Jump to content

Recommended Posts

Am deschis acest thread pentru a oferi oricarui utilizator consultanta gratuita in domeniul linux. Puteti pune orice fel de intrebare pertinenta despre:

- netfilter / iptables

- instalare si configurare daemoni

- tuning mysql

- tuning servere web (orice arhitectura standarda sau dublu-strat) (nginx, lighttpd, apache)

- load balancing servicii web

- replicari baze de date mysql

- sisteme dns (bind/named, mydns, etc ..)

- estimare necesitati hardware pentru aplicatii web in functie de trafic, dimensiune DB, engine ...

- probleme diverse ce tin de incarcarea serverelor si optimizarea acestora in functie de aplicatiile rulate

Cand puneti intrebari, va rog sa dati cat mai multe detalii tehnice. Raspunsurile se dau in acest thread si nu pe privat, in felul asta ajutam si ceilalti utilizatori care se vor lovi de probleme similare. Cei care doresc sa dea si raspunsuri, va rog sa va asigurati ca sunteti absolut siguri despre ce este vorba sa nu inducem oamenii in eroare.

Va rog sa va rezumati doar la acest subiect si sa nu faceti offtopic.

Nota: pentru *bsd o sa fie un thread separat

  • Upvote 1

Share this post


Link to post
Share on other sites

Imi poate recomanda cineva un linux in virtual box,pe care sa pot experimenta orice? un linux asa mai de incepatori :-S

Share this post


Link to post
Share on other sites
Imi poate recomanda cineva un linux in virtual box,pe care sa pot experimenta orice? un linux asa mai de incepatori :-S

Orice distributie de linux poate fi instalata e VirtualBox. Iti recomand debian. Functioneaza foarte bine si este usor de utilizat.

Poti arunca o privire si pe aici: Please login or register to see this link.

Edited by aelius
  • Upvote 1

Share this post


Link to post
Share on other sites

Salut, poti/stii sa imi explici fenomenul de arp flux? apare la configurarea multipath cu interfete din acelasi subnet?

Share this post


Link to post
Share on other sites
Salut, poti/stii sa imi explici fenomenul de arp flux? apare la configurarea multipath cu interfete din acelasi subnet?

Arp flux apare in urmatorul scenariu:

Avem o masina cu linux conectata in acelasi switch (acelasi subnet) iar pe aceasta masina avem doua placi de retea

Exemplu:


eth0 - Adresa MAC: ac:22:0b:79:90:62
eth1 - Adresa MAC: ac:22:0b:74:91:82

* Ambele link-uri sunt conectate in acelasi switch / router

Problemele apar pe Layer 2 si produc "confuzie" in echipamente. (cred ca sunt specificate in rfc1122). Din pacate nu am testat multipath pe linux si nu am idee daca apar probleme de genul (nu m-am lovit de asa ceva pana acum)

In orice caz, ar trebui sa poti rezolva problemele de genul modificand parametrii *arp_filter*


root@pluto:~# sysctl -a |grep arp_filter
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.eth0.arp_filter = 0

// edit: O chestie la obiect este aici: Please login or register to see this link.

Edited by aelius

Share this post


Link to post
Share on other sites

Okey, am acasa cateva switch-uri, routere vre-o 3-4 laptopuri si un calculator si alte chestii de care nu imi aduc aminte printre care un raspberry, un cubieboard si un arduino.. ce as putea construi?'.. un fel de infrastructura sau ceva legat de servere si linux ca sa invat/experimentez.. sunt asa de multe chestii ce as putea face si nu stiu de unde sa incep :)) plus de asta se pune prafu pe ele degeaba..

Sent from my LG-E460 using Tapatalk

Edited by Aluche

Share this post


Link to post
Share on other sites

Salut, am vazut mai devreme ca ai postat tutorialul cu mailgraph, eu vreau sa fac acelasi lucru cu bind, dar nu pe serverul pe care ruleaza bind-ul. Vreau sa trimit logurile remote, si de acolo sa il afisez, am vazut ca este bindgraph dar nu am reusit sa il fac sa citeasca din logurile primite. Ai ceva idei?

// @quantum ms de sugestie o sa incerc la noapte sa vedem ce iese :)

Edited by Deathkiss

Share this post


Link to post
Share on other sites
Salut, am vazut mai devreme ca ai postat tutorialul cu mailgraph, eu vreau sa fac acelasi lucru cu bind, dar nu pe serverul pe care ruleaza bind-ul. Vreau sa trimit logurile remote, si de acolo sa il afisez, am vazut ca este bindgraph dar nu am reusit sa il fac sa citeasca din logurile primite. Ai ceva idei?

De ce nu folosesti cacti sau munin ?

Share this post


Link to post
Share on other sites

// @quantum cacti imi aduc aminte ca l-am flosit mai demult.. si nu stiu de ce am renuntat la el.. dar de munin nu am auzit pana acum.. ms o sa incerc sa vad ce iese desi ma deranjeaza faptul ca trebuie sa instalez agenti...pe masinile pe care ruleaza serviciile in productie

Poti sa setezi in acei agenti cine are dreptul sa ii acceseze .

Si daca folosesti cacti tot o sa fie necesar sa rulezi snmp sau alte scripturi ca sa citesti informatiile.

Parerea mea ii ca munin o sa isi faca treaba si nu o sa fie nevoie de multe configuratii sa faca grafice, insa daca ai nevoie de alerte email, threadsholds, etc atunci pune cacti.

Edited by quantum

Share this post


Link to post
Share on other sites
Salut, am vazut mai devreme ca ai postat tutorialul cu mailgraph, eu vreau sa fac acelasi lucru cu bind, dar nu pe serverul pe care ruleaza bind-ul. Vreau sa trimit logurile remote, si de acolo sa il afisez, am vazut ca este bindgraph dar nu am reusit sa il fac sa citeasca din logurile primite. Ai ceva idei?

....

Cred ca era problema de permisiuni la bindgraph. (userul sub care ruleaza apache sau virtualhost-ul nu are permisiuni de a citi logul de la bind)

In named.conf trebuie de asemenea sa incluzi sectiunea de logging.

Un named.conf ar trebui sa arate cam asa:


// ......................
options {
directory "/var/cache/bind";
forwarders { y.y.y.y; x.x.x.x; };
listen-on { 127.0.0.1; xxx.xxx.xxx.xx; xxx.xxx.xx.x; };
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
max-cache-size 2097152;
version "Hahaha, you are so smart";
notify no;
};
logging {
channel querylog {
file "/var/log/query.log";
severity debug 0;
print-category yes;
print-time yes;
print-severity yes;
};
category queries { querylog;};
};
// ......................

Desigur, poti face si ACL-uri sau ce-ti pofteste inima.

Share this post


Link to post
Share on other sites

@aelius: am un server linux pe post de router. In acelasi LAN, mai am un linux pe care vreau sa-l folosesc exclusiv pe post de IDS, cu snort. E ok sa instalez un senzor snort pe router, decat sa fac un "mirror" cu iptables? Ideea e ca vreau sa analizez tot traficul care intra si pleaca din LAN catre internet. Multumesc!

Share this post


Link to post
Share on other sites
@aelius: am un server linux pe post de router. In acelasi LAN, mai am un linux pe care vreau sa-l folosesc exclusiv pe post de IDS, cu snort. E ok sa instalez un senzor snort pe router, decat sa fac un "mirror" cu iptables? Ideea e ca vreau sa analizez tot traficul care intra si pleaca din LAN catre internet. Multumesc!

E cel mai indicat sa pui senzori si apoi sa analizezi cu alta masina.

Arunca o privire si pe aici:

- Please login or register to see this link.

- Please login or register to see this link.

Share this post


Link to post
Share on other sites

@aelius: Pentru un server web (f?r? al?i daemons sau func?ii) ce ar fi cel mai indicat de setat în sysctl? Unele valori vin testate, dar by default se poate face o baz?.

Share this post


Link to post
Share on other sites
@aelius: Pentru un server web (f?r? al?i daemons sau func?ii) ce ar fi cel mai indicat de setat în sysctl? Unele valori vin testate, dar by default se poate face o baz?.

Default, orice kernel peste 2.6.x are autotuning. Este totusi indicat sa fie marite valorile urmatoarelor variabile:

net.core.netdev_max_backlog

net.ipv4.tcp_max_syn_backlog

net.core.somaxconn

Local port range trebuie setat astfel:

net.ipv4.ip_local_port_range = 1024 65535

Desigur, depinde si de serverul web. Daca este apache prefork, modificarea valorilor de mai sus nu aduce un plus considerabil pentru ca acel server web este non threaded iar la peste 1000 conexiuni deja consumul de resurse este f. mare

Daca vrei sa optimizezi un server web, iti pot da ceva hint-uri.

Share this post


Link to post
Share on other sites

salut puteti sa ma ajutati si pe mine cu linuxul ubuntu care stiti? puteti sa imi spuneti ce programe mi-ar trebuie cam asa pentru un starter kit in hacking nu ma pricep sunt noob recunosc asta si vreau sa invat daca puteti sa imi lasati mai jos programele necesare sau scripturi etc sau chiar si tutorial sau datimi add monster.skul pe skype

Share this post


Link to post
Share on other sites
salut puteti sa ma ajutati si pe mine cu linuxul ubuntu care stiti? puteti sa imi spuneti ce programe mi-ar trebuie cam asa pentru un starter kit in hacking nu ma pricep sunt noob recunosc asta si vreau sa invat daca puteti sa imi lasati mai jos programele necesare sau scripturi etc sau chiar si tutorial sau datimi add monster.skul pe skype

Starter kit-ul in hacking il constituie cititul cartilor. Please login or register to see this link.

Share this post


Link to post
Share on other sites

Salut,

Pentru ca nu sunt fan al conectarii SSH cu key pentru ca ma conectez din mai multe locuri/pc-uri, vin cu urmatoare intrebare:

Se merita sa folosesc portknock in iptables si sa las SSH pe 22 sau sa schimb portul si sa nu-mi bat capul ?

Share this post


Link to post
Share on other sites

Eu cred ca ai 3 variante :

1. Sa iti tii cheia pe un stick usb

2. User + pass cu portknock pe un alt port

3. Cheie pe stick usb cu portknock pe un alt port.

Share this post


Link to post
Share on other sites

cunosc variantele iar varianta cu umblatul cu stick dupa mine pica plus ca este vb de mai multe servere. Momentan folosesc user+pass si portknock dar intrebam daca e mai ok portknock decat sa zicem un port gen 15550.

Share this post


Link to post
Share on other sites

Normal ca e mai ok portknock deoarece se deschide portul doar atunci cand vrei tu , folosind secventa stiuta numai de tine.Sunt unii script-kiddies mai avansati care fac service fingerprinting si pe urma dau drumu la bruteforce , ceea ce inseamna ca ti-ar putea gasi portul 15550.Mai greu dar o sa ti-l gaseasca cineva.

Portknock mi se pare solutia mai eleganta si mai secure.

Share this post


Link to post
Share on other sites

multumesc. Am vrut si parerea unor oameni mai experimentati.

Mai am o rugaminte:

Am nevoie de cateva sfaturi pentru optimizarea unui server samba. Pe acest server se conecteaza destul de multi useri si nu face fata conexiunilor.

Share this post


Link to post
Share on other sites

Intrebarea mea este daca aplicatia nu face fata sau serverul propriu-zis nu face fata.

Cand este trafic mare / load , pune te rog aici continutul la un

tail -n /var/log/messages

( syslog daca e Debian ) , output pe

cat /proc/net/sockstat

,

si

ifconfig etho ( sau interfata publica ) | egrep 'TX|RX'

Share this post


Link to post
Share on other sites

Salut @aelius 2 chestii vreau sa stiu si eu daca ma poti ajuta.

1. Zi-mi o versiune buna de linux portabil

2. Ce versiune de linux as putea instala pe un notebook 1GB RAM/Procesor Intel 1.6 si sa se miste cat de cat bine (de preferat ubuntu ca imi e mai familiar)

PS. Daca fac pe un stick linux portabil si doresc sa salvez un fisier ceva, ramane salvat?ori dupa ce scot stick-ul dispare tot ce lucrez

Share this post


Link to post
Share on other sites

- sisteme dns (bind/named, mydns, etc ..)

as fi interesat , si pedeasupra sunt si noob, am un router iar prin dns as vrea sa il snifez, se poate?

la router ma conectez user pas , pot face sniff prin dns, bind , named ?!

multumesc.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By Nexusgts
      Salutare tuturor
       
      Revin si eu cu cateva intrebari legate de wi-fi pen. Deci am parcurs urmatorii pasi:
       
      Metoda 1
       
      Am luat o Alfa pe care am conectat-o la Kali linux dupa care am scanat cateva retele wi-fi si am obtinut cateva handshake-uri pentru respectivele retele dupa care am exportat acele handshake-uri si le-am copiat pe windows 10 unde am Aircrack (toate bune si frumoase pana aici). Am importat in Aircrack fisierul ce contine acel handshacke am selectat encriptia si  key size 64, o lansez dar programul imi spune ca am doar 150 iv's si sa incerc cu minim 5000 iv's. Ce sunt acele iv's si cum le obtin? Cumva sunt pachete ? Momentan am ales sa incerc cracking-ul acelui handshacke cu un wordlist destul de mare (2GB) dar cuvintele sunt in engleza deci sunt sceptic ca va functiona, daca gasesc un wordlist in romana voi incerca si cu el.
       
       
      Metoda 2 
       
      Aceeasi placa de retea + CommView for WiFi apoi scanat reteaua targhetata (Doar 5 minute pentru ca trial and yeah), capturat un log (cateva pachete etc) , convertit fisierul ca sa poata fi rulat de aircrack si primesc acelasi mesaj ca in Metoda cu Linux. 
       
      Ai mai ramas intrebarile de mai sus, Ce sunt acele iv's si cum le obtin? Cumva sunt pachete ? Pot scana cu altceva retelele pentru a obtine un log mai mare si mai multe pachete in speranta ca o sa prin 5k iv's din acelea (daca da cum sau cu ce soft) ?
       
      Astept raspuns de la cei care au mai multe cunostinte despre asa ceva
      Multumesc anticipat!
    • By u0m3
      Abstract: Today’s standard embedded device technology is not robust against Fault Injection (FI) attacks such as Voltage Fault Injection (V-FI). FI attacks can be used to alter the intended behavior of software and hardware of embedded devices. Most FI research focuses on breaking the implementation of cryptographic algorithms. However, this paper’s contribution is in showing that FI attacks are effective at altering the intended behavior of large and complex code bases like the Linux Operating System (OS) when executed by a fast and feature rich System-on-Chip (SoC). More specifically, we show three attacks where full control of the Linux OS is achieved from an unprivileged context using V-FI. These attacks target standard Linux OS functionality and operate in absence of any logical vulnerability.We assume an attacker that already achieved unprivileged code execution. The practicality of the attacks is demonstrated using a commercially available V-FI test bench and a commercially available ARM Cortex-A9 SoC development board. Finally, we discuss mitigations to lower probability and minimize impact of a successful FI attack on complex systems like the Linux OS.
      Link: Please login or register to see this link.
    • By BONER
      salut ... ce linux pot folosi pentru mine , un incepator in linux sunt nehorarat in a decide ce linux sa aleg ori ubuntu ori manjaro ori  linux mint ori cateodata debian9 sau kali linux... elementary os arata bine si zorin os, si arch linux imi place   dar nu stiu ce sa aleg deoarece sunt multe desktop enviroement pentru linux kde,gnome,xfce,etc...
    • By ecaterinacocora
      Decameron is helping an innovative and vibrant healthcare technology company, with headquarter in UK, to complete their team with 2 C++ Developers. They have developed revolutionary software to detect vital signs to medical grade accuracy, human activity through a standard digital camera, completely contact free.
      The software is currently being deployed to monitor safety and health in police, mental health and hospital settings but we see it being deployed in a wide range of settings including nursing & elderly care, community & home care and in vehicles.
       
      The Role
      We are looking for 2 C++ developers to join the team developing and delivering a unique software to extract health information from video. You will be responsible for developing features and creating tests for the core software and systems and services running, running across networks of Linux devices and servers. If you love crafting quality code to bring products to life, learning cool new stuff, and enjoy working in an energetic, and outgoing team, then we want to hear from you.
       
      The C++ Developer MUST HAVE:
      ● Exceptional C++, including the modern language standards, the STL and other software libraries (e.g. Boost etc.)
      ● Experience developing in a Linux environment
      ● Exposure to scripting (e.g. Python, bash, Ruby)
       
      It is also HIGHLY DESIRABLE that C++ Engineer has:
      ● Experience of multi-threaded, high performance code
      ● Worked with algorithms, numerical methods or image processing
       
      To be a great member of the team, you must be brave, inquisitive, determined, supportive, a good listener, team-oriented, self-starting, highly responsible and high energy.
       
      Benefits:
      ● Salary negotiable depending on experience
      ● Relocation support for UK, Oxford
      ● 25 days of annual leave with the ability to purchase more
      ● A flexible working environment
      ● Opportunities to develop your role in the direction you want as the company grows
      ● Working in a well-funded company with a spirit and working environment that is envied by all who see it.
       
      All those interested are welcome to send their CV at Please login or register to see this link. .
       
      Let's discuss in more details. Thank you.
    • By Usr6
      Raw sockets allow a program or application to provide custom headers for the specific protocol(tcp ip) which are otherwise provided by the kernel/os network stack. In more simple terms its for adding custom headers instead of headers provided by the underlying operating system.
       
      Raw socket support is available natively in the socket api in linux. This is different from windows where it is absent (it became available in windows 2000/xp/xp sp1 but was removed later). Although raw sockets dont find much use in common networking applications, they are used widely in applications related to network security.
      In this article we are going to create raw tcp/ip packets. For this we need to know how to make proper ip header and tcp headers. A packet = Ip header + Tcp header + data.
      So lets have a look at the structures.
      Ip header
      According to Please login or register to see this link.
      0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| IHL |Type of Service| Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identification |Flags| Fragment Offset | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time to Live | Protocol | Header Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Every single number is 1 bit. So for example the Version field is 4 bit. The header must be constructed exactly like shown.
      TCP header
      Next comes the TCP header. According to Please login or register to see this link.
      0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Port | Destination Port | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Acknowledgment Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data | |U|A|P|R|S|F| | | Offset| Reserved |R|C|S|S|Y|I| Window | | | |G|K|H|T|N|N| | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Checksum | Urgent Pointer | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  
      Create a raw socket
      Raw socket can be created in python like this
      #create a raw socket try: s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW) except socket.error , msg: print 'Socket could not be created. Error Code : ' + str(msg[0]) + ' Message ' + msg[1] sys.exit() To create raw socket, the program must have root privileges on the system. For example on ubuntu run the program with sudo. The above example creates a raw socket of type IPPROTO_RAW which is a raw IP packet. Means that we provide everything including the ip header.
      Once the socket is created, next thing is to create and construct the packet that is to be send out. C like structures are not available in python, therefore the functions called pack and unpack have to be used to create the packet in the structure specified above.
      So first, lets make the ip header
      1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 source_ip = '192.168.1.101' dest_ip = '192.168.1.1' # or socket.gethostbyname('www.google.com')   # ip header fields ip_ihl = 5 ip_ver = 4 ip_tos = 0 ip_tot_len = 0  # kernel will fill the correct total length ip_id = 54321   #Id of this packet ip_frag_off = 0 ip_ttl = 255 ip_proto = socket.IPPROTO_TCP ip_check = 0    # kernel will fill the correct checksum ip_saddr = socket.inet_aton ( source_ip )   #Spoof the source ip address if you want to ip_daddr = socket.inet_aton ( dest_ip )   ip_ihl_ver = (version << 4) + ihl   # the ! in the pack format string means network order ip_header = pack('!BBHHHBBH4s4s' , ip_ihl_ver, ip_tos, ip_tot_len, ip_id, ip_frag_off, ip_ttl, ip_proto, ip_check, ip_saddr, ip_daddr) Now ip_header has the data for the ip header. Now the usage of pack function, it packs some values has bytes, some as 16bit fields and some as 32 bit fields.
      Next comes the tcp header
      1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 # tcp header fields tcp_source = 1234   # source port tcp_dest = 80   # destination port tcp_seq = 454 tcp_ack_seq = 0 tcp_doff = 5    #4 bit field, size of tcp header, 5 * 4 = 20 bytes #tcp flags tcp_fin = 0 tcp_syn = 1 tcp_rst = 0 tcp_psh = 0 tcp_ack = 0 tcp_urg = 0 tcp_window = socket.htons (5840)    #   maximum allowed window size tcp_check = 0 tcp_urg_ptr = 0   tcp_offset_res = (tcp_doff << 4) + 0 tcp_flags = tcp_fin + (tcp_syn << 1) + (tcp_rst << 2) + (tcp_psh <<3) + (tcp_ack << 4) + (tcp_urg << 5)   # the ! in the pack format string means network order tcp_header = pack('!HHLLBBHHH' , tcp_source, tcp_dest, tcp_seq, tcp_ack_seq, tcp_offset_res, tcp_flags,  tcp_window, tcp_check, tcp_urg_ptr) The construction of the tcp header is similar to the ip header. The tcp header has a field called checksum which needs to be filled in correctly. A pseudo header is constructed to compute the checksum. The checksum is calculated over the tcp header along with the data. Checksum is necessary to detect errors in the transmission on the receiver side.
      Code
      Here is the full code to send a raw packet
      1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 '''     Raw sockets on Linux           Silver Moon (m00n.silv3r@gmail.com) '''   # some imports import socket, sys from struct import *   # checksum functions needed for calculation checksum def checksum(msg):     s = 0           # loop taking 2 characters at a time     for i in range(0, len(msg), 2):         w = ord(msg) + (ord(msg[i+1]) << 8 )         s = s + w           s = (s>>16) + (s & 0xffff);     s = s + (s >> 16);           #complement and mask to 4 byte short     s = ~s & 0xffff           return s   #create a raw socket try:     s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW) except socket.error , msg:     print 'Socket could not be created. Error Code : ' + str(msg[0]) + ' Message ' + msg[1]     sys.exit()   # tell kernel not to put in headers, since we are providing it, when using IPPROTO_RAW this is not necessary # s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)       # now start constructing the packet packet = '';   source_ip = '192.168.1.101' dest_ip = '192.168.1.1' # or socket.gethostbyname('www.google.com')   # ip header fields ip_ihl = 5 ip_ver = 4 ip_tos = 0 ip_tot_len = 0  # kernel will fill the correct total length ip_id = 54321   #Id of this packet ip_frag_off = 0 ip_ttl = 255 ip_proto = socket.IPPROTO_TCP ip_check = 0    # kernel will fill the correct checksum ip_saddr = socket.inet_aton ( source_ip )   #Spoof the source ip address if you want to ip_daddr = socket.inet_aton ( dest_ip )   ip_ihl_ver = (ip_ver << 4) + ip_ihl   # the ! in the pack format string means network order ip_header = pack('!BBHHHBBH4s4s' , ip_ihl_ver, ip_tos, ip_tot_len, ip_id, ip_frag_off, ip_ttl, ip_proto, ip_check, ip_saddr, ip_daddr)   # tcp header fields tcp_source = 1234   # source port tcp_dest = 80   # destination port tcp_seq = 454 tcp_ack_seq = 0 tcp_doff = 5    #4 bit field, size of tcp header, 5 * 4 = 20 bytes #tcp flags tcp_fin = 0 tcp_syn = 1 tcp_rst = 0 tcp_psh = 0 tcp_ack = 0 tcp_urg = 0 tcp_window = socket.htons (5840)    #   maximum allowed window size tcp_check = 0 tcp_urg_ptr = 0   tcp_offset_res = (tcp_doff << 4) + 0 tcp_flags = tcp_fin + (tcp_syn << 1) + (tcp_rst << 2) + (tcp_psh <<3) + (tcp_ack << 4) + (tcp_urg << 5)   # the ! in the pack format string means network order tcp_header = pack('!HHLLBBHHH' , tcp_source, tcp_dest, tcp_seq, tcp_ack_seq, tcp_offset_res, tcp_flags,  tcp_window, tcp_check, tcp_urg_ptr)   user_data = 'Hello, how are you'   # pseudo header fields source_address = socket.inet_aton( source_ip ) dest_address = socket.inet_aton(dest_ip) placeholder = 0 protocol = socket.IPPROTO_TCP tcp_length = len(tcp_header) + len(user_data)   psh = pack('!4s4sBBH' , source_address , dest_address , placeholder , protocol , tcp_length); psh = psh + tcp_header + user_data;   tcp_check = checksum(psh) #print tcp_checksum   # make the tcp header again and fill the correct checksum - remember checksum is NOT in network byte order tcp_header = pack('!HHLLBBH' , tcp_source, tcp_dest, tcp_seq, tcp_ack_seq, tcp_offset_res, tcp_flags,  tcp_window) + pack('H' , tcp_check) + pack('!H' , tcp_urg_ptr)   # final full packet - syn packets dont have any data packet = ip_header + tcp_header + user_data   #Send the packet finally - the port specified has no effect s.sendto(packet, (dest_ip , 0 ))    # put this in a loop if you want to flood the target Run the above program from the terminal and check the network traffic using a packet sniffer like wireshark. It should show the packet.
      Raw sockets find application in the field of network security. The above example can be used to code a tcp syn flood program. Syn flood programs are used in Dos attacks. Raw sockets are also used to code packet sniffers, port scanners etc.
       
      sursa: Please login or register to see this link.
×