I tried to install an SSH server inside Packet Tracer but it doesn't work for unknown reasons.
I used these commands on the Switch:
Switch(config)#interface vlan 1
Switch(config-if)#ip address 192.168.100.2 255.255.255.0
Switch(config-if)#no shutdown
Switch(config)#ip default-gateway 192.168.100.1
Switch(config)#ip domain-name test.com
Switch(config)#hostname S0
S0(config)#crypto key generate rsa
The name for the keys will be: S0.test.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
S0(config)#ip ssh version 2
S0(config)#username admin privilege 15 password cisco
S0(config)#line vty 0 15
S0(config-line)#login local
S0(config-line)#transport input ssh
Related
I'm trying to pentest some IPSEC implementation for a uni project, and following this guide I'm stuck at:
Step 1 (common): Forging an ICMP PTB packet from the untrusted network The attacker first has to forge an appropriate ICMP PTB packet (a single packet is sufficient). This is done by eavesdropping a valid packet from the IPsec tunnel on the untrusted network. Then the attacker forges an ICMP PTB packet, specifying a very small MTU value equal or smaller than 576 with IPv4 (resp. 1280 with IPv6). The attacker can use 0 for instance. This packet spoofs the IP address of a router of the untrusted network (in case the source IP address is checked), and in order to bypass the IPsec protection mechanism against blind attacks, it includes as a payload a part of the outer IP packet that has just been eavesdropped. This is the only packet an attacker needs to send. None of the following steps involve the attacker.
I know what MTU is, but what does the bold statement mean?
How do I set the MTU size of a packet with scapy?
It means that I have to set the size of a IP packet less than 576 bytes?
It's already set to 140 B,at least it shows this with len command.
There's something that I didn't get right, maybe I have to set the fragmentation?
I know nothing about the subject, but some quick searching seems to indicate that it's referring to an IPv6 ICMP packet with a type of 2 ("packet too big").
Then from some poking around scapy, this appears to be how you'd create one:
from scapy.layers.inet6 import ICMPv6PacketTooBig
icmp_ptb = ICMPv6PacketTooBig(mtu=0)
Of course though, you'll need to do some testing to verify this.
Could not figure out if linux kernel 4.4 supports IPSEC AH transport with AES GMAC.
Trying various combination of "ip xfrm state" command but no luck. Is this implemented ?
Try 1 sudo ip xfrm state add src 192.168.0.1 dst 192.168.0.2 proto ah spi 100 mode transport auth "rfc4106(gcm(aes))" 0x010203047aeaca3f87d060a12f4a4487d5a5c335 RTNETLINK answers: Function not implemented
Try 2 sudo ip xfrm state add src 192.168.0.1 dst 192.168.0.2 proto ah spi 100 reqid 100 mode transport aead "rfc4543(gcm(aes))" 0x010203047aeaca3f87d060a12f4a4487d5a5c335 128 ALGO-TYPE values "enc", "aead", and "comp" are invalid with XFRM-PROTO value "ah"
Based on the code, it does support the algorithm under the cipher name rfc4543(gcm(aes)) for ESP, but I'm not sure if it does for AH. I guess technically this is considered an AEAD, meaning it is an encryption cipher (for ESP, not AH which is only authentication without encryption) even though it is NULL encryption.
I'm setting up a proof of concept to throttle ingress traffic at terminal end (client):
eth0 -> ifb0 -> htb -> filter by ip -> htb rate -> fq_codel+ecn
I have 2 source ips for specific program I want to throttle. The program in question opens a bunch of tcp connections (downloads, thus ingress throttle), and I would like to both limit total ingress bandwidth it uses (done) and have fair scheduling between connections to same ip address (this question).
In the end there's 1 bucket with rate attached and 1 fq_codel instance.
I have it working, but I have some questions:
surely codel has separate queue per protocol (tcp vs udp)?
does codel have separate queues per source ip?
does codel have separate queue per tcp connection?
do I have to manually separate/tag flows?
Per internet research flow id is "hash of 5-tuple", question is, what elements of a packet are parts of the 5-tuple? Are both source and destination ports included?
It seems both source and destination ports are included, at least by default:
http://lxr.free-electrons.com/source/net/core/flow_dissector.c#L655
655 /**
656 * __skb_get_hash: calculate a flow hash
657 * #skb: sk_buff to calculate flow hash from
658 *
659 * This function calculates a flow hash based on src/dst addresses
660 * and src/dst port numbers. Sets hash in skb to non-zero hash value
661 * on success, zero indicates no valid hash. Also, sets l4_hash in skb
662 * if hash is a canonical 4-tuple hash over transport ports.
663 */
664 void __skb_get_hash(struct sk_buff *skb)
Per http://mdh.diva-portal.org/smash/get/diva2:754020/FULLTEXT01.pdf (someone's PhD thesis):
The flows are separated by hashing a 5-tuple value from the packet
(default is src/dest port/ip and protocol) together with a random
number
Apart from default bit, it's clear.
By accident I had a typo and discovered that I can ping and ssh to IP address 10.8.290 ... right one octet is missing. Can someone explain it to me? Is this part of the protocol or some linux-black-magic (I am using Debian)?
user#ws:~$ ping -c3 10.8.290
PING 10.8.290 (10.8.1.34) 56(84) bytes of data.
64 bytes from 10.8.1.34: icmp_req=1 ttl=62 time=0.910 ms
64 bytes from 10.8.1.34: icmp_req=2 ttl=62 time=0.686 ms
64 bytes from 10.8.1.34: icmp_req=3 ttl=62 time=0.708 ms
--- 10.8.290 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.686/0.768/0.910/0.100 ms
user#ws:~$ ssh root#10.8.290
The authenticity of host '10.8.290 (10.8.1.34)' can't be established.
ECDSA key fingerprint is 21:bd:7e:fb:1e:6d:1e:c1:e9:11:c0:a9:73:a8:cf:85.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.
It works because you are using a value of 290 for the third byte of the ip address. A byte can store values from 0 to 255, giving 256 values. Since an IPv4 address is a 4 byte value passing 290 to the third byte leads to an integer overflow into the 4th byte -> 290 - 256 => 34
It has nothing to do with a protocol "feature". ping simply don't validate the values of the individual octets of the target command line argument and simply passes it to the lower level C function inet_aton() (aton means ascii to number). This results in pinging 10.8.1.34.
I'm not sure, but I expect other versions of ping (on Windows, BSD) behaving the same.
Here is my issue:
A) I'm a scripting newbie
B) I have a file where I need the data separated into a CSV style table, I problem is there are three areas of data (see below):
(Area 1, not relevant) Total IPv4 packets captured: 2245686
# L4 Protocol # Packets Relative Frequency[%] Protocol description
1 5602 0.249456 Internet Control Message Protocol
.... (more data here)
(Area 2, relevant) Total TCP packets: 2238186
# Port # Packets Relative Frequency[%] Protocol description
22 2138555 95.548583 The Secure Shell (SSH) Protocol
.... (more data here)
(Area 3, relevant) Total UDP packets: 1623
# Port # Packets Relative Frequency[%] Protocol description
.... (more data here)
(Area 4, relevant) Total SCP packets: 0
# Port # Packets Relative Frequency[%] Protocol description
.... (more data here)
(This is a Tranalyzer _protocols output)
So what I need to do is make the output look like:
# Port,# Packets,Relative Frequency[%],Protocol description
22,2138555,95.548583,The Secure Shell (SSH) Protocol,(more data...)
but I also need to take the data from each area and put it in a separate CSV file (TCP, UDP, SCP) so that for all flows I put in the table (each in a different _protocols file in different subdirectories) the data can go into one of these 3 files and build what will be a memory-crushing spreadsheet (hence why a CSV.)
I'm also completely open to any other way to represent this anyone can suggest.
Much appreciated!
Following command will extract and convert the data file to a csv.
Change x to TCP, UDP or SCP to extract particular set of data.
Change <analyzer_output.txt> to proper file name before executing.
x="SCP"; \
cat <analyzer_output.txt> | sed "1,/^Total $x/d; /^Total /,\$d; /^\s*$/d" | \
sed 's/\([0-9]\)\s\+\([0-9]\)/\1,\2/g; s/\([0-9]\)\s\+\([A-Za-z]\)/\1,\2/g' \
> $x.csv
Resulting SCP.csv file for below sample data
41,2138555,95.548583,The Secure Shell (SSH) Protocol
42,2138555,95.548583,The Secure Shell (SSH) Protocol
Sample data file
Total IPv4 packets captured: 2245686
1 5602 0.249456 Internet Control Message Protocol
2 5602 0.249456 Internet Control Message Protocol
Total TCP packets: 2238186
21 2138555 95.548583 The Secure Shell (SSH) Protocol
22 2138555 95.548583 The Secure Shell (SSH) Protocol
Total UDP packets: 1623
31 2138555 95.548583 The Secure Shell (SSH) Protocol
32 2138555 95.548583 The Secure Shell (SSH) Protocol
Total SCP packets: 0
41 2138555 95.548583 The Secure Shell (SSH) Protocol
42 2138555 95.548583 The Secure Shell (SSH) Protocol