maybe free memory is not enough, some projects like ue4 need more than 10g free resident memory to be compiled.
731
成员
1 2 3 4 5 6 7 8 9 10 | 石井四郎/千叶县/医学博士/1959年10月死 川岛清 北野政次/冻伤实验专家/“中村”研究所所长/1986年死 石川太刀丸/医学博士 早川清/早川预防卫生研究所所长 河山善/庆应大学的教授 吉村寿人/京都医学院教授 笠原四郎/木户里传染病研究院组长 森冈宽介 镰田信雄 |
备注
1 2 3 | 岸信介 佐藤荣作 anbei |
事件
1 2 3 | 第496部队/相模的大野 镰仓协议 关东军731部队战友会第一次全国大会/1981年9月5日 |
报道
1 2 3 4 | 森村诚一:《恶魔的饱食》 近藤昭二:《日本国家意志对细菌战的隐匿》 嵇石:《那场细菌战,很多人没忘记》 金虎:《试论美国对日本细菌战战犯及其罪行进行包庇与隐匿的事实》 |
send packet through nmap nping
nping in nmap suite can simulate sending packet on Windows platform.
this is an example of sending s7comm "Write Var" packet:
nping --dest-mac 00:50:56:32:5f:82 --source-mac 00:0c:29:29:15:30 --tcp -p 102 --dest-ip 10.2.0.10 -c 1 --data-length 37 --data 0300002502f080320100009378000e00060501120a1001000100018400001a000300010100
ps. on win7 platform, we should select "Install older Npcap 1.31 driver", maybe npcap 1.50 doesn't work in acquiring net card interface thereby.
refer to:
https://nmap.org/download.html
生成pcap文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 | #include <stdlib.h> #include <stdio.h> #include <sys/unistd.h> #include <pcap/pcap.h> typedef struct pcap_log_t pcap_log_t; struct pcap_log_t { pcap_t* pd; pcap_dumper_t* pdumper; }; pcap_log_t* pcap_log_init() { char path[256]; pcap_log_t* pcap = (pcap_log_t*)malloc(sizeof(*pcap)); memset(pcap, 0, sizeof(*pcap)); pcap->pd = pcap_open_dead(/* DLT_RAW */ 1, 65535 /* snaplen */); sprintf(path, "/tmp/pcap_%d.pcap", gettid()); pcap->pdumper = pcap_dump_open(pcap->pd, path); return pcap; } void pcap_log_write(pcap_log_t* pcap, char* packet, int len) { struct pcap_pkthdr hdr; hdr.ts.tv_sec = 0; hdr.ts.tv_usec = 0; hdr.caplen = len; hdr.len = len; pcap_dump((u_char*)pcap->pdumper, &hdr, (const u_char*)packet); pcap_dump_flush(pcap->pdumper); } void pcap_log_fini(pcap_log_t* pcap) { pcap_dump_close(pcap->pdumper); pcap_close(pcap->pd); free(pcap); } int main() { pcap_log_t* pcap = pcap_log_init(); /* while (...) { // packet is raw data from mac layer pcap_log_write(pcap, packet, len); } */ pcap_log_fini(pcap); return 0; } |
refer to:
https://blog.csdn.net/u014260236/article/details/51035484/
vmware mac big sur has no boot.efi in recovery selection
Make a bootable disk.
- create a vmdk with enough capacity, like 40G, add it to the guest vm.
- start up the vm, format the vmdk to HFS+(MAC OS扩展 日志式), name as MyVolume.
- download macos from app store, when installing dialog appears, leave it.
- open a terminal, type command below:
1 | sudo /Applications/Install\ macOS\ Big\ Sur.app/Contents/Resources/createinstallmedia --volume /Volumes/MyVolume |
Reboot the guest vm from this bootable disk.
1 | BIOS -> EFI VMware Virtual SATA Hard Drive (2.0) |
In recovery mode, we can switch off virtual memory.
1 2 3 4 5 | csrutil disable #after reboot cd /System/Volumes/VM/ sudo mkdir swapfile0 swapfile1 swapfile2 swapfile3 swapfile4 swapfile5 sysctl vm.swapusage |
refer to:
chrisleat
https://communities.vmware.com/t5/VMware-Fusion-Discussions/Can-t-boot-into-recovery-partition-on-macOS-11-Big-Sur/m-p/2298420#M139994
https://support.apple.com/en-us/HT201372
https://www.dazhuanlan.com/cossacks/topics/1189622
tmux config
Choose tmux because screen cmd has no function like C-b + z.
First, ensure tmux server is down by cmd
1 | tmux ls |
~/.tmux.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | #for copying to sys clipboard bind -T copy-mode-vi Enter send-keys -X copy-pipe-and-cancel "xclip -i -f -selection primary | xclip -i -selection clipboard" bind -T copy-mode-vi MouseDragEnd1Pane send-keys -X copy-pipe-and-cancel "xclip -i -f -selection primary | xclip -i -selection clipboard" bind -T copy-mode-vi C-j send-keys -X copy-pipe-and-cancel "xclip -i -f -selection primary | xclip -i -selection clipboard" bind h select-pane -L bind j select-pane -D bind k select-pane -U bind l select-pane -R #general other stuff set -g default-terminal "xterm-256color" set-window-option -g mode-keys vi #set -g mouse on set -g status off |
install xclip
1 | apt install xclip |
Common commands,
1 2 3 4 5 6 | c open new window
w window list
" split window up and down
% split window left and right
[ copy mode, 'q' to exit
d hang up tmux, 'tmux attach' to return |
refer to:
https://unix.stackexchange.com/questions/131011/use-system-clipboard-in-vi-copy-mode-in-tmux
https://jdhao.github.io/2018/09/30/tmux_settings_for_vim_users/
How to capture full content of a web page
When a web page content is very long, using "Capture node screenshot" menu function of F12 tools in Chrome or FireFox will lost the bottom part of its image. Who knows why? maybe it's a memory reservation technology!
Well, follow these steps to save the entire content as an image:
- Open Firefox.
- Click "Addon" menu item, search "screen".
- Install "Full Web Page Screenshots" tool made by susbox whose app name is "FireShot" and icon is a big S.
- Use FireShot to capture the whole web page content.
suricata备忘录
Terms,
1 2 3 4 5 6 7 8 | spm: single pattern match mpm: multi pattern matcher bm: boyer moore hs: hyperscan ppt: packet processing thread cidr: classless inter-domain routing, such as a.b.c.d/x tsap: transport service access point scada: supervisory control and data acquisition |
Protocols,
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 | opc: ole for process control/Microsoft opcua/tcp/started bytes/ opcda/dcerpc/started bytes/ modbus: /port 502/Schneider rtu: remote terminal unit ascii tcp s7comm: /port 102/*(base + 7) == 0x32/Siemens tpkt: cotp: connection-oriented transport protocol ed: 0x1, expedited data ea: 0x2, expedited data acknowledgement ud: 0x4, user data rj: 0x5, reject dr: 0x8, disconnect request dc: 0xC, disconnect confirm cc: 0xD, connect confirm cr: 0xE, connect request dt: 0xF, data rosctr: remote operating service control bacnet/ip: building automation and control networks/udp/port 47808/ISO standards bvlc: bacnet virtual link control npdu: bacnet network layer apdu: bacnet application layer bbmd: bacnet/ip broadcast management device ethernet-ip: /ODVA cip: common industrial protocol/tcp/port 44818 cip i/o: /udp/port 2222 iec: International Electrotechnical Commission iec60870-5: 101: basic telecontrol tasks 104: network access for iec60870-5-101 iec104: /tcp/port 2404/*base == 0x68/ apdu: application protocol data unit apci: application protocol control information cf1: first control field i-format: information transfer format/cf1 == 0/variable length s-format: numbered supervisory functions/cf1 == 01/fixed length u-format: unnumbered control functions/cf1 == 11/fixed length asdu: application service data unit sq: structure qualifier cot: cause of transmission oa: originator address ioa: information object address siq: single point of information diq: double point information sco: single command dco: double command rco: regulating step command vti: value with transient state indication sva: scaled value coa: common address of asdu 102/电量 103/保护 iec61850: smv: iec61850-9-2 goose: 通用变电站事件 sntp: 时间同步 acsi: abstract service communication interface mms: manufacturing message specification/port 102/ tpkt cotp vmd: virtual manufacturing device gsse: 通用变站状态事件 dnp3: distributed network protocol/port 20000/resembles iec60870-5 FT3 rtu: remote terminal unit ied: intelligent electronic device iccp: inter-control center communications protocol data link layer prm: primary fcb: frame count bit fcv: frame count valid bit dfc: data flow control bit application layer apci: application protocol control information fir: first fragment fin: final fragment con: expect a confirmation fins: /tcp/port 9600/ |
用suricata分析pcap文件,
1 2 | #--runmode single suricata -c /path/to/suricata.yaml -r /path/to/sample.pcap --runmode autofp |
Plc protocol in https://github.com/wireshark/wireshark/tree/master
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 | Siemens S7 /epan/dissectors/packet-s7comm.c 西门子PLC支持的通讯协议 MMS(IEC61850) /asn1/mms 输配电通讯协议 GOOSE(IEC61850) /asn1/goose 输配电通讯协议 SV(IEC61850) /asn1/sv 输配电通讯协议 Modbus /epan/dissectors/packet-mbtcp.c 工控标准协议 OPC DA /epan/dissectors/packet-dcom.c 工控标准协议 FF HSE /epan/dissectors/packet-ff.c 基金会现场总线以太网通信协定 IEC 104 /epan/dissectors/packet-iec104.c 输配电通讯协议 Ethernet POWERLINK /epan/dissectors/packet-epl.c 开放式实时以太网通信 OPC UA /plugins/opcua/opcua.c OPC新一代标准 HART-IP /epan/dissectors/packet-hartip.c 高速可寻址远程传感器协议 CoAP /epan/dissectors/packet-coap.c 轻量应用层协议 Omron FINS /epan/dissectors/packet-omron-fins.c 欧姆龙PLC支持的通讯协定 openSAFETY /epan/dissectors/packet-opensafety.c 开源安全应用协议 EGD(Ethernet Global Data) /epan/dissectors/packet-egd.c GE Fanuc为PLC开发的通讯协定 DNP3 /epan/dissectors/packet-dnp.c 分布式网络协议,主要用于电力行业 Sinec H1 /epan/dissectors/packet-h1.c 西门子PLC支持的通讯协议 Profinet /plugins/profinet/ 开放式的工业以太网通讯协定 EtherCAT /plugins/ethercat/ 德国Beckhoff公司推动的开放式实时以太网通讯协定 SERCOS III /epan/dissectors/packet-sercosiii.c 实时以太网通讯协定 RTPS /epan/dissectors/packet-rtps.c 实时流传输协议 TTEthernet /epan/dissectors/packet-tte.c 实时以太网通讯协定 CDT /dissectors/packet-cdt.c 远动规约 EtherNet/IP /epan/dissectors/packet-etherip.c 工业通讯协定(Industrial Protocol),是一种CIP的实现方式,由罗克韦尔自动化公司所设计 CIP /epan/dissectors/packet-cip.c 通用工业协定 CIP Safety /epan/dissectors/packet-cipsafety.c 安全通用工业协定 DeviceNet /epan/dissectors/ packet-devicenet.c 一种CIP的实现方式,由Allen-Bradley公司所设计 BACnet /epan/dissectors/packet-bacnet.c 楼宇自动控制网络数据通讯协议 KNXnet/IP /epan/dissectors/packet-knxnetip.c 住宅和楼宇控制标准 Lontalk /epan/dissectors/packet-lon.c 埃施朗公司的LonWorks技术所使用的通讯协议 CANopen /epan/dissectors/packet-canopen.c 控制局域网通讯协定 SAE J1939 /epan/dissectors/packet-j1939.c 一种CAN的变种,适用在农业车辆及商用车辆 USITT DMX512-A /epan/dissectors/packet-dmx.c 灯光控制数据传输协议 BSSAP/BSAP /epan/dissectors/packet-bssap.c 由Bristol Babcock Inc发展的通讯协定 Gryphon /plugins/gryphon 车用通讯协定 ZigBee /epan/dissectors/packet-zbee.h 开放式的无线通讯协定 |
refer to:
https://reference.opcfoundation.org/v104/Core/docs/Part6/7.1.2/
https://plcscan.org/
https://www.fit.vut.cz/research/publication-file/11570/TR-IEC104.pdf
https://suricata.readthedocs.io/en/suricata-5.0.6/configuration/suricata-yaml.html