2003-09-21 [長年日記]

1 金曜日

あたりから調子悪悪。ぬー。土曜日は18時に寝て日曜の7時に起床。よう寝ました(^^;

2 [Software] Forensic Acquisition Utilities の netcat

いはらさんとこ書かれていましたが、そんなステキなnetcatがあったとは。サイズもさほど大きくなってないし。

@stakeのほう。

>nc -h
[v1.10 NT]
connect to somewhere:   nc [-options] hostname port[s] [ports] ...
listen for inbound:     nc -l -p port [options] [hostname] [port]
options:
        -d              detach from console, stealth mode
        -e prog         inbound program to exec [dangerous!!]
        -g gateway      source-routing hop point[s], up to 8
        -G num          source-routing pointer: 4, 8, 12, ...
        -h              this cruft
        -i secs         delay interval for lines sent, ports scanned
        -l              listen mode, for inbound connects
        -L              listen harder, re-listen on socket close
        -n              numeric-only IP addresses, no DNS
        -o file         hex dump of traffic
        -p port         local port number
        -r              randomize local and remote ports
        -s addr         local source address
        -t              answer TELNET negotiation
        -u              UDP mode
        -v              verbose [use twice to be more verbose]
        -w secs         timeout for connects and final net reads
        -z              zero-I/O mode [used for scanning]
port numbers can be individual or ranges: m-n [inclusive]

Forensic Acquisition Utilitiesのほう。

>nc -h
Forensic Acquisition Utilities, 1, 0, 0, 1032
Netcat network data redirector., 1, 11, 1, 1032
Copyright (C) 2002,2003 George M. Garner Jr.
 
Command Line: nc -h
Based upon Weld Pond's adaptation of Hobbit's netcat 1.00 951010.
 
Microsoft Windows: Version 5.0 (Build 2195.Professional Service Pack 4)
 
20/09/2003  23:16:10 (UTC)
Current User: ***
connect to somewhere:   nc [-options] hostname port[s] [ports] ...
listen for inbound:     nc -l -p port [options] [hostname] [port]
options:
--comp     -c [algorithm] compress input or output using the
                        specified algorithm.  (Currently only "md5")
--decomp   -x [algorithm] decompress input or output using the
                        specified algorithm.  (Currently only "md5")
--detach   -d           detach from console, background mode
--hop      -g [gateway] source-routing hop point[s], up to 8
--route    -G [num]     source-routing pointer: 4, 8, 12, ...
--help     -h           this cruft
--interval -i [millisecs]       delay interval for lines sent, ports scanned
--if       -I [file]    input file (ignored if -l or -L also is specified
--csum     -k [alg]     compute checksum using the specified algorithm
--lock     -K           try to lock the input file while it is copied
                        (currently only md5 supported)
 --listen  -l           listen mode, for inbound connects
--LISTEN   -L           listen harder, re-listen on socket close
--numeric  -n           numeric-only IP addresses, no DNS
--of       -O [file]    output file (-l or -L must also be specified)
--port     -p [port]    local port number
--random   -r           randomize local and remote ports
--source   -s [addr]    local source address
--sparse   -S           use sparse output file (ignored unless -O also
                        specified)
--telnet   -t           answer TELNET negotiation
--udp      -u           UDP mode
--verbose  -v           verbose [use twice to be more verbose]
--timeout  -w [millisecs] timeout for connects and final net reads
--zero     -z           zero-I/O mode [used for scanning]
port numbers can be individual or ranges: m-n [inclusive]

Forensic Acquisition Utilities の Examples

nc v n l p 3333 csum md5 --verify sparse O myimage.img. 
nc v n csum md5 I \\.\C: 192.168.0.1 3333 
 
nc v n l p 3333 comp zlib O myimage.img.gz. 
nc v n I \\.\C: 192.168.0.1 3333 
 
nc v n l p 3333 csum md5 --verify O myimage.img.gz. 
nc v n lock csum md5 comp zlib I \\.\D: 192.168.0.1 3333 
 
nc v n l p 3333 csum md5 --verify sparse O myimage.img. 
nc v n lock csum md5 I \\?\Volume{87c34910-d826-11d4-987c-00a0b6741049 } 192.168.0.1 3333 

3 [Software] socat

『"netcat++" (extended design, new implementation)』 hiro-tさんとこから。

本日のツッコミ(全3件) [ツッコミを入れる]
# れですも (2003-09-21 15:51)

ぅぅ。メール差し上げようかと思ったのですが、見つからない(;´Д`)「いちょう」の方のメアドにお送りしてもいいのでしょうか。

# けん (2003-09-21 19:11)

楽天の方から送ってみますた。

# れですも (2003-09-21 21:22)

どうもお手数かけまして。めるる撃ち返しましたです(汁

[]