 80 etc. Think of them as numbered doors into the same house. There is nothing to stop you using telnet (or some other services) on another port eg telnet into a web server by using:
telnet www.somewhere.com 80 or www.somewhere.com:80
While this may not be very useful unless you know how to run a specific protocol by hand (some people use this to check their mail on pop servers from very bare terminals) it is a quick way of checking that a certain service is running on a remote machine. If you can't telnet in on the specific port number then there's a good bet it isn't running.
A list of services and the ports they run on are contained in /etc/services. (σε linux)
Some services, even generic ones, may be run on different port numbers on certain machines for reasons of security or convenience and knowing about port numbers is helpful in this instance.
Telnet, by default, uses port 23. Ports are specific channels for network services and clients to use so that you can have more than one connection at once. Eg telnet works on port 23, ftp works on port 21, web(http) works on port 80 etc. Think of them as numbered doors into the same house. There is nothing to stop you using telnet (or some other services) on another port eg telnet into a web server by using:
telnet www.somewhere.com 80 or www.somewhere.com:80
While this may not be very useful unless you know how to run a specific protocol by hand (some people use this to check their mail on pop servers from very bare terminals) it is a quick way of checking that a certain service is running on a remote machine. If you can't telnet in on the specific port number then there's a good bet it isn't running.
A list of services and the ports they run on are contained in /etc/services. (σε linux)
Some services, even generic ones, may be run on different port numbers on certain machines for reasons of security or convenience and knowing about port numbers is helpful in this instance.
Subscribe to:
Comments (Atom)