ACE : TCL script for SSH sessions

Unanswered Question

Hi,

Anyone who has experiences with ACE using TCL script language for configuring probes that has to start a SSH sessions to the real servers. Within this SSH sessions commands, started from the real servers has to pass return codes to the script.


I can't find any suitable example, nor TCL commands in the ACE TCL guide.


Thanks.

Kind regards, Wim

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Gilles Dufour Tue, 03/17/2009 - 05:33
User Badges:
  • Cisco Employee,

Wim,


you will probably need to use binary send command.

Sniff a request, extract the bytes in hexadecimal and configure the script to resend those exact same bytes.


For the response, this is basically the same.

You will get binary data and you can analyse them to extract the code you need.


Look at the ldap scriot as an example.

Here is an extract of the code :



# send a standard anonymous bind request

ace_debug "sending ldap bind request"

puts -nonewline $sock [ binary format "H*" 300c020101600702010304008000 ]

flush $sock


# read string back from server

ace_debug "receiving ldap bind result"

set line [read $sock 14]

binary scan $line H* res

binary scan $line @7H6 code

ace_debug "recived $res with code $code"



Gilles.

Gilles.

s.srivas Wed, 04/29/2009 - 05:57
User Badges:

Giles,


in this related topic,


I'm trying to modify the (is it hex) send data from

"H*" 300c020101600702010304008000


to a new one as below


excluding angle bracket.


Is their a way to convert this string?


SS


s.srivas Wed, 04/29/2009 - 07:05
User Badges:

I've converted the send string .


I'm trying to convert an expected string


and apply that some where in the following, i guess.


# read string back from server

ace_debug "receiving ldap bind result"

set line [read $sock 14]

binary scan $line H* res

binary scan $line @7H6 code

ace_debug "recived $res with code $code"


Some explanation of what and how is this paragraph programmed is appriciated.


SS

ciscocsoc Thu, 04/30/2009 - 01:25
User Badges:
  • Silver, 250 points or more

Hi,


The code excerpt basically reads in 14 bytes of the bit stream from the socket, converts it into a hexadecimal string and finds the 6 hexadecimal characters from the eigthth byte (offset 7 - starting at 0). The string that is being scanned should look something like:


300c01010161070a010004000400


which when decoded is a BindResponse (0x61) to the BindRequest (matching Message ID) and is a return code of 0. Success.


If you are intent on writing your own probe or modifying an existing probe for LDAP then you will need some fluency in Tcl and an understanding of ASN.1 encoding.


As Gilles said earlier, the easiest way of finding the appropriate strings is to do a packet capture of a system making the request and decode it (Wireshark).


HTH


Cathy


Actions

This Discussion