Ngati mukufuna kufufuza kapena kutsegula mapaketi a pa Linux, ndi bwino kugwiritsa ntchito chithandizo cha console pa izi. tcpdump. Koma vuto limabwera mu kayendedwe kake kovuta. Zingakhale zovuta kuti wogwiritsa ntchito wamba agwiritse ntchito, koma izi ndizoyamba. Nkhaniyi ikufotokozera momwe tcpdump ilili, m'mene zimagwirira ntchito, momwe zingagwiritsire ntchito, ndipo zitsanzo zambiri za ntchito yake zidzaperekedwa.
Onaninso: Zophunzitsira zokhazikitsa intaneti mu Ubuntu, Debian, Ubuntu Server
Kuyika
Ambiri opanga machitidwe opangira Linux akuphatikizapo tcpdump ntchito mu mndandanda wazinthu zowonongeka, koma ngati pazifukwa zina sizikugawidwa, mukhoza kuzilandira ndi kuziyika kudzera "Terminal". Ngati OS yanu imachokera ku Debian, ndipo izi ndi Ubuntu, Linux Mint, Kali Linux ndi zina zotero, muyenera kuyendetsa izi:
sudo apt install tcpdump
Pakukhazikitsa muyenera kulemba mawu achinsinsi. Chonde dziwani kuti pamene mukujambula simunasonyezedwe, komanso kuti mutsimikizire kukhazikitsa, muyenera kulowetsa khalidwelo "D" ndipo pezani Lowani.
Ngati muli ndi Red Hat, Fedora kapena CentOS, lamulo la kuikidwa lidzawoneka ngati:
sudo yamika tcpdump
Pambuyo pazowonjezera, mutha kugwiritsa ntchito nthawi yomweyo. Izi ndi zina zambiri zidzafotokozedwa pambuyo pake.
Onaninso: PHP Installation Guide kwa Ubuntu Server
Syntax
Monga lamulo lina lirilonse, tcpdump ili ndi syntax yake. Kumudziwa, mungathe kukhazikitsa magawo onse omwe angaganizidwe pochita lamulo. Chidule chake ndi:
zosankha za tcpdump -i mawonekedwe osasintha
Mukamagwiritsa ntchito lamuloli, muyenera kufotokoza mawonekedwe kuti muwone. Zosefera ndi zosankha sizinthu zovomerezeka, koma zimalola kusintha kosintha.
Zosankha
Ngakhale sikofunika kufotokozera chisankhocho, ndifunikanso kulembetsa zomwe zilipo. Gome silingasonyeze mndandanda wawo wonse, koma ndi otchuka kwambiri, koma ndi okwanira kuti athetse ntchito zambiri.
| Zosankha | Tanthauzo |
|---|---|
| -A | Ikuthandizani kuti muyambe mapangidwe a mtundu wa ASCII |
| -l | Yongeza mpukutuwu. |
| -i | Pambuyo polowera mumayenera kufotokozera mawonekedwe a intaneti omwe adzayang'anidwe. Kuti muyambe kufufuza mawonekedwe onse, lembani mawu akuti "aliyense" mutatha kusankha. |
| -c | Kumaliza ndondomeko yowatsata pambuyo poyang'ana chiwerengero cha phukusi. |
| -w | Zimapanga fayilo yolemba ndi lipoti lowonetsa. |
| -a | Iwonetsa mlingo wa intaneti pa intaneti. |
| -L | Kuwonetsa ndondomeko zokhazo zomwe zimagwiridwa ndi mawonekedwe owonetsera. |
| -C | Amapanga fayilo ina pamene akulemba phukusi ngati kukula kwake kuli kwakukulu kusiyana ndi kamodzi. |
| -r | Ikutsegula fayilo ya kuwerenga yomwe idalengedwa ndi -w kusankha. |
| -j | Maonekedwe a TimeStamp adzagwiritsidwa ntchito polemba phukusi. |
| -J | Ikukuthandizani kuti muwone mawonekedwe onse omwe alipo TimeStamp |
| -G | Anayambitsa kupanga fayilo ndi zipika. Njirayo imapanganso mtengo wa panthawi, pambuyo pake padzakhala chipika chatsopano |
| -v, -vv, -vvv | Malingana ndi chiwerengero cha anthu omwe ali nawo, kusankha kwa lamulo kudzatchulidwa bwino (kuwonjezeka kuli kofanana ndi chiwerengero cha anthu) |
| -f | Zotsatirazi zikuwonetsera dzina la adiresi ya IP |
| -F | Ikukuthandizani kuti muwerenge zambiri osati kuchokera pa intaneti, koma kuchokera pa fayilo |
| -D | Iwonetsanso ma intaneti onse omwe angagwiritsidwe ntchito. |
| -n | Imasokoneza mawonedwe a mayina |
| -Z | Imafotokozera wogwiritsa ntchito pamene maofesi onse adzalengedwa. |
| -K | Dulani kusintha kwa checksum |
| -q | Kuwonetseratu kwachidule |
| -H | Imayang'anila mutu wa 802.11s |
| -I | Anagwiritsidwa ntchito polemba mapaketi muzowonongeka. |
Pambuyo pofufuza zotsatirazi, pansipa timatembenukira mwachindunji ku ntchito zawo. Padakali pano, mafayilo adzalingaliridwa.
Zosefera
Monga tafotokozera kumayambiriro kwa nkhaniyi, mukhoza kuwonjezera mafyuluta ku tcpdump syntax. Tsopano otchuka kwambiri mwa iwo adzawerengedwa:
| Sakanizani | Tanthauzo |
|---|---|
| wolandira | Imatchula dzina la alendo. |
| khoka | Amafotokoza IP subnet ndi intaneti |
| ip | Imafotokozera adiresi ya protocol |
| src | Kuwonetsa mapaketi omwe anatumizidwa kuchokera ku aderesi yachindunji |
| dst | Kuwonetsa mapaketi omwe analandiridwa ndi adiresi yapadera. |
| mzere, udp, tcp | Kusakaniza ndi chimodzi mwa zizindikiro |
| doko | Kuwonetsa zambiri zokhudzana ndi malo enaake. |
| ndi, kapena | Anagwiritsidwa ntchito kuphatikiza mafayilo ambiri mu lamulo. |
| zochepa, zazikulu | Zolembapozo zing'onozing'ono kapena zazikulu kuposa kukula kwake |
Zosefera zonsezi zingathe kuphatikizana wina ndi mzake, kotero pakupereka lamulo mudzasunga zomwe mukufuna kuziwona. Kuti mumvetse mwatsatanetsatane kugwiritsa ntchito zowonongeka pamwambapa, ndi bwino kupereka zitsanzo.
Onaninso: Nthawi zambiri amagwiritsidwa ntchito ku Linux Terminal
Zitsanzo za ntchito
Zogwiritsidwa ntchito kawirikawiri tcpdump zizindikiro zidzatchulidwa. Zonsezi sizingathe kulembedwa, chifukwa kusiyana kwawo kungakhale kosatha.
Onani mndandanda wa mawonekedwe
Ndikoyenera kuti aliyense akuyang'ane mndandanda wa ma intaneti ake onse omwe angatchulidwe. Kuchokera pa tebulo pamwambapa tikudziwa kuti pazimenezi muyenera kugwiritsa ntchito -D, choncho muimtheradi muthamanga lamulo ili:
sudo tcpdump -D
Chitsanzo:
Monga mukuonera, pali mautumiki asanu ndi atatu omwe angapangidwe pogwiritsa ntchito lamulo la tcpdump. Nkhaniyi idzapereka zitsanzo za ppp0, mungagwiritse ntchito zina.
Maulendo apamtunda akugwira
Ngati mukufuna kufufuza sewero limodzi la mawonekedwe, mungathe kuchita izi ndi chisankho -i. Musaiwale kuti mulowetse dzina la mawonekedwe pambuyo mutalowa. Pano pali chitsanzo chotsatira lamulo ili:
sudo tcpdump -i ppp0
Chonde dziwani kuti muyenera kulowa "sudo" musanayambe lamulolo, chifukwa likufuna kuti wodabwitsa.
Chitsanzo:
Dziwani: mutatha kulowera mu "Terminal", mapaketi omwe amaloledwa adzawonetsedwa mosalekeza. Kuti asiye kuyendayenda, muyenera kusindikizira mgwirizano wambiri Ctrl + C.
Ngati mutayendetsa lamulo popanda zina zowonjezera ndi zosakaniza, mudzawona mawonekedwe otsatirawa powonetsera mapaketi oyendetsa:
22:18: 52.597573 IP vrrp-topf2.p.mail.ru.https> 10.0.6.67.35482: Flags [P.], ndime 1: 595, ack 1118, kupambana 6494, zosankha [nop, nop, TS val 257060077 ecr 697597623], kutalika kwa 594
Kumeneko kumasulidwa mtundu:
- buluu - nthawi yolandira phukusi;
- lalanje - protocol version;
- zobiriwira - adiresi ya wotumiza;
- zofiirira - aderesi ya wolandira;
- imvi - zambiri zokhudza tcp;
- Kufiira - pakiti kukula (kuwonetsedwa mwa byte).
Msonkhanowu umatha kutulutsa pawindo "Terminal" popanda kugwiritsa ntchito njira zina.
Tengani magalimoto ndi -v kusankha
Monga momwe tikudziwira kuchokera pa tebulo, kusankha -v kukulolani kuti muwonjezere kuchuluka kwa chidziwitso. Tiyeni tione chitsanzo. Onani mawonekedwe omwewo:
sudo tcpdump -v -i ppp0
Chitsanzo:
Pano muwona kuti mzere wotsatira ukuwonekera mu zotsatira:
IP (kwa 0x0, ttl 58, id 30675, kuchotsa 0, mbendera [DF], TCP (6), 52 kutalika
Kumeneko kumasulidwa mtundu:
- lalanje - protocol version;
- buluu - moyo wa protocol;
- zobiriwira - kutalika kwa mutu wam'munda;
- zofiira - ndondomeko ya phukusi la tcp;
- kukula kwa pakiti.
Ndiponso mu syntax ya lamulo mukhoza kulemba kusankha -vv kapena -vvv, zomwe zidzakulitsa kuchuluka kwa chidziwitso chowonetsedwa pazenera.
Chinthu cha--ndi--r
Gome losankhidwa limatanthawuza kuti mungathe kupulumutsa chiwerengero chonse cha deta mu fayilo yapadera kuti athe kuziwona kenako. Njirayo ndi yodalirika pa izi. -w. Ndi zophweka kugwiritsira ntchito, ingowalowetsani mu lamulo ndikulowetsani dzina la tsogolo lanu ndikuwonjezera ".pcap". Taganizirani chitsanzo chonse:
sudo tcpdump -i ppp0 -w file.pcap
Chitsanzo:
Chonde dziwani kuti pamene mukulemba zolemba pa fayilo, palibe malemba omwe amawonetsedwa pawindo la "Terminal".
Pamene mukufuna kuona zolembedwera, muyenera kugwiritsa ntchito njirayi -rikutsatiridwa ndi dzina la fayilo lolembedwa kale. Ikugwiritsidwa ntchito popanda njira zina ndi zowonongeka:
sudo tcpdump -r file.pcap
Chitsanzo:
Zonsezi ndizofunikira pomwe mukufunikira kusunga malemba ambiri kuti muwone bwinobwino.
Kusuta kwa IP
Kuchokera pa tebulo lafyuluta, tikudziwa zimenezo dst ikulolani kuti muwonetse pazowonjezera pulogalamuyi yomwe inalandira ndi adiresi yomwe imatchulidwa mu syntax ya lamulo. Choncho, ndizovuta kuona mapaketi omwe adalandira ndi kompyuta yanu. Kuti muchite izi, gululi liyenera kufotokozera adilesi yanu ya IP:
sudo tcpdump -i ppp0 ip dst 10.0.6.67
Chitsanzo:
Monga mukuonera, pambali dst, mu timu, tinayambanso kulemba fyuluta ip. Mwa kuyankhula kwina, tinauza makompyuta kuti pakasankha mapaketi, amamvetsera ma adiresi awo a IP, osati ku magawo ena.
Ndi IP, mukhoza kufalitsa ndi kutumiza mapaketi. Mu chitsanzo timapereka IP yathu kachiwiri. Izi zikutanthauza kuti tizitsatira mapepala omwe amatumizidwa kuchokera ku kompyuta kupita ku ma adresi ena. Kuti muchite izi, yesani lamulo lotsatira:
sudo tcpdump -i ppp0 ip src 10.0.6.67
Chitsanzo:
Monga mukuonera, tasintha fyuluta mu syntax ya lamulo. dst on src, potero akuuza makina kuti afufuze wotumiza ndi IP.
Kutsegula HOST
Mwa kufanana ndi IP mu timu, tikhoza kufotokoza fyuluta wolandirakuti udzule mapaketi ndi anthu ambiri. Izi zikutanthauza kuti, mu syntax, mmalo mwa adilesi ya IP ya wotumiza / wolandila, muyenera kufotokozera omvera ake. Zikuwoneka ngati izi:
sudo tcpdump -i ppp0 dst wokhala google-public-dns-a.google.com
Chitsanzo:
Pa chithunzi chomwe mungachiwonere icho "Terminal" Mapaketi okha omwe anatumizidwa kuchokera ku IP athu kupita ku google.com akuwonetsedwa. Monga mukuonera, m'malo mwa google host, mukhoza kulowa china chilichonse.
Monga momwe mukusungira IP, mawu ofanana ndi awa: dst ingasinthidwe ndi srcKuti muwone mapaketi omwe amatumizidwa ku kompyuta yanu:
sudo tcpdump -i ppp0 src wolandira google-public-dns-a.google.com
Zindikirani: fyuluta yowonongeka iyenera kukhala pambuyo pa dst kapena src, mwinamwake lamulo lidzapanga zolakwika. Pankhani ya IP kusinthasintha, m'malo mwake, dst ndi src zili kutsogolo kwa ip filter.
Fyuluta ndi ndi
Ngati mukufuna kugwiritsa ntchito mafayilo angapo pokhazikitsa lamulo limodzi, muyenera kugwiritsa ntchito fyuluta. ndi kapena kapena (zimadalira mulandu). Mwa kufotokoza zowonongeka mu syntax ndikuzigawa ndi mawu awa, "mumapanga" ntchito imodzi. Mu chitsanzo, zikuwoneka ngati izi:
sudo tcpdump -i ppp0 ip dst 95.47.144.254 kapena ip src 95.47.144.254
Chitsanzo:
Kuchokera ku syntax ya lamulo mukhoza kuona zomwe tikufuna kuziwonetsera "Terminal" mapaketi onse omwe anatumizidwa ku adiresi 95.47.144.254 ndi mapaketi omwe analandira ndi adiresi yomweyo. Mukhozanso kusintha mitundu ina m'mawu awa. Mwachitsanzo, mmalo mwa IP, tchulani HOST kapena mutenge malo enieniwo.
Sungani chinyumba ndi kutsegula
Sakanizani doko Yokwanira pamene mukufuna kudziwa za mapaketi ndi doko lapadera. Kotero, ngati mukufunikira kuwona mayankho kapena mafunso a DNS, muyenera kufotokoza phukusi 53:
sudo tcpdump -vv -i ppp0 chingwe 53
Chitsanzo:
Ngati mukufuna kuona http phukusi, muyenera kulowa phokoso 80:
sudo tcpdump -vv -i ppp0 doko 80
Chitsanzo:
Pakati pazinthu zina, n'zotheka kutsegula nthawi yomweyo ma doko. Kuti muchite izi, yesani fyuluta kulumikiza:
Chiwonetsero cha sudo tcpdump 50-80
Monga mukuonera, mogwirizana ndi fyuluta kulumikiza Sikofunika kufotokozera zosankha zina. Ingoyikani mtunduwu.
Kutsatsa Zamtundu
Mukhozanso kuwonetsa magalimoto omwe amatsatira ndondomeko iliyonse. Kuti muchite izi, gwiritsani ntchito dzina la protocol monga fyuluta. Tiyeni tiwone chitsanzo udp:
sudo tcpdump -vvv -i ppp0 udp
Chitsanzo:
Monga mukuonera mu fano, mutatha kulamulira "Terminal" mapaketi okha omwe ali ndi protocol anawonetsedwa udp. Potero, mukhoza kusungunula ndi ena, mwachitsanzo, mzere:
sudo tcpdump -vvv -i ppp0 mzere
kapena tcp:
sudo tcpdump -vvv -i ppp0 tcp
Sakanizani nambala
Woyendetsa khoka imathandizira kusungira mapaketi potsata mayina awo. Ndizosavuta kugwiritsa ntchito monga zonse - muyenera kufotokozera chiganizocho m'ma syntax khoka, kenaka lowetsani adiresi ya intaneti. Pano pali chitsanzo cha lamulo ili:
sudo tcpdump -i ppp0 net 192.168.1.1
Chitsanzo:
Sungani ndi kukula kwa phukusi
Sitinaganizire mafiriji awiri osangalatsa: zochepa ndi wamkulu. Kuchokera pa tebulo ndi zowonongeka, tikudziwa kuti akutumizira kuti apereke zina phukusi (data packets)zochepa) kapena osachepera (wamkulu) kukula komwe kunanenedwa pambuyo pa malingaliro alowa.
Tiyerekeze kuti tikungofuna kuti tiyang'ane mapaketi omwe sali oposa 50, pomwepo lamulo lidzawoneka ngati ili:
sudo tcpdump -i ppp0 osachepera 50
Chitsanzo:
Tsopano tiyeni tiwonetse mkati "Terminal" mapaketi oposa 50 bits:
sudo tcpdump -i ppp0 wamkulu 50
Chitsanzo:
Monga mukuonera, iwo amagwiritsidwa ntchito mofanana, kusiyana kokha kuli m'dzina la fyuluta.
Kutsiliza
Pamapeto pa nkhaniyi tikhoza kunena kuti timuyi tcpdump - Ichi ndi chida chachikulu chomwe mungathe kuyang'anira pakiti iliyonse ya deta yomwe imatumizidwa pa intaneti. Koma pa izi sikokwanira kungolowera lamulo lokha "Terminal". Kuti mukwaniritse zotsatira zofunikila mungapeze kokha ngati mutagwiritsa ntchito mitundu yonse ya zosankha ndi zosakaniza, komanso kuphatikiza kwawo.
