Python syntax with example

Python version 3.6.2:

Python is an interpreted language. Statement grouping is done by indentation instead of beginning and ending brackets.

Note Output is in blue.

Comments in python: Use hash to enter comment in python.

#

Indexing of string:

name="abcdef"
name[0]

Slicing of string:

name="abcdef"
name[0:2] # 0 is included and 2 is excluded
ab

Get length of a string:

name="abc"len(abc)

Lists: List contain items of same data type

table=[2,4,6,8,10]

Operators:

+,- ,* ,/
// will give you integer result of division
% will give you the remainder
** power

< less than
> greater than
<= less than or equal to
<= greater than or equal to

Print function:

name="abc"print ("hi ",name)
hi abc

if condition:

a=3
if a==1:
    print("Hi a is true")
elif a==2:
    print ("Hi a is ",a)
else :
    print("Hi a is other")

Hi a is other

For loop:

names =['alice','bob','alex']
for n in names:
    print(n)

alice
bob
alex

Define a function:

def addfunction(a,b):
    print (a+b)
x,y=5,6
addfunction(x,y)

11
Advertisements
Posted in Python | Leave a comment

C++

Null character in c++ string

char c =’\0′;

Posted in C++ | Leave a comment

Windows

Get the environment variables:

open cmd and type set and hit enter.

Posted in windows | Leave a comment

Log allowed traffic in ASA

ASA access control list by default only logs every denied packet. The default access list logging behavior, which is the logĀ  keyword not specified, is that if a packet is denied, then message 106023 is generated, and if a packet is permitted, then no syslog message is generated.

To logs the allowed traffic you need to add log keyword at the end of the ACL.

Posted in ASA | Tagged , , | Leave a comment

SSL inspection bypass in Zscaler

Go to poliy>ssl inspection and then add the URL under bypass list:

ssl inspection bypass zsclaer

Posted in Zscaler | Tagged , | Leave a comment

Packet capture on SRX for pass through traffic

Specify the file name and size of the file:

set forwarding-options packet-capture file filename pcap_on_srx
set forwarding-options packet-capture maximum-capture-size 150

Specify the source and destination which you want to capture:

set firewall filter PCAP term 1 from source-address 192.168.1.1/32
set firewall filter PCAP term 1 from destination-address 192.168.2.1/32
set firewall filter PCAP term 1 then sample
set firewall filter PCAP term 1 then accept
set firewall filter PCAP term 2 from source-address 192.168.2.1/32
set firewall filter PCAP term 2 from destination-address 192.168.1.1/32
set firewall filter PCAP term 2 then sample
set firewall filter PCAP term 2 then accept
set firewall filter PCAP term 3 then accept
Note last command is important as this will allow all other traffic 
if you don't use the last command then all other traffic will be dropped
by SRX. Note that command should be at bottom.

Apply the filters on the interface:

set interfaces ge-0/0/1 unit 0 family inet filter input PCAP
set interfaces ge-0/0/1 unit 0 family inet filter output PCAP
Posted in Juniper SRX | Tagged , , | Leave a comment

Route based VPN on SRX

vpn-route-based-srx

Create Tunnel interface:
set security zones security-zone external interfaces st0.1
set routing-options static route 172.16.1.1/32 next-hop st0.1

set security ike proposal phase1-proposal-route-based authentication-method pre-shared-keys
set security ike proposal phase1-proposal-route-based dh-group group2
set security ike proposal phase1-proposal-route-based encryption-algorithm 3des-cbc
set security ike proposal phase1-proposal-route-based lifetime-seconds 3600

set security ike policy phase1-policy-route-based mode main
set security ike policy phase1-policy-route-based proposals phase1-proposal-route-based
set security ike policy phase1-policy-route-based pre-shared-key ascii-text "$9$RbBSyK-ds4JDres4"

set security ike gateway gateway-route-based ike-policy phase1-policy-route-based
set security ike gateway gateway-route-based address 2.2.2.2
set security ike gateway gateway-route-based external-interface ge-0/0/1.0

set security ipsec proposal phase2-proposal-route-based protocol esp
set security ipsec proposal phase2-proposal-route-based authentication-algorithm hmac-sha1-96
set security ipsec proposal phase2-proposal-route-based encryption-algorithm 3des-cbc
set security ipsec proposal phase2-proposal-route-based lifetime-seconds 3600

set security ipsec policy phase2-policy-route-based perfect-forward-secrecy keys group2
set security ipsec policy phase2-policy-route-based proposals phase2-proposal-route-based

set security ipsec vpn vpn-route-based bind-interface st0.1
set security ipsec vpn vpn-route-based ike gateway gateway-route-based
set security ipsec vpn vpn-route-based ike ipsec-policy phase2-policy-route-based
set security ipsec vpn vpn-route-based establish-tunnels immediately

Proxy ID: Need in case of other side doesn't support route based vpn.
set security ipsec vpn vpn-route-based traffic-selector Proxy-ID-1 local-ip 192.168.1.1/32
set security ipsec vpn vpn-route-based traffic-selector Proxy-ID-1 remote-ip 172.16.1.1/32

Note you will need security policy to allow traffic from internal to external and external to internal zone to allow the traffic to and from vpn.

Posted in Juniper SRX | Tagged , | Leave a comment