Using hping to inject packet into TCP netcat connection - tcpdump

I have a netcat connection open between a server and a client and i am trying to craft a packet using hping to print the text on the client.
My issue is I am able to craft a very similar packet to what is needed but I am missing the TCP options that are in the packets that are sent from server to the client via netcat.
here is my hping command
hping3 -A -y -M 717766814 -L 3830111434 -N 37033 -w 227 -b -p 55526 -s 5555 -P 192.168.0.116 -c 1 -d 8 -E task4.txt
here is the packet i craft
11:16:45.116157 00:a0:98:64:9f:40 > 00:a0:98:36:c8:07, ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 64, id 37033, offset 0, flags [DF], proto TCP (6), length 48)
192.168.0.216.5555 > 192.168.0.116.55526: Flags [P.], cksum 0x5600 (incorrect -> 0x0355), seq 717766814:717766822, ack 3830111434, win 227, length 8
0x0000: 4500 0030 90a9 4000 4006 2782 c0a8 00d8 E..0..#.#.'.....
0x0010: c0a8 0074 15b3 d8e6 2ac8 409e e44a dcca ...t....*.#..J..
0x0020: 5018 00e3 5600 0000 4243 4445 4647 410a P...V...BCDEFGA.
the actual packet i need to craft
11:16:52.352624 00:a0:98:64:9f:40 > 00:a0:98:36:c8:07, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 38493, offset 0, flags [DF], proto TCP (6), length 60)
192.168.0.216.5555 > 192.168.0.116.55526: Flags [P.], cksum 0x82cb (incorrect -> 0x0ce8), seq 717766814:717766822, ack 3830111434, win 227, options [nop,nop,TS val 1099353487 ecr 208117467], length 8
0x0000: 4500 003c 965d 4000 4006 21c2 c0a8 00d8 E..<.]#.#.!.....
0x0010: c0a8 0074 15b3 d8e6 2ac8 409e e44a dcca ...t....*.#..J..
0x0020: 8018 00e3 82cb 0000 0101 080a 4186 cd8f ............A...
0x0030: 0c67 9edb 4142 4344 4546 470a .g..ABCDEFG.
the packets are identical other than missing the options and the checksum
How can i add the options to my crafted packet or is there a another method to getting test to appear on the client using hping?

As you saw, hping3 does not provide a way to set TCP options out-of-the-box.
However, good news is that the TCP options are right next to the TCP payload in the packet. So you can prepend your data with the TCP options:
Instead of just the data, put the TCP options + data in the file you provide to hping3:
echo "0101080a4186cd8f0c679edb414243444546470a" | python3 -c "import sys, binascii; sys.stdout.buffer.write(binascii.unhexlify(input().strip()))" > /tmp/task4.txt
Send using hping3, you will need to change the data size to 20 and set the data offset to 8 (default data offset is 5 32 bits words) to properly identify the added TCP options:
-O --tcpoff
Set fake tcp data offset. Normal data offset is tcphdrlen / 4.
hping3 -A -y -M 717766814 -L 3830111434 -N 37033 -w 227 -b -p 55526 -s 5555 -P 192.168.134.161 -c 1 -d 20 -O 8 -E task4.txt
Resulting crafted packet:
08:27:07.956095 IP (tos 0x0, ttl 64, id 37033, offset 0, flags [DF], proto TCP (6), length 60)
192.168.134.142.5555 > 192.168.134.161.55526: Flags [P.], cksum 0x5451 (incorrect -> 0x0104), seq 0:8, ack 1, win 227, options [nop,nop,TS val 1099353487 ecr 208117467], length 8
0x0000: 4500 003c 90a9 4000 4006 1b92 c0a8 868e E..<..#.#.......
0x0010: c0a8 86a1 15b3 d8e6 2ac8 409e e44a dcca ........*.#..J..
0x0020: 8018 00e3 5451 0000 0101 080a 4186 cd8f ....TQ......A...
0x0030: 0c67 9edb 4142 4344 4546 470a .g..ABCDEFG.

Related

The other error about x509: certificate signed by unknown authority

When I installed okd4.5, running the openshift command prompts the error message as follows:
[root#bastion ~]# openshift-install --dir=/okdinstall/ wait-for bootstrap-complete --log-level=debug
DEBUG OpenShift Installer 4.5.0-0.okd-2020-10-15-235428
DEBUG Built from commit 63200c80c431b8dbaa06c0cc13282d819bd7e5f8
INFO Waiting up to 20m0s for the Kubernetes API at https://api.okd.test1.com:6443...
DEBUG Still waiting for the Kubernetes API: Get https://api.okd.test1.com:6443/version?timeout=32s: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kube-apiserver-lb-signer")
我的操作步骤如下:
52 hostnamectl set-hostname bastion
53 ssh-keygen -t rsa -b 4096 -N '' -f ~/.ssh/id_rsa
54 eval "$(ssh-agent -s)"
55 ssh-add ~/.ssh/id_rsa
56 systemctl disable firewalld
57 systemctl stop firewalld
58 yum -y install wget vim etcd bind-utils
59 systemctl enable etcd --now
60 systemctl status etcd
61 wget https://github.com/coredns/coredns/releases/download/v1.6.9/coredns_1.6.9_linux_amd64.tgz
62 tar zxvf coredns_1.6.9_linux_amd64.tgz
63 mv coredns /usr/local/bin
64 useradd coredns -s /sbin/nologin
65 vim /etc/systemd/system/coredns.service
66 mkdir /etc/coredns
67 vi /etc/coredns/Corefile
68 systemctl enable coredns --now
69 systemctl status coredns
70 alias etcdctlv3='ETCDCTL_API=3 etcdctl'
71 etcdctlv3 put /skydns/com/test1/okd/api '{"host":"172.16.121.13", "ttl":60}'
72 etcdctlv3 put /skydns/com/test1/okd/api-int '{"host":"172.16.121.13", "ttl":60}'
73 etcdctlv3 put /skydns/com/test1/okd/registry '{"host":"172.16.121.13", "ttl":60}'
74 etcdctlv3 put /skydns/com/test1/okd/etcd-1 '{"host":"172.16.121.14", "ttl":60}'
75 etcdctlv3 put /skydns/com/test1/okd/etcd-2 '{"host":"172.16.121.15", "ttl":60}'
76 etcdctlv3 put /skydns/com/test1/okd/etcd-3 '{"host":"172.16.121.16", "ttl":60}'
77 etcdctlv3 put /skydns/com/test1/okd/_tcp/_etcd-server-ssl/x1 '{"host":"etcd-1.okd.test1.com", "ttl":60, "priority":0, "weight":10, "port":2380}'
78 etcdctlv3 put /skydns/com/test1/okd/_tcp/_etcd-server-ssl/x1 '{"host":"etcd-2.okd.test1.com", "ttl":60, "priority":0, "weight":10, "port":2380}'
79 etcdctlv3 put /skydns/com/test1/okd/_tcp/_etcd-server-ssl/x1 '{"host":"etcd-3.okd.test1.com", "ttl":60, "priority":0, "weight":10, "port":2380}'
80 etcdctlv3 put /skydns/com/test1/okd/bastion '{"host":"172.16.121.13", "ttl":60}'
81 etcdctlv3 put /skydns/com/test1/okd/bootstrap '{"host":"172.16.121.19", "ttl":60}'
82 etcdctlv3 put /skydns/com/test1/okd/master1 '{"host":"172.16.121.14", "ttl":60}'
83 etcdctlv3 put /skydns/com/test1/okd/master2 '{"host":"172.16.121.15", "ttl":60}'
84 etcdctlv3 put /skydns/com/test1/okd/master3 '{"host":"172.16.121.16", "ttl":60}'
85 etcdctlv3 put /skydns/com/test1/okd/worker1 '{"host":"172.16.121.17", "ttl":60}'
86 etcdctlv3 put /skydns/com/test1/okd/worker2 '{"host":"172.16.121.18", "ttl":60}'
87 dig +short apps.okd.test1.com #127.0.0.1
88 dig +short master2.okd.test1.com #127.0.0.1
89 cat /etc/resolv.conf
search okd.test1.com
nameserver 172.16.121.13
90 yum -y install haproxy
91 vim /etc/haproxy/haproxy.cfg
92 systemctl enable haproxy && systemctl restart haproxy
93 systemctl status haproxy
94 netstat -anput | grep 6443
95 yum -y install net-tools
96 netstat -anput | grep 6443
97 netstat -anput | grep 22623
98 mkdir -p /opt/registry/{auth,certs,data}
99 mkdir /data
100 cd /opt/registry/certs
101 openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 36500 -out ca.crt
102 openssl req -newkey rsa:4096 -nodes -sha256 -keyout registry.okd.test1.com.key -out registry.okd.test1.com.csr -days 36500
103 openssl x509 -req -days 36500 -in registry.okd.test1.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out registry.okd.test1.com.crt
104 echo -n 'admin:Harbor12345' | base64 -w0
105 vim /root/pull-secret.json
106 yum -y install httpd-tools yum-utils telnet httpd epel-release podman
107 yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
108 yum -y install docker-ce docker-compose
109 systemctl start docker && systemctl enable docker
110 systemctl status docker
111 cd /opt
112 wget https://github.com/goharbor/harbor/releases/download/v2.0.1/harbor-offline-installer-v2.0.1.tgz
121 tar -zxvf harbor-offline-installer-v2.0.1.tgz && rm -rf harbor-offline-installer-v2.0.1.tgz && cd harbor/
122 mv harbor.yml.tmpl harbor.yml
123 vim harbor.yml
124 ./install.sh
125 mkdir -p /etc/docker/certs.d/registry.okd.test1.com
126 cp /opt/registry/certs/registry.okd.test1.com.crt
/etc/docker/certs.d/registry.okd.test1.com
127 cp /opt/registry/certs/ca.crt /etc/pki/ca-trust/source/anchors/
128 update-ca-trust extrat
129 systemctl restart docker
130 netstat -anput | grep docker
131 curl -u admin:Harbor12345 -k https://registry.okd.test1.com:18443/v2/_catalog
132 wget https://github.com/openshift/okd/releases/download/4.5.0-0.okd-2020-10-15-235428/openshift-client-linux-4.5.0-0.okd-2020-10-15-235428.tar.gz
133 ll
134 cd /root/
135 ll
136 wget https://github.com/openshift/okd/releases/download/4.5.0-0.okd-2020-10-15-235428/openshift-install-linux-4.5.0-0.okd-2020-10-15-235428.tar.gz
137 ll
138 tar -zxvf openshift-client-linux-4.5.0-0.okd-2020-10-15-235428.tar.gz
139 cp oc kubectl /usr/local/bin/
140 oc version
141 tar -zxvf openshift-install-linux-4.5.0-0.okd-2020-10-15-235428.tar.gz
142 cp openshift-install /usr/local/bin/
143 openshift-install version
144 export OCP_RELEASE=4.5.0-0.okd
145 export LOCAL_REGISTRY='registry.okd.test1.com:18443'
146 export LOCAL_REPOSITORY='openshift/okd'
147 export PRODUCT_REPO='openshift'
148 export LOCAL_SECRET_JSON='/root/pull-secret.json'
149 export RELEASE_NAME='okd'
150 export ARCHITECTURE="2020-10-15-235428"
152 oc adm -a ${LOCAL_SECRET_JSON} release mirror --from=quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE}-${ARCHITECTURE} --to=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY} --to-release-image=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}:${OCP_RELEASE}-${ARCHITECTURE}
209 cd /root/
210 vim install-config.yaml
211 mkdir /okdinstall/
213 cp install-config.yaml /okdinstall/
214 openshift-install create manifests --dir=/okdinstall
215 sed -i 's/mastersSchedulable: true/mastersSchedulable: False/'
/okdinstall/manifests/cluster-scheduler-02-config.yml
216 openshift-install create ignition-configs --dir=/okdinstall
217 mkdir /root/.kube/
218 cp /okdinstall/auth/kubeconfig ~/.kube/config
219 chmod -R 755 /okdinstall/*
220 mkdir /usr/share/nginx/html/ignition/
221 cp -rp /okdinstall/* /usr/share/nginx/html/ignition/
222 mkdir /usr/share/nginx/html/install/
223 openshift-install --dir=/okdinstall/ wait-for bootstrap-complete --log-level=debug
设计到的文件内容如下:
cat /root/pull-secret.json
{
"auths": {
"registry.okd.test1.com:18443": {
"auth": "YWRtaW46SGFyYm9yMTIzNDU=",
"email": ""
}
}
}
cat /root/install-config.yaml
apiVersion: v1
baseDomain: test1.com
compute:
- hyperthreading: Enabled
name: worker
replicas: 0
controlPlane:
hyperthreading: Enabled
name: master
replicas: 3
metadata:
name: okd
networking:
clusterNetwork:
- cidr: 10.128.0.0/14
hostPrefix: 23
networkType: OpenShiftSDN
serviceNetwork:
- 172.30.0.0/16
platform:
none: {}
fips: false
sshKey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3EhKr+wP22gSg3yoahLDR2cNxHEfm59/uFc4XBFdROEXofS4pm3V3c3ug2dRCtaVI/Wb2wUKjvbJd3Cw8dHhD4cU6rIVBt2+P6GpOIslkFb59RjUdWhS7EVcFNg/5AJJc4gmg+Read1WmJQny36Ogpf8WfMXyCeIMB1w7cezIg/E1lJo0LonSWfj4vUUweqZzWhfBgiet6NxyRm6C8ahWMhoMvaVNd2JK4RtMxP2vdX9HpEjUQNFnPG0N4wcJztIKLjh5IUPMNrTwFe62zB6n3kx6ZycrZUQmRHJVss3QN566bxNu2qmbfryvktj2lGFon8pt08Fwe5gJcHNbLhKTmQZc1KEh9leKXiTFcE/omsA3fZC4K+u3Xt69NHBLVTaBA9t4/gETvU7knQO51ffXvS7ut61FfMObuU9e1E7Vzy4czyFNrv4yRIUv6tdj35zQd96hvNJeNPx4Owogbc/5tWhkc0fPgDZCn5v+DIh8yJZ2GL0nrCI1eS0eIHyWuqMY7PbrQRSp3bQLomEvlLB+Eg/lyv0nhVgbue6bgrWy6fN2ExEJHBn2rwZOq9j/DiU2xF+AdALQNeqVHd6GBo8Q/TC3w6TVlemLDnAyrf7JSQNUIVstRyYNkqN/3/is9ibPQqYckEIvDenonuBUe1Np7DH3qcSkjAFz3xdQ== root#bastion'
pullSecret: '{"auths":{"registry.okd.test1.com:18443": {"auth": "YWRtaW46SGFyYm9yMTIzNDU=","email": ""}}}'
imageContentSources:
- mirrors:
- registry.okd.test1.com:18443/openshift/okd
source: quay.io/openshift/okd
- mirrors:
- registry.okd.test1.com:18443/openshift/okd
source: quay.io/openshift/okd-content
# 密钥文件信息来自于 /etc/docker/certs.d/registry.okd.test1.com/registry.okd.test1.com.crt
additionalTrustBundle: |
-----BEGIN CERTIFICATE-----
MIIFejCCA2ICCQCIsY5LihXiSDANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJD
TjELMAkGA1UECAwCQkoxCzAJBgNVBAcMAkJKMQ0wCwYDVQQKDARURVNUMQ0wCwYD
VQQLDARURVNUMRgwFgYDVQQDDA8qLm9rZC50ZXN0MS5jb20xHTAbBgkqhkiG9w0B
CQEWDnRlc3RAdGVzdDEuY29tMCAXDTIxMDgxMDExMDc0MloYDzIxMjEwNzE3MTEw
NzQyWjB+MQswCQYDVQQGEwJDTjELMAkGA1UECAwCQkoxCzAJBgNVBAcMAkJKMQ0w
CwYDVQQKDARURVNUMQ0wCwYDVQQLDARURVNUMRgwFgYDVQQDDA8qLm9rZC50ZXN0
MS5jb20xHTAbBgkqhkiG9w0BCQEWDnRlc3RAdGVzdDEuY29tMIICIjANBgkqhkiG
9w0BAQEFAAOCAg8AMIICCgKCAgEA2PpMgCdjfZd2ww+uYjxrN3Wbl5qxKWJYTtX9
uI0/37g1Bz09XSVB4zW3WHmqCBwr1ad6/S92vv0HHtnJDP+PcoP6FsnBagPxxwCC
bIF4svkwSG7bQkUZcFbQ+S3Tqo8cHBOeSW4fzFPYO7QKF3Bhmq1tqYO5cqPrlOdb
1+L31Etx+P6P7+/XBzr4CUckTsdQXoEIcKFTQfrn9NMAeSscFk5Qw76DPhj4tJbe
Rx+ebpwgQodrsr8C9qn8Ebj6n1oz5S/mer6CeNR4M2HTdoBqUP0eHbLAyBzrzXwK
0OTqn7+El5DyA86yY99ag8SLsNjHc1J4PYPLbNuk/UvathsLAWQZjeyq+Zyf4KQk
PvXi8wlKXik9eAAtL/fx3jNoAm57f0qdc7Z3+e8X4cr9wvNerC7IVV8OSRMsxlze
w5c0YqP3kex9UV3f4FpKBJEZI9k1Gcg911ffl5dj7wDunj2wzyzprhjWvdswkCux
5kJfPZhgoBUK0DRmoW7b9r00YsMYodI05MuEVG/KiRlfQn3/xa0NEAqxJbM+zbOJ
rJmQLV2mJQjh3FgIc99L0CFPaoaANPi1t3hYnFRiWxRaDhxnNUaCb6QUMp+ZphbX
eRYmZ2DqGB91pFliT8MSxlBqcTq+AgUE7IKa0Tu9QZxN9ve1DlXJQi+LIenC3iZs
7OMQKwUCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAZZ/8l4daDzyxwIALkoepjbKi
ozIp/Oz9HRvlVUM1rM37zceo3xumP8T1AWvr/z9tLei5/HMgqAbbegFx+Y0Rdwyt
DdHk4UFOcGBomFnA0CYXOywKIOo5qByOthBu0GF7quns4MTpPUN0sXkYDAoBRPLB
Wsan71DBAa6GN/kvu5eXN3SZeiAz4Ou3Yk43++Iy5NNWNjB37GNdtL9LRdtYGaVb
/kUiFdPL2S9gtex/EdWFqsZrN/0VNGRD8/bLQlavIFwYYz7zaMt7UxT7q7v2prkK
FF7GZiDJZb0NeHDLnyoP0yHuqefnKV7oV1aBqYh3Y6zk16S6DIl8WKfCgEaHSwB+
ESGxKU42NCWgTw8ollXHMjezT1C6LAzLGuMToJXVQzYhoacGLJKtkCcKwYV/df4z
/Z5s1ECphLLetR8JyByhDOzk48tZyXrMN3DvtIfVsbR5cRqZrW5KK6gRKTm1Stsq
TLB9wLtn/ytA9HaMijsudPB/7k/Q3Mm4G3WfnLlpQpc9oQeG/32dEq2FM3Ykp/YX
UQvTh6MEjj8XTHe6FT1yJNMqcQL/oct3bTRc8kegtzgELgpUGMGBnlFtIICBleVx
2/lzFrU7P08poKuZ+1loG4rZG9vxsWRX/MZ2AVi+c2jQ9qRwnD5as+YoUyFw42Xx
vOouHXd0lg7onR1v82M=
-----END CERTIFICATE-----
备注:我的系统是centos7.9

Zabbix Server behind HAProxy

Hi my infrastructure of zabbix servers looks like this:
Two Zabbix Servers are behind HAProxy Servers in Active/Passive mode. Part of haproxy.cfg from one of the HAProxy server.
frontend ha-monit-app
bind :10051
mode tcp
default_backend monit-app
backend monit-app
server monit-app-01 10.164.0.10:10051 check
server monit-app-02 10.156.0.10:10051 check backup
There are two HAProxy servers with the same configuration and switched using failover ip 172.31.255.254
I've checked with nmap & ping is the failover ip available from other nodes, specially from zabbix web server (frontend) and here those results:
PING 172.31.255.254 (172.31.255.254) 56(84) bytes of data.
64 bytes from 172.31.255.254: icmp_seq=1 ttl=64 time=1.43 ms
64 bytes from 172.31.255.254: icmp_seq=2 ttl=64 time=0.284 ms
64 bytes from 172.31.255.254: icmp_seq=3 ttl=64 time=0.326 ms
64 bytes from 172.31.255.254: icmp_seq=4 ttl=64 time=0.306 ms
64 bytes from 172.31.255.254: icmp_seq=5 ttl=64 time=0.277 ms
--- 172.31.255.254 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4054ms
rtt min/avg/max/mdev = 0.277/0.525/1.433/0.454 ms
nmap -Pn -p 10051 172.31.255.254
Starting Nmap 7.40 ( https://nmap.org ) at 2018-06-15 00:59 CEST
Nmap scan report for 172.31.255.254
Host is up (0.0012s latency).
PORT STATE SERVICE
10051/tcp open zabbix-trapper
Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds
telnet 172.31.255.254 10051
Trying 172.31.255.254...
Connected to 172.31.255.254.
Escape character is '^]'.
^CConnection closed by foreign host.
So everything looks good. That's why on frontend server in zabbix.conf.php I've set following values:
$ZBX_SERVER = '172.31.255.254';
$ZBX_SERVER_PORT = '10051';
$ZBX_SERVER_NAME = 'Zabbix GCP HAProxy';
But I see that this doesn't work on frontend at all
This a Zabbix Frontend / Status of Zabbix Server
I'm adding tcpdumps
=========== tcpdump ==============
Listening on Active HAProxy (10.164.0.3 / 172.31.255.254 Floating IP) for Active Zabbix Server (monit-app-01 - 10.156.0.10)
tcpdump -n host 10.156.0.10
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
10:11:44.301714 IP 10.164.0.3.60374 > 10.156.0.10.10051: Flags [S], seq 904325550, win 28400, options [mss 1420,sackOK,TS val 11110278 ecr 0,nop,wscale 7], length 0
10:11:44.308930 IP 10.156.0.10.10051 > 10.164.0.3.60374: Flags [S.], seq 1332485152, ack 904325551, win 28160, options [mss 1420,sackOK,TS val 12859862 ecr 11110278,nop,wscale 7], length 0
10:11:44.309007 IP 10.164.0.3.60374 > 10.156.0.10.10051: Flags [R.], seq 1, ack 1, win 222, options [nop,nop,TS val 11110280 ecr 12859862], length 0
10:11:46.309574 IP 10.164.0.3.60378 > 10.156.0.10.10051: Flags [S], seq 355584253, win 28400, options [mss 1420,sackOK,TS val 11110780 ecr 0,nop,wscale 7], length 0
10:11:46.316691 IP 10.156.0.10.10051 > 10.164.0.3.60378: Flags [S.], seq 3081623376, ack 355584254, win 28160, options [mss 1420,sackOK,TS val 12860364 ecr 11110780,nop,wscale 7], length 0
10:11:46.316769 IP 10.164.0.3.60378 > 10.156.0.10.10051: Flags [R.], seq 1, ack 1, win 222, options [nop,nop,TS val 11110782 ecr 12860364], length 0
Listening on Active HAProxy (10.164.0.3 / 172.31.255.254 Floating IP) for Zabbix Frontend (monit-front-01 - 10.164.0.7)
sudo tcpdump -n host 10.164.0.7
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
10:18:44.549679 IP 10.164.0.7.56084 > 172.31.255.254.10051: Flags [S], seq 3124977895, win 28400, options [mss 1420,sackOK,TS val 10621333 ecr 0,nop,wscale 7], length 0
10:18:44.549729 IP 172.31.255.254.10051 > 10.164.0.7.56084: Flags [S.], seq 1251960166, ack 3124977896, win 28160, options [mss 1420,sackOK,TS val 11215340 ecr 10621333,nop,wscale 7], length 0
10:18:44.550406 IP 10.164.0.7.56084 > 172.31.255.254.10051: Flags [.], ack 1, win 222, options [nop,nop,TS val 10621334 ecr 11215340], length 0
10:18:44.550576 IP 10.164.0.7.56084 > 172.31.255.254.10051: Flags [P.], seq 1:80, ack 1, win 222, options [nop,nop,TS val 10621334 ecr 11215340], length 79
10:18:44.550587 IP 172.31.255.254.10051 > 10.164.0.7.56084: Flags [.], ack 80, win 220, options [nop,nop,TS val 11215340 ecr 10621334], length 0
10:18:44.550620 IP 172.31.255.254.10051 > 10.164.0.7.56084: Flags [F.], seq 1:189, ack 80, win 220, options [nop,nop,TS val 11215340 ecr 10621334], length 188
10:18:44.550843 IP 10.164.0.7.56084 > 172.31.255.254.10051: Flags [F.], seq 80, ack 190, win 231, options [nop,nop,TS val 10621334 ecr 11215340], length 0
10:18:44.550849 IP 172.31.255.254.10051 > 10.164.0.7.56084: Flags [.], ack 81, win 220, options [nop,nop,TS val 11215340 ecr 10621334], length 0
10:18:47.820231 IP 10.164.0.7.56092 > 172.31.255.254.10051: Flags [S], seq 3701025043, win 28400, options [mss 1420,sackOK,TS val 10622151 ecr 0,nop,wscale 7], length 0
10:18:47.820304 IP 172.31.255.254.10051 > 10.164.0.7.56092: Flags [S.], seq 3543291301, ack 3701025044, win 28160, options [mss 1420,sackOK,TS val 11216157 ecr 10622151,nop,wscale 7], length 0
10:18:47.820562 IP 10.164.0.7.56092 > 172.31.255.254.10051: Flags [.], ack 1, win 222, options [nop,nop,TS val 10622151 ecr 11216157], length 0
10:18:47.820665 IP 10.164.0.7.56092 > 172.31.255.254.10051: Flags [P.], seq 1:80, ack 1, win 222, options [nop,nop,TS val 10622151 ecr 11216157], length 79
10:18:47.820672 IP 172.31.255.254.10051 > 10.164.0.7.56092: Flags [.], ack 80, win 220, options [nop,nop,TS val 11216158 ecr 10622151], length 0
10:18:47.820707 IP 172.31.255.254.10051 > 10.164.0.7.56092: Flags [F.], seq 1:189, ack 80, win 220, options [nop,nop,TS val 11216158 ecr 10622151], length 188
10:18:47.820947 IP 10.164.0.7.56092 > 172.31.255.254.10051: Flags [F.], seq 80, ack 190, win 231, options [nop,nop,TS val 10622151 ecr 11216158], length 0
10:18:47.820957 IP 172.31.255.254.10051 > 10.164.0.7.56092: Flags [.], ack 81, win 220, options [nop,nop,TS val 11216158 ecr 10622151], length 0
And I get NOSRV in haproxy.log
=============== HAProxy =============
Jun 15 10:34:49 ha-monit-app-01-6zxn haproxy[1471]: 10.164.0.7:58088 [15/Jun/2018:10:34:49.680] ha-monit-app monit-app/<NOSRV> -1/-1/0 188 PR 0/0/0/0/3 0/0
Jun 15 10:34:50 ha-monit-app-01-6zxn haproxy[1471]: 10.164.0.7:58096 [15/Jun/2018:10:34:50.646] ha-monit-app monit-app/<NOSRV> -1/-1/0 188 PR 0/0/0/0/3 0/0
Jun 15 10:35:00 ha-monit-app-01-6zxn haproxy[1471]: 10.164.0.7:58112 [15/Jun/2018:10:35:00.927] ha-monit-app monit-app/<NOSRV> -1/-1/0 188 PR 1/1/1/0/3 0/0
Jun 15 10:35:00 ha-monit-app-01-6zxn haproxy[1471]: 10.164.0.7:58110 [15/Jun/2018:10:35:00.927] ha-monit-app monit-app/<NOSRV> -1/-1/0 188 PR 0/0/0/0/3 0/0
Jun 15 10:35:11 ha-monit-app-01-6zxn haproxy[1471]: 10.164.0.7:58130 [15/Jun/2018:10:35:11.839] ha-monit-app monit-app/<NOSRV> -1/-1/0 188 PR 0/0/0/0/3 0/0
Jun 15 10:35:11 ha-monit-app-01-6zxn haproxy[1471]: 10.164.0.7:58132 [15/Jun/2018:10:35:11.853] ha-monit-app monit-app/<NOSRV> -1/-1/0 188 PR 0/0/0/0/3 0/0
Jun 15 10:35:22 ha-monit-app-01-6zxn haproxy[1471]: 10.164.0.7:58150 [15/Jun/2018:10:35:22.672] ha-monit-app monit-app/<NOSRV> -1/-1/0 188 PR 1/1/1/0/3 0/0
Jun 15 10:35:22 ha-monit-app-01-6zxn haproxy[1471]: 10.164.0.7:58148 [15/Jun/2018:10:35:22.672] ha-monit-app monit-app/<NOSRV> -1/-1/0 188 PR 0/0/0/0/3 0/0
Jun 15 10:35:32 ha-monit-app-01-6zxn haproxy[1471]: 10.164.0.7:58182 [15/Jun/2018:10:35:32.712] ha-monit-app monit-app/<NOSRV> -1/-1/0 188 PR 0/0/0/0/3 0/0
Jun 15 10:35:33 ha-monit-app-01-6zxn haproxy[1471]: 10.164.0.7:58196 [15/Jun/2018:10:35:33.793] ha-monit-app monit-app/<NOSRV> -1/-1/0 188 PR 0/0/0/0/3 0/0
Jun 15 10:35:43 ha-monit-app-01-6zxn haproxy[1471]: 10.164.0.7:58204 [15/Jun/2018:10:35:43.707] ha-monit-app monit-app/<NOSRV> -1/-1/0 188 PR 0/0/0/0/3 0/0
Jun 15 10:35:44 ha-monit-app-01-6zxn haproxy[1471]: 10.164.0.7:58212 [15/Jun/2018:10:35:44.742] ha-monit-app monit-app/<NOSRV> -1/-1/0 188 PR 0/0/0/0/3 0/0
status of HAProxy from stats
It's solved
Missing obvious parameter in the backend section
mode: tcp
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend ha-monit-app
bind :10051
mode tcp
default_backend monit-app
backend monit-app
mode tcp <-- this one
server monit-app-01 10.156.0.10:10051 check
server monit-app-02 10.164.0.10:10051 check backup
listen stats
bind :80
mode http
stats enable
stats uri /
stats hide-version
stats realm Zabbix\ Server\ HAProxy
stats auth xxxx:xxxx
It was using http on backends because it was a default parameter from
defaults
mode http

Siege will not stop when done with urls.txt file

I'm using siege to locate some problem pages on our new sitemap and am having trouble getting it to stop after it runs through the urls.txt file. I have tried using reps=once in the command line, as well as in the .siegerc config file. I find that I have to use the config file, as I want the output written verbosely to a log file so that I can see page load times, 302 and 404 errors, etc. and import them into excel. However, no matter what I try I cannot get siege to stop when it completes the url.txt file- it just reruns it over again.
I have configured for 40 concurrent users, the time and reps variable is commented out in config, the url.txt file is in config. The syntax I run at cmd line is...
sudo siege --reps=once -v > outputfile.csv
I have tried setting the reps in config, no luck. Any ideas where I'm going wrong?
I ran into similar problems and trying multiple options I got it to work with:
# siege -c 10 -b -r 10 -f urls.txt
where urls.txt is a simple list of URLs like
http://ip-address/url1.html
http://ip-address/url2.html
....
....
The logs were written into a file specified in the siegerc file. ${HOME}/var/siege.log
2016-08-05 17:52:59, 100, 0.88, 4, 0.09, 113.64, 4.55, 9.67, 100, 0
2016-08-05 17:53:00, 100, 0.91, 4, 0.09, 109.89, 4.40, 9.76, 100, 0
2016-08-05 17:53:01, 100, 0.90, 4, 0.09, 111.11, 4.44, 9.78, 100, 0
2016-08-05 17:53:02, 100, 0.89, 4, 0.09, 112.36, 4.49, 9.64, 100, 0
2016-08-05 17:53:03, 100, 0.86, 4, 0.08, 116.28, 4.65, 9.84, 100, 0
2016-08-05 17:53:04, 100, 0.89, 4, 0.09, 112.36, 4.49, 9.80, 100, 0
2016-08-05 17:53:05, 100, 0.88, 4, 0.09, 113.64, 4.55, 9.83, 100, 0
2016-08-05 17:53:06, 100, 0.88, 4, 0.09, 113.64, 4.55, 9.89, 100, 0
2016-08-05 17:53:07, 100, 0.87, 4, 0.09, 114.94, 4.60, 9.79, 100, 0
2016-08-05 17:53:07, 100, 0.88, 4, 0.09, 113.64, 4.55, 9.85, 100, 0
}
I also observed that the logfile option is either buggy or very strict.
'-l filename.log' does not work.
$ siege -c 10 -b -r 10 -f urls.txt -l ./siege.log
** SIEGE 2.70
** Preparing 10 concurrent users for battle.
The server is now under siege...
done.
Transactions: 0 hits
Availability: 0.00 %
Elapsed time: 0.08 secs
Data transferred: 0.00 MB
Response time: 0.00 secs
Transaction rate: 0.00 trans/sec
Throughput: 0.00 MB/sec
Concurrency: 0.00
Successful transactions: 0
Failed transactions: 100
Longest transaction: 0.00
Shortest transaction: 0.00
FILE: /home/xxxx/var/siege.log
You can disable this annoying message by editing
the .siegerc file in your home directory; change
the directive 'show-logfile' to false.
But --log=filename.log works. e.g.
# siege -c 10 -b -r 10 -f urls.txt --log=./siege.log
$ siege -c 10 -b -r 10 -f urls.txt --log=./siege.log
** SIEGE 2.70
** Preparing 10 concurrent users for battle.
The server is now under siege...
HTTP/1.1 200 0.08 secs: 45807 bytes ==> /8af6cacb-50ed-40b6-995f-49480f9f74fa.html
HTTP/1.1 200 0.08 secs: 45807 bytes ==> /8af6cacb-50ed-40b6-995f-49480f9f74fa.html
HTTP/1.1 200 0.09 secs: 45807 bytes ==> /8af6cacb-50ed-40b6-995f-49480f9f74fa.html
HTTP/1.1 200 0.09 secs: 45807 bytes ==> /8af6cacb-50ed-40b6-995f-49480f9f74fa.html
HTTP/1.1 200 0.10 secs: 45807 bytes ==> /8af6cacb-50ed-40b6-995f-49480f9f74fa.html
HTTP/1.1 200 0.10 secs: 45807 bytes ==> /8af6cacb-50ed-40b6-995f-49480f9f74fa.html
HTTP/1.1 200 0.10 secs: 45807 bytes ==> /8af6cacb-50ed-40b6-995f-49480f9f74fa.html
HTTP/1.1 200 0.10 secs: 45807 bytes ==> /8af6cacb-50ed-40b6-995f-49480f9f74fa.html
HTTP/1.1 200 0.10 secs: 45807 bytes ==> /8af6cacb-50ed-40b6-995f-49480f9f74fa.html
HTTP/1.1 200 0.10 secs: 45807 bytes ==> /8af6cacb-50ed-40b6-995f-49480f9f74fa.html
HTTP/1.1 200 0.10 secs: 55917 bytes ==> /create_and_delete_networks.html
HTTP/1.1 200 0.10 secs: 55917 bytes ==> /create_and_delete_networks.html
HTTP/1.1 200 0.10 secs: 55917 bytes ==> /create_and_delete_networks.html
HTTP/1.1 200 0.10 secs: 55917 bytes ==> /create_and_delete_networks.html
HTTP/1.1 200 0.09 secs: 55917 bytes ==> /create_and_delete_networks.html
done.
Transactions: 100 hits
Availability: 100.00 %
Elapsed time: 0.89 secs
Data transferred: 4.60 MB
Response time: 0.09 secs
Transaction rate: 112.36 trans/sec
Throughput: 5.16 MB/sec
Concurrency: 9.74
Successful transactions: 100
Failed transactions: 0
Longest transaction: 0.15
Shortest transaction: 0.05
FILE: ./siege.log
You can disable this annoying message by editing
the .siegerc file in your home directory; change
Hope this helps.

Send extra string netcat

I use tcpdump on openwrt to capture packets and send them to a raspberry pi with netcat.
the problem is that i want to use multiple routers to capture the requests, and forward them to the raspberry pi.
tcpdump -i wlan0 -e -s 256 -l type mgt subtype probe-req |nc 192.168.0.230 22222
And i recieve the packet info with a python script:
import socket
HOST = 'localhost' # use '' to expose to all networks
PORT = 12345
def incoming(host, port):
"""Open specified port and return file-like object"""
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# set SOL_SOCKET.SO_REUSEADDR=1 to reuse the socket if
# needed later without waiting for timeout (after it is
# closed, for example)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.bind((host, port))
sock.listen(0) # do not queue connections
request, addr = sock.accept()
return request.makefile('r', 0)
# /-- network ---
for line in incoming(HOST, PORT):
print line,
output:
15:17:57 801928 3933710786us tsft 1.0 Mb/s 2412 Mhz 11b -38dB signal antanna 1 BSSID: broadcast SA:xxxx ....
desired output:
192.168.0.130 15:17:57 801928 3933710786us tsft 1.0 Mb/s 2412 Mhz 11b -38dB signal antanna 1 BSSID: broadcast SA:xxxx ....
But how can i add the the Ip-address of the router to the command? so i can see witch router received the packet.
Or how can i just send and extra string like "router1" to identify the router?
You can send an extra string to the router with the script below:
#! /bin/bash
ip=$(ifconfig wlan0 | grep cast | awk -F: '{print $2}' | awk '{print $1}' )
tcpdump -i wlan0 -e -s 256 -l type mgt subtype probe-req |\
while read line; do
echo "$ip" "$(date +%T)" "$line"
done | nc 192.168.0.230 22222
It will insert ip address and time stamp at the beggining of each line of tcpdump's output and pipe it to netcat.

How to obtain human-readable mercurial push-command traffic example

I am doing push using mercurial hg to bitbucket.org using https.
There is a bunch of changes to text files and also binary files added. So I would like to capture the real traffic of this command in http format to analyze. How can I make it? Or at least inspecting an example of captured human-readable push would be great.
There is a link for mercurial wire protocol, but no example how it might really look.
There are a couple of proxies (http://mitmproxy.org/ is popular, I really like http://www.charlesproxy.com/) which can MITM the HTTPS connection… However, it might be simpler to start a local Mercurial server, then sniff that connection:
$ cd some-hg-repo/
$ hg serve
… listening at http://127.0.0.1:8000/ …
Then fire up your packet sniffer watching on the loopback interface, and from another shell:
% hg clone http://127.0.0.1:8000/ repo-clone
% cd repo-clone
% fortune > foo.c
% hg commit -m "change to foo"
% hg push
And here's a bit of what it looks like:
$ sudo tcpdump -i lo0 -A 'tcp port 8000 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
03:15:05.515867 IP localhost.52031 > localhost.irdmi: Flags [P.], seq 2116430132:2116430284, ack 835526317, win 40830, options [nop,nop,TS val 269453377 ecr 269453377], length 152
E....2#.#............?.#~&)41......~.......
...A...AGET /?cmd=capabilities HTTP/1.1
Accept-Encoding: identity
host: localhost:8000
accept: application/mercurial-0.1
user-agent: mercurial/proto-1.0
… snip …
03:15:05.516780 IP localhost.irdmi > localhost.52031: Flags [P.], seq 173:303, ack 152, win 40830, options [nop,nop,TS val 269453378 ecr 269453378], length 130
E...8b#.#............#.?1..Y~&)....~.......
...B...Blookup changegroupsubset branchmap pushkey known getbundle unbundlehash batch stream unbundle=HG10GZ,HG10BZ,HG10UN httpheader=1024
GET /?cmd=batch HTTP/1.1
Accept-Encoding: identity
x-hgarg-1: cmds=heads+%3Bknown+nodes%3D
host: localhost:8000
vary: X-HgArg-1
accept: application/mercurial-0.1
user-agent: mercurial/proto-1.0
…snip…
03:15:05.528852 IP localhost.irdmi > localhost.52033: Flags [P.], seq 474:516, ack 355, win 40830, options [nop,nop,TS val 269453389 ecr 269453389], length 42
E..^.h#.#............#.A.W...,.....~.R.....
...M...M92550c48fd2dc2c112ac88215eff29a5012abff1
;
03:15:05.529756 IP localhost.52033 > localhost.irdmi: Flags [P.], seq 355:628, ack 516, win 40830, options [nop,nop,TS val 269453390 ecr 269453389], length 273
E..E.N#.#............A.#.,...W.....~.9.....
...N...MGET /?cmd=getbundle HTTP/1.1
Accept-Encoding: identity
x-hgarg-1: common=0000000000000000000000000000000000000000&heads=92550c48fd2dc2c112ac88215eff29a5012abff1
host: localhost:8000
vary: X-HgArg-1
accept: application/mercurial-0.1
user-agent: mercurial/proto-1.0
…snip…
03:15:05.535163 IP localhost.irdmi > localhost.52033: Flags [P.], seq 688:6194, ack 628, win 40830, options [nop,nop,TS val 269453395 ecr 269453394], length 5506
E...AZ#.#............#.A.W...,.....~.......
........]..>O..3.x....L .-.....I.mh....M}.i!..Bh8.PL. .O
1iB ...C.....4.4....:...H..w....7.\..#.{.p.......-g.....^u....5...H...MWu.#....c.C4Y^19QP....l.....1.d.ukh.5..M.....k.A..<'.2..,.2.......{.q.(?.....rc"._.........m.xx.';...]V_0..e..j..{....OWf.n........J.bZ&kVXAR4...!....*..J.b..x.....#.Y..P........e.i;#....c.F..._.m.a|. .........=.
… snip …