💾 Archived View for aphrack.org › issues › phrack42 › 5.gmi captured on 2021-12-03 at 14:04:38. Gemini links have been rewritten to link to archived content

View Raw

More Information

-=-=-=-=-=-=-

                             ==Phrack Magazine==

                 Volume Four, Issue Forty-Two, File 5 of 14

= - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = -

                    Synopsis of Tymnet's Diagnostic Tools
                             and their associated
                   License Levels and Hard-Coded Usernames

                                    by
                              Professor Falken

                             February 14, 1993

= - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = -


   While the scope of this article is general, the information contained
within is NOT for the novice Tymnet explorer.  Novice or NOT, go ahead
and read; however, caution should be taken when invoking any of these
commands upon BT's network.  Execution of certain commands can have
debilitating consequences upon segments of the network.

   In this article I intend to educate the reader about the various
Tymnet diagnostic utilities that are available.  This article is by no
means an in depth microscopic view of the utilities; but rather a brief to
the point survey course of what is available to qualified people.  With
each utility I will describe its use/s, list its major commands, and
in DDT & XRAY's case, dispense its hard-coded usernames which allow you to
become a 'qualified person.'

   It seems the software engineers at Tymnet (for the lack of something
better to do) like to rename ordinary words to complicated ones.  For
instance, within this article I will talk about LICENSE LEVELS.  License
levels are nothing more than security levels.  When I speak of License
Level 4, just translate that to Security Level 4.  I would have just called
everything security levels, but I wanted to stay within that lethargic
Tymnet mood for realism purposes.  Another word the engineers pirated from
'GI JOE' was GOOD-GUYS.  In our world, a Good-Guy is a valid username that
can be used for logging into the various diagnostic utilities.

   Like most conventional computers, Tymnet also needs an operating system
for its code to run under.  Tymnet's node-level, *multitasking*, operating
system is called ISIS; it stands for 'Internally Switched Interface System.'
Its designed for: handling multiple communication links, allocating system
memory, system job/process scheduling, and all the other BASIC things ALL
operating systems do.  Tymnet explains it a bit more complicated and less
to the point, but to give equal time to the opposing viewpoint, this is
what they say:

   "Internally Switched Interface System. The operating system for a TYMNET
    node; provides functions that control the overall operation of an
    Engine.  These functions include, but are not limited to, memory
    allocation, message switching, job scheduling, interrupt processing,
    and I/O distribution. ISIS allows multiple data communications
    functions to run on a single processor.  Two of its many services are
    debugging and I/O port management. Formerly known as ISIS-II or ISIS2.
    ISIS2, ISIS-II  Obsolete terms. See Internally Switched Interface
    System (ISIS)."

   At various points within this file I will refer to an ENGINE.
Basically, an ENGINE is a minicomputer which handles all the processing
requirements that ISIS and its applications demand.  However, to be fair to
all the Tymnet technoids, this is what BT says:

   "BT North America packet-handling hardware. The Engine communications
    processor is a member of a family of special-purpose minicomputers.
    It runs communications software such as Node Code (for switching),
    slot code (for protocol conversion and value-added functions), and
    the ISIS operating system. The Engine family consists of the
    Pico-Engine, Micro-Engine, Mini-Engine, Mini-Engine-XL,
    Dual-Mini-Engine-XL, Engine, and ATC."

   You think they would have invented much NEATER names for their computer
platforms than 'Mini-Engine' or 'Micro-Engine'.  I would guess that BT's
hardware engineers have less time than the software engineers to invent
K-RAD names for their projects.  Anyhow, as you can see, the ENGINE is the
muscle behind Tymnet's network brawn.

   Another term which is very basic to ANY understanding of Tymnet is the
'SUPERVISOR.'  As you can see the engineers searched high & low for this
clever term.  The Supervisor is many things including, the authentication
kernel you interact with, the circuit billing system that subscribers
unfortunately do not interact with, and generally the network's 'BIG BROTHER.'
Supervisor watches the status of the network at all times, keeping detailed
logs and interceding when trouble erupts.  The supervisor term can also
refer to the engine upon which the Supervisor is being run on.

   With all that in mind, I will now introduce five of Tymnet's diagnostic
tools.  I intend on presenting them in this order: DDT, MUX, PROBE, LOAD-II,
TOM, and XRAY.  Please note that only DDT and XRAY have 'good-guy' lists
provided.

DDT - Dynamic Debugging Tool
----------------------------

   DDT is a utility which runs under the ISIS operating system.  DDT is
capable of loading or displaying a slot's content.  A slot is an area of
memory in a node in which Tymnet applications run.  DDT can also be used
for modification of a specific slot's slot code.  Slot code is any
program which has been assigned memory within the engine by ISIS.  DDT also
performs other lower level diagnostic functions, which I will not go into.

   Logging into DDT requires you to provide the 'please log in:' prompt
a valid username and password.  Upon checking the good-guy list and
authenticating the user, the kernel process searches for the associated
slot assignment.  If no slot is assigned to the good-guy, the kernel will
prompt you for a slot number.  Once you enter a VALID slot number and it is
available, the authentication kernel executes the DDT utility.  When I say
'VALID' slot number, I mean a slot number which logically exists AND is
attainable by your current good-guy's license level.

   Actual logins to DDT take the form:

   please log in: goodguyID:host# <cr>
        password:

Where goodguyID is a valid goodguy, host# is the Tymnet subscriber who
needs a little 'work' done, and obviously the password is what it is.  While
I would like to give you all the passwords I could, I don't think it is
going to happen.  So all I can do is suggest trying different variations
of the goodguy IDs, and other dumb passwords unsecure people use.

   Connection to primary DDT is displayed as the ever-so-friendly '*' prompt.
It is from this prompt that all general DDT commands are directed.  The most
useful DDT commands are listed below in a general, extended, and RJE/3270T
specific registry.


GENERAL DDT COMMANDS
--------------------

E            Execute a slot.
H            Halt a slot. <---- DESTRUCTIVE See WARNING!
ZZ           Logs you out of DDT.
^#           Transfers control from the current slot to the slot
             specified by #. (IE- ^7  Switches control to slot 7)
?CPU         Displays CPU utilization (Engine Performance)
?HIST        Displays a history of diagnostic messages.
?HOST        Displays the hosts in use by that slot.
?LU          Displays the logical unit to physical device assignment.
?MEM         Displays the time of memory errors if any.
?STAT        Allows the execution of EXTENDED DDT.  To obtain the extended
             command prompt type '/'.Command prompt ':>'
?VERN        Displays the ISIS version followed by the SLOT's version.


WARNING!: It is possible to HALT a slot accidently.  This will freeze
          everything going in/out of the current slot.  This can be BAD
          for customer satisfaction reasons.  If you accidently hit 'H',
          even without a CR/LF it will hang the slot.  So when the ?HIST or
          ?HOST commands are used make SURE you type that important '?'
          beforehand.  This will halt everything going over that slot,
          effectively destroying the communication link.


EXTENDED COMMANDS FOR RJE & 3270T
---------------------------------

RJE & 3270T
===========
EXI          Logs you out. (DuH!)
QUIT         Return from extended DDT prompt ':>' to normal '*' DDT prompt.

RJE Only
========
HELP         Displays a list of commands available in extended RJE DDT mode.
             (A list not worth putting in here.)
SCOPE        Outputs a protocol trace.
TRACE        Outputs a state trace.

3270T Only
==========
HELP         Displays a list of commands available in extended 3270T DDT mode.
             (Again, a list not worth putting in here.)
STATUS       Displays status of all lines, control units, and devices.
STRTLN x     Start polling on line x. (Performance benchmark)
STRTCU x,y   Start polling control UNIT x on LINE y. (Performance benchmark)
STOPLN x     Stop polling on line 'x'
STOPCU x,y   Stop polling control UNIT x on LINE y.

NOTE:If you try to use an RJE command while logged into a 3270T you will
     be shown the incredible "ILLEGAL COMMAND" string.


GOOD-GUYS AND LICENSE LEVELS
----------------------------

   As with any username, there is an accompanying license level (security
level) with each account.  The different levels define which types of
slots that username may access and the available commands.  Some of the
good-guys have access to all slots including supervisor, while others
have access to only non-supervisor slots.

   The table below is a list of the actions that are available with the
various different license levels.

L.DISC    Permits disk formatting
L.H       Permits the halting, loading, and restarting of all slots for
          code-loading purposes.
L.P       Permits the halting, restarting, and online software modification
          to an active slot. (Except slots 0 and FF)
L.R       Permits logon to all slots (Except 0 and FF)
L.SOA     Permits logon to a node's slot 0. (Node configuration.)
L.SOP     Permits the halting, restarting, and online software modification
          to slot 0.
L.SOR     Permits the reading of slot 0 files.
L.SUA     Permits logon to Supervisor slots.
L.SYA     Permits logon to a node's FF slot. (ISIS configuration node.)
L.SYR     Permits the reading of slot FF files.
L.SYP     Permits the halting, restarting, and online modification to
          slot FF.

   The DDT license levels are numbered from 0 to 4, 4 being Gh0D.  Each level
has several of the above named actions available to them.  Listed below are
the various actions available at the 0 through 4 license levels.

LEVEL   ACTIONS
=====   =======
  4     L.DISC, L.P, L.SOA, L.SOP, L.SUA, L.SYA, and L.SYP .
        (Disk format, halt, restart, online software mods, and reading
         of files for all slots AND supervisors. Like I said, GOD.)

  3     L.P, L.SOA, L.SOP, L.SYA, and L.SYP .
        (Halt, restart, online software mods, and reading of files for
         all slots and supervisors.)

  2     L.H, L.R, L.SOA, L.SOR (For code loading purposes: halt, restart
        online software mods, and reading files for all slots and
        supervisor nodes.)

  1     L.R, L.SOA, L.SYA (Views ALL slots and supervisor nodes)

  0     L.R (Views all slots, EXCEPT supervisor slots and 0 & FF.)

   What follows is a good-guy userlist with the associated license level
of that username.  I also note whether the account is ACTIVE/PASSIVE upon
an operating node/slot combination and the seriousness of the network
impact that those associated licenses can possibly create.

      LICENSE LEVEL    GOOD GUY USERNAME     ACTIVE/PASSIVE  NETWORK IMPACT
      =============    =================     ==============  ==============
            4             ISISTECH               Active           MAJOR
            4             NGROM                  Active           MAJOR
            4             NSSC                   Active           MAJOR
            4             RPROBE                 Active           MAJOR
            4             RERLOG                 Active           MAJOR
            4             RACCOUNT               Active           MAJOR
            4             RSYSMSG                Active           MAJOR
            4             RUN2                   Active           MAJOR
            4             TNSCM                  Active           MAJOR

            3             IEXP                   Active         Moderate
            3             ISERV1                 Active         Moderate
            3             ISERV2                 Active         Moderate
            3             ISERV3                 Active         Moderate
            3             ITECH1                 Active         Moderate
            3             ITECH2                 Active         Moderate
            3             ITECH3                 Active         Moderate
            3             ITECH4                 Active         Moderate
            3             ITECH5                 Active         Moderate

            2             GATEWAY                Active           Minor

            1             DDT                    Passive
            1             DDTECH                 Passive
            1             IOPPS                  Passive
            1             ISERV                  Passive
            1             ITECH                  Passive

            0             VADICBUSY              Passive


MUX - The Circuit Multiplexer
-----------------------------

   MUX is a tool which also runs within an ISIS slot.  MUX allows the
building, interconnecting, and controlling of several sets of circuits from
a single terminal.  Instead of logging in and out of each diagnostic
tool as different commands are needed, MUX is used to create multiple
concurrent circuits.  Once these are set up, it is easy to switch back
and forth between different diagnostic applications, WITHOUT having to
logoff one before logging into another.  Tymnet also likes to boast that
you can chat with other users on MUX's 'Talk mode facility.'  I'll stick
to IRC until this catches on.

   Logging into MUX is quite simple.  It takes the form of:

   please log in: userid <cr>
        password:

NOTE: ATTN commands, see CHAR command.
ATTN ATTN       Allows you to send one attention character down the circuit.
ATTN C x        Labels the current port, where 'x' is the label you desire.
ATTN E          Allows you to switch to the next port you have defined.
                This command however is not valid from the command mode.
                The circuit label is presented and connection is made.
                Even though the prompt for that circuit is not presented,
                you ARE connected.
ATTN Z          Returns you to the command mode.

CHAR char       Configures your ATTN character to 'char'.  So in the below
                ATTN commands, you will have to enter your ATTN character
                then the proceeding character.  The default ATTN Character
                is CTRL-B.  Personally, I like to set mine to '!'.
CONNECT pl1,pl2 Connect the output of port label-1 to port label-2.
                Usually your current port label is marked with a * preceding
                it in a 'LIST', this is also known as a BOSS.

ENABLE pl       Enables a pl's (port labels) output.
EXIT            Leave MUX with all your circuits INTACT.

FLUSH pl        Flush pl's (port labels) output.
FREEZE N/F      Freeze (N=ON or F=OFF) current Boss.

GREETING msg    Sets up the greeting message.

HEAR N/F        Allow (N=ON or F=OFF) users to 'TALK' to each other.
HELP            Prints help messages. (ooof)

LIST            Lists all active ports for the current user. (ATTN Z L)
LABEL N/F       Labeling (N=ON or F=OFF) of all output sent to the Boss.

MAKE            Make a new circuit by logging onto a diagnostic tool.
                You will be prompted with the omnipresent 'Please log in:'
                prompt.  Just login as usual for particular tool.
MESSAGE         Print last message.

QUIT            Leave MUX and ZAP all circuits created.

SEND pl         Send to pl (port label).

TALK username   Talks to 'username' providing HEAR=N.
TIME            Outputs date and time in format: 31Dec93 05:24
TRANSFER pl     Transfers control of this BOSS to pl (port label).

ZAP pl          Zap any circuits you made, where 'pl' is the port label.
                This command defaults to the port labeled '*' (Boss).
                This command is ONLY valid in command mode.

PROBE
-----

   PROBE is probably one of the BEST known Tymnet diagnostic tools.
PROBE is actually a sub-program of the Supervisor.  PROBE is capable of
monitoring the network, and it has access to current pictures of
network topology, including host tables and node descriptors.  PROBE
shares common memory with the Supervisor and has circuit tracing
capability.  PROBE can be used to check the history of nodes & links,
boot a node, trace a circuit, and reset a link or shut one down.
PROBE can be access directly or through TMCS (Tymnet Monitoring
and Control System.)

   To access PROBE from within TMCS you would enter the command:

PROBE s    Where 's' is the active or 'sleeping' supervisor.

For more PROBE related TMCS commands or general TMCS commands, please
refer to an appropriate source.  If the demand is great enough, perhaps I
will release a TMCS reference sheet in the future.

   PROBE access is determined by the sum of the individual license
levels granted to the user.  PROBE licenses are as follows:

License    Description
-------    -----------
  00       Permits view only commands -- user is automatically logged off
           from PROBE after 20 minutes of no activity.
  04       Permits view only commands -- no automatic logoff.
  20       Permits all 00 commands plus ability to effect changes to
           network links.
  10       Permits ability to effect changes to node status.
  01       Permits ability to effect changes to network supervisors.
  02       Permits ability to effect changes to supervisor disks.

   I do not have any hardcoded usernames for PROBE with this exception.
The PROBE access username 'PROBE' is hardcoded into the supervisor,
and usually each host has one hardcoded PROBE username: CONTROL -- license
level 37.  So in comparison with the above chart, CONTROL has Gh0d access
to PROBE commands, because everything added up equals 37 (duh).  On many
subnets, the username RPROBE has similar access.

PROBE COMMANDS

Command      Lic. Lvl  Description
-------      --------  -----------
CHANGE        00/04    Changes your PROBE personal password.
EXI           00/04    Logout.
HELP          00/04    Help. (Temple of Sub-Genius)
SEND x text   00/04    Sends message to Probe user whose job label is 'x'.
VERSION       00/04    Lists current software version number.
WHO           00/04    Lists currently logged in PROBE users. (Useful)

DISPLAY CMDS:
Command     Lic. Lvl  Description
-------     --------  -----------
ACCT         00/04    Displays # of accounting blocks on Supervisor disk
                      available for RAM session record data.
AN           00/04    Displays detailed information about active nodes.
ASTAT        00/04    Displays number of login and circuit building
                      timeouts.

AU           00/04    Displays node numbers of ALL active nodes that are up.
CHAN x       00/04    Displays port number used by Supervisor for command
                      circuit to node 'x'.
COST x       00/04    Displays cost of building command circuit to node 'x'.
CSTAT        00/04    Displays time, login, rate, and network status every
                      15 seconds.
EXC O|S|P    00/04    Displays links that are overloaded (O), or shut (S),
                      or out of passthroughs (P).
HOST x       00/04    Displays information about host 'x' or all hosts.
LACCT        00/04    Displays number of last accounting block collected
                      by RAM session record data.
LRATE        00/04    Displays Supervisor login rate in logins per min.
LSHUT        00/04    Displays shut links table.
LSTMIN       00/04    Displays circuit status information gathered by
                      Supervisor during preceding minute.
N x          00/04    Displays status info about node 'x'.
OV x         00/04    Displays overloaded links.
PERDAT       00/04    Displays Supervisor performance data for preceding min.
RTIME        00/04    Reads 'Super Clock' time and displays year, and
                      Julian date/time.
STAT         00/04    Displays network status information.
SYS          00/04    Displays host number running PROBE.
TIME         00/04    Displays Julian date and network time.
TSTAT        00/04    Displays same information as STAT, preceded by
                      Julian date/time.
VERSION      00/04    Displays current versions of PROBE and Supervisor
                      software.
WHO          00/04    Displays active PROBE users and their job labels.

LOG MESSAGE CMDS:
Command          Lic. Lvl  Description
-------          --------  -----------
LOG               00/04    Outputs network information from Supervisor log.
REPORT            00/04    Controls output of node reports.
RLOG m1..m4       00/04    Restricts log output to up to four message numbers.
                           M1- 1st Message, M2- 2nd Message, etc.
RNODE n1 n2       00/04    Restricts log output to messages generated at nodes
                           N1 and N2.

NETWORK LINK CMDS:
Command         Lic. Lvl  Description
-------         --------  -----------
CSTREQ n1 n2       20     Requests total speed of all lines on specified
                          link. (n1= 1st Node n2= 2nd Node)
ESHUT n1 n2        20     Shuts specified link and enters it on shut links
                          table. (n1= 1st Node n2= 2nd Node)
PSTAT n Hhost p    20     For node 'n', displays status of logical ports
                          for port array 'p' on 'host'. Note the capital
                          'H' must precede the host specific.
RSHUT n1 n2        20     Opens specified link and removes it from shut
                          links table.
SYNPRT n           20     Displays status of async ports on node 'n'.
TRACE n Hhost p    20     Traces specified circuit. Where 'n' is node,
  or  n Sp         20     'host' is HOST, and 'p' is port.  Or for secondary
                          command: 'n' node name, 'p' port. Again, 'S' must
                          precede the port name.
T2BORI n1 n2       20     Resets communication channel between node n1 and
                          node n2.

NETWORK NODE CMDS:
Command  Lic. Lvl  Description
-------  --------  -----------
CLEAR n     10     Opens all links on node 'n'.
DLOAD n     10     Causes node 'n' to execute its downline load
                   bootstrap program.
NSHUT n     10     Shuts all links on node 'n'.
RETAKE n    10     Causes Supervisor to release and retake control
                   of node 'n'.
SPY         10     Displays last 32 executions of selected commands.

NETWORK SUPERVISOR CMDS:
Command  Lic. Lvl  Description
-------  --------  -----------
AWAKE       01     Wakes a sleeping Supervisor. (Only one Supervisor is
                   active at one time, however there can be supervisors
                   'sleeping'.)
CLASS       01     Causes Supervisor to read Netval class and group
                   definitions.
DF s        01     Increases Supervisor's drowsiness factor by 's' seconds.
ETIME       01     Sets time known to Supervisor.
FREEZE      01     Removes Supervisor from network.
PSWD        01     Displays password cipher in hex.
SLEEP       01     Puts active Supervisor to sleep.
THAW        01     Initializing frozen Supervisor.
TWAKE       01     Wakes sleeping Supervisor, automatically puts active
                   Supervisor to sleep and executes a CSTAT command.

USER UTILITY CMDS:
Command  Lic. Lvl  Description
-------  --------  -----------
ENTER       01     Adds/deletes/modifies Probe usernames.
HANG x      01     Logs off user with job label 'x'.
LIST        01     Displays Probe usernames.
ULOGA       20     Enters user-generated alphabetic message in msg log.
ULOGH       20     Enters user-generated hex message in msg log.

SYSTEM MAINTENANCE / DISASTER RECOVERY CMDS:
Command       Lic. Lvl  Description
-------       --------  -----------
DCENT n1 n2      02     Allows Tymnet support temporary, controlled access
                        to a private network. (Useful)
DCREAD           02     Reads current value of password cipher associated
                        with DCENT username.
FTIME +/- s      02     Corrects the 'Super Clock' by adding (+) or
                        subtracting (-) 's' seconds from it.
INITA            02     Initializes accounting file to all zeros.
INITL            02     Initializes log to all zeros.


NOTE:  Each PROBE is a separate entity with its own files.  For example,
       if you shut lines in the PROBE on the active Supervisor, this will
       NOT be known to the sleeping PROBE.  If another Supervisor takes
       over the network, it will not consider the link to be shut.
       Likewise, PROBE password changes are made only to one PROBE at a
       time.  To change your password everywhere, you must do a CHANGE in
       each probe.

LOAD-II
-------

   LOAD-II is probably one of the LEAST known of Tymnet's utilities.
LOAD-II is used to load or dump a binary image of executable code for a
node or slot.  The load/dump operation can be used for the ENTIRE engine,
or a specific slot.

Upon reaching the command prompt you should enter:

   R LOADII <cr>

This will initiate an interactive session between you and the LOAD-II
load/dumping process.  The system will go through the following procedure:

TYMNET OUTPUT         YOUR INPUT  WHAT THIS MEANS TO YOU
-------------         ----------  ----------------------

Enter Function:           G       'G' Simply means identify a gateway
Enter Gateway Host:     ####      This is the 4 digit identifier for hosts
                                  on the network.  I know that 2999 is for
                                  'MIAMI'.
Password:               LOAD      This is the default password for LOAD-II.
Function:                 C       'C' for crash table dump, OR
                          D       'D' to dump an entire engines contents, OR
                          L       'L' to load an entire engines contents, OR
                          S       'S' to load a slot, or
                          U       'U' to dump a slot.
Neighbor Node:          ####      Selects neighbor node number.
Neigh. Kern. Host#:     ###       This 3-digit code is derived by adding the
                                  first two digits of the node number and
                                  appending the last two digits to that sum.
Line # to Load From:    ##        Use the line number coming off the
                                  neighbor node, NOT the node that is DOWN.
Object File Name:                 File used to load/dump node or slot from/to.
EXIT                    EXI       Send program to end of job.


TOM - TYMCOM Operations Manager
-------------------------------

   TOM is utility which runs under TYMCOM.  Quickly, TYMCOM is an interface
program for the host computer which imitates multiple terminals.  Quoting
from Tymnet, "TYMCOM has multiple async lines running to the
front-end processor of the host."  So in other words, TYMCOM has a
bunch of lines tied into the engine's front-end, allowing a boatload of
jobs/users to access it.

   TOM is primarily used with TYMCOM dialup ports.  It is used to DOWN and
then UP hung ports.  This type of situation may occur after a host crash
where users are getting a 'Host Not Available' error message.  TOM can also
be used to put messages on TYMCOM in order to alert users to problems or
when scheduled maintenance will occur on various hosts/ports.  To login
type:

   ##TOM##:xxxx

Where 'xxxx' is the appropriate host number you wish to 'work' on. After
proper hostname is given, you will then be prompted for a password.  As I
have none of these to give, play on 3-5 character combinations of the
words: TYMCOM, TOM, HIF, OPMNGR.

Command         Description
-------         -----------
GRAB TOMxxxx    This should be the FIRST thing you do when down/upping
                a host.  Gets license for up or down host, then prompts for
                password of host.  Where 'xxxx' is the host number.  You
                must have privileged status to use.

CHANGE xxxx     Change a host number to 'xxxx'.

DIAGNOSTICS     Turns the diagnostic messages off or on.(Toggle)
DOWN P xx       Take DOWN port number 'xx', or
     H xxxx     Take DOWN host number 'xxxx'.

ENQUIRE         Lists information about the node and slow where TYMCOM is
                running.
EXIT            Logout.

MESSAGE         Sets text to be output to the terminal when a user logs in.

SHUT H xxxx     Disallow new logins to a specified host = 'xxxx', or
     P xx       Disallow new logins to a specified port = 'xx'.
SPEED xxxx      Specifies the baud rate at which a port will communicate.
STAT P xx-yy    Shows status of port numbers 'xx' through 'yy'.  Either
                one or a number of ports may be specified.

TIME            Displays the current time.
TO x message    Sends 'message' to specified user number 'x'.

UP P xx         Bring UP port number 'xx', or
   H xxxx       Bring UP host number 'xxxx'.

WHO             Lists user numbers of all users currently logged into TOM.


XRAY
----

   XRAY is another one of the very well known commands.  XRAY is a program
which sits within node code and waits for use.  Its used to gain
information about a specific node's configuration and its current status in
the network.  It can be used to determine the probable reason for a crash
or line outage in order to isolate bottlenecks or track down network
anomalies.

   XRAY user licenses are all assigned a logon priority.  If every XRAY
port on a node are in use, and a higher priority XRAY username logs in,
the lowest priority username will be logged out.

License Description
------- -----------
2       Permits the writing and running of disruptive node tests.
1       Permits the running of non-disruptive node tests.
0       Permits view only commands.

   The following list is a compilation of some hardcoded 'good-guys'.

LICENSE LEVEL  PRIORITY  GOOD GUY USERNAME  ACTIVE/PASSIVE  NETWORK IMPACT
=============  ========  =================  ==============  ==============
     2            98        XMNGR              Active           MAJOR
     2            98        ISISTECX           Active           MAJOR

     2            97        XNSSC              Active           MAJOR

     1            50        TNSCMX             Active           Minor
     1            50        TNSUKMX            Active           Minor

     1            40        XSOFT              Active           Minor
     1            40        XEXP               Active           Minor
     1            40        XCOMM              Active           Minor
     1            40        XSERV1             Active           Minor

     0            50        XRTECH            Passive

     0            30        XTECH             Passive
     0            30        XOPPS             Passive
     0            30        XSERV             Passive
     0             0        XRAY              Passive

   What follows is a VERY brief command summary.

Command         Description
-------         -----------
CD              Displays current auto/display mode for CRYPTO messages.
CD Y|N          Turns ON/OFF automatic display of CRYPTO messages.
CL n            Display the last 'n' CRYPTO messages.
CRTL Z          Logout.

BT              Causes the SOLO machine to go into boot.  Audited command.

DB              Used to build and measure link delay circuits between
                nodes.  The DB command prompts for a node list. IE-
                NODE LIST: <node #1 node#2 ... node#x>
DD              Displays link measurement data for circuit built by the
                DB command.  Verifies that the circuit has been built.
DE              Used to terminate the DB command.

HT              Puts the node code into a STOP state.  This command shows
                up in audit logs.

KD n            Display link descriptor parameters where 'n' is the
                neighbor number.
KS n            Display link performance statistics (link delay, packet-
                making, bandwidth utilization, etc.)

ND              Displays information about the configuration of a node
                and its neighbors.
NS option       Displays parameters for estimating node work load. Options:
                -EXCT is the current load factor or execute count. A count
                of less than 60 means the load is heavy.
                -EXLW is the lowest EXCT value computed since startup.
                -EXHW is the highest EXCT value computed.
SN              Restarts the node, command audited.
------------------------------------------------------------------------------

   I hope this file gave you a better understanding of the Tymnet network.
While a lot of the commands make sense only if you've had prior Tymnet
experience, I hope my summaries of each tool gave you a little better
understanding of the network.  I am available for questions/comments/gripes
on IRC, or I can be reached via Internet mail at:

                    pfalken@mindvox.phantom.com

   Thanks goes out to an anonymous hippy for providing the extra nudge I needed
to sit down and write this phile.  NO thanks goes out to my lousy ex-roommates
who kicked me out in the middle of this article.  Their day is approaching.

   Be careful everyone...and remember, if you have to explore the
mysterious fone/computer networks, do it from someone else's house.

- Professor Falken
= Legion of Doom!


<EOF-93> [Written with consent and cooperation of the Greys]