Maitiro ekusefa mapaketi nezvirimo neTCPDUMP?

‌ Maitiro ekusefa ⁤mapaketi nezvirimo ⁢netcpdump?

Packet analysis inzira yakakosha mumunda wecomputer network. Tcpdump chishandiso-mutsara chishandiso chinotibvumira kutora uye kuongorora mapaketi panetiweki. Imwe yetcpdump ine simba kwazvo maficha kugona kusefa mapaketi nezvawo. Muchikamu chino, tichaongorora mashandisiro etcpdump kusefa mapaketi nezvawo. zvinobudirira.

- Chii chinonzi tcpdump uye chinoshanda sei?

TCPDump ndeye yekuraira-mutsara chishandiso chinokutendera iwe kutora uye kuongorora network mapaketi pane Unix-yakavakirwa masisitimu anoshanda. Ichi chishandiso chine simba chinoshandiswa zvakanyanya munyika yetiweki manejimendi uye chengetedzo. Kushanda kwaro kunobva pakutora mapaketi ese anopfuura nepakati netiweki interface. uye ratidza ruzivo rwakadzama nezvavo, senge kwabva uye kwekuenda IP kero, maprotocol anoshandiswa, zviteshi zvinosanganisirwa, uye zvemukati zvepaketi.

Imwe yeakamira maficha eTCPDump kugona kwayo sefa mapaketi nezviri mukati mavo. Izvi zvinoreva kuti iwe unogona kudoma mamwe maitiro ekutora mapaketi chete anosangana nemamwe mamiriro. Semuenzaniso, unogona kusefa mapaketi chete ane izwi rakati muzvinyorwa zvawo, kana mapaketi chete anobva kana akatemerwa imwe kero yeIP. Izvi zvinonyanya kubatsira mumamiriro ezvinhu apo iwe unoda kuongorora kana kutarisa imwe mhando yetiweki traffic.

Kuti ushandise kusefa zvirimo muTCPDump, mataurirwo enguva dzose anoshandiswa. Aya mataurirwo anotsanangurwa uchishandisa syntax chaiyo uye anokubvumira kuti utaure maitiro ekutsvaga mukati memukati mepaketi. Paunenge uchinge watora mapaketi, TCPDump inoaenzanisa neyakajairwa kutaura uye inoratidza chete ayo anofanana neyakatsanangurwa pateni.. Izvi zvinobvumira kukurumidza uye nekunyatso ongorora mapaketi ekufarira, pasina kusefa mukati mese kubatwa kwetraffic. Ramba uchifunga kuti mataurirwo enguva dzose anogona kuve akaoma kunzwisisa, saka ipfungwa yakanaka kuve nekunzwisisa kwakanaka kwemazwi avo uye nekuashandisa nehanya.

-Packet kusefa nezvirimo: nei zvakakosha?

Packet yemukati kusefa chinhu chakakosha kune chero network maneja. Inokubvumira kuti uongorore zviri mukati me data packets inofamba netiweki uye kutora matanho zvichienderana nezviri kuwanikwa. Kugona uku kwakakosha kuti uve nechokwadi chekuchengetedza network uye kuita. Kune akati wandei maturusi aripo ekuita iyi mhando yekusefa, imwe yacho iri tcpdump.

tcpdump chishandiso-mutsara chishandiso chinoshandiswa kutora uye kuongorora network mapaketi. Inobatsira kwazvo kusefa mapaketi nemukati, sezvo ichikubvumidza iwe kumisa yakatarwa mitemo uye mamiriro ekutora iwo mapaketi chete anoenderana nezvaunoda. Nekuda kwekugona kwayo kusefa, tcpdump inotibvumira kuongorora zvirimo mumapakiti uye kuita sarudzo zvichienderana neruzivo irworwo.

Packet content kusefa kwakakosha nekuda kwezvikonzero zvakati. Chekutanga, inotibatsira kuona nekudzivirira traffic isingadiwe kana yakaipa, sekuedza kupindira, mavhairasi kana malware. Pamusoro pe, inotibvumira kuti tive nekutonga kukuru pamusoro pe data inotenderera kuburikidza network yedu,⁢ izvo zvinoturikira kuita a kushanda kwakagadziridzwa uye kuchengetedzwa kwakawedzerwa. Chekupedzisira, kusefa zvemukati kunobatsira zvakare ongorora uye kugadzirisa matambudziko etiweki, sezvo isu tichigona kuongorora zviri mukati mepakeji uye kuona chikonzero chekutadza kana zviitiko zvinogona kuitika.

Exclusive content - Click Here Maitiro ekubatanidza komputa neWi-Fi

-Syntax uye sarudzo dzekusefa mapaketi ane tcpdump

Syntax uye sarudzo dzekusefa mapaketi ane tcpdump

TCPDump Syntax: Iyo tcpdump command inoshandiswa kubata uye kuongorora network traffic pane Unix inoshanda system. Kusefa mapaketi nezvawo, unofanirwa kushandisa "-s" sarudzo inoteverwa nesefa yaunoda kuisa. Semuenzaniso, kana iwe uchida kusefa mapaketi ane izwi rekuti "password," murairo ungave: tcpdump⁤ -s "password".
⁤

Masefa akajairika: ⁢ tcpdump inopa huwandu hwakasiyana hwemafirita anotendera iwe kugadzirisa yako packet kutsvaga. Mamwe emasefa anonyanyo zivikanwa ndeaya:

– Mugamuchiri: inobvumidza iwe kusefa ne ⁢IP kero kana zita rezita.
– Chiteshi chengarava: inokubvumira kusefa nekwakabva kana chiteshi chengarava.
– Indaneti: inokubvumira kusefa ne IP kero kana huwandu hwe IP kero.
– Maitiro ekushandisa: inokutendera kusefa netiweki protocol, seTCP, UDP kana ICMP.

Sarudzo dzepamusoro: Pamusoro pemasefa ekutanga, tcpdump inopawo epamberi sarudzo dzekusefa mapaketi. Dzimwe dzesarudzo idzi dzinosanganisira:

– src: inokubvumira kusefa nekwakabva IP kero.
– dst: inobvumidza iwe kusefa nekwainoenda IP kero.
– kwete: inobvumidza iwe kuramba sefa, kusasanganisa mapaketi anosangana nemaitiro iwayo.
– uye: inokutendera kuti ubatanidze mafirita akawanda kuti utsvage zvakanyanya.

Nekunzwisisa aya ma syntaxes uye packet kusefa sarudzo ne tcpdump, iwe unozokwanisa kuita zvakanyatsoita uye zvakagadziridzwa network traffic wongororo. Rangarira kuti tcpdump chishandiso chine simba kwazvo, saka zvakakosha kuti unzwisise nzira yekushandisa nemasefa ayo uye sarudzo kuti uwane mhedzisiro yaunoda. Edza uye uwane ese mikana tcpdump yekupa!

-Kusefa mapaketi neprotocol uye IP kero

Kusefa ⁢mapaketi neprotocol ⁤uye IP kero uchishandisa tcpdump,⁤ tinoda kushandisa sarudzo dzakakodzera paunenge uchimhanyisa murairo. Sedanho rekutanga, kana isu tichida kusefa neprotocol, tinogona kutsanangura inodiwa protocol tichishandisa sarudzo -p ichiteverwa nezita reprotocol. Semuenzaniso, kana taida kusefa mapaketi anoenderana neICMP protocol, taizoshandisa tcpdump -p icmp.⁣ Nenzira iyi, tcpdump inongoratidza mapaketi anoenderana neiyo protocol.

Kana isu tichida kusefa mapaketi neIP kero, tcpdump inotitendera kuti tidaro tichishandisa sarudzo -n ichiteverwa neiyo IP kero yaunoda. Semuyenzaniso, kana tichida kusefa mapaketi chete ane kunobva IP kero 192.168.1.100, isu toshandisa tcpdump -n src ⁤host 192.168.1.100. Nenzira iyi, tcpdump inongoratidza mapaketi anofanana neiyo IP kero maitiro.

Pamusoro pekusefa ne IP kero uye protocol mumwe nemumwe, isu tinogona zvakare kusanganisa ese maitirwo kuti tiwane kunyatso kusefa. Kuti tiite izvi, isu tinoshandisa sarudzo -p uye -n pamwe chete, ichiteverwa nemaprotocol anodiwa uye IP kero. Semuyenzaniso, kana tichida kusefa mapaketi anoenderana neprotocol yeUDP uye tiine IP kero 192.168.1.100, tinozoshandisa. tcpdump -p udp uye src host 192.168.1.100. Izvi zvinotitendera kuti tingowana chete iwo mapakeji anosangana nemaitiro ese panguva imwe chete.

Exclusive content - Click Here Maitiro ekugadzira chimiro chakanaka cheGrindr?

- Yakasefa nekwakabva uye kwekuenda chiteshi⁢

TCPDUMP chishandiso-yemutsara chishandiso chinobvumira vatariri venetiweki kutora uye kuongorora traffic. munguva chaiyo. Imwe yeanonyanya kubatsira maficha eTCPDUMP kugona sefa mapaketi nezviri mukati mavo, iyo inotibvumira kuita ongororo yakadzama yetraffic network uye kuwana ruzivo rwakananga. Muchikamu chino, tichatsanangura nzira yekusefa mapaketi ne chiteshi chezvikepe uye kwekuenda, iyo inogona kubatsira pakuona matambudziko etiweki, kuona chiitiko chekufungidzira, kana kungosefa traffic kuti unyatsoongorora.

Sefa ne⁢ chiteshi chezvikepe uye kwekuenda inotibvumira kusarudza mapaketi anobva kana anonangidzirwa kune imwe chiteshi pane IP kero. Izvi zvinonyanya kukosha kana isu tichida kutarisa kune yakatarwa mhando yetraffic, senge traffic inouya kubva kana kunanga kune imwe sevhisi kana application. Semuyenzaniso, kana tichida kuongorora HTTP traffic inobva kunetiweki yedu, tinogona kushandisa "tcp port 80" sefa kutora mapaketi chete anoshandisa port 80 senzvimbo yekubva. Nenzira iyi, tinogona kuwana chete ruzivo runoenderana nekuongorora kwedu.

Kusefa ne chiteshi chezvikepe uye kwekuenda NeTCPDUMP, tinogona kushandisa iyo -d sarudzo inoteverwa nenhamba yechiteshi yatinoda kusefa. Semuenzaniso, kana tichida kusefa mapaketi anobva kana kuenda kuchiteshi 22, inova ndiyo chiteshi cheSSH protocol, tinogona kushandisa murairo unotevera: tcpdump -d port 22Izvi zvinongotiratidza mapakeji anoshandisa port 22 senzvimbo kana nzvimbo yekuenda. Tinogona kusanganisa iyi sefa nemamwe mafirita anowanikwa muTCPDUMP kuti tiwane ruzivo rwakanyanya nezve network traffic yatinoda kuongorora.

-Yepamberi yekusefa neanogara achitaurwa

Imwe yemhando yepamusoro uye inobatsira ye tcpdump ndiko kugona sefa ⁢packets nezvirimo. Izvi zvinowanikwa nekushandisa ⁢ matauriro enguva dzose, iyo inokubvumira kutsanangura maitiro akaoma uye chaiwo ekutsvaga.

Paunenge uchishandisa ⁤ matauriro enguva dzose, tinogona kusefa mapaketi zvichibva pane chero tambo yemavara ⁢ivapo mavari, senge IP kero, zviteshi, mazita evaenzi, yakatarwa byte kutevedzana, pakati pevamwe. Izvi zvinonyanya kubatsira kana iwe uchida kuongorora chaiyo traffic⁤ pane network.

Kushandisa matauriro akajairika mu tcpdump, tinofanira kushandisa sarudzo -s inoteverwa nezvinodiwa zvekutsvaga. Semuenzaniso, kana tichida kusefa mapaketi ane tambo "http" mune zviri mukati, tinogona kushandisa murairo: tcpdump -s «http».

-Kubata uye kuongorora akaburitswa mapaketi ane tcpdump

Kutora uye kuongorora mapaketi akaburitswa neTCPDUMP

TCPDump chishandiso chinoshandiswa zvakanyanya-mutsetse wekutora uye kuongorora network mapaketi paUnix-senge masisitimu. NeTCPDump, zvinokwanisika kutora mapaketi ese achipfuura nepakati netiweki interface uye oachengeta mufaira rekuzoongororwa gare gare. Iko kugona kusefa mapaketi ane tcpdump chinhu chakakosha chinoita kuti kuongorora kuve nyore uye kudzivirira kusakosha kweruzivo kuwanda.

Exclusive content - Click Here Maitiro Ekutevera Pakeji yeEstafeta Munguva Chaiyo

Paunenge uchishandisa tcpdump kutora mapaketi, zvinokwanisika kuasefa ne IP kero, port, kana protocol. Izvi zvinobvumira tarisa pane chimwe chikamu chemashoko akakodzera uye kurasa ruzha rusingadiwi. Semuenzaniso, kana isu tichida kuongorora HTTP traffic, tinogona kusefa mapaketi tichishandisa murairo unotevera:

tcpdump -i eth0 port 80

murayiro uyu Ichatora uye kuratidza chete mapaketi anopfuura nepachiteshi 80., inowanzoshandiswa kune HTTP protocol. Nenzira iyi, tinogona tarisa pawebhu traffic analysis uye dzivirira kutarisisa pasuru dzisina basa.

Pamusoro pemasefa ekutanga, tcpdump inobvumirawo sefa mapaketi nemukatiIzvi zvinosanganisira kutsvaga tambo chaiyo yedata mukati memukati memapaketi akatorwa. Semuenzaniso, kana tichida kutora mapaketi ese ane izwi rekuti "password" mune zviri mukati, tinogona kushandisa murairo unotevera:

tcpdump -i eth0 -A -s0 -w paquetes.pcap 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x70617373'

Nemurairo uyu, tcpdump ichatora uye kuchengeta mufaira "packets.pcap" mapaketi ese ane tambo "password". ⁤Tinokwanisa kuongorora faira iri zvakadzama kuti tiwane ruzivo rwakakodzera, kuona zvingaite njodzi, nekuvandudza kuchengetedzwa kwetiweki.

Muchidimbu, tcpdump chishandiso chine simba chekutora uye kuongorora network mapaketi. Yayo IP kero, chiteshi, protocol, uye zvemukati kusefa kugona kunobvumidza iwe tarisa pane ruzivo rwakakodzera ‍ uye kudzivirira zvisina basa kuwandisa data.Kungave kuri kuongororwa, kutarisa network, kana kuchengetedza, tcpdump isarudzo yakavimbika kune yega yega nyanzvi yetiweki.

-Kurudziro yekusefa inoshanda uye yakachengeteka netcpdump

Kana zvasvika pa Sefa mapaketi nezvirimo neTCPDUMP, zvakakosha kuve nechokwadi kuti kusefa kunoshanda uye kwakachengeteka. Kuti uite izvi, heano mamwe mazano anozobatsira zvakanyanya:

1. Shandisa zvirevo zvenguva dzose: tcpdump inobvumira kushandiswa kwemaitiro enguva dzose kusefa mapaketi zvichienderana nezviri mukati. Izvi zvinokupa kuchinjika kukuru kutsanangura maitiro ekutsvaga uye kusefa chete mapaketi anofanana neaya mapatani. Unogona kushandisa "-s" mureza pamwe chete nechirevo chenguva dzose kuisa kusefa.

2. Tsanangura sefa yakakodzera: Kuti uwane mhinduro chaidzo, zvakakosha kuti unyatso kutsanangura sefa yako. Iwe unofanirwa kunyatso ratidza kuti ndeupi mhando yezvinyorwa zvauri kutsvaga mumapaketi, ingave IP kero, chiteshi, kana tambo yemavara. Zvakare, ive shuwa yekusanganisa nemashandisirwo ane musoro kuti uenderere mberi nekunatsa kusefa kwako uye uwane izvo zvaunoda.

3. Deredza nzvimbo yekusefa: Izvo zvakakosha kuti uzive kuti tcpdump inotora mapaketi ese anopfuura nepanetiweki interface. Izvi zvinogona kutungamirira kuhuwandu hwemashoko asingadikanwi uye kuita kuti kuongorora kuve kwakaoma. Naizvozvo, isu tinokurudzira kuti udzikisire chiyero chekusefa zvakanyanya sezvinobvira kudzivirira kuwandisa ruzivo uye nekumhanyisa maitiro ekuongorora.

Sebastian Vidal

Ini ndiri Sebastián Vidal, injiniya wekombuta anofarira nezve tekinoroji uye DIY. Uyezve, ndini musiki we tecnobits.com, kwandinogovera zvidzidzo kuti tekinoroji iwanikwe uye inonzwisisika kumunhu wese.