cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1692
Views
4
Helpful
4
Replies

ACE : TCL script for SSH sessions

wim.juste
Level 1
Level 1

Hi,

Anyone who has experiences with ACE using TCL script language for configuring probes that has to start a SSH sessions to the real servers. Within this SSH sessions commands, started from the real servers has to pass return codes to the script.

I can't find any suitable example, nor TCL commands in the ACE TCL guide.

Thanks.

Kind regards, Wim

4 Replies 4

Gilles Dufour
Cisco Employee
Cisco Employee

Wim,

you will probably need to use binary send command.

Sniff a request, extract the bytes in hexadecimal and configure the script to resend those exact same bytes.

For the response, this is basically the same.

You will get binary data and you can analyse them to extract the code you need.

Look at the ldap scriot as an example.

Here is an extract of the code :

# send a standard anonymous bind request

ace_debug "sending ldap bind request"

puts -nonewline $sock [ binary format "H*" 300c020101600702010304008000 ]

flush $sock

# read string back from server

ace_debug "receiving ldap bind result"

set line [read $sock 14]

binary scan $line H* res

binary scan $line @7H6 code

ace_debug "recived $res with code $code"

Gilles.

Gilles.

Giles,

in this related topic,

I'm trying to modify the (is it hex) send data from

"H*" 300c020101600702010304008000

to a new one as below

excluding angle bracket.

Is their a way to convert this string?

SS

I've converted the send string .

I'm trying to convert an expected string

< cn="monitor">

and apply that some where in the following, i guess.

# read string back from server

ace_debug "receiving ldap bind result"

set line [read $sock 14]

binary scan $line H* res

binary scan $line @7H6 code

ace_debug "recived $res with code $code"

Some explanation of what and how is this paragraph programmed is appriciated.

SS

Hi,

The code excerpt basically reads in 14 bytes of the bit stream from the socket, converts it into a hexadecimal string and finds the 6 hexadecimal characters from the eigthth byte (offset 7 - starting at 0). The string that is being scanned should look something like:

300c01010161070a010004000400

which when decoded is a BindResponse (0x61) to the BindRequest (matching Message ID) and is a return code of 0. Success.

If you are intent on writing your own probe or modifying an existing probe for LDAP then you will need some fluency in Tcl and an understanding of ASN.1 encoding.

As Gilles said earlier, the easiest way of finding the appropriate strings is to do a packet capture of a system making the request and decode it (Wireshark).

HTH

Cathy

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: