Ngati mukufuna kusanthula kapena kuletsa mapaketi amtaneti mu Linux, ndiye bwino kugwiritsa ntchito chida chothandizira tcpdump. Koma vutoli limadza chifukwa cha kasamalidwe kake kovuta. Zikuwoneka kuti wogwiritsa ntchito wamba kuti ntchito ndi zofunikira ndizosavomerezeka, koma izi ndizoyang'ana koyamba. Nkhaniyi ikufotokozerani momwe tcpdump imagwirira ntchito, momwe imapangira, momwe angaigwiritsire ntchito, ndipo zitsanzo zambiri zakugwiritsa ntchito kwake zidzaperekedwa.
Onaninso: Maupangiri akukhazikitsa njira yolumikizira intaneti ku Ubuntu, Debian, Ubuntu Server
Kukhazikitsa
Makina ambiri opanga opangira Linux amagwiritsa ntchito tcpdump m'ndandanda wa omwe adalowetsedwa kale, koma ngati pazifukwa zina sizagawidwe zanu, mutha kutsitsa ndikuyika pulogalamu yonseyi "Pokwelera". Ngati OS yanu idakhazikika pa Debian, ndipo awa ndi Ubuntu, Linux Mint, Kali Linux ndi zina zotero, muyenera kuyendetsa lamulo ili:
sudo apt tcpdump
Mukakhazikitsa, muyenera kuyika mawu achinsinsi. Chonde dziwani kuti mukayimba, sikuwonetsedwa, komanso kutsimikizira makonzedwe omwe muyenera kulowa D ndikudina Lowani.
Ngati muli ndi Red Hat, Fedora kapena CentOS, ndiye kuti kukhazikitsa kuyenera kuwoneka motere:
sudo yam kukhazikitsa tcpdump
Ntchitoyo ikaika, ikhoza kugwiritsidwa ntchito nthawi yomweyo. Izi ndi zina zambiri tidzakambirana pambuyo pake m'lembalo.
Onaninso: Kuwongolera Kukhazikitsa kwa PHP pa Ubuntu Server
Syntax
Monga lamulo lina lililonse, tcpdump ili ndi syntax yake. Mukumudziwa, mutha kukhazikitsa magawo onse omwe azikumbukiridwa mukamapereka lamulo. Syntax ndi motere:
tcpdump zosankha - mawonekedwe azosefera
Mukamagwiritsa ntchito lamulo, muyenera kutchulira mawonekedwe a kutsatira. Zosefera ndi zosankha ndizosintha mosintha, koma zimaloleza kusintha kosinthika.
Zosankha
Ngakhale sikofunikira kuti musonyeze njira, mukufunikirabe kutchula omwe alipo. Tebulo silikuwonetsa mndandanda wawo wonse, koma odziwika okha, koma ndi okwanira kuti athetse ntchito zambiri.
| Njira | Tanthauzo |
|---|---|
| -A | Mumakulolani kuti mupange mapaketi okhala ndi mawonekedwe a ASCII |
| -l | Ikuwonjezera ntchito yosindikiza. |
| -i | Mukamalowa, muyenera kufotokozera mawonekedwe amtaneti omwe aziyang'aniridwa. Kuti muyambe kuyang'ana mbali zonse, ikani mawu oti "any" mutatha kusankha |
| -c | Imatha njira yotsatirira pambuyo pofufuza kuchuluka kwamapaketi |
| -t | Amapanga fayilo yalemba ndi lipoti lotsimikizira |
| -e | Zikuwonetsa kulumikizana kwa data |
| -L | Imangowonetsa ma protocol amenewo omwe mawonekedwe omwe ali pa network amawathandizira. |
| -C | Timapanga fayilo ina panthawi yojambulira phukusi ngati kukula kwake kuli kokulirapo kuposa zomwe zidafotokozedwa |
| -r | Kutsegula fayilo yomwe idapangidwa pogwiritsa ntchito njira ya -w |
| -j | Mtundu wa TimeStamp udzagwiritsidwa ntchito kujambula mapaketi |
| -J | Mumakulolani kuti muwone mitundu yonse yomwe ilipo ya TimeStamp |
| -G | Akukhazikitsa kuti apange chipika chikwangwani. Kusankhaku kumafunikiranso mtengo wake kwa kanthawi, pambuyo pake chipika chatsopano chidzapangidwa |
| -v, -vv, -vv | Kutengera chiwerengero cha zilembo zomwe zingasankhidwe, kutulutsa kwa malamulowo kumakhala kwatsatanetsatane (kuchuluka kumakhala kofanana ndi kuchuluka kwa zilembo) |
| -f | Zotulukazo zikuwonetsa dzina lachifumu lama adilesi a IP |
| -F | Imalola kuti muwerenge zambiri osati kuchokera pa netiweki, koma kuchokera pa fayilo yomwe tafotokozayi |
| -D | Amawonetsera ma network onse omwe angagwiritsidwe ntchito. |
| -n | Imalepheretsa kuwonetsa mayina amtundu |
| -Z | Ikutanthauza wosuta omwe mafayilo ake onse adzapangidwe. |
| -K | Kudumpha Kafukufuku wa Checksum |
| -q | Chidule Chowonetsa |
| -H | Imazindikira Mitu ya 802.11s |
| -I | Ikugwiritsa ntchito pakulanda mapaketi mumalowedwe owunikira |
Tasanthula zomwe tasankhazi, pang'ono pang'onopang'ono tidzapita mwachindunji pazomwe azigwiritsa ntchito. Pakadali pano, zosefera ziziwonedwa.
Zosefera
Monga tafotokozera kumayambiriro kwa nkhaniyo, mutha kuwonjezera zosefera tcpdump syntax. Tsopano otchuka kwambiri aiwo azilingaliridwa:
| Zosefera | Tanthauzo |
|---|---|
| kuchititsa | Limatchula dzina la omwe akubwera |
| ukonde | Chimawonetsera ma subnets ndi ma network a IP |
| ip | Limafotokoza adilesi yoyendera |
| src | Imaika mapaketi omwe adatumizidwa kuchokera ku adilesi yomwe idafotokozedwayo |
| dst | Imaika mapaketi omwe adalandiridwa ndi adilesi yotsimikizidwa |
| arp, udp, tcp | Kujambula ndi imodzi mwapulogalamuyi |
| doko | Imawonetsa zidziwitso zokhudzana ndi doko linalake |
| ndi, kapena | Kuphatikiza zosefera zingapo mu lamulo. |
| wamkulu | Mapaketi amatulutsa ocheperako kapena okulirapo kuposa kukula kwakutchulidwa |
Zosefera zomwe zili pamwambazi zitha kuphatikizidwa wina ndi mnzake, kotero pakupereka kwa lamulo mudzawona zidziwitso zomwe mukufuna kuwona. Kuti mumvetse mwatsatanetsatane kugwiritsa ntchito zosefera pamwambapa, ndikofunikira kupereka zitsanzo.
Wonaninso: Malamulo Omwe Amagwiritsidwa Ntchito Nthawi Zonse mu Linux terminal
Zitsanzo Zogwiritsa Ntchito
Zosankha zomwe zimagwiritsidwa ntchito kaamba ka lamulo la tcpdump tsopano ziwonetsedwa. Onsewa sangathe kulembedwa, pokhapokha patakhala kuchuluka kosiyana kwa kusiyana kwawo.
Onani mndandanda wazofananira
Ndikofunika kuti aliyense wogwiritsa ntchito azisanthula mndandanda wa maukonde onse omwe angayang'anitsidwe. Kuchokera pagome pamwambapa tikudziwa kuti pa ichi muyenera kugwiritsa ntchito njira -D, potero, khalani ndi lamulo ili:
sudo tcpdump -D
Mwachitsanzo:
Monga mukuwonera, chitsanzochi chili ndi mawonekedwe asanu ndi atatu omwe amatha kuwonedwa pogwiritsa ntchito lamulo la tcpdump. Nkhaniyi ipereka zitsanzo ndi ppp0Mutha kugwiritsa ntchito ina iliyonse.
Kugwidwa wamba
Ngati mukufuna kutsata mawonekedwe amtundu umodzi, mutha kuchita izi pogwiritsa ntchito njira -i. Musaiwale kuyika dzina la mawonekedwe mutatha kulowamo. Nachi chitsanzo cha lamulo lotere:
sudo tcpdump -i ppp0
Chonde dziwani: lisanalamulidwe muyenera kulowa "sudo", popeza pamafunika ufulu wa mkulu.
Mwachitsanzo:
Chidziwitso: mutatha kukanikiza Lowani mu "terminal", mapaketi omwe adadulidwa adzawonetsedwa mosalekeza. Kuyimitsa kutuluka kwawo, muyenera kukanikiza chophatikiza Ctrl + C.
Mukapereka lamulo popanda zosankha ndi zosefera zina, muwona mawonekedwe otsatirawa akuwonetsa mapaketi oyang'anira:
22: 18: 52.597573 IP vrrp-topf2.p.mail.ru.https> 10.0.6.67.35482: Mbendera [P.], seq 1: 595, ack 1118, win 6494, zosankha [nop, nop, TS val 257060077 ecr 697597623], kutalika 594
Komwe amawongolera:
- buluu - nthawi yolandirira paketi;
- lalanje - mtundu wa protocol;
- zobiriwira - adilesi yotumiza;
- violet - adilesi ya wolandila;
- imvi - zambiri zowonjezera za tcp;
- ofiira - kukula kwa paketi (yowonetsedwa ma byte).
Chingwechi chimatha kuwonetsa pawindo. "Pokwelera" osagwiritsa ntchito njira zina.
Kugwidwa pamsewu ndi njira ya -v
Monga zimadziwika pagome, kusankha -v limakupatsani mwayi kuti muwonjezere zambiri. Tiyeni titenge chitsanzo. Onani mawonekedwe omwewo:
sudo tcpdump -v -i ppp0
Mwachitsanzo:
Apa mutha kuwona kuti mzere wotsatira udatuluka muzotsatira:
IP (tos 0x0, ttl 58, id 30675, offset 0, mbendera [DF], proto TCP (6), kutalika 52
Komwe amawongolera:
- lalanje - mtundu wa protocol;
- buluu - protocol lifespan;
- zobiriwira - kutalika kwa mutu wamunda;
- utoto - tcp phukusi;
- ofiira - kukula kwa paketi.
Komanso mu syntax ya lamulo mutha kulemba njira -vv kapena -vvv, zomwe zidzakulitsa kuchuluka kwa zambiri zowonetsedwa pazenera.
Njira - ndi
Tebulo lomwe mwasankhalo lidatchulapo kuthekera kosungira zotsatira zonse mu fayilo yosiyana kuti muthe kuiwona pambuyo pake. Kusankhaku ndikuyambitsa izi. -t. Kugwiritsa ntchito ndikosavuta, ingongonenani mukulamula, kenako lembani dzina la fayilo yamtsogolo ndikuwonjezera ".pcap". Tiyeni tiwone citsanzo:
sudo tcpdump -i ppp0 -w file.pcap
Mwachitsanzo:
Chonde dziwani: polemba zipika ku fayilo, palibe mawu omwe amawonetsedwa pazenera la "terminal".
Mukafuna kuwona zomwe zalembedwa, muyenera kugwiritsa ntchito njira -r, pambuyo pake lembani dzina la fayilo lojambulidwa kale. Amagwiritsidwa ntchito popanda zosankha zina ndi zosefera:
sudo tcpdump -r file.pcap
Mwachitsanzo:
Zosankha zonsezi ndi zabwino kwambiri pomwe muyenera kusunga zolemba zambiri kuti muzimasulira pambuyo pake.
Kusefa kwa IP
Kuchokera pagome laosefa tikudziwa izi dst chimakupatsani kuwonetsera pazithunzi za console zokha mapaketi okhawo omwe adalandiridwa ndi adilesi omwe amafotokozedwa mu syntax ya lamulo. Chifukwa chake, ndikosavuta kuwona mapaketi omwe makompyuta anu adalandira. Kuti muchite izi, gululi limangofunikira kufotokozera ake adilesi ya IP:
sudo tcpdump -i ppp0 ip dst 10.0.6.67
Mwachitsanzo:
Monga mukuwonera, kuwonjezera apo dst, tidalembetsanso fyuluta mu timu ip. Mwanjira ina, tidauza kompyuta kuti posankha mapaketi azikonzekera adilesi yawo ya IP, osati magawo ena.
Ndi IP, mutha kusefa mapaketi omwe akutuluka. Tiperekanso IP yathu mwachitsanzo. Ndiye kuti, tifufuza ma paketi omwe amatumizidwa kuchokera ku kompyuta kupita ku ma adilesi ena. Kuti muchite izi, gwiritsani ntchito lamulo lotsatirali:
sudo tcpdump -i ppp0 ip src 10.0.6.67
Mwachitsanzo:
Monga mukuwonera, mu syntax yalamulo tinasintha fyuluta dst pa src, potero kuwuza makinawo kuti ayang'ane wotumiza pa IP.
Zosefera Kwambiri
Mwa kufananizira ndi IP polamula, titha kunena zosefera kuchititsakusefa mapaketi ndi chidwi chochuluka. Ndiye kuti, mu syntax, m'malo mwa adilesi ya IP ya wotumiza / wolandila, muyenera kufotokoza eni ake. Zikuwoneka ngati:
sudo tcpdump -i ppp0 dst host google-public-dns-a.google.com
Mwachitsanzo:
Mu chifanizo mutha kuwona kuti "Pokwelera" mapaketi okhawo omwe adatumizidwa kuchokera ku IP yathu kupita kwa google.com hosters akuwonetsedwa. Monga momwe mumatha kumvetsetsa, mmalo mwa google host, mutha kulowa ina iliyonse.
Monga kusefa kwa IP, syntax dst akhoza m'malo ndi srcKuti muwone mapaketi omwe amatumizidwa ku kompyuta yanu:
sudo tcpdump -i ppp0 src wolowa google-public-dns-a.google.com
Chidziwitso: fyuluta ya wolandilayo iyenera kukhala pambuyo pa dst kapena src, apo ayi lamulo liponya cholakwika. Pankhani yoyisefera ndi IP, m'malo mwake, dst ndi src ali kutsogolo kwa fayilo ya ip.
Kugwiritsa ntchito ndi kapena ndi fyuluta
Ngati mukufuna kugwiritsa ntchito zosefera zingapo mu lamulo limodzi kamodzi, ndiye kuti muyenera kuyika fayilo ndi kapena kapena (zimatengera mlanduwo). Pakulongosola zosefera mu syntax ndikuzipatula ndi ogwiritsa ntchito awa, muzipangitsa kuti zizigwira ntchito ngati imodzi. Mwachitsanzo, zikuwoneka motere:
sudo tcpdump -i ppp0 ip dst 95.47.144.254 kapena ip src 95.47.144.254
Mwachitsanzo:
Syntax yalamulo ikuwonetsa zomwe tikufuna kuwonetsa "Pokwelera" mapaketi onse omwe adatumizidwa ku adilesi 95.47.144.254 ndi mapaketi omwe alandiridwa ndi adilesi yomweyo. Mutha kusintha zina mwanjira iyi. Mwachitsanzo, m'malo mwa IP, tchulani HOST kapena sinthani mwachindunji ma adilesi awo.
Zosefera ndi doko
Zosefera doko chabwino panthawi yomwe muyenera kudziwa zambiri za phukusi lomwe lili ndi doko linalake. Chifukwa chake, ngati mungofunikira kuwona mayankho kapena mafunso a DNS, muyenera kutchula doko 53:
sudo tcpdump -vv -i ppp0 doko 53
Mwachitsanzo:
Ngati mukufuna kuwona mapaketi a http, muyenera kulowa doko 80:
sudo tcpdump -vv -i ppp0 doko 80
Mwachitsanzo:
Mwa zina, ndizotheka kuyang'anira posachedwa madoko osiyanasiyana. Fyuluta imagwiritsidwa ntchito pamenepa. chojambulira:
sudo tcpdump portrange 50-80
Monga mukuwonera, molumikizana ndi fyuluta chojambulira njira zosankha ndizofunikira. Ingokhalani maguluwo.
Filter Protocol
Mutha kuwonetsa okhawo omwe amagwirizana ndi protocol iliyonse. Kuti muchite izi, gwiritsani ntchito dzina la protocol iyi ngati fyuluta. Tiyeni tione chitsanzo udp:
sudo tcpdump -vvv -i ppp0 udp
Mwachitsanzo:
Monga mukuwonera m'chithunzichi, mutapereka lamulo mu "Pokwelera" mapaketi okhawo omwe ali ndi protocol adawonetsedwa udp. Malinga ndi izi, mutha kusefa ndi ena, mwachitsanzo, arp:
sudo tcpdump -vvv -i ppp0 arp
kapena tcp:
sudo tcpdump -vvv -i ppp0 tcp
Zosefera Net
Wogwiritsa ntchito ukonde Imathandizira mapaketi a zojambula potengera maukonde awo Kugwiritsa ntchito ndikosavuta monga zina zonse - muyenera kufotokoza tanthauzo la kaphatikizidwe ukonde, kenako lowetsani ma adilesi ochezera. Nachi chitsanzo cha lamulo lotere:
sudo tcpdump -i ppp0 net 192.168.1.1
Mwachitsanzo:
Kusefa kwa Packet
Sitinaganizire zojambula zina ziwiri zosangalatsa: zochepa ndi chachikulu. Kuchokera pagome ndi zosefera, tikudziwa kuti amatumizira mapaketi a data ambiri (zochepa) kapena kuchepera (chachikulu) kukula kwakutchulidwa mutalowa chikalatacho.
Tiyerekeze kuti tikufuna kuyang'anira mapaketi okhawo osapitilira chizindikiro cha 50, ndiye kuti lamulo liziwoneka motere:
sudo tcpdump --i ppp0 zochepa 50
Mwachitsanzo:
Tsopano tiwonetsere "Pokwelera" mapaketi akuluakulu kuposa ma bits 50:
sudo tcpdump --i ppp0 wamkulu 50
Mwachitsanzo:
Monga mukuwonera, amagwiritsidwa ntchito mwanjira yomweyo, kusiyanasiyana kokha kuli m'dzina la fyuluta.
Pomaliza
Pamapeto pa nkhaniyi, titha kunena kuti gulu tcpdump - Ichi ndi chida chabwino kwambiri chomwe mungayang'anire mapaketi amtundu uliwonse opezeka pa intaneti. Koma kwa izi sikokwanira kungolowa lamulo lokha "Pokwelera". Zotsatira zomwe mungakonde muzizipeza pokhapokha mutagwiritsa ntchito mitundu yonse ya zosankha ndi zosefera, komanso kuphatikiza kwanu.
