When I go to my router's configuration page by logging into 192.168.0.1, I see the router's external IP address as: 10.121.69.5
When I check my public IP address via ip4.me, I get the public ip as: 49.205.114.40
This means that my router doesn't have direct public access to the internet and instead it is behind some NAT setup by my ISP.
I want to get this ip: 10.121.69.5 programmatically but I can't seem to find it anywhere on my devices that are connected to the router.
nslookup myip.opendns.com resolver1.opendns.com
The above command gives me my internet public ip: 49.205.114.40
How can I get the intermediate public ip of the router: 10.121.69.5 from a device that is connected to the router.
You probably have a CG-NAT. Slightly modifying a diagram from the draft RFC:
Figure 1 summarizes a common network topology in which a CGN
operates.
.
:
| Internet
............... | ...................
| ISP network
External pool: |
49.205.114.40/26 |
++------++ External realm
........... | CGN |...............
++------++ Internal realm
10.121.69.1 | |
| |
| | ISP network
............. | .. | ................
| | Customer premises
10.121.69.5 | | 10.121.69.6
++------++ ++------++
| CPE1 | | CPE2 | etc.
++------++ ++------++
192.168.0.1
(IP addresses are only for example purposes)
Figure 1: CGN network topology
Your best chance to find out your Internal Realm IP would be to use a traceroute technique. To do this you manually set the TTL on an ICMP or UDP packet to a low level, (probably 0-2), and look for an ICMP message error message (normally type 11). It will hopefully contain the Internal Realm IP.
Related
I have run an nmap scan using the --script ssl-enum-ciphers -p443 192.168.0.0/24 options against multiple IP addresses. I have also run an extremely similar scan using the --script ssh2-enum-algos -p22 options, that produces output in the same format.
I want to quickly analyze this data and zero in on specific matches of specific ciphers or algorithms. The overarching goal is to run an ad-hoc internal vulnerability assessment without access to fancy tools such as Nessus or Rapid7 InsightVM.
While nmap supports the -oX option to output to XML, I have found that neither Microsoft Word, Excel, or a web browser know how to open the file. The Microsoft products keep producing an error that the xml format is incorrect.
So then I tried the nmap-parse-output code on Github. While it will easily group IP addresses by ports, it doesn't appear to be able to take that a step further and analyze the ciphers or algorithms for me.
So now I'm trying to figure out a way to manually parse these blobs of data.
A typical result might contain data for multiple IP addresses in the following format (the following example stdout is edited for brevity):
Nmap scan report for 192.168.1.1
Host is up (0.00064s latency).
PORT STATE SERVICE VERSION
443/tcp open ssl/http lighttpd
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
| compressors:
| NULL
| cipher preference: server
|_ least strength: A
Nmap scan report for 192.168.1.2
Host is up (0.00048s latency).
PORT STATE SERVICE VERSION
443/tcp open ssl/http nginx (reverse proxy)
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
| compressors:
| NULL
| cipher preference: server
|_ least strength: A
Nmap scan report for 192.168.1.3
....
Nmap scan report for 192.168.1.4
....
How can write a script, using standard applications available to bash, to loop through each blob of text? We don't know the length of each blob, so I need to match on the string "Nmap scan report" or something similar, and extract the data that is in between each of those matches.
Something like this would get me started, but it isn't complete, and doesn't actually separate each blob individually:
for i in $(cat scan-results | grep "Nmap scan report for"); do more data analysis here; done
For example, I might want to search for any IP address that support RC4 ciphers on port 443, so in the "do more data analysis", I would like to run: grep -i rc4
Or in the case of ssh algorithms, I want to ensure all cbc algorithms are disabled, so I could run: grep -i cbc
The resulting goal would be to list anything that matches so that I can quickly attribute the match to the specific IP address. I don't care how the results look, I just care about finding the results quickly.
Any help would be appreciated!
Without more sample data, and going solely on the limited examples, and keeping in mind that output format isn't of importance ...
NOTE: My sample data file - nmap.dat - is a cut-n-paste copy of the sample nmap data provided by the OP.
I'm thinking a multi-pattern grep may suffice, eg:
# search for any IP address that support RC4 ciphers on port 443
$ grep -i "Nmap scan report for|443|RC4" nmap.dat
Nmap scan report for 192.168.1.1
443/tcp open ssl/http lighttpd
Nmap scan report for 192.168.1.2
443/tcp open ssl/http nginx (reverse proxy)
Nmap scan report for 192.168.1.3
Nmap scan report for 192.168.1.4
# want to ensure all cbc algorithms are disabled
$ egrep -i "Nmap scan report for|cbc" nmap.dat
Nmap scan report for 192.168.1.1
Nmap scan report for 192.168.1.2
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
Nmap scan report for 192.168.1.3
Nmap scan report for 192.168.1.4
I'm attempting to determine if the Auto Proxy URL on a Mac as been configured.
First, I want to get the port number
port=$(route get example.com | grep interface | sed 's/.*\(...\)/\1/')
Then use the port number to obtain the active network service
service=$(networksetup -listnetworkserviceorder | grep $port | sed 's/,.*$//; s/^.*: //')
And finally, I use the active network service to obtain the auto proxy info
autoproxy=$(networksetup -getautoproxyurl \"$service\")
I'm running into a problem with any network service that includes spaces. For example Wi-Fi works fine, but Apple USB Ethernet Adapter does not.
I thought the solution would be to escape the quotes (\"$service\")
The odd thing is that if I echo $service (where $service is Apple USB Ethernet Adapter) it returns a properly quoted result of "Apple USB Ethernet Adapter" If I then copy and paste this exact result as a replacement for the variable $service, I get the result I was expecting (URL: (null) Enabled: No)
However, running the command as it was originally written returns a parameter error (Error: The parameters were not valid).
This is the result of running the script as is:
autoproxy=$(networksetup -getautoproxyurl "$service")
echo $autoproxy
Error: The parameters were not valid.
However, if I copy and paste the output of $service, then it returns the result I was expecting.
service=$(networksetup -listnetworkserviceorder | grep $port | sed 's/,.*$//; s/^.*: //')
echo \"$service\"
"Apple USB Ethernet Adapter"
autoproxy=$(networksetup -getautoproxyurl "Apple USB Ethernet Adapter")
echo $autoproxy
URL: (null) Enabled: No
You are using "" for service variable in autoproxy expression.
I require a command to terminate a single open TCP connection. I've looked through several forums and I can't see to get a clear answer with out having to download 3rd party tools.
Proto Local Address Foreign Address State
TCP 10.0.0.0:59614 SSHServer1:ssh ESTABLISHED
TCP 10.0.0.0:59648 SSHServer2:ssh ESTABLISHED
The goal is to enumerate a single value from this:
$ConnectionToKill = netstat | Select-String -SimpleMatch 'ServerSSH1' | ConvertFrom-String | Select-Object p4
And use the variable $ConnectionToKill to close the connection
I am trying to execute the following code in Haxe.
class File_Operations
{
public static function main()
{
Sys.command("ipconfig",[">","C:\\Users\\ila5\\Desktop\\Temp.txt"]);
}
}
However, I get the following error
Error: unrecognized or incomplete command line.
USAGE:
ipconfig [/allcompartments] [/? | /all |
/renew [adapter] | /release [adapter] |
/renew6 [adapter] | /release6 [adapter] |
/flushdns | /displaydns | /registerdns |
/showclassid adapter |
/setclassid adapter [classid] |
/showclassid6 adapter |
/setclassid6 adapter [classid] ]
where
adapter Connection name
(wildcard characters * and ? allowed, see examples)
Options:
/? Display this help message
/all Display full configuration information.
/release Release the IPv4 address for the specified adapter.
/release6 Release the IPv6 address for the specified adapter.
/renew Renew the IPv4 address for the specified adapter.
/renew6 Renew the IPv6 address for the specified adapter.
/flushdns Purges the DNS Resolver cache.
/registerdns Refreshes all DHCP leases and re-registers DNS names
/displaydns Display the contents of the DNS Resolver Cache.
/showclassid Displays all the dhcp class IDs allowed for adapter.
/setclassid Modifies the dhcp class id.
/showclassid6 Displays all the IPv6 DHCP class IDs allowed for adapter.
/setclassid6 Modifies the IPv6 DHCP class id.
The default is to display only the IP address, subnet mask and
default gateway for each adapter bound to TCP/IP.
For Release and Renew, if no adapter name is specified, then the IP address
leases for all adapters bound to TCP/IP will be released or renewed.
For Setclassid and Setclassid6, if no ClassId is specified, then the ClassId is removed.
Examples:
> ipconfig ... Show information
> ipconfig /all ... Show detailed information
> ipconfig /renew ... renew all adapters
> ipconfig /renew EL* ... renew any connection that has its
name starting with EL
> ipconfig /release *Con* ... release all matching connections,
eg. "Wired Ethernet Connection 1" or
"Wired Ethernet Connection 2"
> ipconfig /allcompartments ... Show information about all
compartments
> ipconfig /allcompartments /all ... Show detailed information about all
compartments
When I run the above command directly in cmd, it works well.
I would like to know how to redirect the output to a text file using Sys.command() in Haxe. Any ideas?
I think that ">" operator will be interpreted as an argument here (not as stdout redirection), but with Sys.command you can't avoid it.
What you can do is to read stdout of "ipconfig" command directly in haxe and save it as a file.
This sample code should work for you
var p = new Process("ipconfig", []);
var out:String = p.stdout.readAll().toString();
p.close();
File.saveContent("ipconfig.txt", out);
I have an XMEGA-A1 Xplained and a JTAG ICE mkII. I just tried to use avrdude on Linux. The first thing I did was to try to set the JTAG fuse off to use PDI (since the Hardware User's Guide said JTAG and PDI can't be used together - section 9.3), but now all I have is 8 rapidly flashing LEDs and no ability to communicate with the device. The LED by the USB connector is solid green/red, though the red flashes when you replug the USB. If I press SW0, the LEDs stop flashing, but they start again as soon as I let go, and pressing any of the 7 other buttons seems to have no effect.
When I try to communicate with the device now, all I get is:
$ avrdude -p x128a1 -c jtag2pdi -P usb -v
avrdude: jtagmkII_setparm(): bad response to set parameter command: RSP_FAILED
avrdude: jtagmkII_close(): bad response to GO command: RSP_ILLEGAL_EMULATOR_MODE
avrdude done. Thank you.
If I use jtag2slow (which worked before), I get:
avrdude: jtagmkII_setparm(): bad response to set parameter command: RSP_FAILED
avrdude: initialization failed, rc=-1
Double check connections and try again, or use -F to override
this check.
avrdude: jtagmkII_close(): bad response to GO command: RSP_ILLEGAL_EMULATOR_MODE
avrdude done. Thank you.
The command I used to set the fuses was taken from what Eclipse generated: -Ufuse4:w:0x1:m
Is there a way to "break into" the device and re-establish communication?
This was caused by a failure of the JTAGICE mkII to communicate over the PDI connection due to a bad connection in the (homemade) squid cable. I made a new one and all is OK. It took a bit of messing around to work out the right connections again, since no-one seems to have put the two connection tables together (i.e. the "Connecting to a PDI target" in AVR Help and "Table 4.1: Programming Headers" in the Xplained user Guide), my squid cable is all grey, and I disconnected it before writing down the connections (don't do this!). So, here it is.
How to connect XMega-A1 Xplained via PDI with JTAGICE mkII
------------------------------------------------------
| JTAGICE mkII | XMEGA-A1 Xplained |
|--------------------------------+-------------------|
| Pin | JTAG Name | Squid Colour | Pin | PDI Name |
|-----------------+--------------+-------------------|
| 2 | GND | White | 2 | GND |
| 4 | VTref | Purple | 4 | VCC |
| 6 | nSRST | Green | 6 | PCI_CLK |
| 9 | TDI | Red | 3 | PDI_DATA |
------------------------------------------------------
Setting fuses
This is mentioned in the documentation, but it's worth repeating here: once you set the JTAGEN fuse to 1 (i.e. disable JTAG) the only way to get back to JTAG is to make a PDI connection and set the fuse back to 0.
Be very careful when setting the fuse if you can't program by PDI, as if you set fuse byte 4 to 0x01, as well as setting JTAGEN, you will also disable external reset (bit 4) and be unable to use ISP programming. If you look above, you will see this is what I did.
Apparently, not all JTAGICE mkII's can do PDI (mine can), so make sure before you blow this fuse!
I had the same problem and it was induces because I was flashing the .elf file instead the .hex.
To solve it I did the next:
Disconnect the xplained usb cable in order to Unpowered the micro.
Reconnect the USB cable and as fast as you can send the command to reprogramm the micro. If someone can help is better.
It worked for me.