Remote host under Linux log in to campus network packet forwarding and capture for network registration

Part One: Remote host login and campus network registration under LINUX

Remote management of the target host in the campus network log in program

This program for the campus network remote login, management functions, the program sub-server and client two parts: server side for remote_server_udp.py

The client is divided into unicast clients and broadcast clients:

Unicast client client_unicast.py Broadcast client client_broadcast.py

1. A unicast client sends a UDP packet to a network record in the Net.info file to traverse all IPs in the target network segment.

The subnet mask for a sample IP and destination segment in the target network is recorded in the Net.info, and the file can be modified to change the target network segment.

Multithreading is used in this section, where 100 threads are used to improve the speed of traversal. At the same time, the use of signal interrupt mechanism, this is modeled in a wide range of applications of mature network protocol mode, batch to each IP packet, if the timeout will have a signal interrupt to interrupt the main program. When the main program is subject to the reply packet, it also adopts the method of modifying the flag bit, terminating the sub-thread's contract (this is mainly based on the algorithm design in the operating system).

2. The broadcast client uses UDP to send broadcasts to all IP addresses in this network segment.

3. Server has joined the server to open, shut down, and customer request connection logging function, in/etc/local.rc added the server boot auto-start item, can realize the server boot automatically start function. At the same time, the server-side uses the signal signal interrupt function, can be forced to interrupt the server side and shut down when its events recorded in the log.

* This program is mainly to achieve the network response function, here we temporarily called the agreement as "Devil May Cry" answer. The protocol is mainly divided into two parts: response and response. The answer part is Hello Devil, the response part is Devil May Cry

At the same time, in order to prevent malicious attacks on the server side, the server side added CPU utilization limit function, this function can effectively prevent flooding attack on the server side of the CPU utilization drag, to prevent the server side because of attack and panic.

Code Show:

Server side: remote_server_udp.py

Client: Broadcast packet under the same network segment client_broadcast.py

Target port of target network segment under different network segment: client_unicast.py

Target segment configuration file: Net.info

Login log file: Remote_log.log

Two. Campus Network registration

The program's main entry program is run.py

This program realizes Liaoning University Campus Network Gateway login, login.py. Liaoning University Campus Network Gateway query, state.py. Liaoning University Campus Network Gateway Logout, logout.py. User account Information Store file, User.dat.

login.py Code

logout.py Code

state.py Code:

User profiles: User.dat

Run:

Remote log in:

Remote Campus Network registration:

Part III: LINUX network packet forwarding and capture

The first step: Network Bridge Building

Installing the Bridging tool bridge-utils

1) Installation: Apt-get Install Bridge-utils

2) Create a bridge interface:
Brctl ADDBR Br0

Add two existing network adapters to the Network bridge:

Brctl addif br0 eth0

Brctl addif br0 eth1

Set the two NIC IP to 0, which is no longer required:

Ifconfig eth0 0.0.0.0

Ifconfig eth1 0.0.0.0

Set up an IP for the new bridge:

Ifconfig br0 222.26.28.254

Set the network card IP to 0.0.0.0. Add two existing network cards to the Network Bridge, at this time the two network cards work in promiscuous mode, so do not need IP, because the bridge is working at the link layer.

16 binary representation of the crawl package

Client for Xiaomi Mobile Android system

Because of coding problems, Chinese characters and other display as garbled

Page returned by Campus network Gateway

View to Cookie

Use third-party tools to resolve:

Capture packets with the Tcpdump tool and save

0x4745 is "GET" the first two letters "GE", 0x4854 "HTTP" the first two letters "HT".

Tcpdump does not completely decode the intercepted data, and most of the content in the packet is printed directly out in hexadecimal form. Obviously this is not conducive to analyzing network failures, the usual solution is to use the tcpdump with the-w parameter to intercept the data and save to the file, and then use other programs (such as Wireshark) for decoding analysis. Of course, you should also define filtering rules to avoid capturing packets that fill the entire hard disk.

Common Parameters Introduction:

(1) tcp:ip icmp arp rarp and TCP, UDP, ICMP these options are put to the position of the first parameter, to filter the type of the datagram
(2)-I eth0: Only grab packets that pass through the interface eth0
(3)-T: Time stamp not shown
(4)-S 0: The default fetch length is 68 bytes when fetching packets. Plus-S 0 can catch complete packets
(5)-C 100: Fetch only 100 packets
(6) DST Port! 22: Packets that do not crawl the destination port are 22
(7) SRC net 192.168.1.0/24: The source network address of the packet is 192.168.1.0/24
(8)-W./target.cap: Save as a cap file for easy analysis with ethereal (i.e. Wireshark)

Use the Packet analysis tool to analyze the campus network password of student number 4031431968

Using third-party analysis tools Nmap

1. The purpose is to analyze only the philosophy building 207 laboratory computers, so the dynamic acquisition of IP to the static acquisition of IP

2. Check the configuration of the Eth0 network card to verify the success of joining the 207 lab subnet.

3. Scan hosts in 207 Labs (TCP SYN semi-connection mode)

4. To analyze the host 222.26.28.73, intuitive judgment for the Linux system

To analyze the host 222.26.28.122, visually determine the Microsoft system

To analyze the host 222.26.28.228, it is not intuitive to judge that no TCP port is closed, and no port is closed, all filtered. Description You can establish a TCP connection and send a packet without a reply.

Already know your own server (public configuration of Lenovo Desktop), contrast function

In-depth judgment on 222.26.28.228 hosts that cannot be judged

In-depth OS system Fingerprint code still can't judge, take social theory to judge

The host to be analyzed and the host Ip,mac configuration already known

IP tail number is 250 for the known host, consider the first segment of the MAC code, you can judge 73 Lenovo desktop host, OS for UBUNTU14.04

Further analysis of MAC manufacturers

The 228 host can be judged as a Tp-link card router.

Remote host under Linux log in to campus network packet forwarding and capture for network registration