A management project team's network experience (using routeros and Wireshark to crack the ADSL Internet password, using ISA and bandwidth splitter to coordinate bandwidth)

Source: Internet
Author: User
Tags routeros

More than half a month ago, in order to facilitate everyone's work, we upgraded the bandwidth of 2 m to 6 m through China Telecom and used it by 12 people. later, in actual use, we found that there was no major difference between the network speed before and after the upgrade, but there was a more unstable trend. do not use thunder to download large files during working hours, do not use accelerators to watch videos during breaks, and do not open multiple videos for buffering at the same time, but the effect is minimal, the web page cannot be opened or cannot be opened. The Remote Desktop is stuck or not. no way, you can only use the mandatory method: Use a tool to balance the network speed.

The first problem is to crack the ADSL Internet password. the previous Internet password is stored in the password box after being encrypted by the router. However, because the telecom registration form has long been unknown, the owner of the ID card used for broadband activation has already left, it is very troublesome to go to China Telecom to obtain or change the ADSL Internet password, so I tried to use a tool to crack it.

I searched the internet and finally found a practical articleArticle. After reading this article, I have a general understanding of the entire cracking process. in the past, ADSL users used the PAP protocol or Chap protocol in the PPP protocol for identity authentication. Since the PAP protocol uses plaintext to transmit key information, you only need to establish a pppoe server and use the PAP protocol for identity authentication, when the vro communicates with this server, you can obtain the ADSL account and password stored in the vro.

The general process of cracking is to use a virtual machine to install a Linux system: routeros. Its Nic is bridging with the NIC of the physical machine. then, use Wireshark to listen to the network card, and connect the WAN port of the router to the port of the network card to be listened to, so that the relevant data is obtained. for more detailed procedures, refer to this article: how to get the ADSL account password in the vro

The point here is that the virtual machine used in this article is vwarm. In fact, it is too large, and it is also possible to use a smaller VPC. VPC does not have a clear concept of bridging during configuration. You only need to specify the NIC of the virtual machine as the NIC of the physical machine.

 

The next step is to install and configure Isa. There is nothing to say about installation. Just click Next. For more specific configuration, see this article: ISA usage tutorial.

The last step is to install the BS plug-in. The two articles talk better: bandwidth + splitter tutorial. on ISA 2006, bandwidth splitter is used to customize bandwidth and limit traffic.

 

Next I will share my installation and usage experience.

1. I used ISA version 2006 with an SP1 Patch, and I gave it.

2. ISA has a network object named "internal". It is also the main object we manage. It is installed during the ISA installation process.ProgramIt also allows you to specify the IP range. the IP address range of our LAN is from 192.168.0.1 to 192.168.0.255. however, if you only add this IP range to an "internal" network object, you will find that you still cannot access the network even if all the configurations are completed. I don't know much about network. the solution is to add an adapter and a private address on the "internal" network object configuration page. for the minimum IP address range, click "add private IP Address" to add 192.168.0.0 to 192.168.255.255. For a larger IP address range, click "add adapter ", select the physical network card you are using and confirm. You will find that at least four IP ranges are added and each segment spans a large number of segments. I use the minimum IP address range.

3. in terms of protocols managed by ISA, I use all outbound communications. in fact, the stricter management method is to specify specific protocols. for example, only HTTP and HTTPS outbound are allowed. there are also many articles on how to use ISA to prohibit QQ or TM. I have studied the ports that QQ will automatically switch to. If he finds that UDP port 8000 is unavailable, he will use TCP to use port 80 or port 433. However, when TM finds that UDP 8000 is unavailable, you cannot log on. the UDP direction is "send and receive". Do not confuse or reverse it.

4. after each configuration change, you need to click the "application" button at the top of the ISA interface. however, I found that the response was not timely. It was clear that my policy had been changed, but it was still executed according to the old policy. the best way is to manually restart the Microsoft firewall service on the Windows Service Page.

5. after you install ISA, four new services will appear on the Windows Service Interface: One Microsoft Firewall Service and three Microsoft ISA Server XXX services. these will replace windows's original Windows Firewall/Internet Connection Sharing (ICS) service and disable it. if you try to start the ICS service, the service will fail to start and an error will be reported: "error 123: incorrect file name/directory name or volume label Syntax ". I want to start this service because I want to share his ADSL Broadband connection, so that other machines in the LAN can access the Internet and manage it through it. in fact, I have considered it too much. ISA is a wall, ICS is also a wall, all of which are out of MS, so when you install ISA, it will replace ICS, so the service cannot be started normally. second, the shared connection feature has been supported by ISA by default. At least in my environment, no other settings have been made, for other machines, you only need to change the gateway IP address to the ISA Server IP address.

6. you can use BS to limit the bandwidth. on the configuration page, the speed unit is kbits/S. At first glance, if 80 is entered, the network speed is 80 KB for each person. the unit here is bit, while the general unit is byte, 1 byte = 8 bit, so if you want to set the maximum bandwidth to 80 K, enter 640 here.

7. I also enabled HTTP acceleration for BS and set the maximum acceleration value to 50000. The duration is 10 seconds, and the cool time is 10 seconds. A webpage can be viewed at a normal speed. After a webpage is opened, it can be viewed for 10 to 20 seconds. loading is performed at a speed of 6 m 10 seconds before the webpage is opened. In fact, apart from a particularly large webpage, it should be able to load all data within 3 seconds. then it took another 15 seconds to finish reading the content. since the cool time is 10 seconds, when I click the next link, I will load the new webpage at a speed of 6 MB, which greatly improves the browsing speed of the common webpage. however, continuous applications with network requirements are still carried at a speed of 80 KB, such as downloading or watching videos.

8. if possible, restrict the uplink. I previously set 80, that is, 10 K, and then removed this restriction. for civil bandwidth, whether you pull 2 m or 6 m, it refers to the downlink, And the uplink will always be 50 K. even if you only use 100 k for 6 m downlink, but if the upstream 50 K is full, it is still very useful.

9. what is the impact of concurrent connections on the network speed? I set 20 previously, but some people listen to QQ music and buffer two videos at the same time, which takes up nearly 20 concurrent connections at a time, in this way, the error that exceeds the concurrent connection is often displayed when a common web page is opened. then I removed it, and I didn't see any significant impact on the network speed.

 

Finally, I spoke about my feelings.

1. people who work on tools such as video accelerators have no public morality. this is similar to the download tool. It will do its best to occupy the bandwidth, but it is not similar to the download tool. when the resources are downloaded completely, the download tool will stop downloading, but this type of accelerator does not seem to stop. Even if your video is completely buffered, it will still occupy your bandwidth. according to my practical experience, the 80 K bandwidth can basically meet the Video watching needs, but last Saturday, two people used a 6 m network, and he opened an accelerator to watch the man's gang. this is a magic horse, and I can't even beat Dota all day, silently carrying the name of the actor. I feel like this kind of tool has directly turned your computer into a zombie. You don't know what is going on in the backend, but you only know that the bandwidth is used up and cannot be unloaded!

2. the speed limit policy is not flexible enough. the time limit policy can only be used. in fact, I want a more intelligent way to allocate bandwidth based on the number of people on the Internet. 1 person 6 m, 2 person each 3 M, 6 person each 1 m and so on. haha.

3. it once again proves a law of Sociology: "Tragedy of the Public region ". there is always a tendency to abuse public resources. if there is no reasonable way to manage public resources, everyone's interests will not be guaranteed. now, the average speed of each person is 80 KB. After 6 MB of HTTP acceleration, the network speed of 6 MB can carry 6 people watching videos at the same time, and other people can open the webpage within 3 seconds. you can also play falsh web games.

4. Taking over 3rd articles, I once again proved why a part of people got rich first and then they left.

 

PS: When writing essaysCuteeditorUnable to insert hyperlink. I tested IE8 and FF on the three servers respectively. When I open the hyperlink box, a script error is reported, and the style sometimes breaks down. Do you know what the administrators do?

 

Other reference links:

1. Soft route Ros 3.20 official original ISO file

2. Wireshark (32-bit) 1.6.5

3. Isa. server.2006. Simplified Chinese Enterprise Edition

4. bandwidth splitter v1.05 & v1.07 & v1.21

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.