gatsby-unit_packet
packet sender 使用指南
packet sender 使用指南下载提示:该文档是本店铺精心编制而成的,希望大家下载后,能够帮助大家解决实际问题。
文档下载后可定制修改,请根据实际需要进行调整和使用,谢谢!本店铺为大家提供各种类型的实用资料,如教育随笔、日记赏析、句子摘抄、古诗大全、经典美文、话题作文、工作总结、词语解析、文案摘录、其他资料等等,想了解不同资料格式和写法,敬请关注!Download tips: This document is carefully compiled by this editor. I hope that after you download it, it can help you solve practical problems. The document can be customized and modified after downloading, please adjust and use it according to actual needs, thank you! In addition, this shop provides you with various types of practical materials, such as educational essays, diary appreciation, sentence excerpts, ancient poems, classic articles, topic composition, work summary, word parsing, copy excerpts, other materials and so on, want to know different data formats and writing methods, please pay attention!Packet Sender 使用指南简介Packet Sender 是一款强大而简单易用的网络工具,用于发送和接收 TCP、UDP 和 SSL 协议的数据包。
华为S3500系列端口命令
i
Quidway S3500 系列以太网交换机 命令手册 端口
第 3 章 端口隔离配置命令 .......................................................................................................3-1 3.1 端口隔离配置命令 .............................................................................................................. 3-1 3.1.1 port-isolate enable................................................................................................... 3-1 3.1.2 port-isolate uplink-port vlan ..................................................................................... 3-1
Packet+Tracer5中文教程
Packet Tracer教程12008-08-01 16:39操作界面介绍其实我想从最初级,最简单的开始讲起,不过我在做的时候,觉得实在没必要讲,因为在帮助文件里已经讲的非常清楚了。
所以还是按照我的思路来吧,我这个人,不把每一个问题搞清楚,各个问题点理顺,我的思绪是不会通的。
我尽可能的把一些前期知识告诉给大家。
不必要的,我尽量不说。
Workspaces and ModesPacket Tracer 4.11 两个工作空间(逻辑 and 物理l) and two 模式 (实时 and 模拟). 初始启动时, you are in the 逻辑工作空间 and in 实时模式. You can 组建 your network 并实时的观察它的运行状况 in this configuration. You can 切换到模拟模式 to run controlled networking scenarios. You can also 切换到物理工作空间 to arrange the 物理方面(例如位置) of your devices. Note that you cannot run your network while you are in the Physical Workspace. You should return to the Logical Workspace after you are done in the Physical Workspace.最后一部分,参数设置,回到主界面,按Ctrl+R,每个参数自己看一下就OK了,没什么可讲的。
Packet Tracer教程22008-08-01 17:24创建第一个网络在主界面左下角的区域内,找两台设备拖进去,一台终端,一台服务器。
再用交叉线(cross-over)连起来,如下图所示就OK。
看到两个绿点了没,表示通了,起来了。
我们单击一下那个PC0,出现一个主机箱面板的图片,这张图片就是模拟我们刚才的PC0的主机箱。
XBee模块简单操作说明
Digi XBee模块操作说明本文旨在帮助初次使用Digi公司的XBee无线模块快速熟悉产品和操作配置方法。
模块操作以Zigbee协议为例,其它无线协议方法类似,具体请查看相关模块的产品说明书。
在使用过程中,如果疑问或发现错误的地方,请联系当地代理商技术支持,或直接联系robin.tu@。
一、使用前的准备工作XBee模块产品按协议和频率,传输能力的不同,共有数十种。
大多数XBee模块产品的串口引脚和电源引脚均相同,可以直接替换。
Digi公司的开发套件中带有通过电脑串口或USB口操作模块的开发底板,用户可以很方便使用串口调试工具或是Digi公司的X-CTU调试工具对模块进行各种配置。
X-CTU是Digi出品的一款Windows下的模块调试配置工具,拿到Digi产品,首先必须安装X-CTU。
X-CTU下载地址:/support/utilities/40003002_B.exe请确保计算机能访问互联网,在安装过程中会出现提示:请选择Yes,以下载Digi模块产品的固件库,这样在操作不同模块时,X-CTU能识别最新固件的模块,并显示相应的AT命令集。
下载过程较长,大约需15-30分钟。
安装好X-CTU后,如果您使用USB接口的底板或产品,还需要安装一下USB转串口的驱动程序。
Digi模块产品的说明书和驱动,均可以在网站上找到。
Digi Zigbee模块S2B产品说明书下载地址:/support/documentation/90000976_M.pdf使用Digi的底板调试程序,其中USB接口的XBIB-U开发底板需装驱动程序,如果操作系统没有自动识别,请到下面地址下载:/support/productdetail?pid=4772小贴示:查找Digi产品的使用说明书和驱动,工具等,可以通过菜单上,点击”Support”,在提示框中输入产品的部分或全部名称来搜索相关文档。
Digi Xstick简单说明可以在/support/documentation/90000891_E.pdf找到。
BGP
该位为1代表路由器必须识别该路由属性。
flag 1 1为transitive,0为nontransitive,表示可传递性,如果前一flag为well-know则 此 处必须为1。该位表示路由器是否将该路由属性传递下去发给其他BGP对等体。 2 1为partial,0为complete。表示transitive属性是否为部分支持。well-known attributes或者optional non-transitive attributes,则此位必须为0。 3 Extended Length 1表示后续Attri length字段长度为2 字节,0表示长度为1字节。
Updatቤተ መጻሕፍቲ ባይዱ消息-path attribute
OT P E 1 bytes 0 Attri type code 1 bytes Attri length 1 or 2 bytes Attri vlaue Attri length
Path attibute属性为可变长度,每一个update消息中都存在。格式为 attib<T,L,V>的形式。 Flag字段在attib type之前。 Attribute type共2bytes ,前8位为flag,后8位为type code
BGP报文详解
Open消息 Update消息 Notification消息 Keepalive消息 Router-refresh消息 其他BGP特性
Open消息
Version:BGP的版本号。对于BGP-4来说,其值为4。 My autonomous system:本地AS号。AS号可以确定是EBGP连接还是IBGP连接。 Hold time:保持时间。在建立对等体关系时两端要协商 Hold time,并保持一致。 如果在这个时间内未收到对端发来的Keepalive消息或Update消息,则认为BGP连接中 断。RFC规定两种实现,一种采用本地配置和收到的OPEN较小值进行协商,不过这个 值必须为0或者最小为3。另一种是如果hold time不一致则断开连接。 BGP identifier:BGP标识符。以IP地址的形式表示,用来识别BGP路由器。 Opt Parm Len(Optional Parameters Length):可选参数的长度。如果为0则没有 可选参数。 Optional parameters:可选参数。用于多协议扩展(Multiprotocol Extensions) 等功能。
BCMP报文分析
③BCMP Server发送“注册应答”报文
BCMP Server端收到“注册请求”BCMP IP协议报文后,则按照IP地址分配规则给该设备分配管理IP地址,并 将管理VLAN、管理IP地址、默认网关等信息封装到报文中,发送“注册应答”BCMP IP协议报文 在BCMP proxy上打印消息或抓包验证“注册应答”报文格式与内容是否正确(在Server端无法抓取),报文 如下: [13-12-29]53 00 00 01 9B 56 00 9C 7C 08 D9 27 A9 1E 00 00 S....V..|..'.... ----------------应答报文 (HS MAC) [13-12-29]00 00 00 00 88 02 14 0E 0E 70 FF 00 00 00 14 01 .........p...... --------------- --------- ----管理ip 子网掩码 [13-12-29]01 01 00 14 02 00 A1 76 33 00 00 00 00 00 00 00 .......v3....... ----- ---- -----默认网关 管理V v2版本 V3 [13-12-29]00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [13-12-30]Oct 27 10:58:59 %EBCMP-DEBUG-PACKET: BCMP_V5_RES::entry>manageModuleID = 1. [13-12-30]Oct 27 10:58:59 %EBCMP-DEBUG-PACKET: TX BCMP l2 packet on intf E10/14. rc = 0.
tshark中2次解析
tshark中2次解析英文回答:Tshark is a command-line tool that is used for network protocol analysis. It is a part of the Wireshark network analyzer suite and is used to capture and analyze network traffic. One of the features of Tshark is its ability to perform two-pass analysis.In the first pass, Tshark captures the network traffic and stores it in a capture file. This capture file contains all the packets that were captured during the network analysis. The first pass is mainly focused on capturing the packets and storing them for further analysis.In the second pass, Tshark analyzes the captured packets in the capture file. It performs various types of analysis on the packets, such as protocol decoding, filtering, and statistics generation. The second pass is where the actual analysis of the network traffic takesplace.For example, let's say I want to analyze the HTTPtraffic on my network. I would first run Tshark to capture the network traffic and store it in a capture file. Once the capture is complete, I would then run Tshark again to analyze the captured packets.During the second pass analysis, Tshark would decode the packets and identify the HTTP protocol. It would then generate statistics such as the number of HTTP requests and responses, the average response time, and the most frequently visited URLs. This information would provide valuable insights into the HTTP traffic on the network.中文回答:Tshark是一个用于网络协议分析的命令行工具。
ts_102622中文规范
TS 102 622内容:本规范详述了能使非接应用能够宿主于UICC的逻辑接口。
本文档概括了嵌在UICC中的host 与嵌在CLF中的host controller连接时的配置信息。
对于接口的详细说明,分为以下两部分:●第一部分(4-8章)描述了HCI核心(HCI core),详述了独立于应用的逻辑接口;●第二部分(9-11章)描述了非接平台,详述了HCI core对使用UICC和CLF的非接应用的实现。
支持HCI的低层协议(例如SWP,在ETSI TS 102 613中已描述)不在本文范围。
4.HCI architecture4.1 overview一个有效的host network是星形拓扑的,一个或多个host与host controller物理连接。
HCI就定义了host间的接口(Interface)。
具体来讲HCI有三层:●Gate集;用于交换命令、响应和事件;●HCP 消息机制(messaging mechanism);●HCP路由机制,在有需要时可以选择对消息进行分割。
图1描述了一个可能host network的HCP栈。
为了清楚图中只展示了两个gate,尤其是host controller也可以有gate,通过HCP与其他host连接。
为了合理操作,HCP需要下层的数据链路层(data link layer)有以下特性:●data link layer(例如SWP)需要是无错的,且接收/发送的数据是按序的。
●data link layer有自己的数据流控制。
●data link layer发送给上层的packet最多到data link layer的最大size。
●data link layer需要报告从上层的收到的packet的大小(size)。
4.2 HostsHost的标识用一个字节编码,表1列出了host identifier(H ID)的保留值在本文档中,通用术语“host”用于任何提到的logical host(例如,terminal host,UICC host),但不包括host controller。
Quidway S3900系列以太网交换机命令手册-24-ACL命令
ACL 目录目录第1章 ACL命令.....................................................................................................................1-11.1 ACL命令............................................................................................................................1-11.1.1 acl............................................................................................................................1-11.1.2 description...............................................................................................................1-21.1.3 display acl................................................................................................................1-31.1.4 display drv qacl_resource.......................................................................................1-41.1.5 display packet-filter.................................................................................................1-61.1.6 display time-range...................................................................................................1-71.1.7 packet-filter..............................................................................................................1-81.1.8 packet-filter vlan......................................................................................................1-91.1.9 rule(基本ACL)..................................................................................................1-101.1.10 rule(高级ACL)................................................................................................1-131.1.11 rule(二层ACL)................................................................................................1-191.1.12 rule(用户自定义ACL).....................................................................................1-211.1.13 rule comment.......................................................................................................1-251.1.14 time-range...........................................................................................................1-26第1章 ACL命令说明:z ACL命令新增“在VLAN上应用ACL”特性,请参见1.1.8 packet-filter vlan。
Openvswitch原理与代码分析(4):网络包的处理过程
Openvswitch原理与代码分析(4):⽹络包的处理过程在上⼀节提到,Openvswitch的内核模块openvswitch.ko会在⽹卡上注册⼀个函数netdev_frame_hook,每当有⽹络包到达⽹卡的时候,这个函数就会被调⽤。
1. static struct sk_buff *netdev_frame_hook(struct sk_buff *skb)2. {3. if (unlikely(skb->pkt_type == PACKET_LOOPBACK))4. return skb;5.6. port_receive(skb);7. return NULL;8. }调⽤port_receive即是调⽤netdev_port_receive#define port_receive(skb) netdev_port_receive(skb, NULL)1. void netdev_port_receive(struct sk_buff *skb, struct ip_tunnel_info *tun_info)2. {3. struct vport *vport;4.5. vport = ovs_netdev_get_vport(skb->dev);6. ……7. skb_push(skb, ETH_HLEN);8. ovs_skb_postpush_rcsum(skb, skb->data, ETH_HLEN);9. ovs_vport_receive(vport, skb, tun_info);10. return;11. error:12. kfree_skb(skb);13. }在函数int ovs_vport_receive(struct vport *vport, struct sk_buff *skb, const struct ip_tunnel_info *tun_info)实现如下1. int ovs_vport_receive(struct vport *vport, struct sk_buff *skb,2. const struct ip_tunnel_info *tun_info)3. {4. struct sw_flow_key key;5. ......6. /* Extract flow from 'skb' into 'key'. */7. error = ovs_flow_key_extract(tun_info, skb, &key);8. if (unlikely(error)) {9. kfree_skb(skb);10. return error;11. }12. ovs_dp_process_packet(skb, &key);13. return 0;14. }在这个函数⾥⾯,⾸先声明了变量struct sw_flow_key key;如果我们看这个key的定义1. struct sw_flow_key {2. u8 tun_opts[255];3. u8 tun_opts_len;4. struct ip_tunnel_key tun_key; /* Encapsulating tunnel key. */5. struct {6. u32 priority; /* Packet QoS priority. */7. u32 skb_mark; /* SKB mark. */8. u16 in_port; /* Input switch port (or DP_MAX_PORTS). */9. } __packed phy; /* Safe when right after 'tun_key'. */10. u32 ovs_flow_hash; /* Datapath computed hash value. */11. u32 recirc_id; /* Recirculation ID. */12. struct {13. u8 src[ETH_ALEN]; /* Ethernet source address. */14. u8 dst[ETH_ALEN]; /* Ethernet destination address. */15. __be16 tci; /* 0 if no VLAN, VLAN_TAG_PRESENT set otherwise. */16. __be16 type; /* Ethernet frame type. */17. } eth;18. union {19. struct {20. __be32 top_lse; /* top label stack entry */21. } mpls;22. struct {23. u8 proto; /* IP protocol or lower 8 bits of ARP opcode. */24. u8 tos; /* IP ToS. */25. u8 ttl; /* IP TTL/hop limit. */26. u8 frag; /* One of OVS_FRAG_TYPE_*. */27. } ip;28. };29. struct {30. __be16 src; /* TCP/UDP/SCTP source port. */31. __be16 dst; /* TCP/UDP/SCTP destination port. */32. __be16 flags; /* TCP flags. */33. } tp;34. union {35. struct {36. struct {37. __be32 src; /* IP source address. */38. __be32 dst; /* IP destination address. */39. } addr;40. struct {41. u8 sha[ETH_ALEN]; /* ARP source hardware address. */42. u8 tha[ETH_ALEN]; /* ARP target hardware address. */43. } arp;44. } ipv4;45. struct {46. struct {47. struct in6_addr src; /* IPv6 source address. */48. struct in6_addr dst; /* IPv6 destination address. */49. } addr;50. __be32 label; /* IPv6 flow label. */51. struct {52. struct in6_addr target; /* ND target address. */53. u8 sll[ETH_ALEN]; /* ND source link layer address. */54. u8 tll[ETH_ALEN]; /* ND target link layer address. */55. } nd;56. } ipv6;57. };58. struct {59. /* Connection tracking fields. */60. u16 zone;61. u32 mark;62. u8 state;63. struct ovs_key_ct_labels labels;64. } ct;65.66. } __aligned(BITS_PER_LONG/8); /* Ensure that we can do comparisons as longs. */可见这个key⾥⾯是⼀个⼤杂烩,数据包⾥⾯的⼏乎任何部分都可以作为key来查找flow表tunnel可以作为key在物理层,in_port即包进⼊的⽹⼝的ID在MAC层,源和⽬的MAC地址在IP层,源和⽬的IP地址在传输层,源和⽬的端⼝号IPV6所以,要在内核态匹配流表,⾸先需要调⽤ovs_flow_key_extract,从包的正⽂中提取key的值。
SSP手册
Innovative Technology Limited®SSP Smiley® Secure ProtocolDocument Issue 13 - Protocol Version 3COPYRIGHT 2000. Innovative Technology Ltd. Derker Street, Derker, Oldham. OL1 4EQChange History.Innovative Technology LtdTitle: SSP Gaming ProtocolProject:Drawing No: GA138Author: P. Dunlop Date: 26/05/98 Format: MS Word 2000Issue Protocol Ver Release Date Mod By CommentsIssue 1 1 26/05/98 PDIssue 2 1 03/02/99 TBIssue 3 1 11/06/99 AKIssue 4 2 4/02/00 PDIssue 5 2 20/06/00 PDIssue 6 2 26/10/00 PDIssue 7 2 20/11/00 PDIssue 8 2 20/01/01 TBIssue 9 2 4/10/01 TBIssue 10 2 21/01/02 AKIssue 11 2 23/03/04 PK General RevisionIssue 12 3 05/08/04 TB Protocol Version 3Issue 13 3 02/01/06 TB Protocol Version 3 eventsIssue 4. – Peter Dunlop 13/01/2000Introduction of generic commands. Introduction of commands/ responses for coin readers and coin hoppers. Introduction of addressing structure. Introduction of encrypted packets. Upgrade “Protocol Version’ to 2.Issue 5 – Peter Dunlop 20/06/2000Clarification of remote download specification – addition of example sequences. Correction of command conflict – SYNC and LAST REJECT CODE specified with same code, LAST REJECT CODE has been changed to 0x17. Addition of notes to identify function not currently implemented on NV4 / NV4X.Issue 6. – Peter Dunlop 26/10/00Block size missing from header description in version 5 – fixed. Rewording of description of remote downloading protocol.Addition of maximum block size. No code changes required in product firmware or demo code. Changed example CRC codefrom assembler example to C example. Addition of simplified remote programming flow chart.Issue 7. – Peter Dunlop 20/11/00Introduction of basic card reader commands. Addition of FAIL as a generic response. Addition of manufacturers extensiongeneric command for use internally.Issue 8. – Tim Beswick 20/01/01Change SLAVE_RESET form generic response to an event response to reflect correct behaviour. Addition of euro county codeto appendix.Issue 9. – Tim Beswick 04/10/01Addition of HOLD command to allow escrow implementation on BNVIssue 10 – Andrew Kennerley 21/01/02Addition of slave address for a Audit Collection DeviceIssue 11 – Peter King 23/03/04General Revision Correction of Slave ID Reference in section 3.1Addition of extra address allocation for note validatorsIssue 12 – Tim Beswick 05/08/04Addition of SHOW_RESET_EVENTS BNV commands and note cleared at reset events. Protocol taken to Version 3 Issue 13 – Tim Beswick 02/01/06Addition of Cash box removed and replaced events. Explanation of Note start-up events in expanded protocol.Table Of ContentsChange History (2)1.0 Introduction (5)2.0 General Description (6)3.0 Hardware Layer (7)4.0 Transport Layer (8)4.1 Packet Format (8)4.2 Packet Sequencing (8)5.0 Encryption Layer. (Currently not implemented) (9)5.1 Packet Format (9)5.2 Encryption Keys (9)5.3 Encryption Algorithm (9)5.4 Encryption Example (10)6.0 Control Layer (11)6.1 Introduction (11)6.2 Addressing (11)6.3 Peripheral Validation (11)6.4 Generic Commands and Responses (12)6.4.1 Generic Commands (12)6.4.2 Generic Responses (13)6.4.3 Remote Programming (Version 2.65 and later) (13)6.4.4 Example programming file formats (ITL NV4 Validator) (14)6.4.5 Simplified remote programming flow chart (15)6.5 Banknote Validator (16)6.5.1 BNV Operation (16)6.5.2 BNV Commands (16)6.5.3 BNV Response To Polls (18)6.6 Coin Acceptor (20)6.6.1 Coin Acceptor Operation (20)6.6.2 Coin Acceptor Commands (20)6.6.3 Coin Acceptor Responses to Polls (22)6.7 Coin Hopper (23)6.7.1 Coin Hopper Operation (23)6.7.2 Coin Hopper Commands (23)6.7.3 Coin Hopper Responses to Polls (24)6.8 Basic Card Reader (25)6.8.1 Basic Card Reader Operation (25)6.8.2 Basic Card Reader Commands (26)6.8.3 Basic Card Reader Responses to Polls (27)Appendix A – Country Codes (28)Appendix. B – Block Encryption Routines (29)B.1 Encryption routine (29)B.2 Decryption routine (29)Appendix C – CRC Calculation Routines (30)1.0 IntroductionThis manual describes the operation of the Smiley® Secure Protocol - SSP as fitted with Firmware Version 1.10 or greater.ITL recommend that you study this manual as there are many new features permitting new uses and more secure applications.If you do not understand any part of this manual please contact the ITL for assistance. In this way we may continue to improve our product. Alternatively visit our web site at www.innovative-Enhancements of SSP can be requested by contacting: support@Innovative Technology Ltd.StreetDerkerOldhamEnglandOL1 4EQ9999Tel:161626+44(0)6202090161+44Fax:(0)Email support@web site 2.0 General Description.Smiley® Secure Protocol - SSP is a secure interface specifically designed by ITL® to address the problems experienced by cash handling systems in gaming machines. Problems such as acceptor swapping, reprogramming acceptors and line tapping are all addressed.The interface uses a master slave model, the host machine is the master and the peripherals (note acceptor, coin acceptor or coin hopper) are the slaves.Data transfer is over a multi-drop bus using clock asynchronous serial transmission with simple open collector drivers. The integrity of data transfers is ensured through the use of 16 bit CRC checksums on all packets.Each SSP device of a particular type has a unique serial number; this number is used to validate each device in the direction of credit transfer before transactions can take place. To provide extra security the protocol can operate in an encrypted mode to protect the system from fraud through bus monitoring.To provide this security a constantly changing random 64 bit key is used. Commands are currently provided for coin acceptors, note acceptors and coin hoppers. All current features of these devices are supported.Features:• Serial control of Note / Coin Validators and Hoppers• 4 wire (Tx, Rx, +V, Gnd) system• RS232 (like) - open collector driver• High Speed 9600 Baud Rate• 16 bit CRC error checking• Data Transfer Mode• 64 Bit Encrypted ModeBenefits:• Proven in the field• Simple and low cost interfacing of transaction peripherals.• High security control of payout peripherals.• Defence against surrogate validator fraud.• Straightforward integration into host machines.• Remote programming of transaction peripherals• Open standard for universal use.To help in the software implementation of the SSP, ITL can provide, C Code, DLL controls and Visual Basic applications on request. Please contact support@.3.0 Hardware LayerCommunication is by character transmission based on standard 8-bit asynchronous data transfer. Only four wires are required TxD, RxD, +V and ground. The transmit line of the host is open collector, the receive line of each peripheral has a 10Kohm pull-up to 5 volts. The transmit output of each slave is open collector, the receive input of the host has a single 3k3 ohm pull-up to 5 volts.The data format is as follows:Encoding: NRZ Baud Rate: 9600 Duplex: Full Duplex Start bits: 1 Data Bits: 8 Parity:none Stop bits: 2Recommended ConnectorsTwo types of connectors are recommended the first is a 15 pin 0.1” pitch header (Molex 22-01-2155), this is primarily for use on bank note acceptors (see table 1).Pin Signal Pin 1 TxD Pin 5 RxDPin 6 Address 0 (Currently not implemented)Pin 12 GND Pin 11+12V Link Pin 3 to Pin 8.ENABLETable 1 – Bank Note Acceptor Connector DetailsThe second is a 10-pin 0.1” dual row shrouded header with polarized slot. This is primarily for use with coin acceptors. The pin out is shown below (see table 2).PinSignal PinSignal 1 TxD 2 Reserved 3 RxD 4 Reserved 5 Address 0 6 Address 1 7 + 12 Volts 8 Ground 9 Address 2 10 Address 4Table 2 – Coin Acceptor Connector Details4.0 Transport Layer.4.1 Packet Format.Data and commands are transported between the host and the slave(s) using a packet format asshown below.LENGTH DATA CRCL CRCH STX SEQ/SlaveIDSTX:Single byte indicating the start of a message - 0x7F hex.SEQ/Slave ID:Bit 7 is the sequence flag of the packet, bits 6-0 represent the address of theslave the packet is intended for, the highest allowable slave ID is 0x7D LENGTH:The length of the data included in the packet - this does not includeSTX, the CRC or the slave ID.Slave ID:Single byte used to identify the address of the slave the packet isfor.intendedDATA:Commands or data to be transferred.CRCL, CRCH:Low and high byte of a forward CRC-16 algorithm using the(X16 + X15 + X2 +1) calculated on all bytes,Polynomialexcept STX. It is initialised using the seed 0xFFFF. The CRC isbytestuffing.calculatedbefore4.2 Packet Sequencing.Byte stuffing is used to encode any STX bytes that are included in the data to be transmitted. If 0x7F (STX) appears in the data to be transmitted then it should be replaced by 0x7F, 0x7F.Byte stuffing is done after the CRC is calculated, the CRC its self can be byte stuffed. The maximum length of data is 0xFF bytes. The sequence flag is used to allow the slave to determine whether apacket is a re-transmission due to its last reply being lost.Each time the master sends a new packet to a slave it alternates the sequence flag. If a slavereceives a packet with the same sequence flag as the last one, it does not execute the command but simply repeats its last reply.In a reply packet the address and sequence flag match the command packet. This ensures that noother slaves interpret the reply as a command and informs the master that the correct slave replied.After the master has sent a command to one of the slaves, it will wait for 1 second for a reply. Afterthat, it will assume the slave did not receive the command intact so it will re-transmit it with the same sequence flag.The host should also record the fact that a gap in transmission has occurred and prepare to poll theslave for its serial number identity following the current message. In this way, the replacement of the host’s validator by a fraudulent unit can be detected.The frequency of polling should be selected to minimise the possibility of swapping a validatorbetween polls. If the slave has not received the original transmission, it will see the re-transmission asa new command so it will execute it and reply. If the slave had seen the original command but its replyhad been corrupted then the slave will ignore the command but repeat its reply. After twenty retries,the master will assume that the slave has crashed.A slave has no time-out or retry limit. If it receives a lone sync byte part way through receiving apacket it will discard the packet received so far and treat the next byte as an address byte.5.0 Encryption Layer. (Currently not implemented)5.1 Packet Format.Encrypted data and commands are transported between the host and the slave(s) using the transport mechanism described above, the encrypted information is stored in the data field in the format shown below (see figure 1).Figure 1 – Encrypted Data FormatSTEX:Single byte indicating the start of an encrypted data block - 0x7E hex. LENGTH:The length of the data included in the packet - this does not includeSTEX, the next key or the CRC.DATA:Commands or data to be transferred.NEXT KEY:The key needed to decrypt the next encrypted packet from the host. CRCL, CRCH:Low and high byte of a forward CRC-16 algorithm using the(X16 + X15 + X2 +1) calculated on all bytes,polynomialexcept STEX. It is initialised using the seed 0xFFFF.5.2 Encryption Keys.At power up the first encrypted data packet sent to the peripheral will be encrypted using the peripherals serial number (the host requests and stores the serial number of each peripheral when it is installed – see control layer).After the first transmission data is encrypted/decrypted using the key contained in the last packet, the host generates this randomly. The peripheral will always reply to an encrypted packet with data encrypted using the same key as the original packet from the host.After the data has been decrypted the CRC algorithm is preformed on all bytes including DATA, NEXT KEY, CRCL and CRCH. The result of this calculation will be zero if the data has been decrypted with the correct key.If the result of this calculation is non-zero then the peripheral should assume that the host did not encrypt the data (transmission errors are detected by the transport layer). The slave should go out of service until it is reset.5.3 Encryption Algorithm.The encryption algorithm has a 64-bit key. This is only a short key but when combined with the mechanism for changing the key in every packet the system provides a high level of security. Appendix B contains C source code for encryption and decryption.The algorithm will easily translate into assembly code as long as the XOR is an operation. The routines works on blocks of 16 bytes that are packed into an array of four long integers, the key is 8 bytes long and is packed into an array of 2 long integers. If the data to be sent is not a multiple of 16 bytes then the remaining bytes are packed out with zeros (see tables 3).5.4 Encryption Example.Convert key into long integerKey() 0 1 2 3 4 5 6 7Value Ox67 Ox45 Ox23 Ox01 OxEF OxCD OxAB Ox89L_key() 0 1Value Ox01234567 Ox89ABCDEFGet data bytesData 0 1 2 3 4 5 6 7 8 9 10Value OxFF OxEE OxDD OxCC OxBB OxAA Ox99 Ox88 Ox77 Ox66 Ox55Convert data into array of 4 long integers any unused bytes set to Ox00Data 0 1 2 3Ox00000000Ox00556677Value OxCCDDEEFFOx8899AABBPass data through encryption algorithm.E_Data 0 1 2 3OxDA441723Ox5D2743D2 Value Ox1500F4F6OxF56E7CBABreak up into individual bytes for transmission:E_Data 0 1 2 3Ox5D2743D2Value Ox1500F4F6 OxF56E7CBA OxDA4417230 1 2 3 4 5 6 7 8 9 A B C D E FValue F6 F4 00 15 BA 7C 6E F5 23 17 44 DA D2 43 27 5DTables 3 – Encryption Examples6.0 Control Layer6.1 IntroductionThe slave can only respond to requests from the master with an address byte that matches the slaves address, at no time will the slave transmit any data that is not requested by the host. Any data that is received with an address that does not match the slave’s address will be discarded.The master will poll each slave at least every 5 seconds. The slave will deem the host to be inactive, if the time between polls is greater than 5 seconds. If the slave does not receive a poll within 5 seconds it should change to its disabled state. The minimum time between polls is specified for individual peripherals. Only one command can be sent in any one poll sequence.6.2 Addressing.The address of a peripheral consists of two parts, the fixed part that determines the type of deviceand the variable part. The variable part is used if there is a number of the same type of peripheral in the same machine, for example hoppers (see table 4).The variable part of the address can be set in one of two ways. Firstly it can be programmed to a fixed number using a PC tool, or the peripheral can be programmed to take the rest of the address from external pins on the interface connector(Currently not implemented).Slave ID (Hex) Peripheral0x00 Note validator 00x01 Note validator 10x02 Coin Validator 00x03 Coin Validator 10x04 Card Reader 00x05 Card Reader 1Device0x07 Audit0x08 Handheld Audit Collection Device0x09 – 0x0F Reserved0x10 – 0x1F Coin Hoppers 0 – 150x20 – 0x2F Note Dispensers 0 – 150x30 – 0x3F Card Dispensers 0 – 150x40 – 0x4F Ticket Dispensers 0 – 150x50 – 0x5F Extra Note Validators0x60 – 0x7E UnallocatedTable 4 – Peripheral Addressing6.3 Peripheral Validation.To ensure that credit transfers are only received from or sent to genuine devices, the device receiving the credit must first request the serial number from the sending device and only accept if the serial number matches a pre-programmed number.The serial number should be requested after each reset and also after each break in communications. For example a host machine should request a coin acceptors serial number at reset or if a poll sequence is unanswered, before enabling the device. Also, a coin hopper should not process any dispense commands until the host machine has sent its serial number.6.4 Generic Commands and Responses.Generic commands are a set of commands that every peripheral must understand and act on (seetable 5).6.4.1 Generic CommandsAction Command code (HEX)Reset 0x01 Host Protocol Version 0x06Poll 0x07 Get Serial Number 0x0CSynchronisation command 0x11Disable 0x09Enable 0x0A Program Firmware / currency 0x0B, Programming TypeManufactures Extension 0x30, Command, DataTable 5 – Generic CommandsReset:Single byte command, causes the slave to reset.Host Protocol Version: Dual byte command, the first byte is the command, the second byte is theversion of the protocol that is implemented on the host, current version is 02.Poll: Single byte command, no action taken except to report latest events.Get Serial Number: Single byte command, used to request the slave serial number. Returns 4-bytelong integer.Most significant byte first e.g.Serial number = 01873452 = 0x1C962CSo response data would be 0x00 0x1C 0x96 0x2CSync: Single byte command, which will reset the validator to expect the next sequence ID to be 0.Disable: Single byte command, the peripheral will switch to its disabled state, it will not execute anymore commands or perform any actions until enabled, any poll commands will report disabled.Enable: Single byte command, the peripheral will return to service.Program Firmware / currency:See section 6.4.3 – Remote Programming.Manufactures Extension: This command allows the manufacturer of a peripheral to send commandsspecific to their unit. The intention is that the manufacturer only uses the extension commandinternally; it should not when operating in a host machine. The specific command and any data forthat command should follow the Extension command.6.4.2 Generic ResponsesGeneric Response Response codeOK 0xFOCommand not known 0xF2Wrong number of parameters 0xF3Parameter out of range 0xF4Command cannot be processed 0xF5Software Error 0xF6FAIL 0xF8Table 6 - Generic ResponsesOK: Returned when a command from the host is understood and has been, or is in the process of,being executed.Command Not Known: Returned when an invalid command is received by a peripheral.Wrong Number Of Parameters: A command was received by a peripheral, but an incorrect numberof parameters were received.Parameter Out Of Range: One of the parameters sent with a command is out of range. E.g. trying tochange the route map for channel 34 on a coin acceptor.Command Cannot Be Processed: A command sent could not be processed at that time. E.g.sending a dispense command before the last dispense operation has completed.Software Error: Reported for errors in the execution of software e.g. Divide by zero. This may alsobe reported if there is a problem resulting from a failed remote firmware upgrade, in this case thefirmware upgrade should be redone.6.4.3 Remote Programming (Version 2.65 and later).Code Description0x0B, Type Start Programming, type (00 – firmware, 01 - currency)Status.0x16 ProgrammingTable 7 - Remote Programming Code SummaryUsing the command 0x0B followed by a parameter that indicates the type of programming requiredperforms remote programming (see table 7). Send 0x00 for firmware programming and 0x01 forcurrency data programming.The peripheral will respond with a generic reply. If the reply is OK, the host should send the first blockof the data file (the file header). The header has the format shown below (see table 8). The block sizedepends on the peripheral used but must be a minimum of 10 bytes to contain the header data.When the block size for a peripheral is greater than the header length (11 bytes) then the header ispadded out with 0’s to the length of a block. The maximum length of a block is 236 bytes.File offset Description Size0 Number of blocks to send (low byte, high byte), including header block 2 bytes2 Manufacture code (of file) e.g. ‘ITL’3 bytes5 File type – 0x00 firmware, 0x01 currency 1 byte6 Unit subtype 1 byte7 Unit version 1 bytebyte8 Block length (B L) 19 Checksum (CRC of data section of file) CRC low byte 1 byteA Checksum (CRC of data section of file) CRC high byte 1 byteB Padded 0’s to block size B L-11 bytesTable 8 - Remote Programming / Header and Block SizeThe peripheral will then respond with OK or HEADER_FAIL depending on the acceptability of this file(see table 9).Response CodeOK 0xF0 HEADER_FAIL 0xF9Table 9 – Peripheral ResponseThe host will then send the required number of data blocks. The peripheral will respond with ageneric response when each packet has been processed (see table 10).If the host receives any response other than an OK then that packet is retried three times beforeaborting the programming (the peripheral should then be reset).After the last data packet has been sent and a response received, the host will send a programmingstatus command 0x16. The peripheral will respond with one of the following codes:Response CodeOK 0xF0 Checksum Error 0xF7FAIL 0xF8 Table 10 - Peripheral Response CodesAfter a successful programming cycle, the peripheral should be reset. If the programming cycle doesnot complete successfully, then the peripheral should be disabled until it can be programmedsuccessfully.In the case of an unsuccessful firmware programming cycle, the new firmware will either be discardedor partly programmed. If the firmware has been partly programmed, then the peripheral will respondto all Polls with the generic response ‘Software Error’.The peripheral will not allow the host to enable it until it receives a complete and valid firmware file.6.4.4 Example programming file formats (ITL NV4 Validator).Programming files supplied by Innovative Technology Ltd for NV4 BNV are formatted as follows (seetables 11 and 12): Variable number of blocks depending on currency, fixed block length (128 bytes).Header block 92, 01, 49, 54, 4C, 01, 01, 01, 80, 8D, 2C Padded to block length with 0’s1st data block F0, 34, C0, 21, D3, 00, 00, 5F, 5F, 80h data bytes2nd data block FF, 24, D3, 21, 45, 01, 00, 3F, 5F, 80h data bytes..257th data block FF, 24, D3, 21, 45, 01, 00, 3F, 5F, 80h data bytesTable 11 - Currency File ExampleHeader block 01, 01, 49, 54, 4C, 00, 01, 01, 80, FD, 22 Padded to block length with 0’s1st data block FF, 24, D3, 21, 45, 01, 00, 3F, 5F, 80h data bytes2nd data block F0, 34, C0, D1, D3, 00, 00, 5F, 5F 80h data bytes..257th data block FF, 24, D3, 21, 45, 01, 00, 3F, 5F, 80h data bytesTable 12 - Firmware File Example6.4.5 Simplified remote programming flow chart.Figure 2 - Programming Flow Chart6.5 Banknote Validator6.5.1 BNV Operation.When the validator has recognised a note, it will not start to stack it until it receives the next valid pollcommand after the read n (n<>0) has been sent. The note will be rejected if the host responds with aREJECT.6.5.2 BNV CommandsAction Command code (HEX)Set inhibits 0x02Display on 0x03Display Off 0x04Set-up Request 0x05Reject 0x08Unit data 0x0DChannel Value data 0x0EChannel Security data 0x0FChannel Re-teach data 0x10Last Reject Code 0x17Hold 0x18 Enable Protocol Version Events 0x19Table 13 – Bank Note Validator CommandsSet Inhibits: Variable length command, used to control which channels are enabled. The commandbyte is followed by 2 data bytes, these bytes are combined to create the INHIBIT_REGISTER, eachbit represents the state of a channel (LSB= channel 1, 1=enabled, 0=disabled). At power up allchannels are inhibited and the validator is disabled.Display On: Single Byte command, turns on the display illumination bulb.Display Off: Single Byte command, turns off the display illumination bulb.Reject: Single byte command causing the validator to reject the current note.Set-up Request: Single byte command, used to request information about a slave. Slave will returnthe following data: Unit Type, Firmware version, Country Code, Value multiplier, Number of channels,(if number of channels is 0 then 0 is returned and next two parameters are not returned) Value perchannel, security of channel, Reteach count, Version of Protocol (see table 14).Data Size/type NotesUnit Type 1 byte, integer 0x00 Note ValidatorFirmware Version 4 bytes, string XX.XX (can include space)Country Code 3 bytes, string See Country Code TableValue Multiplier 3 bytes, integer 24 bit valueNumber of channels 1 byte, integer Highest used channelChannel Value 15 bytes, integer bytes 1 – 15 valuesSecurity of Channel 15 bytes, integer bytes 1 – 15 securityReteach count 3 byte, integer Byte 1 - reteach count.Byte 2, 3 flag register indicatingwhich channels have beenmodified. All set to zero atfactory.Protocol version 1 byte, integerTable 14 - Response to Set-up requestUnit Data Request: Single byte command which returns, Unit type (1 Byte integer), FirmwareVersion (4 bytes ASCII string), Country Code (3 Bytes ASCII string), Value Multiplier (3 bytes integer), Protocol Version (1 Byte, integer)Channel Value Request: Single byte command which returns a number of channels byte (thehighest channel used) and then 1 to n bytes which give the value of each channel up to the highestone, a zero indicates that the channel is not implemented.e.g. A validator has notes in Channels 1,2,4,6,7 so this command would return07,01,02,00,04,00,06,07. (The values are just examples and would depend on the currency of the unit).The actual value of a note is calculated by multiplying the value multiplier by channel value.If the number of channels is 0 then only one 0 will be returned.Channel Security Data: Single byte command which returns a number of channels byte (the highest channel used) and then 1 to n bytes which give the security of each channel up to the highest one, azero indicates that the channel is not implemented.(1 = low, 2 = std, 3 = high, 4 = inhibited).E.g. A validator has notes in Channels 1,2,4,6,7 channel 1 is low security, channel 6 is high security,all the rest are standard security.The return bytes would be07,01,02,00,02,00,02,03If the number of channels is 0 then only one 0 will be returned.Channel Reteach Data: Single byte command, which returns 3 bytes.First byte - the number of times the unit has been manually taught. (1 for each face).Second byte - Channels 1 to 8 flag register bit 0 = channel 1 to bit 7 = channel 8 if set shows that the indicated channel has been altered.Third byte is as second but the channels shown are bit 1 = channel 9 to bit 6 = channel 15.Last Reject Code: Single byte command, which will return a single byte that indicates the reason forthe last reject. The codes are shown below (see table 15). Specifics of note validation not shown to protect integrity of manufacturers securit y (Version 2.66 and later).Code Reject ReasonAccepted 0x00 Note0x01 Note length incorrect0x02 Reject reason 20x03 Reject reason 30x04 Reject reason 40x05 Reject reason 5Inhibited 0x06 Channel0x07 Second Note Inserted0x08 Reject reason 80x09 Note recognised in more than one channel0x0A Reject reason 100x0B Note too long0x0C Reject reason 120x0D Mechanism Slow / StalledAttempt 0x0E Striming0x0F Fraud Channel Reject0x10 No Notes InsertedTable 15 – Reject Code ReasonsHold: This command may be sent to BNV when Note Read has changed from 0 to >0 (valid noteseen) if the user does not wish to accept or reject the note with the next command.This command will also reset the 10 second time-out period after which a note held would be rejected automatically, so it should be sent before this time-out if an escrow function is required.。
Packet Tracer 5.2实验(十三) 扩展IP访问控制列表配置
Packet Tracer 5.2实验(十三) 扩展IP访问控制列表配置一、实验目标∙理解扩展IP访问控制列表的原理及功能;∙掌握编号的扩展IP访问控制列表的配置方法;二、实验背景分公司和总公司分别属于不同的网段,部门之间用路由器进行信息传递,为了安全起见,分公司领导要求部门主机只能访问总公司服务器的WWW服务,不能对其使用ICMP服务。
三、技术原理访问列表中定义的典型规则主要有以下:源地址、目标地址、上层协议、时间区域;扩展IP访问列表(编号为100~199,2000~2699)使用以上四种组合来进行转发或阻断分组;可以根据数据包的源IP、目的IP、源端口、目的端口、协议来定义规则,进行数据包的过滤;扩展IP访问列表的配置包括以下两步:∙定义扩展IP访问列表∙将扩展IP访问列表应用于特定接口上四、实验步骤实验步骤1、分公司出口路由器与外部路由器之间通过V.35电缆串口连接,DCE端连接在R2上,配置其时钟频率64000;主机与路由器通过交叉线连接;2、配置PC机、服务器及路由器接口IP地址;3、在各路由器上配置静态路由协议,让PC间能互相ping通,因为只有在互通的前提下才能涉及到访问控制列表;4、在R2上配置编号的IP扩展访问控制列表;5、将扩展IP访问列表应用到接口上;6、验证主机之间的互通性;R1:Router>enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname R1R1(config)#int fa0/0R1(config-if)#ip add 192.168.1.1 255.255.255.0 //配置端口IP地址R1(config-if)#no shut%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up R1(config-if)#exitR1(config)#int fa0/1R1(config-if)#ip add 192.168.2.1 255.255.255.0 //配置端口IP地址R1(config-if)#no shutR1(config-if)#%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up R1(config-if)#exitR1(config)#ip route 0.0.0.0 0.0.0.0 192.168.2.2 //配置default route R1(config)#endR1#%SYS-5-CONFIG_I: Configured from console by consoleR1#show ip route //查看路由表Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is 192.168.2.2 to network 0.0.0.0C 192.168.1.0/24 is directly connected, FastEthernet0/0C 192.168.2.0/24 is directly connected, FastEthernet0/1S* 0.0.0.0/0 [1/0] via 192.168.2.2R1#R1#show runBuilding configuration...Current configuration : 510 bytes!version 12.4no service timestamps log datetime msecno service timestamps debug datetime msecno service password-encryption!hostname R1!...!interface FastEthernet0/0ip address 192.168.1.1 255.255.255.0duplex autospeed auto!interface FastEthernet0/1ip address 192.168.2.1 255.255.255.0duplex autospeed auto!interface Vlan1no ip addressshutdown!ip classlessip route 0.0.0.0 0.0.0.0 192.168.2.2!...!line con 0line vty 0 4login!!!endR1#R2:Router>enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname R2R2(config)#int fa0/0R2(config-if)#ip add 192.168.2.2 255.255.255.0 //配置端口IP地址R2(config-if)#no shut%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to upR2(config-if)#exitR2(config)#int s2/0R2(config-if)#ip add 192.168.3.1 255.255.255.0 //配置端口IP地址R2(config-if)#no shut%LINK-5-CHANGED: Interface Serial2/0, changed state to downR2(config-if)#clock rate 64000 //配置时钟频率R2(config-if)#%LINK-5-CHANGED: Interface Serial2/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to upR2(config-if)#exitR2(config)#ip route 192.168.1.0 255.255.255.0 192.168.2.1 //配置目标网段1.0的静态路由R2(config)#ip route 192.168.4.0 255.255.255.0 192.168.3.2 //配置目标网段4.0的静态路由R2(config)#endR2#%SYS-5-CONFIG_I: Configured from console by consoleR2#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not setS 192.168.1.0/24 [1/0] via 192.168.2.1C 192.168.2.0/24 is directly connected, FastEthernet0/0C 192.168.3.0/24 is directly connected, Serial2/0S 192.168.4.0/24 [1/0] via 192.168.3.2R2#R2#conf tEnter configuration commands, one per line. End with CNTL/Z.R2(config)#acR2(config)#access-list ?<1-99> IP standard access list<100-199> IP extended access listR2(config)#access-list 100 ?deny Specify packets to rejectpermit Specify packets to forwardremark Access list entry commentR2(config)#access-list 100 perR2(config)#access-list 100 permit ?eigrp Cisco's EIGRP routing protocolgre Cisco's GRE tunnelingicmp Internet Control Message Protocolip Any Internet Protocolospf OSPF routing protocoltcp Transmission Control Protocoludp User Datagram ProtocolR2(config)#access-list 100 permit tcp ? //web服务使用的是tcp 协议A.B.C.D Source addressany Any source hosthost A single source hostR2(config)#access-list 100 permit tcp host ?A.B.C.D Source addressR2(config)#access-list 100 permit tcp host 192.168.1.2 ? //源主机地址A.B.C.D Destination addressany Any destination hosteq Match only packets on a given port numbergt Match only packets with a greater port numberhost A single destination hostlt Match only packets with a lower port numberneq Match only packets not on a given port numberrange Match only packets in the range of port numbersR2(config)#access-list 100 permit tcp host 192.168.1.2 host ?A.B.C.D Destination addressR2(config)#access-list 100 permit tcp host 192.168.1.2 host 192.168.4.2 ? //目标主机地址dscp Match packets with given dscp valueeq Match only packets on a given port numberestablished establishedgt Match only packets with a greater port numberlt Match only packets with a lower port numberneq Match only packets not on a given port numberprecedence Match packets with given precedence valuerange Match only packets in the range of port numbers<cr>R2(config)#access-list 100 permit tcp host 192.168.1.2 host 192.168.4.2 eq ?<0-65535> Port numberftp File Transfer Protocol (21)pop3 Post Office Protocol v3 (110)smtp Simple Mail Transport Protocol (25)telnet Telnet (23)www World Wide Web (HTTP, 80)R2(config)#access-list 100 permit tcp host 192.168.1.2 host 192.168.4.2 eq www ? //www服务dscp Match packets with given dscp valueestablished establishedprecedence Match packets with given precedence value<cr>R2(config)#access-list 100 permit tcp host 192.168.1.2 host 192.168.4.2 eq wwwR2(config)#R2(config)#access-list 100 deny ?eigrp Cisco's EIGRP routing protocolgre Cisco's GRE tunnelingicmp Internet Control Message Protocolip Any Internet Protocolospf OSPF routing protocoltcp Transmission Control Protocoludp User Datagram ProtocolR2(config)#access-list 100 deny icmp ? //禁止icmp协议,也就是ping使用的协议A.B.C.D Source addressany Any source hosthost A single source hostR2(config)#access-list 100 deny icmp host ?A.B.C.D Source addressR2(config)#access-list 100 deny icmp host 192.168.1.2 ?A.B.C.D Destination addressany Any destination hosthost A single destination hostR2(config)#access-list 100 deny icmp host 192.168.1.2 host 192.168.4.2 ?<0-256> type-numecho echoecho-reply echo-replyhost-unreachable host-unreachablenet-unreachable net-unreachableport-unreachable port-unreachableprotocol-unreachable protocol-unreachablettl-exceeded ttl-exceededunreachable unreachable<cr>R2(config)#access-list 100 deny icmp host 192.168.1.2 host 192.168.4.2 echo ?<cr>R2(config)#access-list 100 deny icmp host 192.168.1.2 host 192.168.4.2 echoR2(config)#R2(config)#int s2/0R2(config-if)#?bandwidth Set bandwidth informational parametercdp CDP interface subcommandsclock Configure serial interface clockcrypto Encryption/Decryption commandscustom-queue-list Assign a custom queue list to an interfacedelay Specify interface throughput delaydescription Interface specific descriptionencapsulation Set encapsulation type for an interfaceexit Exit from interface configuration modefair-queue Enable Fair Queuing on an Interfaceframe-relay Set frame relay parametershold-queue Set hold queue depthip Interface Internet Protocol config commandskeepalive Enable keepalivemtu Set the interface Maximum Transmission Unit (MTU)no Negate a command or set its defaultsppp Point-to-Point Protocolpriority-group Assign a priority group to an interfaceservice-policy Configure QoS Service Policyshutdown Shutdown the selected interfacetx-ring-limit Configure PA level transmit ring limitzone-member Apply zone nameR2(config-if)#ip ?access-group Specify access control for packetsaddress Set the IP address of an interfacehello-interval Configures IP-EIGRP hello intervalhelper-address Specify a destination address for UDP broadcastsinspect Apply inspect nameips Create IPS rulemtu Set IP Maximum Transmission Unitnat NAT interface commandsospf OSPF interface commandssplit-horizon Perform split horizonsummary-address Perform address summarizationvirtual-reassembly Virtual ReassemblyR2(config-if)#ip acR2(config-if)#ip access-group ?<1-199> IP access list (standard or extended)WORD Access-list nameR2(config-if)#ip access-group 100 ?in inbound packetsout outbound packetsR2(config-if)#ip access-group 100 out ?<cr>R2(config-if)#ip access-group 100 out //将控制列表应用于s2/0端口R2(config-if)#R2(config-if)#R2(config-if)#endR2#%SYS-5-CONFIG_I: Configured from console by consoleR2#show runR2#show running-configBuilding configuration...Current configuration : 901 bytes!version 12.2no service timestamps log datetime msecno service timestamps debug datetime msecno service password-encryption!hostname R2!...!interface FastEthernet0/0ip address 192.168.2.2 255.255.255.0duplex autospeed auto!interface FastEthernet1/0no ip addressduplex autospeed autoshutdown!interface Serial2/0ip address 192.168.3.1 255.255.255.0ip access-group 100 outclock rate 64000!interface Serial3/0no ip addressshutdown!interface FastEthernet4/0no ip addressshutdown!interface FastEthernet5/0no ip addressshutdown!ip classlessip route 192.168.1.0 255.255.255.0 192.168.2.1ip route 192.168.4.0 255.255.255.0 192.168.3.2!!access-list 100 permit tcp host 192.168.1.2 host 192.168.4.2 eq www access-list 100 deny icmp host 192.168.1.2 host 192.168.4.2 echo!...!line con 0line vty 0 4login!!!endR2#R3:Router>enRouter#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#hostname R3R3(config)#int fa0/0R3(config-if)#ip add 192.168.4.1 255.255.255.0R3(config-if)#no shut%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up R3(config-if)#exitR3(config)#int s2/0R3(config-if)#ip add 192.168.3.2 255.255.255.0R3(config-if)#no shut%LINK-5-CHANGED: Interface Serial2/0, changed state to upR3(config-if)#R3(config-if)#%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to upR3(config-if)#exitR3(config)#ip route 0.0.0.0 0.0.0.0 192.168.3.1R3(config)#endR3#%SYS-5-CONFIG_I: Configured from console by consoleR3#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is 192.168.3.1 to network 0.0.0.0C 192.168.3.0/24 is directly connected, Serial2/0C 192.168.4.0/24 is directly connected, FastEthernet0/0 S* 0.0.0.0/0 [1/0] via 192.168.3.1R3#R3#R3#show runBuilding configuration...Current configuration : 667 bytes!version 12.2no service timestamps log datetime msecno service timestamps debug datetime msecno service password-encryption!hostname R3!...!interface FastEthernet0/0ip address 192.168.4.1 255.255.255.0duplex autospeed auto!interface FastEthernet1/0no ip addressduplex autospeed autoshutdown!interface Serial2/0ip address 192.168.3.2 255.255.255.0!interface Serial3/0no ip addressshutdown!interface FastEthernet4/0no ip addressshutdown!interface FastEthernet5/0no ip addressshutdown!ip classlessip route 0.0.0.0 0.0.0.0 192.168.3.1!...!line con 0line vty 0 4login!!!endR3#PC1:Packet Tracer PC Command Line 1.0PC>ipconfigIP Address......................: 192.168.1.2Subnet Mask.....................: 255.255.255.0Default Gateway.................: 192.168.1.1PC>ping 192.168.4.2Pinging 192.168.4.2 with 32 bytes of data:Request timed out.Request timed out.Reply from 192.168.4.2: bytes=32 time=18ms TTL=125 //ACL前Reply from 192.168.4.2: bytes=32 time=12ms TTL=125Ping statistics for 192.168.4.2:Packets: Sent = 4, Received = 2, Lost = 2 (50% loss),Approximate round trip times in milli-seconds:Minimum = 12ms, Maximum = 18ms, Average = 15msPC>ping 192.168.4.2Pinging 192.168.4.2 with 32 bytes of data:Reply from 192.168.2.2: Destination host unreachable. //ACL后Reply from 192.168.2.2: Destination host unreachable.Reply from 192.168.2.2: Destination host unreachable. Reply from 192.168.2.2: Destination host unreachable.Ping statistics for 192.168.4.2:Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),PC>PC1-WEB测试:ACL前后都可以访问web服务。
rfc4301翻译--第五章到第八章
5. IP Traffic Processing5.1. Outbound IP Traffic Processing (protected-to-unprotected)Figure 2. Processing Model for Outbound TrafficIPsec MUST 按以下步骤来处理出方向的包:Step 1.当包从保护区接口进来,调用SPD选择功能来获得SPD-ID,用这个SPD-ID来选择合适的SPD。
(如果设备只需用一个SPD,那该步可以忽略)Step 2.用该包的头来匹配从第一步中得到的SPD的缓存。
注意这个缓存包含了SPD-O和SPD-S 中的记录。
Step 3.a.如果匹配上,用匹配上的缓存记录来确定该包是要被透传、丢弃或是被AH/ESP保护。
如果IPsec处理应用后,就会产生一个从SPD缓存记录到SAD缓存记录的链接(用于指定模式、加密算法、密钥、SPI、PMTU等),注意SA PMTU值,和分配状态检查标志位(出方向包的IP头中的DF位)来决定是要在IPsec处理前分片还是处理后分片,或者必须丢弃掉用ICMPPMTU消息发送。
b.如果没有找到匹配的缓存,则查找SPD-ID指定的SPD(SPD-S和SPD-O部分)。
如果SPD 记录说是要透传或是丢弃,那么就创建一个或多个新的出方向SPD缓存记录;如果SPD记录说是要保护,也就是说要创建一个SA,那么就要用密钥管理机制(如IKEv2)来生产一个SA,如果SA成功生成,就创建一条新的出方向(SPD-S)缓存记录以及出方向和入方向的SAD 记录;如果不能成功生成SA,就丢弃这个包。
Step 4.这个包被传送到出口转发功能,来选择包要出去的接口。
这个功能也许会使这个包被传回到IPsec边界,进行另外的IPsec处理,比如说支持嵌套SAs。
如果是这样,MUST在SPD-I 数据库中有一条记录,允许入方向透传这个包,否则这个包将被丢弃。
h3c交换机环路检测方法之欧阳文创编
H3C环路检测Loopback Detection配置时间:2021.03.12 创作:欧阳文2015-05-14 •Network •0 条评论配置通过Loopback Detection检测接口自环示例组网需求如图1所示,某企业网络中的汇聚交换机SwitchA下新接入一台接入交换机SwitchB,为避免因光纤插错、接口被高压击坏等情况导致接口GE0/0/1发生TX-RX自环而影响现有网络,用户希望能在SwitchA上及时检测出接口GE0/0/1上存在的TX-RX自环,并希望环路存在时阻塞接口以减小环路对现有网络的冲击,环路消失时接口能自动恢复。
图1 配置通过Loopback Detect检测接口自环示例组网图配置思路为检测SwitchA上的下行接口GE0/0/1是否存在TX-RX自环,可以在SwitchA上的该接口上配置Loopback Detection 功能。
配置思路如下:1.在SwitchA的接口GE0/0/1上使能LoopbackDetection功能,实现对该接口的TX-RX自环检测。
2.配置Loopback Detection处理动作和接口自动恢复时间,实现发现环路后,Switch自动阻塞接口以减少环路对现有网络的冲击,以及环路消失后接口自动恢复。
操作步骤1.使能接口的Loopback Detection功能2.<HUAWEI> system-view3.[HUAWEI] sysnameSwitchA4.[SwitchA] interface gigabitethernet 0/0/15.[SwitchA-GigabitEthernet0/0/1] loopback-detectenable[SwitchA-GigabitEthernet0/0/1] quit6.配置Loopback Detection处理动作和环路消失后接口的自动恢复时间7.[SwitchA] interface gigabitethernet 0/0/18.[SwitchA-GigabitEthernet0/0/1] loopback-detectaction block9.[SwitchA-GigabitEthernet0/0/1] loopback-detectrecovery-time 30[SwitchA-GigabitEthernet0/0/1] quit10.验证配置结果a.执行命令display loopback-detect检查配置是否成功。
PacketTracer交换机配置实验指南
摘自沈鑫剡《计算机网络学习辅导与实验指南》一书3.3实验3.3.1交换机基本连通实验1.实验内容(1)验证两台连接在交换机端口上的计算机之间的连通性。
(2)查看转发表建立过程。
2.网络结构图3.20网络结构网络结构如图3.20所示,将两台计算机连接到交换机端口,为两台计算机配置IP 地址和子网掩码,两台计算机配置的IP 地址必须属于同一网络地址。
3.实验步骤(1)启动Packet Tracer ,在逻辑工作区根据图3.20所示的网络结构放置和连接设备,将PC0用直连双绞线(也称直通双绞线)连接到交换机Switch0的FastEthernet0/1端口,将PC1用直连双绞线连接到交换机Switch0的FastEthernet0/2端口。
直连双绞线将一端的发送端口和接收端口与另一端的发送端口和接收端口直接连接。
交叉双绞线将一端的发送端口和接收端口与另一端的发送端口和接收端口交叉连接。
终端和交换机之间用直连双绞线连接。
直连双绞线连接PC0和交换机Switch0的FastEthernet0/1端口的步骤如下。
在设备类型选择框中单击连接线(Connections ),在设备选择框中单击直连双绞线(Copper Straight-Through ),出现水晶头形状的光标。
将光标移到PC0,单击,出现图 3.21所示的PC0接口列表,单选FastEthernet 接口。
将光标移到交换机Switch0,单击,出现图3.22所示的交换机Switch0未连接的端口列表,单选FastEthernet0/1端口,完成直连双绞线连接PC0和交换机Switch0的FastEthernet0/1端口的过程。
用同样的步骤完成直连双绞线连接PC1和交换机Switch0的FastEthernet0/2端口的过程后,出现图3.23所示的逻辑工作区界面。
图3.21 在PC0接口列表中单选接口FastEthernet终端A192.1.1.1/24 终端B 192.1.1.2/24 交换机图3.22 在Swtch0端口列表中单选端口FastEthernet0/1图3.23放置和连接设备后的逻辑工作区界面及初始MAC表(2)为PC0配置IP地址和子网掩码:192.1.1.1/255.255.255.0,如图3.25所示,记录下PC0的MAC地址0009.7CA4.6D53。
wireshark源码详解_2
2013-8-4
2013-8-4
读取单个报文结束后,进入read_packet,调用frame_data_init函数, 初始化frame_data结构,开始将第一个报文的frame_data加入到 frame_data_sequence队列中去
同时,read_packet中调用add_packet_to_packet_list将该报文加入到报文列表中:
2013-8-4
可以看到通过PeekNamedPipe问询IO管道是否有数据然后决定是否回调, 如果确认有数据则回调sync_pipe_input_ cb函数。回调 sync_pipe_input_cb函数,读取数据:
2013-8-4
5.调用capture_input_new_file尝试解析这个临时文件,并 初始化一个wtap(capture_opts)结构用于后续解析,并设 置成临时文件模式:
1.进入create_ain_menu_new函数创建菜单对象,其中调用 menus_ init函数进行菜单的初始化
2013-8-4
2
菜单初始化后,一旦用户点选某个菜单,gtk_main就会得到点选菜单的 item标识,通过查找列表,获取相应的函数并回调。当我们选择Options... 时,会回调capture_prep_cb。 capture_prep_cb负责创建并显示Option对话框。其中,出现Options窗口后, 点击“Start”就会触发capture_start_cb,该按钮与回调函数的初始化连接 过程就是在capture_prep_cb函数里面完成的。
data处理句柄返回,尝试解析完成,将从各协议处理句柄层层返回。 调用new_packet_list_append将刚处理完的数据加载到列表上。至 此第一个报文处理完毕。(循环处理其他报文)
DEBUG CRYPTO ISAKMP会话成功建立的输出 解析
DEBUG CRYPTO ISAKMP会话成功建立的输出解析时间:2008-04-28 来源:作者:R3#*Dec 4 04:47:48.455: ISAKMP:(0): SA request profile is (NULL)*Dec 4 04:47:48.459: ISAKMP: Created a peer struct for 192.1.1.1, peer port 500*Dec 4 04:47:48.459: ISAKMP: New peer created peer = 0x65D3BBB8 peer_handle = 0x80000005*Dec 4 04:47:48.463: ISAKMP: Locking peer struct 0x65D3BBB8, refcount 1 for isakmp_initiator *Dec 4 04:47:48.463: ISAKMP: local port 500, remote port 500*Dec 4 04:47:48.467: ISAKMP: set new node 0 to QM_IDLE*Dec 4 04:47:48.471: insert sa successfully sa = 65568BD8crypto_isadb_stuff_vrf_instance, isakmp_initiator: sa->f_vrf = 0 sa->i_vrf = 0 sa=0x65568BD8*Dec 4 04:47:48.475: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.*Dec 4 04:47:48.479: ISAKMP:(0):found peer pre-shared key matching 192.1.1.1*Dec 4 04:47:48.479: ISAKMP:(0): constructed NAT-T vendor-07 ID*Dec 4 04:47:48.479: ISAKMP:(0): constructed NAT-T vendor-03 ID*Dec 4 04:47:48.479: ISAKMP:(0): constructed NAT-T vendor-02 ID*Dec 4 04:47:48.479: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM*Dec 4 04:47:48.479: ISAKMP:(0):Old State = IKE_READY New State = IKE_I_MM1*Dec 4 04:47:48.479: ISAKMP:(0): beginning Main Mode exchange(开始主模式交互)*Dec 4 04:47:48.479: ISAKMP:(0): sending packet to 192.1.1.1 my_port 500 peer_port 500 (I) MM_NO_STATE*Dec 4 04:47:48.491: ISAKMP (0:0): received packet from 192.1.1.1 dport 500 sport 500 Global (I) MM_NO_STATEMM的第一个包和第二个包:用于协商PEER地址、协商第一阶段策略*Dec 4 04:47:48.491: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH*Dec 4 04:47:48.491: ISAKMP:(0):Old State = IKE_I_MM1 New State = IKE_I_MM2*Dec 4 04:47:48.499: ISAKMP:(0): processing SA payload. message ID = 0*Dec 4 04:47:48.499: ISAKMP:(0): processing vendor id payload*Dec 4 04:47:48.499: ISAKMP:(0): vendor ID seems Unity/DPD but major 245 mismatch*Dec 4 04:47:48.499: ISAKMP (0:0): vendor ID is NAT-T v7*Dec 4 04:47:48.499: ISAKMP:(0):found peer pre-shared key matching 192.1.1.1*Dec 4 04:47:48.499: ISAKMP:(0): local preshared key found找到两端密钥,还没有被验证*Dec 4 04:47:48.499: ISAKMP : Scanning profiles for xauth ...*Dec 4 04:47:48.499: ISAKMP:(0):Checking ISAKMP transform 1 against priority 10 policy*Dec 4 04:47:48.499: ISAKMP: encryption DES-CBC*Dec 4 04:47:48.499: ISAKMP: hash SHA*Dec 4 04:47:48.503: ISAKMP: default group 2*Dec 4 04:47:48.503: ISAKMP: auth pre-share*Dec 4 04:47:48.503: ISAKMP: life type in seconds*Dec 4 04:47:48.503: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80*Dec 4 04:47:48.503: ISAKMP:(0):atts are acceptable. Next payload is 0(阶段一策略匹配)*Dec 4 04:47:48.503: ISAKMP:(0): processing vendor id payload*Dec 4 04:47:48.503: ISAKMP:(0): vendor ID seems Unity/DPD but major 245 mismatch*Dec 4 04:47:48.503: ISAKMP (0:0): vendor ID is NAT-T v7*Dec 4 04:47:48.503: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE*Dec 4 04:47:48.503: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM2*Dec 4 04:47:48.503: ISAKMP:(0): sending packet to 192.1.1.1 my_port 500 peer_port 500 (I) MM_SA_SETUP*Dec 4 04:47:48.503: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE*Dec 4 04:47:48.503: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM3*Dec 4 04:47:48.523: ISAKMP (0:0): received packet from 192.1.1.1 dport 500 sport 500 Global (I) MM_SA_SETUP这是第3、4个包,用于DH来分发加密密钥和HASH密钥,记得DH是用公钥和私钥来处理预公享的对称密钥再分发的,事实上在DH算法中,现在还没有发现有DEBUG错误信息出现,这里是不需要检查的*Dec 4 04:47:48.527: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH*Dec 4 04:47:48.531: ISAKMP:(0):Old State = IKE_I_MM3 New State = IKE_I_MM4*Dec 4 04:47:48.535: ISAKMP:(0): processing KE payload. message ID = 0*Dec 4 04:47:48.559: ISAKMP:(0): processing NONCE payload. message ID = 0*Dec 4 04:47:48.559: ISAKMP:(0):found peer pre-shared key matching 192.1.1.1*Dec 4 04:47:48.559: ISAKMP:(1003): processing vendor id payload*Dec 4 04:47:48.559: ISAKMP:(1003): vendor ID is Unity*Dec 4 04:47:48.559: ISAKMP:(1003): processing vendor id payload*Dec 4 04:47:48.559: ISAKMP:(1003): vendor ID is DPD*Dec 4 04:47:48.559: ISAKMP:(1003): processing vendor id payload*Dec 4 04:47:48.559: ISAKMP:(1003): speaking to another IOS box!*Dec 4 04:47:48.559: ISAKMP:(1003):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE*Dec 4 04:47:48.559: ISAKMP:(1003):Old State = IKE_I_MM4 New State = IKE_I_MM4DH在这里完成,为管理连接建立的准备完成,验证设备的过程是发生在安全的管理了解之后的*Dec 4 04:47:48.559: ISAKMP:(1003):Send initial contact*Dec 4 04:47:48.559: ISAKMP:(1003):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR*Dec 4 04:47:48.559: ISAKMP (0:1003): ID payloadnext-payload : 8type : 1address : 192.1.1.3protocol : 17port : 500length : 12将本地身份信息发送给对方,对方将进行HASH处理*Dec 4 04:47:48.559: ISAKMP:(1003):Total payload length: 12*Dec 4 04:47:48.563: ISAKMP:(1003): sending packet to 192.1.1.1 my_port 500 peer_port 500 (I) MM_KEY_EXCH*Dec 4 04:47:48.563: ISAKMP:(1003):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE*Dec 4 04:47:48.563: ISAKMP:(1003):Old State = IKE_I_MM4 New State = IKE_I_MM5*Dec 4 04:47:48.571: ISAKMP (0:1003): received packet from 192.1.1.1 dport 500 sport 500 Global (I) MM_KEY_EXCH第5、6个包,用于验证设备,记得设备的验证是身份信息+HASH密钥来完成的*Dec 4 04:47:48.571: ISAKMP:(1003): processing ID payload. message ID = 0*Dec 4 04:47:48.571: ISAKMP (0:1003): ID payloadnext-payload : 8type : 1address : 192.1.1.1protocol : 17port : 500length : 12收到对方身份信息*Dec 4 04:47:48.571: ISAKMP:(0):: peer matches *none* of theprofilescrypto_isadb_stuff_vrf_instance, crypto_isakmp_assign_profile: sa->f_vrf = 0 sa->i_vrf = 0 sa=0x65568BD8*Dec 4 04:47:48.571: ISAKMP:(1003): processing HASH payload. message ID = 0取出对方身份信息,执行HASH算法,“ID=0”表示HASH处理没有发现错误,对方身份验证成功*Dec 4 04:47:48.571: ISAKMP:(1003):SA authentication status:authenticated设备验证完成了*Dec 4 04:47:48.571: ISAKMP:(1003):SA has been authenticated with 192.1.1.1*Dec 4 04:47:48.571: ISAKMP: Trying to insert a peer 192.1.1.3/192.1.1.1/500/, and inserted successfully 65D3BBB8.*Dec 4 04:47:48.571: ISAKMP:(1003):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH*Dec 4 04:47:48.575: ISAKMP:(1003):Old State = IKE_I_MM5 New State = IKE_I_MM6*Dec 4 04:47:48.583: ISAKMP:(1003):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE*Dec 4 04:47:48.583: ISAKMP:(1003):Old State = IKE_I_MM6 New State = IKE_I_MM6*Dec 4 04:47:48.583: ISAKMP:(1003):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE*Dec 4 04:47:48.583: ISAKMP:(1003):Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE(阶段一完成,转入第二阶段)scmIkeTunnelCreate ikeidx:3*Dec 4 04:47:48.583: scmIkeTunnelCreated: Default context,vdi_ptr=gdi_ptr=1714916048/1714916048*Dec 4 04:47:48.583: ISAKMP:(1003):beginning Quick Mode exchange, M-ID of 1301997138第二阶段进行的是快速模式*Dec 4 04:47:48.583: ISAKMP:(1003):QM Initiator gets spi*Dec 4 04:47:48.583: ISAKMP:(1003): sending packet to 192.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE*Dec 4 04:47:48.587: ISAKMP:(1003):Node 1301997138, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *Dec 4 04:47:48.587: ISAKMP:(1003):Old State = IKE_QM_READY New State = IKE_QM_I_QM1*Dec 4 04:47:48.587: ISAKMP:(1003):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE*Dec 4 04:47:48.587: ISAKMP:(1003):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE*Dec 4 04:47:48.599: ISAKMP (0:1003): received packet from 192.1.1.1 dport 500 sport 500 Global (I) QM_IDLE*Dec 4 04:47:48.599: ISAKMP:(1003): processing HASH payload. message ID = 1301997138*Dec 4 04:47:48.599: ISAKMP:(1003): processing SA payload. message ID = 1301997138*Dec 4 04:47:48.599: ISAKMP:(1003):Checking IPSec proposal 1*Dec 4 04:47:48.599: ISAKMP: transform 1, ESP_DES*Dec 4 04:47:48.599: ISAKMP: attributes in transform:*Dec 4 04:47:48.599: ISAKMP: encaps is 1 (Tunnel)*Dec 4 04:47:48.599: ISAKMP: SA life type in seconds*Dec 4 04:47:48.599: ISAKMP: SA life duration (basic) of 3600*Dec 4 04:47:48.599: ISAKMP: SA life type in kilobytes*Dec 4 04:47:48.599: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0*Dec 4 04:47:48.599: ISAKMP: authenticator is HMAC-SHA*Dec 4 04:47:48.599: ISAKMP:(1003):atts are acceptable.(传输集匹配)*Dec 4 04:47:48.599: ISAKMP:(1003): processing NONCE payload. message ID = 1301997138*Dec 4 04:47:48.599: ISAKMP:(1003): processing ID payload. message ID = 1301997138*Dec 4 04:47:48.599: ISAKMP:(1003): processing ID payload. message ID = 1301997138*Dec 4 04:47:48.599: ISAKMP:(1003): Creating IPSec SAs(创建SA)*Dec 4 04:47:48.599: inbound SA from 192.1.1.1 to 192.1.1.3 (f/i) 0/ 0(proxy 192.168.1.0 to 10.1.1.0)*Dec 4 04:47:48.599: has spi 0x18879411 and conn_id 0*Dec 4 04:47:48.599: lifetime of 3600 seconds*Dec 4 04:47:48.599: lifetime of 4608000 kilobytes*Dec 4 04:47:48.599: outbound SA from 192.1.1.3 to 192.1.1.1 (f/i) 0/0(proxy 10.1.1.0 to 192.168.1.0)CRYPTO ACL协商成功*Dec 4 04:47:48.599: has spi 0xDE9946A9 and conn_id 0*Dec 4 04:47:48.599: lifetime of 3600 seconds*Dec 4 04:47:48.599: lifetime of 4608000 kilobytes*Dec 4 04:47:48.599: ISAKMP:(1003): sending packet to 192.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE*Dec 4 04:47:48.603: ISAKMP:(1003):deleting node 1301997138 error FALSE reason "No Error"*Dec 4 04:47:48.603: ISAKMP:(1003):Node 1301997138, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Dec 4 04:47:48.603: ISAKMP:(1003):Old State = IKE_QM_I_QM1 New State =IKE_QM_P HASE2_COMPLETE notify_mib_ipsec_tunnel_activation: peer has vdi ptr set 0x66378AD0 scmIpSecTunnelCreated (IKE SA:3)阶段二完成...new ipsidx:3*Dec 4 04:47:48.603: scmIPSecTunnelCreated: Default context,vdi_ptr=gdi_ptr=1714916048/1714916048*Dec 4 04:48:38.603: ISAKMP:(1003):purging node 130199713。
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
The Great Gatsby (1925) By F. Scott FitzgeraldAuthor Factoids SettingThemesThe “American Dream”Unraveling Gatsby’s MysteryWe learn about Gatsby from many different sources throughout the novel, and it is up to you to discover the truth about Gatsby’s character. Write down any bits of information you hear that surround the mystery of Gatsby, and then analyze what that information means for his character.Source of information? Details about Gatsby? Analysis…Using your analysis column, make a prediction as to where you think Gatsby’s money came from…The Great Gatsby Reading GuideAnswer the questions to study for the test.What is the "American Dream"?Chapter 11.What advice did Nick’s father give to him?2.What are some of the advantages given to Nick?3.What does Nick mean when he says that he became a well-rounded man, or a “limitedspecialist?” What does Nick think you need to be successful?4.What does Nick’s background so far tell us about him as a narrator of the story?5.What is the difference between East Egg and West Egg?6.Describe Tom’s character.7.Describe Daisy’s character.8.What book as Tom just read? What is it about? What further information does this give usabout his character?9.What piece of gossip does Jordan Baker reveal to Nick?10.Why does Daisy want her girl to grow up to be a “beautiful fool?”11.What does Nick mean when Daisy “asserted her membership in a rather distinguished secretsociety?” What is this secret society?12.Describe the image of Gatsby at the end of the chapter. Why is this almost an awkwardsituation for Nick?Chapter 213.Describe the Valley of Ashes.14.Who, or what is Dr. T.J. Eckleburg?15.Who is George Wilson? What is his profession?16.Describe Myrtle.17.What is the difference between George and Myrtle?18.What arrangements are made during this meeting? Why is this moment tense?19.What is the first thing that Myrtle does when she gets to the city? What further informationdoes this give us about her character?20.What does Nick “admit” before giving a description of the party that follows. Again, what doesthis suggest about his role as a narrator?21.Why did Myrtle marry George?22.What happens to Myrtle at the end of the scene? Why did this happen to her?Chapter 323.What does Nick think about his Gatsby’s parties?24.What about Nick is different from the other guests at the party he attends? What can weconclude from this detail?25.List all the stories and rumors that Nick hears at the party.26.What is Nick’s first impression of Gatsby?27.What does Nick say about Gatsby’s smile? What does this mean exactly about Gatsby’spersonality?28.Does Nick believe Gatsby background so far?29.What are the couples fighting about?30.What incident occurs while leaving the party?31.What do these incidents suggest about the other party-goers?32.What is Gatsby constantly interrupted by at the party?33.What does Nick tell Jordan? What does Jordan’s response say about her?Chapter 434.Why does Fitzgerald go through the process of listing all of the acquaintances at Gatsby’sparties?35.Why does Nick want to laugh at Gatsby’s stories?36.Does Nick end up believing Gatsby? Is there anything odd about the circumstances of hischange in opinion?37.Why do you think Gatsby revealed his life story to Nick then?38.Why is so much attention paid to Wolfsheim’s nose?39.Who does Wolfsheim mistake Nick for?40.Again—Gatsby is interrupted—what does suggest about Gatsby’s character?41.What is Wolfsheim infamous for?42.What is Wolfsheim’s purpose in the overall story-telling?43.Prediction: Where did Gatsby disappear to before meeting Tom?44.What does Jordan Baker reveal to Nick at tea?45.What does Daisy’s drunkenness suggest about the circumstances of her marriage?46.Why does Jordan think Gatsby held all of the big parties?47.Through Jordan, what does Gatsby ask Nick to do?48.Nick says, "There are only the pursued, the pursuing, the busy and the tired." What does Nickmean? How does each character in the novel fit into this idea?Chapter 549.Why does Gatsby try to offer Nick a job?50.Why does Gatsby have so many services ordered to Nick’s house?51.What is the weather like during this scene? What does this suggest about the meeting?52.Describe the meeting between Gatsby and Daisy.53.What happens with the weather during the reunion? What does this suggest?54.Why does Gatsby want Daisy to see his house?55.Why does Daisy start sobbing at the sight of Gatsby’s “beautiful shirts?”56.What do you make of Gatsby’s phone call he receives during the tour of his house?57.Describe Klipsringer.58.Overall, how did the reunion go for Gatsby?Chapter 659.Why does a reporter show up at Gatsby’s house? What new rumors does he share with Nick?60.Who was Dan Cody? What role did he play in Gatsby’s life?61.Who was Ella Kaye? What happened regarding Cody’s death that was suspicious?62.Why is Tom mad at Gatsby for accepting the invitation to dinner?63.Why does Gatsby point out all of the celebrities at his party? What is Tom’s response?64.What is Tom’s reaction to the dinner seating arrangements? What does he think of the peopleat his table?65.What does Tom accuse Gatsby of doing?66.Why didn’t Tom and Daisy like the party?67.How did Gatsby gauge the success of his party?68.When Nick told Gatsby that "you can't repeat the past", Gatsby replied, "Why of course youcan!" Why does Gatsby think he can repeat the past?Chapter 769.Describe Daisy and Gatsby's new relationship.70.Why does Gatsby fire all of his servants?71.What is the weather like in this scene? Think about how that might connect with the events thatfollow.72.How did Daisy secretly tell Gatsby that she loved him in Tom’s presence?pare George Wilson and Tom. What did each man learn about his wife and how did theyeach react?74.Why does Daisy tell Gatsby that he “wants too much?” What is she referring to in this situation?75.What has Tom’s investigation turned up about Gatsby’s businesses?76.Describe the fight between Gatsby and Tom.77.Why is it significant that it’s Nick’s 30th birthday? What does it show us about the characters?78.What happens to Myrtle?79.Why does George blame Tom at first?80.What important detail does Gatsby reveal about this event?81.What do you think Tom and Daisy were saying to each other in the kitchen? Do you think thatTom knew about Daisy? Why, why not?Chapter 882.How does Fitzgerald achieve a gloomy mood in the beginning of this chapter?83.Why doesn’t Gatsby want to skip town after the accident?84.Describe the “pressure” Daisy felt while Gatsby was delayed in Oxford.85.What season is it going to be soon?86.Why doesn’t Gatsby want to the servant to drain the pool yet? What does this suggest about hischaracter?87.What does Nick mean when he tells Gatsby that he is “worth the whole bunch put together?"88.What does Michaelis find in the drawer at Wilson’s garage? What does it suggest?89.How do T.J. Eckleberg’s eyes affect Mr. Wilson?90.Describe the events leading up to the end of the chapter.Chapter 991.Why did Nick take care of Gatsby's funeral?92.What does Wolfsheim cite as the reason for not helping with the funeral?93.Describe Mr. Gatz.94.How was Jay Gatz's childhood schedule consistent with the adult Gatsby's behavior?95.Who attended Gatsby's funeral?96.Why does Owl-eyes call Gatsby a “poor son of a bitch?”97.What is the purpose of Nick's last meeting with Jordan?98.Why does Nick call Tom and Daisy "careless people"?99.What does the last sentence mean to you?After Reading1.Does this novel have villains and heroes? Why, why not? If yes, who fits into thesecategories and why?2.Nick is both part of the action and acting as an objective commentator. Does this narrationstyle work? Why, why not?3.How did Fitzgerald use weather to reflect the mood of the story?4.Again, why are we still reading a book written in the 1920's? What gives a book its longevity?And which of its themes are eternal in the American psyche.The Secret SocietyAnalyze what Nick means by “secret society” by looking at teachers.Things Teachers Wear Things Teachers Do Things Teachers Say So what does the secret society do in the novel that leads Nick to this idea?The Great Gatsby: AutomobilesDirections:Fitzgerald uses the automobile as an overarching symbol in his novel. With your group, find at least 5 scenes from the novel where automobiles play a significant role. Look through all chapters – don’t just stick to the last few! List the scenes below (using page numbers) and identify what role the car played in the scene.Scene 1:Scene 2:Scene 3:Scene 4:Scene 5:。