==Phrack Magazine== Volume Four, Issue Forty-Two, File 6 of 14 A User's Guide to XRAY By N.O.D. This file was made possible by a grant from a local McDonnell Douglas Field Service Office quite some 'tyme' ago. This was originally written about version 4, although we are pretty sure that BT has now souped things up to version 6. Everything still seems the same with the exception of a few commands, one of which we will point out in particular. Any comments/corrections/additions/updates or subpoenas can be relayed to us through this magazine. XRAY is a monitoring utility that gives the user a real-time window into a Tymnet-II node. Used in tandem with other utilities, XRAY can be a very powerful tool in monitoring network activity. In this file we will discuss key features of XRAY and give command formats for several commands. Some commands are omitted from this file since they can only be used from dedicated terminals. Several others are likewise omitted since they deal with the utilization of XRAY in network configuration and debugging the actual node code, and would probably be more damaging than useful, and commands to reset circuits and ports are similarly missing. ACCESS The most obvious way to access XRAY is to find the username/password pair that either corresponds to the host number of an XRAY port, or is otherwise in the goodguy list of a particular node. XRAY can also be accessed through the DDT utility by typing ?STAT Either will respond with the following **X-RAY** NODE: XXX HOST: ZZZ TIME: DD:HH:MM:SS If all ports are currently in use the user will only be allowed access if his/her is of greater precedence in the goodguy list than that of someone previously online. In such a case, that user will be forcibly logged out and will receive the following message: "xray slot overridden" Otherwise the user will see: "out of xray slots" XRAY users are limited in their power by the associated "licence" level given them in the XRAY goodguy list. The levels are: 0 - normal 1 - privileged 2 - super-privileged There are several user names associated with the XRAY utility. These exist on almost any network utilizing the Tymnet-II style networking platform. PRIORITY USERNAME 2 XMNGR 2 ISISTECX 2 XNSSC 1 TNSCMX 1 TNSUKMX 1 XSOFT 1 XEXP 1 XCOMM 1 XSERV1 0 XRTECH 0 XTECH 0 XOPPS 0 XSERV 0 XRAY COMMANDS with parameters in HE Help Use this command to display the commands available for that particular node. GP Get power This command allows the user to move up to the maximum security level allowed by his username, as specified in the good guy list. XG Display and/or modify XRAY goodguy list

This command without parameters will display the XRAY goodguy list. When added with an entry number and 'P' (purge) or 'M' (modify), the user can edit the contents of the table. The XGI command will allow the user to enter a new entry into the list. Any use of XG or XGI to alter the list is a super-privileged command and is audited. >XG XRAY GOODGUY LIST NO. PRIV OVER NAME ---- ---- ---- ---- 0001 0002 00FF TIIDEV 0002 0001 0030 RANDOMUSER 0003 0000 0000 XRAY >XGI ENTER UP TO 12 CHARACTERS OF USERNAME NOD ENTER NEW PRIVILEGE AND OVERRIDE - 2,FF >XG XRAY GOODGUY LIST NO. PRIV OVER NAME ---- ---- ---- ---- 0001 0002 00FF TIIDEV 0002 0001 0030 RANDOMUSER 0003 0000 0000 XRAY 0004 0002 00FF NOD BG Display and/or modify Bad Guy List This command when entered without any parameters displays the "bad guy" list. When used with a node number and 'R' it will remove that node from the list, and 'I' will included. The 'R' and 'I' features are privileged commands and usage is noted in audit trails. >BG 2000 701 1012 >BG 2022 I 2022 2000 701 1012 HS Display host information ND Display node descriptor This command displays information about the node and its network links. NS Display node statistics This command displays various statistics about the node including time differentiations in packet loops, which can then be used to determine the current job load on that particular node. KD Display link descriptor This command displays the values of the link to the node specified. This is displayed with columns relating to type of node (TP), speed of the link (SP), number of channels on the link (NCHN), etc.. KS Display link statistics This command provides a report on various factors on the integrity of the link to the given node(s), such as bandwidth usage, packet overhead, characters/second transmitted, delays in milliseconds, etc. BZ "Zap" link to node This command will cause the link to the specified node to be reset. This command is privileged and is audited. If the node "zapped" is not currently linked a "??" error message will be displayed. TL Set/Reset trace on link TN Set/Reset trace on line TM Display trace events These commands are used to display activity between two active nodes. AC Display active channels This command will display all active channel numbers for the given range starting at the given channel number. Range is in hex. QC Query channel status This command displays information about the given channel, including throughput speed, source and output buffer size and address location. TC Enable/disable data trace on channel <0/1> This command with no arguments displays the channels that are being diagnosed by the trace. The command with a channel number and a '1' will enable data trace for that channel, and a '0' will disable trace on that channel. Enabling or disabling trace is a privileged command. TD Display channel trace data in hex TE Display channel trace data in hex including escapes TA Display channel trace data as ASCII With these commands trace data is displayed for a specified time count. A prefixed 'I' or 'O' will show input or output data. The default is both. >ta 5 I/O CHN TIME OUT 0040 ECC5 \86\86\0F\00\8A\80h\80\8CS\83valinfo; IN 0040 EC87 \00\09\86\86\0D\08\00\00h OUT 0040 0F67 \86\86\0E\00\880\8D IN 0040 1029 \00,\86\86\09\86\00\00\90\1B\19\80 \06\86\00\00h \15\1B\08J\04\0B\04\0F\04=\0DR\80JS\80\80 \8CVALINFO\8D OUT 0040 102F \86\86\14\89p\90\1B\19\86\86\14\89j\18\15\13 **Note: Although this will allow one to follow the network connections on specific channels, password data is filtered out. As you can see from the above example, usernames are not. Many usernames do not have passwords, as you all know. ** On more recent versions of XRAY a similar command "DR" performs a similar function to the trace commands, but shows both hex and ascii of the data in memory registers of the node. >DR I NOS 0001 A0 * I SND 0001 A1 * ! I DTA 4920 616D 2061 6E20 6964 696F 7420 6265 *I am an idiot be* 0002 9D63 6175 7365 2049 206C 6566 7420 * cause I left * 6D79 7365 6C66 206C 6F67 6765 6420 696E *myself logged in* 2061 6E64 2077 656E 7420 686F 6D65 2E0D * and went home. * 6F70 7573 2520 0D0A 0D0A 0D0A 0D0A 0D0A *opus% * BS Display bufferlet use statistics This command shows the current and past usage of the memory allocated to data buffering. This shows total usage, total peak usage, and available buffer size. RB Read buffer This command displays the entire contents of the given buffer. This is a privileged command and its use is not primarily for user circuits. Primarily. >RB 69 50 61 72 74 79 20 6F 6E 20 64 75 64 65 21 21 21 WB Write buffer This command writes up to seven bytes into the specified buffer. The buffer must greater than 4. This is also a privileged command. CD Set/reset CRYPTO auto display mode CL Display CRYPTO log CM Display CRYPTO messages by type SM Enable/Disable CRYPTO messages by type CRYPTO messages are informational messages about the activity of the node. Up to 256 such entries are stored in a circular buffer to record this activity. You can turn on automatic reporting of these messages with the CD command prefixed with a 'Y' for on and 'N' for off. Certain message types that become bothersome can be disabled with the SM command and the message type. DB Begin delay measurement DD Display delay measurement statistics DE Terminate delay measurement DL Begin data loopback circuit These commands are used to build circuits for testing the speed and integrity of data flow between two nodes. The DL command is super privileged and only one such circuit can be built on a node at a given time. The data traffic generated by the DL is for diagnostic use only and can be monitored by viewing node and link statistics. PM Measure performance on a channel This command measures the performance of a given channel by inserting a timing sequence into the packet stream. Once it has reached the given channel it is returned and a value corresponding to the total time elapsed in milliseconds is displayed. If the channel is not active, or no response is returned in 8 seconds the message "BAD CHANNEL OR TIMEOUT" is displayed. LE Set local echo mode RE Set remote echo mode One would use the set local echo command if the XRAY terminal is not echoing commands typed by the user. By default, XRAY does not echo output. SUMMARY XRAY is pretty confusing. Be careful with what you are doing since you are essentially prodding around in the memory of the node. Think of it in terms of using a utility to poke and prod the memory of your own computer. Think of how disastrous a command written to the wrong portion of memory can be. Don't do anything stupid, or you might bring down a whole network, or at minimum lose your access.