AOH :: P42-06.TXT

A User's Guide to XRAY


                      ==Phrack Magazine==

          Volume Four, Issue Forty-Two, File 6 of 14
          
 
                   A User's Guide to XRAY

                         By  N.O.D.


This file was made possible by a grant from a local
McDonnell Douglas Field Service Office quite some 'tyme'
ago.  This was originally written about version 4, although
we are pretty sure that BT has now souped things up to version 6.
Everything still seems the same with the exception of a few
commands, one of which we will point out in particular.

Any comments/corrections/additions/updates or subpoenas
can be relayed to us through this magazine.

XRAY is a monitoring utility that gives the user a real-time
window into a Tymnet-II node.  Used in tandem with other
utilities, XRAY can be a very powerful tool in monitoring network
activity.

In this file we will discuss key features of XRAY and give command
formats for several commands.  Some commands are omitted from this
file since they can only be used from dedicated terminals.  Several
others are likewise omitted since they deal with the utilization of
XRAY in network configuration and debugging the actual node code, and
would probably be more damaging than useful, and commands to reset
circuits and ports are similarly missing.


ACCESS

The most obvious way to access XRAY is to find the username/password
pair that either corresponds to the host number of an XRAY port, or
is otherwise in the goodguy list of a particular node.

XRAY can also be accessed through the DDT utility by typing

    ?STAT

Either will respond with the following

**X-RAY**  NODE:  XXX   HOST:  ZZZ  TIME:  DD:HH:MM:SS

If all ports are currently in use the user will only be allowed access
if his/her is of greater precedence in the goodguy list than that of
someone previously online.  In such a case, that user will be forcibly
logged out and will receive the following message:

    "xray slot overridden"

Otherwise the user will see:

    "out of xray slots"

XRAY users are limited in their power by the associated "licence" level
given them in the XRAY goodguy list.  The levels are:

    0 - normal
    1 - privileged
    2 - super-privileged


There are several user names associated with the
XRAY utility.  These exist on almost any network utilizing
the Tymnet-II style networking platform.

  PRIORITY    USERNAME

     2        XMNGR
     2        ISISTECX
     2        XNSSC
     1        TNSCMX
     1        TNSUKMX
     1        XSOFT
     1        XEXP
     1        XCOMM
     1        XSERV1
     0        XRTECH
     0        XTECH
     0        XOPPS
     0        XSERV
     0        XRAY



COMMANDS  with parameters in <brackets>

HE  Help

    Use this command to display the commands available for that
    particular node.

GP  Get power <security string>

    This command allows the user to move up to the maximum security
    level allowed by his username, as specified in the good guy
    list.

XG  Display and/or modify XRAY goodguy list <entry number> <P/M>

    This command without parameters will display the XRAY goodguy
    list.  When added with an entry number and 'P' (purge) or
    'M' (modify), the user can edit the contents of the table.
    The XGI command will allow the user to enter a new entry
    into the list.  Any use of XG or XGI to alter the list is
    a super-privileged command and is audited.

    >XG

    XRAY GOODGUY LIST

    NO.   PRIV  OVER  NAME
    ----  ----  ----  ----
    0001  0002  00FF  TIIDEV
    0002  0001  0030  RANDOMUSER
    0003  0000  0000  XRAY

    >XGI

    ENTER UP TO 12 CHARACTERS OF USERNAME

    NOD

    ENTER NEW PRIVILEGE AND OVERRIDE - 2,FF

    >XG

    XRAY GOODGUY LIST

    NO.   PRIV  OVER  NAME
    ----  ----  ----  ----
    0001  0002  00FF  TIIDEV
    0002  0001  0030  RANDOMUSER
    0003  0000  0000  XRAY
    0004  0002  00FF  NOD

BG  Display and/or modify Bad Guy List <node number> <R/I>

    This command when entered without any parameters displays the
    "bad guy" list.  When used with a node number and 'R' it will remove
    that node from the list, and 'I' will included.  The 'R' and 'I'
    features are privileged commands and usage is noted in audit trails.

    >BG

    2000 701 1012

    >BG 2022 I

    2022 2000 701 1012

HS  Display host information



ND  Display node descriptor

    This command displays information about the node and its network
    links.

NS  Display node statistics

    This command displays various statistics about the node including
    time differentiations in packet loops, which can then be used to
    determine the current job load on that particular node.

KD  Display link descriptor <linked node>

    This command displays the values of the link to the node specified.
    This is displayed with columns relating to type of node (TP), speed
    of the link (SP), number of channels on the link (NCHN), etc..

KS  Display link statistics <up to 8 node numbers>

    This command provides a report on various factors on the integrity
    of the link to the given node(s), such as bandwidth usage, packet
    overhead, characters/second transmitted, delays in milliseconds, etc.

BZ  "Zap" link to node <node number>

    This command will cause the link to the specified node to be
    reset.  This command is privileged and is audited.  If the node
    "zapped" is not currently linked a "??" error message will be
    displayed.

TL  Set/Reset trace on link  <node number>
TN  Set/Reset trace on line  <node number>
TM  Display trace events     <B(ackground) / F(oreground)>

    These commands are used to display activity between two active
    nodes.


AC  Display active channels <starting channel> <range of channels>

    This command will display all active channel numbers for the given
    range starting at the given channel number.  Range is in hex.

QC  Query channel status <channel number>

    This command displays information about the given channel,
    including throughput speed, source and output buffer size and
    address location.


TC  Enable/disable data trace on channel <channel number> <0/1>

    This command with no arguments displays the channels
    that are being diagnosed by the trace.  The command with
    a channel number and a '1' will enable data trace for that
    channel, and a '0' will disable trace on that channel.  Enabling
    or disabling trace is a privileged command.

TD  Display channel trace data in hex  <count> <I/O>
TE  Display channel trace data in hex including escapes <count> <I/O>
TA  Display channel trace data as ASCII  <count> <I/O>

    With these commands trace data is displayed for a specified
    time count.  A prefixed 'I' or 'O' will show input or output
    data.  The default is both.

    >ta 5

    I/O   CHN   TIME
    OUT  0040   ECC5  \86\86\0F\00\8A\80h\80\8CS\83valinfo;
    IN   0040   EC87  \00\09\86\86\0D\08\00\00h
    OUT  0040   0F67  \86\86\0E\00\880\8D
    IN   0040   1029  \00,\86\86\09\86\00\00\90\1B\19\80 \06\86\00\00h
                      \15\1B\08J\04\0B\04\0F\04=\0DR\80JS\80\80
                      \8CVALINFO\8D
    OUT  0040   102F  \86\86\14\89p\90\1B\19\86\86\14\89j\18\15\13

**Note:  Although this will allow one to follow the network connections
         on specific channels, password data is filtered out.  As you
         can see from the above example, usernames are not.  Many
         usernames do not have passwords, as you all know.  **

On more recent versions of XRAY a similar command "DR" performs a
similar function to the trace commands, but shows both hex and
ascii of the data in memory registers of the node.

    >DR

    I NOS 0001 A0  *
    I SND 0001 A1  *  !
    I DTA 4920 616D 2061 6E20 6964 696F 7420 6265  *I am an idiot be*
          0002 9D63 6175 7365 2049 206C 6566 7420  *   cause I left *
          6D79 7365 6C66 206C 6F67 6765 6420 696E  *myself logged in*
          2061 6E64 2077 656E 7420 686F 6D65 2E0D  * and went home. *
          6F70 7573 2520 0D0A 0D0A 0D0A 0D0A 0D0A  *opus%           *

BS  Display bufferlet use statistics

    This command shows the current and past usage of the memory
    allocated to data buffering.  This shows total usage, total peak
    usage, and available buffer size.

RB  Read buffer <buffer index>

    This command displays the entire contents of the given buffer.
    This is a privileged command and its use is not primarily for user
    circuits.  Primarily.

    >RB 69

    50 61 72 74 79 20 6F 6E 20 64 75 64 65 21 21 21

WB  Write buffer <buffer index>

    This command writes up to seven bytes into the specified buffer.
    The buffer must greater than 4.  This is also a privileged command.

CD  Set/reset CRYPTO auto display mode <Y/N>
CL  Display CRYPTO log <number of minutes>
CM  Display CRYPTO messages by type
SM  Enable/Disable CRYPTO messages by type

    CRYPTO messages are informational messages about the activity of
    the node.  Up to 256 such entries are stored in a circular buffer
    to record this activity.  You can turn on automatic reporting
    of these messages with the CD command prefixed with a 'Y' for
    on and 'N' for off.  Certain message types that become bothersome
    can be disabled with the SM command and the message type.

DB  Begin delay measurement
DD  Display delay measurement statistics
DE  Terminate delay measurement
DL  Begin data loopback circuit

    These commands are used to build circuits for testing the speed and
    integrity of data flow between two nodes.  The DL command is
    super privileged and only one such circuit can be built on
    a node at a given time.  The data traffic generated by the DL is for
    diagnostic use only and can be monitored by viewing node and link
    statistics.

PM  Measure performance on a channel <channel number>

    This command measures the performance of a given channel by
    inserting a timing sequence into the packet stream.  Once it has
    reached the given channel it is returned and a value corresponding
    to the total time elapsed in milliseconds is displayed.  If the
    channel is not active, or no response is returned in 8 seconds the
    message "BAD CHANNEL OR TIMEOUT" is displayed.

LE  Set local echo mode
RE  Set remote echo mode

    One would use the set local echo command if the XRAY terminal
    is not echoing commands typed by the user.  By default, XRAY does
    not echo output.


SUMMARY

    XRAY is pretty confusing.  Be careful with what you are doing
    since you are essentially prodding around in the memory of the
    node.  Think of it in terms of using a utility to poke and prod
    the memory of your own computer.  Think of how disastrous a
    command written to the wrong portion of memory can be.  Don't
    do anything stupid, or you might bring down a whole network,
    or at minimum lose your access.
-----------------------------------

AOH Site layout & design copyright © 2006 AOH