Showing posts with label Software. Show all posts
Showing posts with label Software. Show all posts

Tuesday, February 3, 2015

Free Software Across the Great Firewall (免费翻墙软件)

All information are collected from Internet. 


从2015年1月1日开始的,Chinese GFW升级,很多免费翻墙软件相继失效. Here are some may still working:

1. 自*由*门


How to Use Link: 翻墙七种武器之多情环:自由门与无界

2. 无*界*浏*览*14.04 

无界,几乎算作自由门的姐妹款,是由美国无界万国公司创建在GIFT技术平台上的免费软件,也是由海外法轮功学院所开发,和动态网同属于美国自由网络联盟,曾经被哈弗大学在2007年的研究调查中被评为“效果最好的翻墙工具”. Usage is same as 自由门.

3. 赛风(Psiphon)

“Psiphon”,官方中文译名为赛风,民间早期译作白凤或彩虹,是一款可以突破网络审查的自由软件,其遵循GPL协议,于2006年12月1日发布。它是由开放网络基金资助、多伦多大学的公民实验室(Citizen Lab)开发。Psiphon 分为数个版本,Psiphon 2 是网页版代理,Psiphon 3 是利用VPN和HTTP代理技术的软件,支持‬Android及Microsoft Windows系统。Psiphon3提供SSH+,VPN,SSH三个通道可供翻墙。速度比较快,就是不太稳定,偶尔断线,不过断线后软件会自动寻找新的可用服务器。

How to use link: 翻墙七种武器之新多情环:Psiphon赛风

4. 蓝灯(Lantern)


* 本文原文链接:蓝灯 Lantern – v1.5.8(2014-11-5) – 美博园 *
Latest Lantern Release v.1.5.8 (2014-11-5)

How to use Link: 翻墙 | 蓝灯 Lantern – v1.5.8

5. GoAgent

这个不用我多说了吧,基于Google App Engine(GAE)的翻墙利器。稳定、速度快、难以被封锁。可就是配置起来相对复杂一点,不属于傻瓜式的翻墙软件。

How to use Link: 翻墙七种武器之长生剑:GoAgent

6. Ultrasurf

Ultrasurf is a product of Ultrareach Internet Corporation. Originally created to help internet users in China find security and freedom online, Ultrasurf has now become one of the world's most popular anti-censorship, pro-privacy software, with millions of people using it to bypass internet censorship and protect their online privacy.

7. Autoproxy - the smart firefox proxy management add-on

8. 萤火虫翻墙代理(Firefly-proxy)


9. Tor

TorProject已经推出了以 Firefox ESR 的专属浏览器: Tor Browser Bundle(简称TBB),将Tor和 Firefox 浏览器进行捆绑,使用者只需要通过网站下载 最新的4.0 版本到本地,解压缩安装以后就可以直接上网浏览,省去了其中复杂繁琐的过程。

How to Use Link: Tor“重返”中国:翻墙与进入“深网”

10. SoftEther and VPN Gate 的镜像站点列表 (更新于 2014-04-15 01:09:08 UTC):
How to Use Link: 


Saturday, January 3, 2015

Bypass China GFW

A website punches a hole at GFW. Add the website you want to surf after For examples:

2. xskywalker - 天行浏览器 -

3. Freegate - or

链接: 密码:tll6
链接: 密码:gvf3 


  • Website to real-time check if any website is blocked in China: Blocked in China


Thursday, August 7, 2014

Tripwire Enterprise 8.3 Basic Configuration Steps

Tripwire Enterprise is a security configuration management suite whose Policy Management, Integrity Management, and Remediation Management capabilities stand-alone or work together in a comprehensive, tightly integrated SCM solution.
Five Key Features:
  • Change-triggered Configuration Assessment
  • World's Best File Integrity Monitoring
  • Achieve Continuous Compliance
  • Integrate SCM into IT Security Operations
  • Visualize and Report SCM Results to Communicate & Mitigate Risks

Our version is 8.3. Here are some basic steps to configure a new network device node in the Tripwire Enterprise 8.3:

1. Add a new node:

Assigned to Custom type Cisco which gives more flexibility.
Enter correct username and password.

Important part is to give right maker and model information to get it auto assigned into smart group.

This screenshot shows the new node assigned to right Cisco Nexus 5000 group.

2. Do a check or baseline to new node with proper rule. 

In this example, I used Cisco IOS configuration Rule which is to run Show Running-Config command

3. Rules. 

Create a new rule for your device. Using Network Device -> Common -> Command Output Validation Rule template:

In the rule, put proper command just as following screenshot shows:

Next Screenshot shows how to check Checkpoint rules.C

Another thing in the rule is Target Node Type.

4. Report

Create a report based on a report template.

5. Task.

Schedule a task to send the report to your email.

Tuesday, May 6, 2014

Free SNMP Software Suit in Windows Environment - Net-SNMP (Snmpv3 Support)

I was looking for this kind of software for a while. Mostly desktop and servers I am using are windows based. There is no Snmpwalk this kind of command under windows OS. Good things, there are always some genius to see the gap and develop some gorgeous tools to meet the needs from the people like me.

Net-SNMP is one of this kind of software. Based on their website -
Net-SNMP is a suite of applications used to implement SNMP v1SNMP v2c and SNMP v3 using both IPv4 and IPv6. The suite includes:
  • Command-line applications to:
    • retrieve information from an SNMP-capable device, either using single requests (snmpgetsnmpgetnext), or multiple requests (snmpwalksnmptablesnmpdelta).
    • manipulate configuration information on an SNMP-capable device (snmpset).
    • retrieve a fixed collection of information from an SNMP-capable device (snmpdfsnmpnetstatsnmpstatus).
    • convert between numerical and textual forms of MIB OIDs, and display MIB content and structure (snmptranslate).
  • A graphical MIB browser (tkmib), using Tk/perl.
  • A daemon application for receiving SNMP notifications (snmptrapd). Selected notifications can be logged (to syslog, the NT Event Log, or a plain text file), forwarded to another SNMP management system, or passed to an external application.
  • An extensible agent for responding to SNMP queries for management information (snmpd). This includes built-in support for a wide range of MIB information modules, and can be extended using dynamically loaded modules, external scripts and commands, and both the SNMP multiplexing (SMUX) and Agent Extensibility (AgentX) protocols.
  • A library for developing new SNMP applications, with both C and perl APIs.
There is a tutorial page at .

Here I would like to list some usage from my person experience.

1. Installation

a. Download it from
current version is Installation package for windows is net-snmp- (4.2 MB)
b. Follow the installation guideline to complete the installation in the windows environment.
c. Verify the installation.

C:\usr\bin>snmpd -V
No log handling enabled - using stderr logging
Warning: no access control information configured.
  (Config search path: c:/usr/etc/snmp;c:/usr/share/snmp;c:/usr/lib)
  It's unlikely this agent can serve any useful purpose in this state.
  Run "snmpconf -g basic_setup" to help you configure the snmpd.conf file for th
is agent.
NET-SNMP version

2. SNMPv2

Seems like very straightforward.

C:\usr\bin>snmpwalk -v 2c -c SnmpPass system
SNMPv2-MIB::sysDescr.0 = STRING: Juniper Networks, Inc. srx240h internet router,
 kernel JUNOS 11.4R10.3 #0: 2013-11-15 06:56:20 UTC     builder@singlath:/volume
/build/junos/11.4/release/11.4R10.3/obj-octeon/bsd/kernels/JSRXNLE/kernel Build
date: 2013-11-15 07:18:28 UTC Copyright (c) 199
SNMPv2-MIB::sysObjectID.0 = OID: SNMPv2-SMI::enterprises.2636.
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (43996634) 5 days, 2:12:46.34
SNMPv2-MIB::sysContact.0 = STRING:
SNMPv2-MIB::sysName.0 = STRING:
SNMPv2-MIB::sysLocation.0 = STRING:
SNMPv2-MIB::sysServices.0 = INTEGER: 4

3. SNMPv3

Not that easy when test SNMPv3 command.

Trying to test SNMPv3 but got 'Encryption support not enabled' error messages always:

C:\>snmpget -v3 -u NetService -l authPriv -x DES -a MD5 -A Password -X Password SNMPv2-MIB::sysName.0

No log handling enabled - using stderr logging
Encryption support not enabled.
snmpget: USM encryption error

C:\>snmpd -H
No log handling enabled - using stderr logging
netsnmp_assert GetLastError() != 10093L failed ..\..\snmplib\winpipe.c:48
Warning: no access control information configured.
  (Config search path: c:/usr/etc/snmp;c:/usr/share/snmp;c:/usr/lib)
  It's unlikely this agent can serve any useful purpose in this state.
  Run "snmpconf -g basic_setup" to help you configure the snmpd.conf file for th
is agent.
Configuration directives understood:
  In snmpd.conf and snmpd.local.conf:
    authtrapenable           1 | 2              (1 = enable, 2 = disable)
    trapsink                 host [community] [port]
    trap2sink                host [community] [port]
    defSecurityName          string
    defContext               string
    defPassphrase            string
    defAuthPassphrase        string
    defPrivPassphrase        string
    defAuthMasterKey         string
    defPrivMasterKey         string
    defAuthLocalizedKey      string
    defPrivLocalizedKey      string
    defVersion               1|2c|3
    defAuthType              MD5|SHA
    defPrivType              DES (AES support not available)
    defSecurityLevel         noAuthNoPriv|authNoPriv|authPriv

It clearly shows DES is supported but not AES. Since we are using DES, where is the real problem. Actually, the cause for our error message is the option during installation, encryption support not being chosen.

Following packages have to be installed first to support this Encryption.
1. Microsoft Visual C++ 2008 Redistributable Package Please make sure use vcredist_x86.exe but not vcredist_x64.exe.
2. Win32 OpenSSL v1.0.1g Light (Win32OpenSSL_Light-0_9_8y.exe) , reboot system.
3. net-snmp- (net-snmp-5.5.1-1.x86.exe)

There are lots of tricks here. First, you will have to install OpenSSL 0.9.8 this version based on the download page ,

"IMPORTANT NOTE FOR WINDOWS USERS: the Net-SNMP Windows binaries have been built with OpenSSL version 0.9.8r. Since the OpenSSL 0.9 and 1.0 DLLs are incompatible, any attempt to install Net-SNMP on a system where OpenSSL 1.0 has been installed will fail."

Second thing I spent tons of time to figure out is 5.5.1 version working fine but not this latest version.

C:\Users\John>snmpwalk -v3 -u NetServices -l authPriv -x DES -a MD5 -A SnmpPass -X SnmpPass SNMPv2-MIB::sysName.0
SNMPv2-MIB::sysName.0 = STRING: Switch2001

I feel lucky today!!!!!!

Thursday, April 3, 2014

Best Free Network Performance Test tool - Iperf

According to wikipedia Iperf "is a commonly used network testing tool that can create TCP and UDP data streams and measure the throughput of a network that is carrying them. Iperf is a modern tool for network performance measurement written in C++." So far it is best free software to test network throughput I found. 

1. Download iperf 2 from

2. Running on one of your remote machine from command line as iperf server (ip address

C:\Tools>iperf -s

Server listening on TCP port 5001
TCP window size: 8.00 KByte (default)
[188] local port 5001 connected with port 48410
[ ID] Interval       Transfer     Bandwidth
[188]  0.0-10.0 sec   121 MBytes   101 Mbits/sec

3. Run iperf as client from another machine (ip address of your network to evaluate the network throughput based on TCP connection.

C:\tools>iperf -c

Client connecting to, TCP port 5001
TCP window size: 8.00 KByte (default)
[1912] local port 48410 connected with port 5001
[ ID] Interval       Transfer     Bandwidth
[1912]  0.0-10.0 sec   121 MBytes   101 Mbits/sec

4. Send 100MBytes data for testing

iperf -c -n 100m

5. Bi-direction test

Simultaneous bi-directional bandwidth measurement: (-d argument)
To measure the bi-directional bandwidths simultaneousely, use the -d argument. If you want to test the bandwidths sequentially, use the -r argument (see previous test).
By default (ie: without the -r or -d arguments), only the bandwidth from the client to the server is measured.

C:\tools> iperf -c  -d
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
Client connecting to, TCP port 5001
TCP window size: 16.0 KByte (default)
[ 5] local port 60270 connected with port 5001
[ 4] local port 5001 connected with port 2643
[ 4] 0.0-10.0 sec 76.3 MBytes 63.9 Mbits/sec
[ 5] 0.0-10.1 sec 1.55 MBytes 1.29 Mbits/sec

6. Parallel TCP connections

Parallel connections can be useful if you need to saturate the bandwidth of a link.  The bandwidth of a single TCP session can be greatly affected by the size of the receive window and the latency of the link.
iperf -s -i 1 (-i 1 means update terminal every second)
iperf -c -t 30 -P 10
Add caption