Skip to content

Instantly share code, notes, and snippets.

@jqlblue

jqlblue/gryphon_issues_jqlblue

Last active August 29, 2015 14:01
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save jqlblue/766f41b8a6ccef01aa10 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save jqlblue/766f41b8a6ccef01aa10 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. jqlblue revised this gist May 15, 2014. 1 changed file with 2 additions and 1 deletion.
    3 changes: 2 additions & 1 deletion gryphon_issues_jqlblue
    View file
    Original file line number Diff line number Diff line change
    @@ -10,7 +10,8 @@ TcpCopy信息
    /usr/local/tcpcopy/bin/intercept
    iptables设置:

    [root@test122v-add ~/tcpcopy]# iptables -L
    iptables -L

    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    RH-Firewall-1-INPUT all -- anywhere anywhere
  2. jqlblue revised this gist May 15, 2014. 1 changed file with 25 additions and 20 deletions.
    45 changes: 25 additions & 20 deletions gryphon_issues_jqlblue
    View file
    Original file line number Diff line number Diff line change
    @@ -10,26 +10,31 @@ TcpCopy信息
    /usr/local/tcpcopy/bin/intercept
    iptables设置:

    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :RH-Firewall-1-INPUT - [0:0]
    -A INPUT -j RH-Firewall-1-INPUT
    -A FORWARD -j RH-Firewall-1-INPUT
    -A RH-Firewall-1-INPUT -i lo -j ACCEPT
    -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
    -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
    -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
    -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
    -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
    -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 36524 -j ACCEPT
    -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
    COMMIT
    [root@test122v-add ~/tcpcopy]# iptables -L
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    RH-Firewall-1-INPUT all -- anywhere anywhere

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    RH-Firewall-1-INPUT all -- anywhere anywhere

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    QUEUE tcp -- anywhere anywhere tcp spt:http

    Chain RH-Firewall-1-INPUT (2 references)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere
    ACCEPT icmp -- anywhere anywhere icmp any
    ACCEPT esp -- anywhere anywhere
    ACCEPT ah -- anywhere anywhere
    ACCEPT udp -- anywhere anywhere udp dpt:ipp
    ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
    ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:36524
    REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

    日志打印[error_intercept.log]:

  3. jqlblue revised this gist May 15, 2014. 1 changed file with 4 additions and 1 deletion.
    5 changes: 4 additions & 1 deletion gryphon_issues_jqlblue
    View file
    Original file line number Diff line number Diff line change
    @@ -4,7 +4,10 @@ TcpCopy信息
    内核版本号:2.6.18-164.el5
    安装规则:
    ./configure --prefix=/usr/local/tcpcopy --enable-single
    启动命令:/usr/local/tcpcopy/bin/intercept
    启动命令:
    modprobe ip_queue
    iptables -I OUTPUT -p tcp --sport 80 -j QUEUE
    /usr/local/tcpcopy/bin/intercept
    iptables设置:

    *filter
  4. jqlblue revised this gist May 15, 2014. No changes.
  5. jqlblue revised this gist May 15, 2014. 1 changed file with 2 additions and 1 deletion.
    3 changes: 2 additions & 1 deletion gryphon_issues_jqlblue
    View file
    Original file line number Diff line number Diff line change
    @@ -161,4 +161,5 @@ Gryphon信息
    补充信息:
    intercept安装在 10.16.15.122
    gryphon安装在 10.16.15.113
    测试服务器是 10.16.15.118
    测试服务器是 10.16.15.118
    在测试机上抓包使用的命令:tcpdump -i any tcp and port 80 -w xxx.pcap
  6. jqlblue created this gist May 15, 2014.
    164 changes: 164 additions & 0 deletions gryphon_issues_jqlblue
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,164 @@
    TcpCopy信息

    TcpCopy版本号:0.9.9
    内核版本号:2.6.18-164.el5
    安装规则:
    ./configure --prefix=/usr/local/tcpcopy --enable-single
    启动命令:/usr/local/tcpcopy/bin/intercept
    iptables设置:

    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :RH-Firewall-1-INPUT - [0:0]
    -A INPUT -j RH-Firewall-1-INPUT
    -A FORWARD -j RH-Firewall-1-INPUT
    -A RH-Firewall-1-INPUT -i lo -j ACCEPT
    -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
    -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
    -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
    -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
    -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
    -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 36524 -j ACCEPT
    -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
    COMMIT

    日志打印[error_intercept.log]:

    2014/05/15 16:13:26 +451 [notice] intercept version:0.9.9
    2014/05/15 16:13:26 +451 [notice] intercept internal version:5
    2014/05/15 16:13:26 +451 [notice] TCPCOPY_SINGLE mode
    2014/05/15 16:13:26 +451 [notice] INTERCEPT_COMBINED mode
    2014/05/15 16:13:26 +451 [notice] msg listen socket:4
    2014/05/15 16:13:26 +451 [notice] firewall socket:5
    2014/05/15 16:13:56 +454 [notice] total resp packs:0, all:0, route:0
    2014/05/15 16:14:26 +454 [notice] total resp packs:0, all:0, route:0
    2014/05/15 16:14:51 +368 [notice] it adds fd:6
    2014/05/15 16:14:51 +368 [notice] it adds fd:7
    2014/05/15 16:14:56 +455 [notice] total resp packs:0, all:0, route:0
    2014/05/15 16:15:14 +423 [notice] recv length 0,fd:7
    2014/05/15 16:15:14 +423 [notice] release tunnel related resources, fd:7
    2014/05/15 16:15:14 +423 [notice] crazy here, combined is null, fd:7
    2014/05/15 16:15:14 +423 [notice] enter tc_event_destroy:7
    2014/05/15 16:15:14 +423 [notice] destroy event:7
    2014/05/15 16:15:14 +423 [notice] recv length 0,fd:6
    2014/05/15 16:15:14 +423 [notice] release tunnel related resources, fd:6
    2014/05/15 16:15:14 +423 [notice] crazy here, combined is null, fd:6
    2014/05/15 16:15:14 +423 [notice] enter tc_event_destroy:6
    2014/05/15 16:15:14 +423 [notice] destroy event:6
    2014/05/15 16:15:21 +346 [warn] sig 2 received
    2014/05/15 16:15:21 +346 [notice] release_resources begin
    2014/05/15 16:15:21 +346 [notice] tc_select_destroy, close fd:4
    2014/05/15 16:15:21 +346 [notice] tc_select_destroy, close fd:5
    2014/05/15 16:15:21 +346 [notice] release_resources end except log file


    Gryphon信息

    TcpCopy版本号:0.2.0
    内核版本号:2.6.18-164.el5
    安装规则:
    ./configure --enable-single
    启动命令:/usr/local/bin/gryphon -x 80-10.16.15.118:80 -f ./118.pcap -s 10.16.15.122 -u 100 -c 10.16.15.*

    日志打印[error_gryphon.log]:

    2014/05/15 16:14:51 +363 [notice] gryphon version:0.2.0
    2014/05/15 16:14:51 +363 [notice] target:80-10.16.15.118:80
    2014/05/15 16:14:51 +363 [notice] GRYPHON_SINGLE mode
    2014/05/15 16:14:51 +363 [notice] keepalive timeout:120
    2014/05/15 16:14:51 +363 [notice] set global port for gryphon
    2014/05/15 16:14:51 +363 [notice] parallel connections per target:2
    2014/05/15 16:14:51 +363 [notice] throughput factor: 1,interval:0 ms
    2014/05/15 16:14:51 +363 [notice] init connections speed:1024
    2014/05/15 16:14:51 +363 [notice] s parameter:10.16.15.122
    2014/05/15 16:14:51 +363 [notice] set only ip for gryphon
    2014/05/15 16:14:51 +363 [info] connect to remote server(10.16.15.122:36524)
    2014/05/15 16:14:51 +363 [info] connect to remote server(10.16.15.122:36524)
    2014/05/15 16:14:51 +363 [notice] add dr tunnels for exchanging info:2047807498:36524
    2014/05/15 16:14:51 +363 [notice] read over from file:./118.pcap
    2014/05/15 16:14:51 +363 [notice] pool size:72900718
    2014/05/15 16:14:51 +363 [notice] stop, null from pcap_next
    2014/05/15 16:14:51 +363 [info] total packets: 992007, needed packets:495965
    2014/05/15 16:14:51 +363 [notice] pool used:61630692
    2014/05/15 16:14:51 +363 [info] enter tc_build_users
    2014/05/15 16:14:51 +363 [notice] users:100, sessions:99178, total packets needed sent:400
    2014/05/15 16:14:51 +363 [info] leave tc_build_users
    2014/05/15 16:14:52 +865 [notice] total is larger than size of users
    2014/05/15 16:14:56 +364 [notice] active conns:0
    2014/05/15 16:14:56 +364 [notice] reject:0, reset recv:0,fin recv:0
    2014/05/15 16:14:56 +364 [notice] reset sent:0, fin sent:0
    2014/05/15 16:14:56 +364 [notice] conns:0,resp packs:0,c-resp packs:0
    2014/05/15 16:14:56 +364 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
    2014/05/15 16:15:01 +367 [notice] active conns:0
    2014/05/15 16:15:01 +367 [notice] reject:0, reset recv:0,fin recv:0
    2014/05/15 16:15:01 +367 [notice] reset sent:0, fin sent:0
    2014/05/15 16:15:01 +367 [notice] conns:0,resp packs:0,c-resp packs:0
    2014/05/15 16:15:01 +367 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
    2014/05/15 16:15:06 +369 [notice] active conns:0
    2014/05/15 16:15:06 +369 [notice] reject:0, reset recv:0,fin recv:0
    2014/05/15 16:15:06 +369 [notice] reset sent:0, fin sent:0
    2014/05/15 16:15:06 +369 [notice] conns:0,resp packs:0,c-resp packs:0
    2014/05/15 16:15:06 +369 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
    2014/05/15 16:15:11 +371 [notice] active conns:0
    2014/05/15 16:15:11 +371 [notice] reject:0, reset recv:0,fin recv:0
    2014/05/15 16:15:11 +371 [notice] reset sent:0, fin sent:0
    2014/05/15 16:15:11 +371 [notice] conns:0,resp packs:0,c-resp packs:0
    2014/05/15 16:15:11 +371 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
    2014/05/15 16:15:14 +406 [warn] sig 2 received
    2014/05/15 16:15:14 +406 [notice] active conns:0
    2014/05/15 16:15:14 +406 [notice] reject:0, reset recv:0,fin recv:0
    2014/05/15 16:15:14 +406 [notice] reset sent:0, fin sent:0
    2014/05/15 16:15:14 +406 [notice] conns:0,resp packs:0,c-resp packs:0
    2014/05/15 16:15:14 +406 [notice] syn sent cnt:100,clt packs sent :100,clt cont sent:0
    2014/05/15 16:15:14 +406 [notice] remove timer over
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] connection fails:32768
    2014/05/15 16:15:14 +406 [notice] send 100 reset packs to release tcp resources
    2014/05/15 16:15:14 +406 [notice] valid sessions:99126
    2014/05/15 16:15:14 +406 [notice] tc_event_loop_finish over

    补充信息:
    intercept安装在 10.16.15.122
    gryphon安装在 10.16.15.113
    测试服务器是 10.16.15.118