Някои полезни инструменти/скрипта

[kokaracha]

Идеята е взета от тук http://mikrotik-bg.net/index.php?topic=228.msg2055#msg2055

Инстрмент  pppoe-discovery

Начин на употтрба:

NAME

       pppoe-discovery - perform PPPoE discovery


SYNOPSIS

       pppoe-discovery [ options ]

       pppoe-discovery { -V | -h }


DESCRIPTION

       pppoe-discovery  performs  the  same discovery process as pppoe, but does not initiate a session.  It sends a PADI packet and then prints the names of access concentrators in each PADO packet it

       receives.


OPTIONS

       -I interface

              The -I option specifies the Ethernet interface to use.  Under Linux, it is typically eth0 or eth1.  The interface should be “up” before you start pppoe-discovery, but should not  be  con‐

              figured to have an IP address.  The default interface is eth0.


       -D file_name

              The -D option causes every packet to be dumped to the specified file_name.  This is intended for debugging only.


       -U

              Causes  pppoe-discovery  to  use  the  Host-Uniq tag in its discovery packets.  This lets you run multiple instances of pppoe-discovery and/or pppoe without having their discovery packets

              interfere with one another.  You must supply this option to all instances that you intend to run simultaneously.


       -S service_name

              Specifies the desired service name.  pppoe-discovery will only accept access concentrators which can provide the specified service.  In most cases, you should  not  specify  this  option.

              Use it only if you know that there are multiple access concentrators or know that you need a specific service name.


       -C ac_name

              Specifies  the  desired  access concentrator name.  pppoe-discovery will only accept the specified access concentrator.  In most cases, you should not specify this option.  Use it only if

              you know that there are multiple access concentrators.  If both the -S and -C options are specified, they must both match.


       -A

              This option is accepted for compatibility with pppoe, but has no effect.


       -V | -h

              Either of these options causes pppoe-discovery to print its version number and usage information, then exit.


AUTHORS

       pppoe-discovery was written by Marco d’Itri <md@linux.it>, based on pppoe by David F. Skoll <dfs@roaringpenguin.com>.


SEE ALSO

       pppoe(, pppoe-sniff(

Пример:

pppoe-discovery -I eth9.2

Access-Concentrator: router.xxx.com

       Service-Name: ppp6.xxx.com

--------------------------------------------------

AC-Ethernet-Address: 00:60:e0:43:f8:21

Access-Concentrator: ppp2.xxx.com

       Service-Name: ppp6.xxx.com

       Service-Name: ppp7.xxx.com

--------------------------------------------------

AC-Ethernet-Address: 00:0e:b6:2c:f3:08

Скрипт (linux):

#!/usr/bin/perl

# Find enemy PPPoE Servers


my $admin_email= '';

my $version    = '0.01';


use Sys::Syslog;

if ($#ARGV<0){

        die "Usage: $0 <iface> [service name] [debug]\n";

}else{

        $iface=$ARGV[0];

        if ($ARGV[1] ne '' && $ARGV[1] ne 'debug'){

                $sn=":".$ARGV[1];

                $debug=$ARGV[2];

        }else{

                $debug=$ARGV[1];

        }

}


open (F, "netstat -nie | grep Link | grep -v tun | grep -v ng | grep -v '*' | grep -v lo0 | grep $iface |") or die "Can't exec finding MAC addresses\n";

while (<F>){

        if ($_=~/^$iface\s+[\W\d\S]+\s+HWaddr\s(\S{17})/){

            print $mac;

        $mac=$1;

        }

}



if (!$mac){

  die "Can't find MAC for [$iface]. Exit...\n";

} else {

    print "Found MAC for interface $iface: $mac\n";

}


if(($pid = fork)) {

        $SIG{CHLD} = 'IGNORE';

    $cmd=sprintf("/usr/sbin/tcpdump -e -n -c 1 -i %s ether proto 0x8863 and ether dst %s and 'ether[0xF:1]=0x7' 2>&1 |",$iface,$mac);

        if ($debug){

                print "DEBUG: ===>[$cmd]<===\n";

        }

        open F,$cmd or die "Can't start tcpdump\n";

        while (<F>){

                chomp($_);

                if ($debug){

                        print "DEBUG: ===>[$_]<===\n";

                }

                if ($_=~/^.+\s(.{17})\s\>\s(.{17}).+PPPoE\sPADO\s.+\[AC-Name\s(.+)\]\s\[Service-Name\s(.+)\]/){

                        print "\nFound asshole on iface $iface (iface's MAC: $2)\n

                        ======================================================\n

                        PPPoE at MAC: [$1]\nComp name: [$3]\nListening service name: [$4]\n

                        ======================================================\n\n";

            openlog("PPPOE-search", "ndelay", "local0");

            syslog(LOG_WARNING,"Found asshole ([$3]) on iface $iface (iface's MAC: $2)");

            closelog();

                }elsif ($_=~/ Device not configured/){

                        die "Wrong iface name [$iface]\n";

                }

        }

        close F;

    `poff client`

 }

else {

        `pon client`;

}



#*****************************************************

#

#*****************************************************

sub send_warning {

}

Начин на употреба:

./pppoe_search.pl

Usage: ./pppoe_search.pl <iface> [service name] [debug]

P.S Проверка на резултата по мак Примерно резултата на мака е  00:60:e0:43:f8:21

http://standards.ieee.org/cgi-bin/ouisearch?00-60-e0


00-60-E0   (hex)		AXIOM TECHNOLOGY CO., LTD.

0060E0     (base 16)		AXIOM TECHNOLOGY CO., LTD.

				3F, 14, LANE 235

				PAO CHIAO ROAD, HSIN TIEN

				TAIPEI HSIEN  

				TAIWAN, REPUBLIC OF CHINA

[111111]

client@pc6:~$ sudo pppoe-discovery -I eth2

sudo: unable to resolve host pc6

Access-Concentrator: r-rm263

Got a cookie: 2a e7 8f 03 df 59 8f e0 15 14 8d b5 05 2e 9e 3f

--------------------------------------------------

AC-Ethernet-Address: 00:09:b6:8f:8e:91


[/code]

че няма няма рррое сървър ама какво това горното

по мак адреса съдя че е CISCO

[kokaracha]

client@pc6:~$ sudo pppoe-discovery -I eth2

sudo: unable to resolve host pc6

Access-Concentrator: r-rm263

Got a cookie: 2a e7 8f 03 df 59 8f e0 15 14 8d b5 05 2e 9e 3f

--------------------------------------------------

AC-Ethernet-Address: 00:09:b6:8f:8e:91

че няма няма рррое сървър ама какво това горното по мак адреса съдя че е CISCO

Access-Concentrator: r-rm263

http://standards.ieee.org/cgi-bin/ouisearch?00-09-b6

[111111]

и аз до там стигнах че е аксес концентратор и го открих къде е 

странното е че е от другата страна на ADSL-a

като adsl-а е с nat