{"id":166,"date":"2015-12-29T07:04:01","date_gmt":"2015-12-29T07:04:01","guid":{"rendered":""},"modified":"2021-01-27T23:24:02","modified_gmt":"2021-01-27T15:24:02","slug":"cisco-synful-knock%e5%85%a8%e7%bd%91%e6%a3%80%e6%b5%8b","status":"publish","type":"post","link":"http:\/\/weizn.net\/?p=166","title":{"rendered":"Cisco SYNful Knock\u5168\u7f51\u68c0\u6d4b"},"content":{"rendered":"

\u00a0<\/span>\u4e00\u3001<\/span><\/span><\/b>\u6f0f\u6d1e\u6982\u8981<\/span><\/b><\/b><\/p>\n

Cisco SYNful Knock<\/span>\u5c5e\u4e8e\u4e00\u4e2a\u690d\u5165\u6728\u9a6c\uff0c\u5b83\u7531\u4e00\u4e2a\u7ecf\u8fc7\u7be1\u6539\u7684\u601d\u79d1<\/span>IOS<\/span>\u955c\u50cf\u7ec4\u6210\uff0c\u80fd\u5141\u8bb8\u653b\u51fb\u8005\u4fdd\u6301\u533f\u540d\u6027\uff0c\u540c\u65f6\u4ece\u7f51\u7edc\u4e0a\u52a0\u8f7d\u4e0d\u540c\u7684\u529f\u80fd\u6a21\u5757\u3002\u8fd9\u4e2a\u690d\u5165\u6728\u9a6c\u8fd8\u4f7f\u7528\u4e86\u4e00\u4e2a\u79d8\u5bc6\u7684\u540e\u95e8\u5bc6\u7801\uff0c\u80fd\u7ed9\u653b\u51fb\u8005\u63d0\u4f9b\u975e\u9650\u5236\u6743\u9650\u3002\u6bcf\u4e2a\u6a21\u5757\u90fd\u80fd\u901a\u8fc7<\/span>HTTP<\/span>\u534f\u8bae\u6765\u542f\u7528\uff0c\u53ea\u9700\u5411\u8def\u7531\u5668\u7684\u63a5\u53e3\u53d1\u9001\u4e00\u4e2a\u7279\u522b\u5236\u4f5c\u7684<\/span>TCP<\/span>\u6570\u636e\u5305\u3002\u8fd9\u4e9b\u6570\u636e\u5305\u90fd\u4f7f\u7528\u4e86\u975e\u6807\u51c6\u7684\u5e8f\u5217\u53f7\u548c\u76f8\u5e94\u7684\u627f\u8ba4\u53f7\u3002\u800c\u8fd9\u4e9b\u6a21\u5757\u53ef\u4ee5\u628a\u81ea\u5df1\u663e\u793a\u6210\u8def\u7531\u5668<\/span>IOS<\/span>\u4e2d\u72ec\u7acb\u7684\u53ef\u6267\u884c\u4ee3\u7801\u6216<\/span>hook<\/span>\uff0c\u63d0\u4f9b\u7684\u529f\u80fd\u4e0e\u540e\u95e8\u5bc6\u7801\u7c7b\u4f3c\u3002\u540e\u95e8\u5bc6\u7801\u901a\u8fc7\u63a7\u5236\u53f0\uff0c\u8fdc\u7a0b\u767b\u9646\u534f\u8bae\u548c\u6743\u9650\u63d0\u5347\uff0c\u4f7f\u7528<\/span>enable<\/span>\u547d\u4ee4\uff0c\u80fd\u63d0\u4f9b\u5bf9\u8def\u7531\u5668\u7684\u8bbf\u95ee\u3002<\/span><\/p>\n

\u4e8c\u3001<\/span><\/span><\/b>\u5f71\u54cd\u8303\u56f4<\/span><\/b><\/b><\/p>\n

Cisco 1841 router<\/span>\uff0c<\/span>Cisco 2811 router<\/span>\uff0c<\/span> Cisco 3825 router<\/span>\uff0c\u4e0d\u6392\u9664\u5176\u5b83\u578b\u53f7<\/span>Cisco<\/span>\u7f51\u7edc\u8bbe\u5907\u4e5f\u6709\u53ef\u80fd\u53d7\u5230\u5f71\u54cd\uff0c\u8fd9\u4e9b\u8def\u7531\u5668\u7684\u6838\u5fc3\u529f\u80fd\u3001<\/span>IOS<\/span>\u4ee3\u7801\u90fd\u5f88\u7c7b\u4f3c\u3002<\/span><\/p>\n

\u4e09\u3001<\/span><\/span><\/b>\u6f0f\u6d1e\u5206\u6790<\/span><\/b><\/b><\/p>\n

1 . <\/span>\u540e\u95e8\u901a\u8fc7\u7279\u6b8a\u540e\u95e8\u5bc6\u7801\u901a\u8fc7<\/span>console<\/span>\u6216<\/span>telnet<\/span>\u767b\u5f55\u8def\u7531\u5668\uff0c\u540e\u95e8\u5bc6\u7801\u8ba4\u8bc1\u540e\u83b7\u5f97\u7ba1\u7406\u5458\u6743\u9650\uff0c\u5982\u679c\u6ca1\u6709\u901a\u8fc7\u8ba4\u8bc1\u5219\u8f6c\u5411\u8bbe\u5907\u672c\u8eab\u7684\u8ba4\u8bc1\u6a21\u5757\u3002<\/span><\/p>\n\n\n\n\n\n\n
\n

\u65b9\u5f0f<\/span><\/p>\n<\/td>\n

\n

\u540e\u95e8\u63d0\u793a<\/span><\/p>\n<\/td>\n

\n

\u7ed3\u679c<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

Console<\/span><\/p>\n<\/td>\n

\n

\u201cUser Access Verification\u201d<\/span><\/p>\n<\/td>\n

\n

\u666e\u901a\u8bbf\u95ee\u548c\u63d0\u6743<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

Telnet<\/span><\/p>\n<\/td>\n

\n

Username is the backdoor password<\/span><\/p>\n<\/td>\n

\n

\u666e\u901a\u8bbf\u95ee\u548c\u63d0\u6743<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

Elevation (enable)<\/span><\/p>\n<\/td>\n

\n

Enable password<\/span><\/p>\n<\/td>\n

\n

\u63d0\u6743<\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

\u00a0<\/span> 2.<\/span>\u690d\u5165<\/span><\/span>\u540e\u95e8\u7a0b\u5e8f\u76d1\u542c<\/span><\/span>TCP 80<\/span>\u7aef\u53e3\uff0c\u653b\u51fb\u8005\u901a\u8fc7\u4f2a\u9020\u975e\u6807\u51c6\u7684\u4e09\u6b21\u63e1\u624b\u540c\u540e\u95e8\u7a0b\u5e8f\u5efa\u7acb<\/span>TCP<\/span>\u8fde\u63a5\uff0c\u540e\u901a\u8fc7\u540e\u95e8\u7a0b\u5e8f\u7684\u81ea\u5b9a\u4e49\u7684\u6307\u4ee4\u5728<\/span>IOS<\/span>\u4e2d\u52a0\u8f7d\u5176\u5b83\u6a21<\/span>\u5757\uff0c\u53ef\u4f9b\u52a0\u8f7d\u7684\u6a21\u5757\u5171<\/span><\/span>100<\/span>\u591a\u79cd\uff0c\u4f46\u662f\u91cd\u542f\u540e\u6a21\u5757\u4e0d\u518d\u751f\u6548<\/span><\/p>\n

1<\/span>\uff09<\/span>SYN<\/span>\uff0c\u6784\u9020<\/span>tcp syn<\/span>\u5305\u53d1<\/span>\u9001\u7ed9\u88ab\u690d\u5165\u540e\u95e8\u8bbe\u5907\uff0c\u786e\u4fdd<\/span>syn<\/span>\u548c<\/span>ack<\/span>\u7684<\/span>offset<\/span>\u4e3a<\/span>0xC123D<\/span>\uff08\u5982<\/span>syn=791104<\/span>\uff0c<\/span>ack=3<\/span>\uff09\uff0c<\/span>ack<\/span>\u53f7\u5e76\u4e0d\u9700\u8981\u4e3a<\/span>0<\/span>\uff0c<\/span>offset<\/span>\u5fc5\u987b\u4e3a<\/span>791102<\/span><\/p>\n

2<\/span>\uff09<\/span>SYN-ACK<\/span>\uff0c\u540e\u95e8\u7a0b\u5e8f\u8fd4\u56de\u7684<\/span>ack<\/span>\u5305\u4e3a<\/span>syn + 1<\/span>\uff0c<\/span> \u628a\u521d\u59cb<\/span>SYN<\/span>\u5305\u4e2d\u7684<\/span>ack<\/span>\u53f7\u4f5c\u4e3a<\/span>seq<\/span>\u53f7\uff08<\/span>ack=791105 <\/span>\uff0c<\/span>seq=3<\/span>\uff09\uff0c\u5176\u540e\u7684<\/span>tcp option<\/span>\u4e2d\u7684\u7279\u6b8a\u7f16\u7801\u4e3a\u201c<\/span>02 04 05 b4 01 01 04 02 01 03 03 05<\/span>\u201d\uff0c<\/span>tcp<\/span>\u5934\u4e2d<\/span>urgent<\/span>\u6307\u9488<\/span>=0x0001<\/span>\uff0c<\/span>urg flag=0<\/span>\uff08\u901a\u5e38\u4e00\u822c\u670d\u52a1\u4f1a\u968f\u673a\u4ea7\u751f\u4e00\u4e2a<\/span>seq<\/span>\u5e8f\u53f7\uff0c\u6240\u4ee5\u4e3a\u975e\u6807\u51c6<\/span>tcp<\/span>\uff09<\/span><\/p>\n

3<\/span>\uff09<\/span>ACK<\/span>\u5b8c\u6210\u63e1\u624b<\/span><\/p>\n

4<\/span>\uff09\u63a7\u5236\u7aef\u5f00\u59cb\u53d1\u9001<\/span>TCP<\/span>\u63a7\u5236\u4fe1\u606f\uff0c\u7f6e<\/span>push flag=1<\/span>\u3001<\/span> ack flag=1,<\/span>\u00a0 <\/span>tcp<\/span>\u5934\u7684<\/span>offset 0x62<\/span>\u5904\u5199\u5165\u201c<\/span>text<\/span>\u201d\uff0c<\/span>0x67<\/span>\u5904\u5199\u5165\u547d\u4ee4\uff0c\u547d\u4ee4\u683c\u5f0f\uff1a<\/span>[4 byte Command Length][CMD Data][4 byte checksum]<\/span>\uff0c\u5b9a\u4e49\u4e86<\/span>5<\/span>\u7c7b\u547d\u4ee4\uff0c<\/span>list<\/span>\u3001\u5206\u914d\u5185\u5b58\u3001\u690d\u5165\u3001\u6fc0\u6d3b\u3001\u5378\u8f7d\u3002<\/span><\/p>\n

5<\/span>\uff09\u540e\u95e8\u54cd\u5e94\u5c01\u88c5\u4e3a\u9759\u6001<\/span>HTTP\/HTML<\/span>\u670d\u52a1\u5668\u54cd\u5e94<\/span> HTTP\/1.1 200 OK <\/span>\u3002\u3002\u3002\u3002<\/span><\/p>\n

\u4e00\u3001<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span><\/span><\/b>\u6f0f\u6d1e\u9a8c\u8bc1<\/span><\/b><\/b><\/p>\n

Kali<\/span>\u4e0b\u4f7f\u7528<\/span>nping:<\/span><\/p>\n

nping -c1 -v3 –tcp -p 80 –seq 791104 –ack 3 10.1.1.1<\/span><\/p>\n

\u8fd4\u56de<\/span>ack=791105 <\/span>\uff0c<\/span>seq=3<\/span>\u00a0\u00a0 <\/span>\uff0c<\/span>tcpoption<\/span>\u4e2d\u51fa\u73b0<\/span>02 04 05 b4 01 01 04 02 00 30 01 03 03 05<\/span><\/p>\n

\u4e94\u3001<\/span><\/b>\u00a0\u00a0\u00a0 <\/span><\/span><\/b>\u516c\u7f51\u68c0\u6d4b\uff1a<\/span><\/b><\/b><\/p>\n

1<\/span>\u3001\u4ece<\/span>apnic<\/span>\u4e0a\u83b7\u53d6\u4e3a\u4e2d\u56fd\u533a\u57df\u5206\u914d\u7684<\/span>IP<\/span>\u6bb5\uff0c\u5177\u4f53\u65b9\u5f0f\uff1a<\/span><\/p>\n

wget -c http:\/\/ftp.apnic.net\/stats\/apnic\/delegated-apnic-latest<\/span><\/p>\n

cat delegated-apnic-latest | awk -F ‘|’ ‘\/CN\/&&\/ipv4\/ {print $4 “\/” 32-log($5)\/log(2)}’|cat >ip.txt<\/span><\/p>\n

\u751f\u6210\u53ef\u88ab<\/span>zmap<\/span>\u8bc6\u522b\u7684\u6587\u4ef6\u683c\u5f0f\uff1a<\/span><\/p>\n

2<\/span>\u3001\u68c0\u6d4b\u5f00\u653e<\/span>80<\/span>\u7aef\u53e3\u7684\u8bbe\u5907\uff1a<\/span><\/p>\n

zmap -w ip.txt -p 80 -o results.txt<\/span><\/p>\n

\u5bf9\u5168\u7f51\u8fdb\u884c<\/span>3<\/span>\u6b21\u626b\u63cf\uff0c\u6bcf\u6b21\u7ed3\u679c\u5728<\/span>6000000~6400000<\/span>\u4e4b\u95f4\uff0c\u76f8\u5bf9\u8bef\u5dee\u5e76\u4e0d\u662f\u5f88\u5927\u3002<\/span><\/p>\n

3\u3001<\/span>\u00a0 <\/span>POC<\/span>\u5236\u4f5c\uff1a<\/span><\/p>\n

\u5236\u4f5c\u601d\u8def\uff1a<\/span><\/b><\/p>\n

POC<\/span>\u5206\u4e3a\u4e24\u4e2a\u90e8\u5206\uff0c\u4e00\u4e2a\u8d1f\u8d23<\/span>SYN<\/span>\u5305\u53d1\u9001\uff0c\u53e6\u4e00\u4e2a\u8d1f\u8d23\u63a5\u6536\u548c\u5206\u6790<\/span>SYN<\/span>\u7684\u5e94\u7b54\u5305\u3002<\/span><\/p>\n

\u53d1\u9001\u90e8\u5206\uff1a<\/span><\/p>\n

\uff081\uff09<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>\u5411\u5f00\u653e<\/span>80<\/span>\u7aef\u53e3\u7684\u8bbe\u5907\u53d1\u9001\u5e8f\u5217\u53f7\u548c\u5e94\u7b54\u53f7\u4e4b\u95f4\u5dee\u503c\u4e3a<\/span>791101<\/span>\u7684<\/span>SYN<\/span>\u5305\u3002\u6bd4\u5982<\/span>seq=791104<\/span>\uff0c<\/span>ack=3.<\/span><\/p>\n

\u63a5\u6536\u90e8\u5206\uff1a<\/span><\/p>\n

\u8fc7\u6ee4\u51fa\u6ee1\u8db3\u4ee5\u4e0b\u6761\u4ef6\u7684\u6570\u636e\u5305\uff1a<\/span><\/p>\n

\uff081\uff09<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>SYN<\/span>\u548c<\/span>ACK<\/span>\u6807\u8bc6\u4f4d\u88ab\u7f6e<\/span>1<\/span>\uff0c\u6765\u6e90\u7aef\u53e3\u4e3a<\/span>80<\/span>\u7684<\/span>TCP<\/span>\u5305\u3002<\/span><\/p>\n

\uff082\uff09<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>\u7d27\u6025\u6307\u9488\u503c\u4e3a<\/span>0x0001<\/span>\uff0c\u4f46\u7d27\u6025\u6807\u8bc6\u4f4d\u4e3a<\/span>0.<\/span><\/p>\n

\uff083\uff09<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>\u5e8f\u5217\u53f7\u548c\u5e94\u7b54\u53f7\u4e4b\u95f4\u7684\u5dee\u503c\u4e3a<\/span>791102.<\/span><\/p>\n

\uff084\uff09<\/span>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 <\/span>TCP options string=<\/span><\/p>\n

“\\x02\\x04\\x05\\xb4\\x01\\x01\\x04\\x02\\x01\\x03\\x03\\x05”<\/span><\/p>\n

4<\/span>\u3001\u68c0\u6d4b\u7ed3\u679c\uff1a<\/span><\/p>\n

\u7531\u4e8e\u81ea\u5df1\u6784\u9020\u5e76\u53d1\u9001<\/span>TCP<\/span>\u5305\uff0c\u6240\u4ee5\u7cfb\u7edf\u4e0d\u518d\u7ef4\u62a4<\/span>TCP SYN<\/span>\u5305\u7684\u8d85\u65f6\u91cd\u4f20\u673a\u5236\uff0c\u4e3a\u4e86\u907f\u514d\u6f0f\u62a5\u7684\u60c5\u51b5\uff0c\u7528<\/span>POC<\/span>\u5bf9\u6240\u6709\u5f00<\/span>80<\/span>\u7aef\u53e3\u7684\u8bbe\u5907\u8fdb\u884c\u4e86\u591a\u6b21\u626b\u63cf\uff0c\u76ee\u524d\u56fd\u5185\u6240\u6709\u516c\u7f51<\/span>IP<\/span>\u5df2\u672a\u68c0\u6d4b\u51fa\u6b64\u540e\u95e8\u3002<\/span><\/p>\n

 <\/p>\n

POC<\/strong><\/span><\/p>\n

\u53d1\u9001\u90e8\u5206(Python<\/span>)\uff1a<\/span><\/p>\n

from struct import *\r\nimport struct\r\nimport socket\r\nimport time\r\nimport random\r\n\r\ndef check_sum(msg):\r\n\u00a0\u00a0\u00a0 s = 0\r\n\u00a0\u00a0\u00a0 for i in range(0, len(msg), 2):\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 w = (ord(msg[i]) << 8) + (ord(msg[i + 1]) )\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 s += w\r\n\r\n\u00a0\u00a0\u00a0 s = (s >> 16) + (s & 0xffff)\r\n\u00a0\u00a0\u00a0 s = ~s & 0xffff\r\n\u00a0\u00a0\u00a0 return s\r\n\r\ndef create_ip_header(source,destination):\r\n\u00a0\u00a0\u00a0 version = 4\r\n\u00a0\u00a0\u00a0 ihl = 5 # Internet Header Length\r\n\u00a0\u00a0\u00a0 tos = 0 # Type of Service\r\n\u00a0\u00a0\u00a0 tl = 0 # total length will be filled by kernel\r\n\u00a0\u00a0\u00a0 id = 54321\r\n\u00a0\u00a0\u00a0 flags = 0 # More fragments\r\n\u00a0\u00a0\u00a0 offset = 0\r\n\u00a0\u00a0\u00a0 ttl = 255\r\n\u00a0\u00a0\u00a0 protocol = socket.IPPROTO_TCP\r\n\u00a0\u00a0\u00a0 checksum = 0 # will be filled by kernel\r\n\u00a0\u00a0\u00a0 source = socket.inet_aton(source)\r\n\u00a0\u00a0\u00a0 destination = socket.inet_aton(destination)\r\n\u00a0\u00a0\u00a0 ver_ihl = (version << 4) + ihl\r\n\u00a0\u00a0\u00a0 flags_offset = (flags << 13) + offset\r\n\u00a0\u00a0\u00a0 ip_header = struct.pack(\"!BBHHHBBH4s4s\",\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ver_ihl,\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 tos,\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 tl,\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 id,\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 flags_offset,\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ttl,\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 protocol,\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 checksum,\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 source,\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 destination)\r\n\u00a0\u00a0\u00a0 return ip_header\r\n\r\ndef create_tcp_syn_header(source_ip,source_port, dest_ip, dest_port):\r\n\u00a0\u00a0\u00a0 source = random.randrange(32000,62000,1)\r\n\u00a0\u00a0\u00a0 seq = 791104\r\n\u00a0\u00a0\u00a0 ack_seq = 3\r\n\u00a0\u00a0\u00a0 doff = 5\r\n\u00a0\u00a0\u00a0 # tcp flags\r\n\u00a0\u00a0\u00a0 fin = 0\r\n\u00a0\u00a0\u00a0 syn = 1\r\n\u00a0\u00a0\u00a0 rst = 0\r\n\u00a0\u00a0\u00a0 psh = 0\r\n\u00a0\u00a0\u00a0 ack = 0\r\n\u00a0\u00a0\u00a0 urg = 0\r\n\u00a0\u00a0\u00a0 window = socket.htons (8192)\r\n\u00a0\u00a0\u00a0 check = 0\r\n\u00a0\u00a0\u00a0 urg_ptr = 0\r\n\u00a0\u00a0\u00a0 offset_res = (doff << 4) + 0\r\n\u00a0\u00a0\u00a0 tcp_flags = fin + (syn<<1) + (rst<<2) + (psh<<3) + (ack<<4) + (urg<<5)\r\n\u00a0\u00a0\u00a0 tcp_header = pack('!HHLLBBHHH', source, dest_port, seq, ack_seq, offset_res, tcp_flags, window, check, urg_ptr)\r\n\r\n\u00a0\u00a0\u00a0 source_address = socket.inet_aton( source_ip )\r\n\u00a0\u00a0\u00a0 dest_address = socket.inet_aton( dest_ip )\r\n\u00a0\u00a0\u00a0 placeholder = 0\r\n\u00a0\u00a0\u00a0 protocol = socket.IPPROTO_TCP\r\n\u00a0\u00a0\u00a0 tcp_length = len(tcp_header)\r\n\u00a0\u00a0\u00a0 psh = pack('!4s4sBBH', source_address, dest_address, placeholder, protocol, tcp_length)\r\n\u00a0\u00a0\u00a0 psh = psh + tcp_header\r\n\u00a0\u00a0\u00a0 tcp_checksum = check_sum(psh)\r\n\r\n\r\n\u00a0\u00a0\u00a0 tcp_header = pack('!HHLLBBHHH', source, dest_port, seq, ack_seq, offset_res, tcp_flags, window, tcp_checksum, urg_ptr)\r\n\u00a0\u00a0\u00a0 return tcp_header\r\n\r\n\r\ndef send_syn_packet(dest_host,src_port):\r\n\u00a0try:\r\n\u00a0\u00a0soc=socket.socket(socket.AF_INET,socket.SOCK_RAW,socket.IPPROTO_TCP)\r\n\r\n\u00a0\u00a0src_host=\"10.0.126.3\"\r\n\u00a0\u00a0#Create IP Header\r\n\u00a0\u00a0iph=create_ip_header(src_host,dest_host)\r\n\u00a0\u00a0#Create TCP Header\r\n\u00a0\u00a0tcph=create_tcp_syn_header(src_host,src_port,dest_host,80)\r\n\u00a0\u00a0pkt=iph+tcph\r\n\r\n\u00a0\u00a0n=9\r\n\u00a0\u00a0while n<10:\r\n\u00a0\u00a0\u00a0soc.sendto(tcph,(dest_host,0))\r\n\u00a0\u00a0\u00a0n+=1\r\n\u00a0\u00a0time.sleep(0.001)\r\n\u00a0\u00a0soc.close()\r\n\u00a0except:\r\n\u00a0\u00a0print \"send_syn_packet error\"\r\n\r\n\r\nfd=open(\"results.txt\",\"r\")\r\nif fd is None:\r\n\u00a0\u00a0\u00a0 print \"Open file failed\"\r\n\u00a0\u00a0\u00a0 exit()\r\n\r\nsrc_port=999\r\ncount=0\r\nn=1\r\nwhile True:\r\n\u00a0\u00a0\u00a0 readLine=fd.readline()\r\n\u00a0\u00a0\u00a0 dest_host=readLine[:len(readLine)-1]\r\n\u00a0\u00a0\u00a0 if len(dest_host)<=5:\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 fd.seek(0)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 print str(n)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 n+=1\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 continue\r\n\u00a0\u00a0\u00a0 send_syn_packet(dest_host,src_port)\r\n\u00a0\u00a0\u00a0 count+=1\r\n\u00a0\u00a0\u00a0 #print str(count)+\"\u00a0 \"+dest_host\r\n\r\n\r\nprint \"finish:\"+str(count)<\/pre>\n
 <\/p>\n
\u63a5\u6536\u90e8\u5206(C<\/span>)\uff1a<\/span><\/p>\n
#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n#include <netinet\/in.h>\u00a0\u00a0 \/\/ for sockaddr_in\r\n#include <sys\/types.h>\u00a0\u00a0\u00a0 \/\/ for socket\r\n#include <sys\/socket.h>\u00a0\u00a0 \/\/ for socket\r\n#include <arpa\/inet.h>\r\n#include <netinet\/if_ether.h>\r\n#include <pthread.h>\r\n#include <math.h>\r\n\r\n#define MAX_SIZE 65537\r\n\r\ntypedef struct DLC_Header\r\n{\r\n\u00a0\u00a0\u00a0 unsigned char DesMAC[6];\u00a0\u00a0\u00a0\u00a0 \/\/\u4ee5\u592a\u7f51\u76ee\u7684\u5730\u5740\r\n\u00a0\u00a0\u00a0 unsigned char SrcMAC[6];\u00a0\u00a0\u00a0\u00a0 \/\/\u4ee5\u592a\u7f51\u6e90\u5730\u5740\r\n\u00a0\u00a0\u00a0 unsigned short EtherType;\u00a0\u00a0\u00a0 \/\/\u5e27\u7c7b\u578b\r\n} DLCHEADER;\r\n\r\ntypedef struct ipheader\r\n{\r\n\u00a0\u00a0\u00a0 unsigned char ip_hl:4;\u00a0\u00a0\u00a0 \/*header length(\u62a5\u5934\u957f\u5ea6\uff09*\/\r\n\u00a0\u00a0\u00a0 unsigned char ip_v:4;\u00a0\u00a0\u00a0 \/*version(\u7248\u672c)*\/\r\n\u00a0\u00a0\u00a0 unsigned char ip_tos;\u00a0\u00a0\u00a0 \/*type os service\u670d\u52a1\u7c7b\u578b*\/\r\n\u00a0\u00a0\u00a0 unsigned short int ip_len;\u00a0\u00a0 \/*total length (\u603b\u957f\u5ea6)*\/\r\n\u00a0\u00a0\u00a0 unsigned short int ip_id;\u00a0\u00a0 \/*identification (\u6807\u8bc6\u7b26)*\/\r\n\u00a0\u00a0\u00a0 unsigned short int ip_off;\u00a0\u00a0 \/*fragment offset field(\u6bb5\u79fb\u4f4d\u57df)*\/\r\n\u00a0\u00a0\u00a0 unsigned char ip_ttl;\u00a0\u00a0\u00a0 \/*time to live (\u751f\u5b58\u65f6\u95f4)*\/\r\n\u00a0\u00a0\u00a0 unsigned char ip_p;\u00a0\u00a0\u00a0\u00a0 \/*protocol(\u534f\u8bae)*\/\r\n\u00a0\u00a0\u00a0 unsigned short int ip_sum;\u00a0\u00a0 \/*checksum(\u6821\u9a8c\u548c)*\/\r\n\u00a0\u00a0\u00a0 unsigned int ip_src;\u00a0\u00a0\u00a0 \/*source address(\u6e90\u5730\u5740)*\/\r\n\u00a0\u00a0\u00a0 unsigned int ip_dst;\u00a0\u00a0\u00a0 \/*destination address(\u76ee\u7684\u5730\u5740)*\/\r\n} IP;\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \/* total ip header length: 20 bytes (=160 bits) *\/\r\n\r\ntypedef struct tcpheader\r\n{\r\n\u00a0\u00a0\u00a0 unsigned short int sport;\u00a0\u00a0 \/*source port (\u6e90\u7aef\u53e3\u53f7)*\/\r\n\u00a0\u00a0\u00a0 unsigned short int dport;\u00a0\u00a0 \/*destination port(\u76ee\u7684\u7aef\u53e3\u53f7)*\/\r\n\u00a0\u00a0\u00a0 unsigned int th_seq;\u00a0\u00a0\u00a0 \/*sequence number(\u5305\u7684\u5e8f\u5217\u53f7)*\/\r\n\u00a0\u00a0\u00a0 unsigned int th_ack;\u00a0\u00a0\u00a0 \/*acknowledgement number(\u786e\u8ba4\u5e94\u7b54\u53f7)*\/\r\n\u00a0\u00a0\u00a0 unsigned char th_x:4;\u00a0\u00a0\u00a0 \/*unused(\u672a\u4f7f\u7528)*\/\r\n\u00a0\u00a0\u00a0 unsigned char th_off:4;\u00a0\u00a0\u00a0 \/*data offset(\u6570\u636e\u504f\u79fb\u91cf)*\/\r\n\u00a0\u00a0\u00a0 unsigned char Flags;\u00a0\u00a0\u00a0 \/*\u6807\u5fd7\u5168*\/\r\n\u00a0\u00a0\u00a0 unsigned short int th_win;\u00a0\u00a0 \/*windows(\u7a97\u53e3)*\/\r\n\u00a0\u00a0\u00a0 unsigned short int th_sum;\u00a0\u00a0 \/*checksum(\u6821\u9a8c\u548c)*\/\r\n\u00a0\u00a0\u00a0 unsigned short int th_urp;\u00a0\u00a0 \/*urgent pointer(\u7d27\u6025\u6307\u9488)*\/\r\n} TCP;\r\n\r\nunsigned char ACK_FLAG=1<<4;\r\nunsigned char SYN_FLAG=1<<1;\r\nunsigned char URG_FLAG=1<<5;\r\n\r\nchar *TCP_OPTIONS_STRING=\"\\x02\\x04\\x05\\xb4\\x01\\x01\\x04\\x02\\x01\\x03\\x03\\x05\";\r\n\r\nFILE *file=NULL;\r\nint count=0;\r\n\r\nint CreateSocket(int *soc)\r\n{\r\n\u00a0\u00a0\u00a0 if((*soc=socket(PF_PACKET,SOCK_RAW,htons(ETH_P_IP)))<0)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 return 0;\r\n\r\n\u00a0\u00a0\u00a0 return 1;\r\n}\r\n\r\nvoid *show_count(void *para)\r\n{\r\n\u00a0\u00a0\u00a0 while(1)\r\n\u00a0\u00a0\u00a0 {\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 usleep(1000000);\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 printf(\"%d\\n\",count);\r\n\u00a0\u00a0\u00a0 }\r\n}\r\n\r\nint Sniffer(int *soc)\r\n{\r\n\u00a0\u00a0\u00a0 int i;\r\n\u00a0\u00a0\u00a0 IP *IPHeader=NULL;\r\n\u00a0\u00a0\u00a0 TCP *TCPHeader=NULL;\r\n\u00a0\u00a0\u00a0 char recvBuff[MAX_SIZE];\r\n\u00a0\u00a0\u00a0 char TCPStr[1000],tempStr[100];\r\n\u00a0\u00a0\u00a0 int RecvSize;\r\n\u00a0\u00a0\u00a0 uint16_t sport=htons(80);\r\n\u00a0\u00a0\u00a0 uint16_t th_urp=htons(0x0001);\r\n\u00a0\u00a0\u00a0 uint32_t seq,ack,offset;\r\n\r\n\u00a0\u00a0\u00a0 IPHeader=(IP *)(recvBuff+sizeof(DLCHEADER));\r\n\u00a0\u00a0\u00a0 TCPHeader=(TCP *)(recvBuff+sizeof(DLCHEADER)+sizeof(IP));\r\n\r\n\u00a0\u00a0\u00a0 while(1)\r\n\u00a0\u00a0\u00a0 {\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 memset(recvBuff,NULL,sizeof(recvBuff));\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 if((RecvSize=recvfrom(*soc,recvBuff,sizeof(recvBuff)-1,0,NULL,NULL))<sizeof(DLCHEADER)+sizeof(TCP)+sizeof(IP)) continue;\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 if((TCPHeader->Flags & ACK_FLAG) && (TCPHeader->Flags & SYN_FLAG) && TCPHeader->sport==sport)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 {\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 count++;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 if((TCPHeader->th_urp!=0x00) && !(TCPHeader->Flags & URG_FLAG))\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 {\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 seq=ntohl(TCPHeader->th_seq);\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ack=ntohl(TCPHeader->th_ack);\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 offset=seq>ack?seq-ack:ack-seq;\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \/\/printf(\"host %s,seq=%d,ack=%d,offset:%d\\n\",inet_ntoa(*(struct in_addr *)&IPHeader->ip_src),seq,ack,offset);\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 if(offset==791102 && !memcmp(&((char *)TCPHeader)[20],TCP_OPTIONS_STRING,12))\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 {\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 memset(TCPStr,NULL,sizeof(TCPStr));\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 for(i=0; i<12; i++)\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 {\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 memset(tempStr,NULL,sizeof(tempStr));\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 sprintf(tempStr,\"0x%.2x \",((char *)TCPHeader)[20+i]);\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 strcat(TCPStr,tempStr);\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 }\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 printf(\"host %s,seq=%d,ack=%d,offset:%d,string:%s\\n\",inet_ntoa(*(struct in_addr *)&IPHeader->ip_src),seq,ack,offset,TCPStr);\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 fprintf(file,\"%s\\n\",inet_ntoa(*(struct in_addr *)&IPHeader->ip_src));\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 fflush(file);\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 }\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 }\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 }\r\n\u00a0\u00a0\u00a0 }\r\n\r\n\u00a0\u00a0\u00a0 return 1;\r\n}\r\n\r\nint main(int argc,char *argv[])\r\n{\r\n\u00a0\u00a0\u00a0 int socket;\r\n\u00a0\u00a0\u00a0 pthread_t id;\r\n\r\n\u00a0\u00a0\u00a0 if(!CreateSocket(&socket))\r\n\u00a0\u00a0\u00a0 {\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 printf(\"\u521b\u5efa\u5957\u63a5\u5b57\u5931\u8d25\u3002\\n\");\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 return -1;\r\n\u00a0\u00a0\u00a0 }\r\n\u00a0\u00a0\u00a0 if((file=fopen(\"Data.txt\",\"wt\"))==NULL)\r\n\u00a0\u00a0\u00a0 {\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 printf(\"\u521b\u5efa\u6587\u4ef6\u5931\u8d25\u3002\\n\");\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 return -1;\r\n\u00a0\u00a0\u00a0 }\r\n\u00a0\u00a0\u00a0 pthread_create(&id,NULL,show_count,NULL);\r\n\u00a0\u00a0\u00a0 printf(\"Start...\\n\");\r\n\u00a0\u00a0\u00a0 Sniffer(&socket);\r\n\r\n\u00a0\u00a0\u00a0 return 0;\r\n}<\/pre>\n
 <\/p>\n
 <\/p>\n
 <\/p>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
 <\/span>\u4e00\u3001<\/span><\/span><\/b>\u6f0f\u6d1e\u6982\u8981<\/span><\/b> <\/p>\n
\n\tCisco SYNful Knock<\/span>\u5c5e\u4e8e\u4e00\u4e2a\u690d\u5165\u6728\u9a6c\uff0c\u5b83\u7531\u4e00\u4e2a\u7ecf\u8fc7\u7be1\u6539\u7684\u601d\u79d1<\/span>IOS<\/span>\u955c\u50cf\u7ec4\u6210\uff0c\u80fd\u5141\u8bb8\u653b\u51fb\u8005\u4fdd\u6301\u533f\u540d\u6027\uff0c\u540c\u65f6\u4ece\u7f51\u7edc\u4e0a\u52a0\u8f7d\u4e0d\u540c\u7684\u529f\u80fd\u6a21\u5757\u3002\u8fd9\u4e2a\u690d\u5165\u6728\u9a6c\u8fd8\u4f7f\u7528\u4e86\u4e00\u4e2a\u79d8\u5bc6\u7684\u540e\u95e8\u5bc6\u7801\uff0c\u80fd\u7ed9\u653b\u51fb\u8005\u63d0\u4f9b\u975e\u9650\u5236\u6743\u9650\u3002\u6bcf\u4e2a\u6a21\u5757\u90fd\u80fd\u901a\u8fc7<\/span>HTTP<\/span>\u534f\u8bae\u6765\u542f\u7528\uff0c\u53ea\u9700\u5411\u8def\u7531\u5668\u7684\u63a5\u53e3\u53d1\u9001\u4e00\u4e2a\u7279\u522b\u5236\u4f5c\u7684<\/span>TCP<\/span>\u6570\u636e\u5305\u3002\u8fd9\u4e9b\u6570\u636e\u5305\u90fd\u4f7f\u7528\u4e86\u975e\u6807\u51c6\u7684\u5e8f\u5217\u53f7\u548c\u76f8\u5e94\u7684\u627f\u8ba4\u53f7\u3002\u800c\u8fd9\u4e9b\u6a21\u5757\u53ef\u4ee5\u628a\u81ea\u5df1\u663e\u793a\u6210\u8def…<\/span>\n<\/p>\n
\n\t\n<\/p>\n
<\/span> <\/p>\n
\n\t\n<\/p>\n
<\/span><\/p>\n","protected":false},"author":1,"featured_media":359,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[321],"tags":[],"class_list":["post-166","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry"],"yoast_head":"\nCisco SYNful Knock\u5168\u7f51\u68c0\u6d4b - Wayne's Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/weizn.net\/?p=166\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cisco SYNful Knock\u5168\u7f51\u68c0\u6d4b - Wayne's Blog\" \/>\n<meta property=\"og:description\" content=\" \u4e00\u3001\u6f0f\u6d1e\u6982\u8981   Cisco SYNful Knock\u5c5e\u4e8e\u4e00\u4e2a\u690d\u5165\u6728\u9a6c\uff0c\u5b83\u7531\u4e00\u4e2a\u7ecf\u8fc7\u7be1\u6539\u7684\u601d\u79d1IOS\u955c\u50cf\u7ec4\u6210\uff0c\u80fd\u5141\u8bb8\u653b\u51fb\u8005\u4fdd\u6301\u533f\u540d\u6027\uff0c\u540c\u65f6\u4ece\u7f51\u7edc\u4e0a\u52a0\u8f7d\u4e0d\u540c\u7684\u529f\u80fd\u6a21\u5757\u3002\u8fd9\u4e2a\u690d\u5165\u6728\u9a6c\u8fd8\u4f7f\u7528\u4e86\u4e00\u4e2a\u79d8\u5bc6\u7684\u540e\u95e8\u5bc6\u7801\uff0c\u80fd\u7ed9\u653b\u51fb\u8005\u63d0\u4f9b\u975e\u9650\u5236\u6743\u9650\u3002\u6bcf\u4e2a\u6a21\u5757\u90fd\u80fd\u901a\u8fc7HTTP\u534f\u8bae\u6765\u542f\u7528\uff0c\u53ea\u9700\u5411\u8def\u7531\u5668\u7684\u63a5\u53e3\u53d1\u9001\u4e00\u4e2a\u7279\u522b\u5236\u4f5c\u7684TCP\u6570\u636e\u5305\u3002\u8fd9\u4e9b\u6570\u636e\u5305\u90fd\u4f7f\u7528\u4e86\u975e\u6807\u51c6\u7684\u5e8f\u5217\u53f7\u548c\u76f8\u5e94\u7684\u627f\u8ba4\u53f7\u3002\u800c\u8fd9\u4e9b\u6a21\u5757\u53ef\u4ee5\u628a\u81ea\u5df1\u663e\u793a\u6210\u8def...\" \/>\n<meta property=\"og:url\" content=\"http:\/\/weizn.net\/?p=166\" \/>\n<meta property=\"og:site_name\" content=\"Wayne's Blog\" \/>\n<meta property=\"article:published_time\" content=\"2015-12-29T07:04:01+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-01-27T15:24:02+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/weizn.net\/wp-content\/uploads\/2018\/09\/sale_10872_primary_image_wide.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"zinan\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"http:\/\/weizn.net\/#website\",\"url\":\"http:\/\/weizn.net\/\",\"name\":\"Wayne's Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"http:\/\/weizn.net\/#\/schema\/person\/e88bc12c590502d8b6249326f960b264\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/weizn.net\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"zh-Hans\"},{\"@type\":\"ImageObject\",\"@id\":\"http:\/\/weizn.net\/?p=166#primaryimage\",\"inLanguage\":\"zh-Hans\",\"url\":\"http:\/\/weizn.net\/wp-content\/uploads\/2018\/09\/sale_10872_primary_image_wide.jpg\",\"contentUrl\":\"http:\/\/weizn.net\/wp-content\/uploads\/2018\/09\/sale_10872_primary_image_wide.jpg\",\"width\":1000,\"height\":500},{\"@type\":\"WebPage\",\"@id\":\"http:\/\/weizn.net\/?p=166#webpage\",\"url\":\"http:\/\/weizn.net\/?p=166\",\"name\":\"Cisco SYNful Knock\\u5168\\u7f51\\u68c0\\u6d4b - Wayne's Blog\",\"isPartOf\":{\"@id\":\"http:\/\/weizn.net\/#website\"},\"primaryImageOfPage\":{\"@id\":\"http:\/\/weizn.net\/?p=166#primaryimage\"},\"datePublished\":\"2015-12-29T07:04:01+00:00\",\"dateModified\":\"2021-01-27T15:24:02+00:00\",\"breadcrumb\":{\"@id\":\"http:\/\/weizn.net\/?p=166#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/weizn.net\/?p=166\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/weizn.net\/?p=166#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\\u9996\\u9875\",\"item\":\"http:\/\/weizn.net\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cisco SYNful Knock\\u5168\\u7f51\\u68c0\\u6d4b\"}]},{\"@type\":\"Article\",\"@id\":\"http:\/\/weizn.net\/?p=166#article\",\"isPartOf\":{\"@id\":\"http:\/\/weizn.net\/?p=166#webpage\"},\"author\":{\"@id\":\"http:\/\/weizn.net\/#\/schema\/person\/e88bc12c590502d8b6249326f960b264\"},\"headline\":\"Cisco SYNful Knock\\u5168\\u7f51\\u68c0\\u6d4b\",\"datePublished\":\"2015-12-29T07:04:01+00:00\",\"dateModified\":\"2021-01-27T15:24:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"http:\/\/weizn.net\/?p=166#webpage\"},\"wordCount\":191,\"commentCount\":0,\"publisher\":{\"@id\":\"http:\/\/weizn.net\/#\/schema\/person\/e88bc12c590502d8b6249326f960b264\"},\"image\":{\"@id\":\"http:\/\/weizn.net\/?p=166#primaryimage\"},\"thumbnailUrl\":\"http:\/\/weizn.net\/wp-content\/uploads\/2018\/09\/sale_10872_primary_image_wide.jpg\",\"articleSection\":[\"\\u5e94\\u7528\\u5b89\\u5168\"],\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"http:\/\/weizn.net\/?p=166#respond\"]}]},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"http:\/\/weizn.net\/#\/schema\/person\/e88bc12c590502d8b6249326f960b264\",\"name\":\"zinan\",\"logo\":{\"@id\":\"http:\/\/weizn.net\/#personlogo\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cisco SYNful Knock\u5168\u7f51\u68c0\u6d4b - Wayne's Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/weizn.net\/?p=166","og_locale":"zh_CN","og_type":"article","og_title":"Cisco SYNful Knock\u5168\u7f51\u68c0\u6d4b - Wayne's Blog","og_description":" \u4e00\u3001\u6f0f\u6d1e\u6982\u8981   Cisco SYNful Knock\u5c5e\u4e8e\u4e00\u4e2a\u690d\u5165\u6728\u9a6c\uff0c\u5b83\u7531\u4e00\u4e2a\u7ecf\u8fc7\u7be1\u6539\u7684\u601d\u79d1IOS\u955c\u50cf\u7ec4\u6210\uff0c\u80fd\u5141\u8bb8\u653b\u51fb\u8005\u4fdd\u6301\u533f\u540d\u6027\uff0c\u540c\u65f6\u4ece\u7f51\u7edc\u4e0a\u52a0\u8f7d\u4e0d\u540c\u7684\u529f\u80fd\u6a21\u5757\u3002\u8fd9\u4e2a\u690d\u5165\u6728\u9a6c\u8fd8\u4f7f\u7528\u4e86\u4e00\u4e2a\u79d8\u5bc6\u7684\u540e\u95e8\u5bc6\u7801\uff0c\u80fd\u7ed9\u653b\u51fb\u8005\u63d0\u4f9b\u975e\u9650\u5236\u6743\u9650\u3002\u6bcf\u4e2a\u6a21\u5757\u90fd\u80fd\u901a\u8fc7HTTP\u534f\u8bae\u6765\u542f\u7528\uff0c\u53ea\u9700\u5411\u8def\u7531\u5668\u7684\u63a5\u53e3\u53d1\u9001\u4e00\u4e2a\u7279\u522b\u5236\u4f5c\u7684TCP\u6570\u636e\u5305\u3002\u8fd9\u4e9b\u6570\u636e\u5305\u90fd\u4f7f\u7528\u4e86\u975e\u6807\u51c6\u7684\u5e8f\u5217\u53f7\u548c\u76f8\u5e94\u7684\u627f\u8ba4\u53f7\u3002\u800c\u8fd9\u4e9b\u6a21\u5757\u53ef\u4ee5\u628a\u81ea\u5df1\u663e\u793a\u6210\u8def...","og_url":"http:\/\/weizn.net\/?p=166","og_site_name":"Wayne's Blog","article_published_time":"2015-12-29T07:04:01+00:00","article_modified_time":"2021-01-27T15:24:02+00:00","og_image":[{"width":1000,"height":500,"url":"http:\/\/weizn.net\/wp-content\/uploads\/2018\/09\/sale_10872_primary_image_wide.jpg","path":"\/app\/wp-content\/uploads\/2018\/09\/sale_10872_primary_image_wide.jpg","size":"full","id":359,"alt":"","pixels":500000,"type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"zinan","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"6 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"http:\/\/weizn.net\/#website","url":"http:\/\/weizn.net\/","name":"Wayne's Blog","description":"","publisher":{"@id":"http:\/\/weizn.net\/#\/schema\/person\/e88bc12c590502d8b6249326f960b264"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/weizn.net\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"zh-Hans"},{"@type":"ImageObject","@id":"http:\/\/weizn.net\/?p=166#primaryimage","inLanguage":"zh-Hans","url":"http:\/\/weizn.net\/wp-content\/uploads\/2018\/09\/sale_10872_primary_image_wide.jpg","contentUrl":"http:\/\/weizn.net\/wp-content\/uploads\/2018\/09\/sale_10872_primary_image_wide.jpg","width":1000,"height":500},{"@type":"WebPage","@id":"http:\/\/weizn.net\/?p=166#webpage","url":"http:\/\/weizn.net\/?p=166","name":"Cisco SYNful Knock\u5168\u7f51\u68c0\u6d4b - Wayne's Blog","isPartOf":{"@id":"http:\/\/weizn.net\/#website"},"primaryImageOfPage":{"@id":"http:\/\/weizn.net\/?p=166#primaryimage"},"datePublished":"2015-12-29T07:04:01+00:00","dateModified":"2021-01-27T15:24:02+00:00","breadcrumb":{"@id":"http:\/\/weizn.net\/?p=166#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["http:\/\/weizn.net\/?p=166"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/weizn.net\/?p=166#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"http:\/\/weizn.net\/"},{"@type":"ListItem","position":2,"name":"Cisco SYNful Knock\u5168\u7f51\u68c0\u6d4b"}]},{"@type":"Article","@id":"http:\/\/weizn.net\/?p=166#article","isPartOf":{"@id":"http:\/\/weizn.net\/?p=166#webpage"},"author":{"@id":"http:\/\/weizn.net\/#\/schema\/person\/e88bc12c590502d8b6249326f960b264"},"headline":"Cisco SYNful Knock\u5168\u7f51\u68c0\u6d4b","datePublished":"2015-12-29T07:04:01+00:00","dateModified":"2021-01-27T15:24:02+00:00","mainEntityOfPage":{"@id":"http:\/\/weizn.net\/?p=166#webpage"},"wordCount":191,"commentCount":0,"publisher":{"@id":"http:\/\/weizn.net\/#\/schema\/person\/e88bc12c590502d8b6249326f960b264"},"image":{"@id":"http:\/\/weizn.net\/?p=166#primaryimage"},"thumbnailUrl":"http:\/\/weizn.net\/wp-content\/uploads\/2018\/09\/sale_10872_primary_image_wide.jpg","articleSection":["\u5e94\u7528\u5b89\u5168"],"inLanguage":"zh-Hans","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["http:\/\/weizn.net\/?p=166#respond"]}]},{"@type":["Person","Organization"],"@id":"http:\/\/weizn.net\/#\/schema\/person\/e88bc12c590502d8b6249326f960b264","name":"zinan","logo":{"@id":"http:\/\/weizn.net\/#personlogo"}}]}},"_links":{"self":[{"href":"http:\/\/weizn.net\/index.php?rest_route=\/wp\/v2\/posts\/166","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/weizn.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/weizn.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/weizn.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/weizn.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=166"}],"version-history":[{"count":2,"href":"http:\/\/weizn.net\/index.php?rest_route=\/wp\/v2\/posts\/166\/revisions"}],"predecessor-version":[{"id":750,"href":"http:\/\/weizn.net\/index.php?rest_route=\/wp\/v2\/posts\/166\/revisions\/750"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/weizn.net\/index.php?rest_route=\/wp\/v2\/media\/359"}],"wp:attachment":[{"href":"http:\/\/weizn.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=166"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/weizn.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=166"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/weizn.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=166"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}