Yadda ake amfani da Wireshark don gano matsalolin hanyar sadarwa

Idan kuna aiki a cikin hanyar sadarwa, tsaro, ko haɓakawa kuma kuna son fahimtar abin da ke faruwa akan kebul ɗinku da Wi-Fi, kuna aiki tare da Wireshark Abu ne mai mahimmanci. Wannan bude tushen kunshin analyzer tare da shekarun juyin halitta wanda ke ba da damar kamawa, rarrabawa da kuma nazarin zirga-zirga a matakin fakiti tare da madaidaicin tiyata.

A cikin wannan labarin mun bincika shi da zurfi: daga lasisinsa da tallafinsa zuwa fakitinsa a cikin GNU/Linux, gami da kayan aikin wasan bidiyo, tsarin tallafi, buƙatun tattarawa, izinin kamawa da cikakken cikakken tarihin tarihi da bayyani na aiki.

Menene Wireshark kuma menene ake amfani dashi a yau?

A zahiri, Wireshark shine a na'urar nazari na yarjejeniya da na'urar kama zirga-zirga wanda ke ba ku damar sanya hanyar sadarwa a cikin lalata ko yanayin saka idanu (idan tsarin yana goyan bayan shi) da duba firam ɗin da ba za a aika zuwa Mac ɗinku ba, bincika tattaunawa, sake gina kwararar ruwa, fakitin launi bisa ga ƙa'idodi, da amfani da matattarar nunin nuni. Bugu da ƙari, ya hada da TShark (sigar tasha) da saitin abubuwan amfani don ayyuka kamar sake yin oda, rarrabuwa, haɗawa, da sauya hotunan kariyar kwamfuta.

Kodayake amfani da shi yana tunawa da tcpdump, yana ba da ƙirar ƙirar zamani dangane da Qt tare da. tacewa, rarrabuwa, da zurfafa rarrabawa don dubban ladabi. Idan kana kan sauyawa, ka tuna cewa yanayin lalata ba ya ba da garantin ganin duk zirga-zirgar ababen hawa: don cikakkun al'amuran za ku buƙaci madubin tashar jiragen ruwa ko taps na cibiyar sadarwa, waɗanda takaddun su kuma ya ambata a matsayin mafi kyawun ayyuka.

Lasisi, tushe da samfurin ci gaba

Ana rarraba Wireshark a ƙarƙashin GNU GPL v2 kuma a wurare da yawa, a matsayin "GPL v2 ko kuma daga baya". Wasu kayan aiki a cikin lambar tushe suna da lasisi ƙarƙashin lasisi daban-daban amma masu jituwa, kamar kayan aikin pidl tare da GPLv3+, wanda baya shafar sakamakon binary na mai nazari. Babu takamaiman garanti ko fayyace; yi amfani da shi a kan haɗarin ku, kamar yadda aka saba tare da software kyauta.

La Wireshark Foundation Yana daidaita haɓakawa da rarrabawa. Ya dogara da gudummawa daga daidaikun mutane da ƙungiyoyi waɗanda aikinsu ya dogara akan Wireshark. Aikin yana alfahari da dubban marubuta masu rijista da masu tarihi irin su Gerald Combs, Gilbert Ramirez, da Guy Harris a cikin fitattun magoya bayansa.

Wireshark yana gudana akan Linux, Windows, macOS, da sauran tsarin Unix-kamar (BSD, Solaris, da sauransu). Ana fitar da fakiti na hukuma don Windows da macOS, kuma akan GNU/Linux yawanci ana haɗa su azaman ma'auni ko fakitin ƙarawa a cikin rabawa kamar Debian, Ubuntu, Fedora, CentOS, RHEL, Arch, Gentoo, openSUSE, FreeBSD, DragonFly BSD, NetBSD, da OpenBSD. Hakanan ana samunsa akan tsarin ɓangare na uku kamar Homebrew, MacPorts, pkgsrc ko OpenCSW.

Don haɗawa daga lambar, kuna buƙatar Python 3; AsciiDoctor don takardun shaida; da kayan aikin kamar Perl da GNU flex (classic lex ba zai yi aiki ba). Kanfigareshan ta amfani da CMake yana ba ku damar kunna ko kashe takamaiman tallafi, misali, dakunan karatu tare da -DENABLE_ZLIB=KASHE, -DENABLE_LZ4=KASHE ko -DENABLE_ZSTD=KASHE, ko tallafin libsmi tare da -DENABLE_SMI=KASHE idan kun fi son kada ku loda MIBs.

Fakiti da ɗakunan karatu a cikin tsarin tushen Debian

A cikin Debian/Ubuntu da mahallin da aka samo asali, an raba yanayin yanayin Wireshark zuwa fakiti masu yawaA ƙasa akwai ɓarna tare da fasalulluka, ƙimanta masu girma dabam, da dogaro. Waɗannan fakitin suna ba ku damar zaɓar daga cikakken GUI zuwa ɗakunan karatu da kayan aikin haɓaka don haɗa rarraba cikin aikace-aikacen ku.

wireshark

Aikace-aikacen zane don ɗauka da nazarin zirga-zirga tare da ƙirar Qt. Kiyasin girman: 10.59 MB. Wurin aiki: sudo apt install wireshark

Daga cikin zaɓuɓɓukan farawa za ku sami sigogi don zaɓar abin dubawa (-i), masu tacewa (-f), iyakacin hoto, yanayin saka idanu, jerin nau'in hanyar haɗin gwiwa, masu tacewa (-Y), "Yanke Ƙimar As" da abubuwan da ake so, da kuma tsarin fitarwa na fayil da kama sharhi. Aikace-aikacen kuma yana ba da izini bayanin martaba da ƙididdiga ci-gaba fasali daga dubawa.

shark

Sigar Console don kama-layin umarni da bincike. Kiyasin girman: 429 KB. Wurin aiki: sudo apt install tshark

Yana ba ku damar zaɓar musaya, amfani da masu tacewa da nunawa, ayyana yanayin tsayawa (lokaci, girman, adadin fakiti), amfani da buffers madauwari, cikakkun bayanan buga, jujjuyawar hex da JSON, da fitarwa TLS abubuwa da maɓallai. Hakanan yana iya canza abin da ake fitarwa a cikin tasha mai jituwa. daidaita log log ta yanki da matakan daki-daki. Ana ba da shawara idan kun kunna BPF JIT a matakin kernel, saboda yana iya samun tasirin tsaro.

wayashark-na kowa

Fayilolin gama gari don wayashark da tshark (misali, ƙamus, daidaitawa, da kayan aikin layi). Kiyasin girman: 1.62 MB. Wurin aiki: sudo apt install wireshark-common

Wannan fakitin ya haɗa da abubuwan amfani kamar capinfos (kama bayanan fayil: nau'in, ɓoyewa, tsawon lokaci, ƙimar, girma, hashes da sharhi), captype (bayyana nau'ikan fayil), dumpcap (na'urar ɗaukar nauyi mai nauyi wacce ke amfani da pcapng/pcap tare da autostop da buffers madauwari), editcap (gyara/raga/mayar da kama, daidaita tambura, cire kwafi, ƙara sharhi ko sirri) hadewa (haɗa ko haɗa yawancin kamawa), mmdbresolve (tsarin yanki na IP tare da bayanan MMDB), randpkt (multi-protocol synthetic fakiti janareta), rawshark (danyen rarrabawa tare da fitowar fili), sake tsarawa (sake oda ta timestamp), sharkd (daemon tare da API don aiwatar da kama) da rubutu2pcap (canza hexdumps ko ingantaccen rubutu zuwa ingantaccen kama).

libwireshark18 da libwireshark-data

Laburaren fakiti na tsakiya. Yana ba da masu nazarin ƙa'idar da Wireshark/TShark ke amfani da shi. Kimanin girman ɗakin karatu: 126.13 MB. Wurin aiki: sudo apt install libwireshark18 y sudo apt install libwireshark-data

Ya haɗa da goyon baya ga adadi mai yawa na ladabi da zaɓuɓɓuka kamar kunnawa ko kashe takamaiman rarrabuwa, ilimin lissafi, da "Decode As" daga dubawa ko layin umarni; godiya ga wannan, za ka iya daidaita da rarraba na ainihin zirga-zirga na muhallin ku.

libwiretap15 da libwiretap-dev

Wiretap ɗakin karatu ne don karantawa da rubuta nau'ikan fayilolin kama da yawa. Ƙarfinsa shine nau'ikan nau'ikan da yake tallafawa; iyakokinta sune: Ba ta tacewa ko yin kama kai tsaye.. Wurin aiki: sudo apt install libwiretap15 y sudo apt install libwiretap-dev

Bambancin -dev yana ba da ɗakin karatu na tsaye da masu kai C don haɗa ayyukan karantawa/rubutu cikin kayan aikin ku. Wannan yana ba ku damar haɓaka abubuwan amfani waɗanda ke sarrafa bayanai. pcap, pcapng da sauran kwantena a matsayin wani bangare na bututun namu.

libwsutil16 da libwsutil-dev

Saitin abubuwan amfani da Wireshark ya raba da dakunan karatu masu alaƙa: ayyuka na taimako don sarrafa kirtani, ɓoyewa, ɓoyewa, da sauransu. Shigarwa: sudo apt install libwsutil16 y sudo apt install libwsutil-dev

Kunshin -dev ya ƙunshi kanun labarai da ɗakin karatu na tsaye domin aikace-aikacen waje su iya haɗa abubuwan gama gari ba tare da sake aiwatar da ƙafafun ba. Shi ne tushen ayyuka masu yawa da aka raba masu amfani da Wireshark da TShark.

wayashark-dev

Kayan aiki da fayiloli don ƙirƙirar sabbin "masu rarrabawa". Yana ba da rubutun kamar idl2wrs, da kuma abubuwan dogaro don haɗawa da gwaji. Kiyasin girman: 621 KB. Wurin aiki: sudo apt install wireshark-dev

Ya hada da utilities kamar asn2deb (yana haifar da fakitin Debian don saka idanu na BER daga ASN.1) da idl2deb (fakitoci na CORBA). Kuma, sama da duka, idl2wrsWannan kayan aikin yana canza CORBA IDL zuwa kwarangwal na plugin C don rarraba zirga-zirgar GIOP/IIOP. Wannan aikin tafiyar da aiki ya dogara da rubutun Python (wireshark_be.py da wireshark_gen.py) kuma yana goyan bayan rarrabuwar kawuna ta tsohuwa. Kayan aikin yana bincika samfuran sa a ciki PYTHONPATH/ fakitin rukunin yanar gizo ko a cikin kundin adireshi na yanzu, kuma yana karɓar jujjuyawar fayil don samar da lambar.

wayashark-doc

Takaddun mai amfani, jagorar haɓakawa da bayanin Lua. Kiyasin girman: 13.40 MB. Wurin aiki: sudo apt install wireshark-doc

An ba da shawarar idan za ku zurfafa zurfafa a ciki kari, rubutun da APIsAna sabunta takaddun kan layi akan gidan yanar gizon hukuma tare da kowane ingantaccen sigar.

Izinin kamawa da tsaro

A cikin tsarin da yawa, kama kai tsaye yana buƙatar manyan gata. Don wannan dalili, Wireshark da TShark suna ba da wakilci ga sabis na ɓangare na uku. dumpcapBinaryar da aka ƙera don gudana tare da gata (saitin-UID ko iyawa) don rage girman harin. Gudun dukan GUI a matsayin tushen ba kyakkyawan aiki ba ne; ya fi dacewa a kama tare da dumpcap ko tcpdump da bincika ba tare da gata don rage haɗari ba.

Tarihin aikin ya haɗa da abubuwan da suka faru na tsaro a cikin masu rarraba tsawon shekaru, kuma wasu dandamali kamar OpenBSD sun yi ritaya tsohon misalin Ethereal saboda wannan dalili. Tare da samfurin na yanzu, warewa daga kamawa da sabuntawa akai-akai suna inganta yanayin, amma yana da kyau koyaushe bi umarnin aminci Kuma, idan kun gano ayyukan da ake tuhuma, ku san yadda toshe hanyoyin sadarwar da ake tuhuma kuma a guji buɗe hotunan kariyar da ba a amince da su ba ba tare da bita ba.

Tsarin fayil, matsawa, da kuma nau'ikan rubutu na musamman

Wireshark yana karantawa kuma yana rubuta pcap da pcapng, da kuma tsari daga wasu masu nazari kamar snoop, Network General Sniffer, Microsoft Network Monitor, da yawancin da Wiretap ya lissafa a sama. Yana iya buɗe fayilolin da aka matsa idan an haɗa su da ɗakunan karatu don pcapng. GZIP, LZ4 da ZSTDMusamman, GZIP da LZ4 tare da tubalan masu zaman kansu suna ba da izinin tsalle-tsalle masu sauri, haɓaka aikin GUI a cikin manyan abubuwan kamawa.

Takaddun aikin yana da fasali irin su AIX iptrace (inda HUP zuwa daemon ya rufe da tsabta), goyan bayan alamun Lucent / Hawan hawa, Toshiba ISDN ko CoSine L2, kuma yana nuna yadda ake ɗaukar fitarwar rubutu zuwa fayil (misali, tare da telnet <equipo> | tee salida.txt ko amfani da kayan aiki script) don shigo da shi daga baya tare da text2pcap. Wadannan hanyoyi suna fitar da ku daga ciki "na al'ada" kama lokacin da kake amfani da kayan aiki waɗanda ba su kai tsaye kan pcap ba.

Suite utilities da zabin Categories

Baya ga Wireshark da TShark, rarraba ya haɗa da kayan aiki da yawa waɗanda ke rufe takamaiman ayyukaBa tare da kwafin rubutun taimako a zahiri ba, ga taƙaitaccen bayani da aka tsara ta rukunoni don ku san abin da kowannensu yake yi da waɗanne zaɓuɓɓuka za ku samu:

• dumpcap: "tsaftace kuma mai sauƙi" pcap / pcapng kama, zaɓin dubawa, matattarar BPF, girman buffer, juyawa ta lokaci / girman / fayiloli, ƙirƙirar buffers na zobe, kama sharhi da fitarwa a cikin tsari. na'ura-mai karantawaYana gargadi game da kunna JIT na BPF saboda haɗarin haɗari.
• capinfosYana nuna nau'in fayil, ɓoyewa, musaya, da metadata; adadin fakiti, girman fayil, tsayin jimlar, iyakar hoto, tarihin tarihi (na farko/na ƙarshe), matsakaicin ƙimar (bps/Bps/pps), matsakaicin girman fakiti, hashes, da sharhi. Yana ba da damar yin amfani da tambura ko cikakkun bayanai da kuma tsarin iya karanta na'ura.
• captype: yana gano nau'in fayil ɗin kama don shigarwa ɗaya ko fiye tare da taimako da zaɓuɓɓukan sigar.
• editcapYana zaɓar / share jeri na fakiti, snaps / sara, daidaita tambura (gami da tsauraran tsari), yana cire kwafi tare da windows masu daidaitawa, yana ƙara sharhi kowane firam, rarraba fitarwa ta lamba ko lokaci, canza akwati da ɓoyewa, yana aiki tare da ɓarna asirin, kuma yana matsawa fitarwa. Kayan aiki ne na duka-duka don "tsaftacewa" kama.
• hadewa: ya haɗu da ɗaukar hotuna da yawa zuwa ɗaya, ko dai ta hanyar haɗaɗɗiyar layi ko haɗawar tushen timestamp, sarrafa snaplen, yana bayyana nau'in fitarwa, yanayin haɗin IDB da matsawa na ƙarshe.
• sake tsarawa: yana sake yin oda fayil ta tambarin lokaci yana samar da fitarwa mai tsabta kuma, idan an riga an jera shi, zai iya guje wa rubuta sakamakon don adana I/O.
• rubutu2pcap: yana canza hexdumps ko rubutu tare da regex zuwa kama mai inganci; yana gane kashewa a cikin bayanai daban-daban, tambura tare da tsarin strptime (gami da daidaiton juzu'i), gano haɗe-haɗe da ASCII idan an zartar, kuma yana iya tsara taken "dummy" (Ethernet, IPv4/IPv6, UDP/TCP/SCTP, EXPORTED_PDU) tare da tashoshin jiragen ruwa, adireshi, da tambari nuna.
• rawshark: “danye” mai karatu mai fage; ba ka damar saita encapsulation ko dissection yarjejeniya, musaki shawarwarin sunan, saita karatu/nuni tace da yanke shawarar da filin fitarwa format, da amfani ga bututun tare da wasu kayan aikin.
• randpktYana haifar da fayiloli tare da fakitin bazuwar nau'ikan kamar ARP, BGP, DNS, Ethernet, IPv4/IPv6, ICMP, TCP/UDP, SCTP, Syslog, USB-Linux, da sauransu, yana ƙayyadaddun asusu, matsakaicin girman, da akwati. Mafi dacewa don gwaje-gwaje da demos.
• mmdbresolveTambayoyi MaxMind Databases (MMDB) don nuna yanayin yanki na adiresoshin IPv4/IPv6, ƙayyade fayilolin bayanai ɗaya ko fiye.
• sharkd: daemon wanda ke fallasa API (yanayin “zinariya”) ko soket na gargajiya (yanayin “classic”); yana goyan bayan bayanan martaba kuma ana sarrafa shi daga abokan ciniki don rarraba gefen uwar garken da bincike, masu amfani a aiki da kai da ayyuka.

Gine-gine, halaye da iyakoki

Wireshark ya dogara da libpcap/Npcap don kamawa, kuma akan tsarin yanayin ɗakunan karatu (libwireshark, libwiretap, libwsutil) waɗanda ke raba rarrabawa, tsari, da kayan aiki. Yana ba da damar gano kiran kira na VoIP, sake kunna sauti a cikin bayanan da aka goyan baya, daɗaɗɗen kama zirga-zirgar zirga-zirgar USB, da tacewa akan cibiyoyin sadarwar Wi-Fi (idan sun ratsa Ethernet mai sa ido). plugins don sababbin ladabi An rubuta da C ko Lua. Hakanan yana iya karɓar zirga-zirga mai nisa (misali, TZSP) don bincike na ainihi daga wata na'ura.

Ba IDS ba ne, kuma baya bayar da faɗakarwa; rawar da take takawa ce: tana dubawa, aunawa, da nunawa. Ko da haka, kayan aikin taimako suna ba da ƙididdiga da gudanawar aiki, kuma ana samun kayan horo a shirye (ciki har da aikace-aikacen ilimi waɗanda aka tsara zuwa 2025 waɗanda ke koyar da matattara, shaƙata, zanen yatsan OS na asali, bincike na ainihin lokaci, sarrafa kansa, ɓoyayyen zirga-zirga, da haɗin kai tare da ayyukan DevOps). Wannan bangaren ilimi ya cika ainihin aikin ganewar asali da matsala.

Daidaituwa da tsarin muhalli

Rukunin gine-gine da gwaji sun haɗa da Linux (Ubuntu), Windows da macOSHar ila yau, aikin yana ambaton jituwa mai faɗi tare da ƙarin tsarin kamar Unix da rarraba ta hanyar manajoji na ɓangare na uku. A wasu lokuta, tsofaffin nau'ikan OS suna buƙatar rassan baya (misali, Windows XP tare da sigar 1.10 ko baya). Gabaɗaya, zaku iya shigarwa daga ma'ajiyar hukuma ko binaries a yawancin mahalli ba tare da manyan batutuwa ba.

Suna haɗawa tare da na'urar kwaikwayo ta hanyar sadarwa (ns, OPNET Modeler), da kayan aikin ɓangare na uku (misali, Aircrack na 802.11) ana iya amfani da su don samar da abubuwan da Wireshark ke buɗewa ba tare da wahala ba. A madadin tsauraran doka da xa'aKa tuna kawai ɗauka akan cibiyoyin sadarwa da kuma cikin al'amuran da ka sami izini bayyananne.

Suna, gidan yanar gizon hukuma, da bayanan sarrafawa

Gidan yanar gizon hukuma shine wayashark.orgtare da abubuwan zazzagewa a cikin / zazzage ƙaramin littafin sa da takaddun kan layi don masu amfani da masu haɓakawa. Akwai shafuka masu iko iko (misali, GND) da jerin hanyoyin haɗin kai zuwa ma'ajiyar lambar, bug tracker, da blog ɗin aikin, masu amfani don ci gaba da labarai da al'amurran da suka shafi rahoto.

Kafin ka fara ɗauka, tabbatar da izini da damar tsarin ku, yanke shawara idan za ku yi amfani da dumpcap/tcpdump don jujjuya faifai da bincika ba tare da gata ba, da shirya kamawa da nunin tacewa daidai da manufar ku. Tare da ingantacciyar hanya, Wireshark yana sauƙaƙe hadaddun kuma yana ba ku ainihin bayanin da ya dace. Ganuwa da kuke buƙata don tantancewa, koyo, ko duba cibiyoyin sadarwar kowane girman.

Labari mai dangantaka:

Abin da za a yi a cikin sa'o'i 24 na farko bayan hack: wayar hannu, PC da asusun kan layi

Daniel Terrasa

Edita ya ƙware a fannin fasaha da al'amuran intanet tare da gogewa fiye da shekaru goma a cikin kafofin watsa labaru na dijital daban-daban. Na yi aiki a matsayin edita da mahaliccin abun ciki don kasuwancin e-commerce, sadarwa, tallan kan layi da kamfanonin talla. Na kuma yi rubutu a shafukan yanar gizo na tattalin arziki, kudi da sauran fannoni. Aikina kuma shine sha'awata. Yanzu, ta hanyar labarai na a ciki Tecnobits, Ina ƙoƙarin bincika duk labarai da sababbin damar da duniyar fasahar ke ba mu kowace rana don inganta rayuwarmu.