A blog about generally interesting infosec stuff by Darren Fuller/Paul Marsh, SecQuest Information Security https://www.secquest.co.uk

Saturday, 16 November 2013

ECI ECLVL05 VDSL2 MODEM - Statistics

Whilst not strictly info-sec related, this is a quick guide on how to get line stats from a VDSL2 modem commonly used with BT's 'infinity' fibre to the cabinet solution.

The tutorial at http://hackingecibfocusv2fubirevb.wordpress.com/2012/09/23/bare-instructions-to-unlock-eci-vdsl2-modem/ should first be followed in order to unlock the modem and gain admin access via TTY or Telnet, this is essential for running the routines that allow statistics to be obtained from the modem. Once this step has been done, it is possible to log into the modem with a browser using credentials admin/admin and examine the status / statistics data; 


To get this statistics data from the modem, you have to write something like;
 "g997csg 0 1" to /tmp/pipe/dsl_cpe0_cmd and then get the output pipe for the result; cat /tmp/pipe/dsl_cpe0_ack

Once all data has been collected, the usual array of cut/awk/grep can be employed to pull the data and format it properly. 

A common implementation of the data collection scripts uses a Cron entry to call the script every 5 minutes, the outputs of which are graphed using MRTG or RRD. This enables plots to be made showing FTTC signal to noise ratio, attainable and actual upstream and downstream rates. A TFTP server is required for the data transfer to and from the FTTC modem.

In the following examples, the FTTC modem has been allocated an IP address of 192.168.168.168 and the TFTP server / MRTG plotter is at 192.168.168.160

In the root of /tftpboot directory the following two files are required. getstat.sh is called by a cron entry every 5 minutes. This file connects to the FTTC modem with telnet, retrieves the stats file 'vdsl'sh' from the TFTP server, makes it executable and executes it and finally TFTP's the resulting statistics file back to the TFTP server for processing; 

getstat.sh -rwx------
#!/usr/bin/expect
set DATE [exec date +%m%d%H%M%Y]
spawn telnet 192.168.168.168
expect "login as:" 
send "admin\n" <- FTTC modem's user name
expect "password:" 
send "admin\n" <- FTTC modem's password
expect "Alpha #"
send "date $DATE\n"
expect "Alpha #"
send "cd /var/tmp\n"
expect "Alpha #"
send "tftp -g -l /tmp/vdsl.sh -r vdsl.sh 192.168.168.160\n" 
expect "Alpha #"
send "chmod +x /var/tmp/vdsl.sh\n"
expect "Alpha #"
send "sh /var/tmp/vdsl.sh\n"
expect "Alpha #"
send "rm /var/tmp/vdsl.sh\n"
expect "Alpha #"
send "tftp -p -l /var/tmp/stats -r stats 192.168.168.160\n"
expect "Alpha #"
send "rm /var/tmp/stats\n"
expect "Alpha #"
send "exit\n"

vdsl.sh -rw-rw-rwx
cd /var/tmp
date >/var/tmp/stats
sleep 1
out=""
temp=""
while [ "$out" = "" ]
do
  echo "g997csg 0 1" > /tmp/pipe/dsl_cpe0_cmd
  temp=`cat /tmp/pipe/dsl_cpe0_ack`
if [ "$temp" = "nReturn=-21" ]
then
        out="0"
else
        out=`echo $temp|grep ActualDataRate`
fi
done
echo $out >>/var/tmp/stats
out=""
temp=""
while [ "$out" = "" ]
do
  echo "g997csg 0 0" > /tmp/pipe/dsl_cpe0_cmd
  temp=`cat /tmp/pipe/dsl_cpe0_ack`
if [ "$temp" = "nReturn=-21" ]
then
        out="0"
else
        out=`echo $temp|grep ActualDataRate`
fi
done
echo $out >>/var/tmp/stats
out=""
temp=""
while [ "$out" = "" ]
do
  echo "g997lsg 0 1" > /tmp/pipe/dsl_cpe0_cmd
  temp=`cat /tmp/pipe/dsl_cpe0_ack`
if [ "$temp" = "nReturn=-21" ]
then
        out="0"
else
        out=`echo $temp|grep DeltDataType`
fi
done
echo $out >>/var/tmp/stats
out=""
temp=""
while [ "$out" = "" ]
do
  echo "g997lsg 1 1" > /tmp/pipe/dsl_cpe0_cmd
  temp=`cat /tmp/pipe/dsl_cpe0_ack`
if [ "$temp" = "nReturn=-21" ]
then
        out="0"
else
        out=`echo $temp|grep DeltDataType`
fi
done
echo $out >>/var/tmp/stats

A typical 'stats' file generated by the above script from the FTTC modem will look something like the following;

stats
Sat Nov 16 01:00:00 GMT 2013
nReturn=0 nChannel=0 nDirection=1 ActualDataRate=44984000 PreviousDataRate=44912000 ActualInterleaveDelay=0 ActualImpulseNoiseProtection=0 
nReturn=0 nChannel=0 nDirection=0 ActualDataRate=7824000 PreviousDataRate=7824000 ActualInterleaveDelay=0 ActualImpulseNoiseProtection=0 
nReturn=0 nDirection=0 nDeltDataType=1 LATN=0 SATN=0 SNR=60 ATTNDR=7830595 ACTPS=-901 ACTATP=122 
nReturn=0 nDirection=1 nDeltDataType=1 LATN=239 SATN=254 SNR=65 ATTNDR=45009440 ACTPS=-901 ACTATP=36

In the above example, Direction 1 is the downstream link to the FTTC modem, and Direction 0 us the upstream link from the modem. The SNR values are 10X the actual values, so 60 is 6.0dB (measured with OpenReach diagnostics terminal)

For processing by MRTG, the following scripts can be used;

vdsldown.sh
down=`cat /tftpboot/stats|grep "nReturn=0 nChannel=0 nDirection=1"|awk {'print $4'}|cut -f2 -d"="`
downA=`cat /tftpboot/stats |grep "nReturn=0 nDirection=1 nDeltDataType=1"|awk {'print $7'}|cut -f2 -d"="`
if [ "$down" = "&nbsp" ];then
   down="0"
fi
if [ "$downA" = "&nbsp" ];then
   downA="0"
fi
uptime=`uptime |awk '{print $3" "$4}'|cut -f1 -d","`
echo $downA
echo $down
echo $uptime
echo "VDSL Downstream Speeds"

vdslup.sh 
up=`cat /tftpboot/stats|grep "nReturn=0 nChannel=0 nDirection=0"|awk {'print $4'}|cut -f2 -d"="`
upA=`cat /tftpboot/stats |grep "nReturn=0 nDirection=0 nDeltDataType=1"|awk {'print $7'}|cut -f2 -d"="`
if [ "$up" = "&nbsp" ];then
   up="0"
fi
if [ "$upA" = "&nbsp" ];then
   upA="0"
fi
uptime=`uptime |awk '{print $3" "$4}'|cut -f1 -d","`
echo $upA
echo $up
echo $uptime
echo "VDSL Upstream Speeds"

vdslsnr.sh
downnm=`cat /tftpboot/stats |grep "nReturn=0 nDirection=1 nDeltDataType=1"|awk {'print $6'}|cut -f2 -d"="`
upnm=`cat /tftpboot/stats |grep "nReturn=0 nDirection=0 nDeltDataType=1"|awk {'print $6'}|cut -f2 -d"="`
if [ "$downnm" = "&nbsp" ];then
   downnm="0"
fi
if [ "$upnm" = "&nbsp" ];then
   upnm="0"
fi
up=`uptime |awk '{print $3" "$4}'|cut -f1 -d","`
echo $downnm
echo $upnm
echo $up
echo "VDSL SNR"

MRTG definitions for each of the above should be as follows;


Target[vdslsnr]: `vdslsnr.sh`
SetEnv[vdslsnr]: MRTG_INT_DESCR="VDSL_SNR"
MaxBytes[vdslsnr]: 12500000
Options[vdslsnr]: unknaszero,noinfo,nobanner,expscale,gauge
PageTop[vdslsnr]: <h1>VDSL SNR</h1>
Title[vdslsnr]: VDSL SNR
LegendI[vdslsnr]: DownStream
LegendO[vdslsnr]: UpStream
ShortLegend[vdslsnr]: dB

Target[vdsldown]: `vdsldown.sh`
SetEnv[vdsldown]: MRTG_INT_DESCR="VDSL_DownStream_Speed"
MaxBytes[vdsldown]: 50000000
Options[vdsldown]: unknaszero,noinfo,nobanner,expscale,gauge
PageTop[vdsldown]: <h1>VDSL DownStream Speeds</h1>
Title[vdsldown]: VDSL DownStream Line Speeds
LegendI[vdsldown]: Attainable
LegendO[vdsldown]: Actual
ShortLegend[vdsldown]: bps

Target[vdslup]: `vdslup.sh`
SetEnv[vdslup]: MRTG_INT_DESCR="VDSL_UpStream_Speed"
MaxBytes[vdslup]: 50000000
Options[vdslup]: unknaszero,noinfo,nobanner,expscale,gauge
PageTop[vdslup]: <h1>VDSL UpStream Speeds</h1>
Title[vdslup]: VDSL UpStream Line Speeds
LegendI[vdslup]: Attainable
LegendO[vdslup]: Actual
ShortLegend[vdslup]: bps

The results from MRTG will be similar to those shown below, once the script has been running for a day or two;


1 comment: