Idan kuna buƙatar nazarin ko katse fakitin fakiti na cibiyar sadarwa a cikin Linux, to, zai fi kyau kuyi amfani da injin mai amfani tcpdump. Amma matsalar ta taso a cikin tsari mai rikitarwa. Zai yi wa mai amfani da matsakaicin cewa yin aiki tare da mai amfani ba shi da matsala, amma wannan kawai a kallon farko. Labarin zaiyi bayani game da yadda tcpdump yake aiki, menene halayyar sa, yadda za'a yi amfani dashi, da misalai da yawa na amfanin sa.
Duba kuma: Jagorori don kafa haɗin Intanet a Ubuntu, Debian, Ubuntu Server
Shigarwa
Yawancin masu haɓaka tsarin aiki na tushen Linux sun haɗa da tcpdump mai amfani a cikin jerin waɗanda aka riga aka shigar, amma idan saboda wasu dalilai to ba a cikin rarraba ku ba, koyaushe za ku iya saukarwa da shigar dashi ta "Terminal". Idan OS ɗinku ya dogara ne da Debian, kuma waɗannan Ubuntu, Linux Mint, Kali Linux da makamantan su, kuna buƙatar gudanar da wannan umarnin:
sudo dace kafa tcpdump
Lokacin shigarwa, kuna buƙatar shigar da kalmar sirri. Lura cewa lokacin bugawa, ba a nuna shi ba, kuma don tabbatar da saitin da kuke buƙatar shigar da halayyar D kuma danna Shigar.
Idan kuna da Red Hat, Fedora ko CentOS, to, umarnin shigarwa zai yi kama da wannan:
sudo yam kafa tcpdump
Bayan an kunna mai amfani, ana iya amfani da shi nan da nan. Za a tattauna wannan da ƙari kuma a gaba a cikin rubutun.
Duba kuma: Jagorar Saukewar PHP akan Ubuntu Server
Syntax
Kamar kowane umarni, tcpdump yana da nasa yanayin. Sanin shi, zaku iya saita duk abubuwanda suka zama dole wanda za'a yi la'akari dashi lokacin aiwatar da umarnin. Gaskiyar magana kamar haka:
tcpdump za optionsu--ukan -zababen dubawa
Lokacin amfani da umarnin, dole ne a ƙayyade keɓaɓɓiyar don dubawa. Matattara da zaɓuɓɓukan zaɓuɓɓukan zaɓuɓɓuka ne, amma sun ba da damar ƙarin sassauƙar gyare-gyare.
Zaɓuɓɓuka
Kodayake ba lallai ba ne don nuna zaɓi, har yanzu kuna buƙatar jerin abubuwan da ke akwai. Teburin bai nuna duk jerin sunayen su ba, amma mafi mashahuri ne kawai, amma sun fi isa sosai don warware yawancin ayyukan.
| Zabi | Ma'anar |
|---|---|
| -A | Yana ba ku damar tsara fakiti tare da tsarin ASCII |
| -l | Yana ƙara aikin gungura. |
| -i | Bayan shigar, kuna buƙatar tantance ma'anar hanyar sadarwar da za'a kula. Don fara lura da duk musaya, shigar da kalmar "kowane" bayan zaɓi |
| -c | Yana ƙare aikin bin diddigin bayan duba takamaiman adadin fakitoci |
| -w | Ya haifar da fayil ɗin rubutu tare da rahoton tabbaci |
| -e | Yana nuna matakin haɗin haɗin yanar gizo |
| -L | Nuna kawai waɗannan ladabi waɗanda ƙayyadaddun hanyar sadarwar cibiyar sadarwa ke goyan baya. |
| -C | Yana ƙirƙirar wani fayil yayin rakodin kunshin idan girmanta ya fi girman da aka ƙayyade |
| -r | Yana buɗe fayil wanda aka karanta ta amfani da -w zaɓi |
| -j | Za a yi amfani da Tsarin Lokaci na Lokaci don yin rikodin fakitoci |
| -J | Yana ba ku damar duba duk nau'ikan nau'ikan Lokaci na Tsarin Lokaci na Lokaci |
| -G | Yana aiki don ƙirƙirar fayil ɗin log. Zaɓin zaɓi shima yana buƙatar ƙimar ɗan lokaci, bayan haka za'a ƙirƙiri sabon log |
| -v, -vv, -vv | Ya danganta da adadin haruffa a cikin zaɓi, fitowar umarni za ta zama ƙarin dalla-dalla (ƙaruwar ta haɗu daidai da adadin haruffa) |
| -f | Samfurin yana nuna sunan yankin na adiresoshin IP |
| -F | Yana ba da damar karanta bayanai ba daga cikin hanyar sadarwa ba, amma daga fayil da aka ƙayyade |
| -D | Yana nuna duk hanyoyin sadarwa na hanyar sadarwa da za'a iya amfani dasu. |
| -n | Ana kashe allon yankin |
| -Z | Yana bayyana mai amfani a ƙarƙashin wanda asusunsa za'a ƙirƙiri duk fayiloli. |
| -K | Tsallake Checksum Analysis |
| -q | Takaitaccen bayani |
| -H | Gano Shugabanni 802.11s |
| -I | Ana amfani dashi lokacin ɗaukar fakitoci a cikin yanayin saka idanu |
Bayan bincika zaɓuɓɓukan, kaɗan kaɗan zamu tafi kai tsaye zuwa aikace-aikacen su. A halin yanzu, za a yi la’akari da matattara.
Tace
Kamar yadda aka fada a farkon farkon labarin, zaku iya ƙara matattara zuwa scint ɗin tcpdump. Yanzu mafi shahararrun su za a yi la'akari:
| Tace | Ma'anar |
|---|---|
| mai gida | Yana bayyana sunan rundunar |
| net | Yana nuna alamun IP da hanyoyin sadarwa |
| ip | Yana bayyana adireshin ladabi |
| src | Nuna fakiti da aka aiko daga adireshin da aka kayyade |
| dst | Nuna fakiti da aka karɓa ta adireshin da aka ambata |
| arp, udp, tcp | Tace ta ɗayan ladabi |
| tashar jiragen ruwa | Nuna bayanin da ya danganci wani tashar jiragen ruwa |
| da, ko | Hada haɗe da matattara a cikin umarni. |
| kasa da girma | Fakitin kayan fitarwa ƙarami ko girma fiye da ƙayyadadden girman |
Dukkanin abubuwan da aka ambata a sama ana iya haɗasu tare da juna, don haka a cikin ƙaddamar da umarnin kawai za ku ga bayanan da kuke son gani. Don fahimtar cikakkun bayanai game da amfani da abubuwan tacewa na sama, yana da daraja bayar da misalai.
Duba kuma: Dokokin da Aka Amfani dasu akai akai a Linux Terminal
Misalai Amfani
Zaɓuɓɓukan saiti da aka saba amfani dasu don umarnin tcpdump yanzu za'a nuna su. Dukkansu ba za'a iya jera su ba, tunda za a iya samun adadin adadin adadin su.
Duba jerin musaya
An ba da shawarar cewa kowane mai amfani da farko ya duba jerin abubuwan yanar gizo na hanyar sadarwa da za a iya bin sawu. Daga teburin da ke sama mun sani cewa don wannan kuna buƙatar amfani da zaɓi -D, saboda haka a cikin tashar, gudanar da umarnin kamar haka:
sudo tcpdump -D
Misali:
Kamar yadda kake gani, misalin yana da musayoyi takwas da za'a iya kallon su ta amfani da umarnin tcpdump. Labarin zai ba da misalai tare da ppp0Kuna iya amfani da wani.
Kama gari na al'ada
Idan kuna buƙatar bin saitin cibiyar sadarwa ɗaya, zaku iya yin wannan ta amfani da zaɓi -i. Kar a manta shigar da sunan dubawa bayan shigar da shi. Ga misalin irin wannan umarnin:
sudo tcpdump -i ppp0
Lura cewa: a gaban umarnin da ake buƙatar shigar da "sudo", tunda yana buƙatar haƙƙoƙin superuser.
Misali:
Bayani: bayan danna Shigar a cikin "Terminal", fakiti da aka toshe za a nuna su gaba-gaba. Don dakatar da kwararar su, kuna buƙatar latsa maɓallin haɗuwa Ctrl + C.
Idan ka aiwatar da umarnin ba tare da ƙarin zaɓuɓɓuka da masu tacewa ba, zaku ga tsarin da ke gaba don nuna fakiti mai kulawa:
22: 18: 52.597573 IP vrrp-topf2.p.mail.ru.https> 10.0.6.67.35482: Flags [P.], seq 1: 595, ack 1118, cin nasara 6494, zaɓuɓɓuka [nop, nop, TS val 257060077 ecr 697597623], tsawon 594
Inda aka haskaka launi:
- shuɗi - lokacin karbar fakiti;
- orange - sigar ladabi;
- kore - adireshin mai aikawa;
- violet - adireshin mai karɓa;
- launin toka - ƙarin bayani game da tcp;
- ja - girman fakiti (wanda aka nuna a jaka).
Wannan salinx yana da ikon nunawa ta taga. "Terminal" ba tare da amfani da ƙarin zaɓuɓɓuka ba.
Kama motoci tare da zaɓi -v
Kamar yadda aka sani daga tebur, zaɓi -v ba ku damar ƙara yawan bayanai. Bari mu dauki misali. Duba dubawa iri daya:
sudo tcpdump -v -i ppp0
Misali:
Anan zaka ga cewa layi mai zuwa ya bayyana a fitarwa:
IP (tos 0x0, ttl 58, id 30675, diyya 0, flags [DF], proto TCP (6), tsayi 52
Inda aka haskaka launi:
- orange - sigar ladabi;
- shuɗi - tsawon rayuwa;
- kore - tsawon filin filin;
- purple - tcp package version;
- ja - girman fakiti.
Hakanan a cikin umarnin ginin zaka iya rubuta zaɓi -vv ko -vvv, wanda zai kara adadin bayanan da aka nuna akan allon.
Zabi -w da -r
Tebur za optionsu options mentionedukan da aka ambata ikon ajiye duk fitarwa a cikin fayil daban don ku iya duba ta gaba. Zaɓin shine alhakin wannan. -w. Amfani da shi mai sauki ne, kawai sanya shi a cikin umarni, sannan shigar da sunan fayil na gaba tare da fadada ".pcap". Bari mu kalli wani misali:
sudo tcpdump -i ppp0 -w file.pcap
Misali:
Lura: yayin rubuta rajista zuwa fayil, ba a nuna rubutu a allon "Terminal".
Lokacin da kake son fitowar fitowar, dole ne kayi amfani da zabin -r, bayan wannan sai a rubuta sunan fayil ɗin da aka yi rikodin a baya. Ana amfani dashi ba tare da wasu zaɓuɓɓuka da masu tace ba:
sudo tcpdump -r file.pcap
Misali:
Duk waɗannan zaɓuɓɓuka suna da girma a lokuta inda kake buƙatar adana adadi mai yawa don parsing daga baya.
Tacewar IP
Daga teburin tace mun san hakan dst ba ku damar nunawa a kan allon wasan bidiyo kawai waɗancan fakiti waɗanda aka karɓa ta adireshin da aka ƙayyadadden bayanin magana. Don haka, yana da matuƙar dacewa duba fakiti da kwamfutarka ta karɓa. Don yin wannan, ƙungiyar tana buƙatar kawai bayyana adireshin IP ɗin:
sudo tcpdump -i ppp0 ip dst 10.0.6.67
Misali:
Kamar yadda kake gani, banda dst, mun kuma yi rajistar matatar a cikin ƙungiyar ip. A takaice dai, mun gaya wa kwamfutar cewa lokacin zabar fakiti zai kula da adireshin IP din su, kuma ba wasu sigogi ba.
Ta IP, zaku iya tace fakitoci masu fita. Za mu sake bayar da IP ɗinmu a cikin misalin. Wato, yanzu za mu bi sawun fakiti da aka aiko daga kwamfutar mu zuwa wasu adiresoshin. Don yin wannan, gudanar da umarni mai zuwa:
sudo tcpdump -i ppp0 ip src 10.0.6.67
Misali:
Kamar yadda kake gani, a cikin umarnin ginin muka canza matatar dst a kunne src, ta hanyar gaya wa injin don neman mai aikawa akan IP.
TUNANIN YANZU
Ta hanyar kwatantawa da IP a cikin umurnin, zamu iya tantance matata mai gidadon tace fakitoci tare da rundunar masu amfani. Wannan shine, a cikin wurin magana, maimakon adireshin IP na mai aikawa / mai karɓa, kuna buƙatar ƙayyade mai masaukin sa. Ya yi kama da wannan:
sudo tcpdump -i ppp0 dst host google-public-dns-a.google.com
Misali:
A cikin hoton zaka iya ganin hakan a ciki "Terminal" kawai wadancan fakiti da aka aiko daga IP dinmu zuwa google.com host na nuna. Kamar yadda zaku iya fahimta, maimakon rundunar google, zaku iya shigar da kowane.
Kamar yadda yake tare da IP, tacewa dst za a iya maye gurbinsu da srcDon ganin kunshin da aka aika zuwa kwamfutarka:
sudo tcpdump -i ppp0 src rundunar google-public-dns-a.google.com
Lura: matattarar mai samarwa dole ne bayan dst ko src, in ba haka ba umarnin zai jefa kuskure. Game da tacewa ta hanyar IP, akasin haka, dst da src suna gaban ip filter.
Aiwatar da da da kuma ko tace
Idan kuna buƙatar amfani da matattara da yawa a cikin umarni ɗaya lokaci ɗaya, to kuna buƙatar amfani da matatar da ko ko (ya dogara da shari’ar). Ta hanyar tantance masu tacewa a cikin taken da kuma raba su da wadannan maharan, zaku sanya su zama daya. Misali, ga alama haka:
sudo tcpdump -i ppp0 ip dst 95.47.144.254 ko ip src 95.47.144.254
Misali:
Umurnin umarnin yana nuna abin da muke son nunawa "Terminal" duk fakiti da aka aika zuwa adireshin 95.47.144.254 da fakiti da aka karba ta adireshin iri daya. Hakanan zaka iya canza wasu masu canji a cikin wannan bayanin. Misali, maimakon IP, saka HOST ko maye gurbin adiresoshin kai tsaye.
Port da kuma cikakke tace
Tace tashar jiragen ruwa cikakke a cikin lokuta inda kuke buƙatar samun bayani game da fakitoci tare da takamaiman tashar jiragen ruwa. Don haka, idan kuna buƙatar kawai ganin amsoshi ko tambayoyin DNS, kuna buƙatar tantance tashar jiragen ruwa 53:
sudo tcpdump -vv -i ppp0 tashar jiragen ruwa 53
Misali:
Idan kana son duba fakiti http, kana buƙatar shigar da tashar jiragen ruwa 80:
sudo tcpdump -vv -i ppp0 tashar jiragen ruwa 80
Misali:
Daga cikin wasu abubuwa, yana yiwuwa a waƙa da yawan tashoshin jiragen ruwa kai tsaye. Ana amfani da matattara don wannan. misalta:
sudo tcpdump portorn 50-80
Kamar yadda kake gani, a hade tare da tace misalta ana buƙatar zaɓuɓɓukan zaɓi. Kawai saita kewayon.
Filin layinhantsaki
Hakanan zaka iya nuna zirga-zirgar zirga-zirga kawai wanda ya dace da kowane yarjejeniya. Don yin wannan, yi amfani da sunan wannan yarjejeniya a matsayin matattara. Bari mu kalli wani misali udp:
sudo tcpdump -vvv -i ppp0 udp
Misali:
Kamar yadda kake gani a hoto, bayan aiwatar da umarnin a ciki "Terminal" kawai fakiti tare da ladabi an nuna su udp. Haka kuma, zaku iya tace wasu, misali, baka:
sudo tcpdump -vvv -i ppp0 arp
ko tcp:
sudo tcpdump -vvv -i ppp0 tcp
Matatar tacewa
Mai aiki net taimaka tace fakitoci bisa la’akari da tsarin aikinsu na cibiyar sadarwa. Amfani da shi yana da sauki kamar sauran - kuna buƙatar tantance sifa ce a cikin ginin net, sannan shigar da adireshin cibiyar sadarwa. Ga misalin irin wannan umarnin:
sudo tcpdump -i ppp0 net 192.168.1.1
Misali:
Tace girman fakiti
Ba mu yi la'akari da ƙarin karin abubuwa biyu masu ban sha'awa ba: kasa da mafi girma. Daga tebur tare da masu tacewa, mun san cewa suna yin hidimar kayan fakitin kayan morewa (kasa) ko lessasa da (mafi girma) girman da aka ayyana bayan shigar da sifofin.
Da ace muna son saka idanu kawai fakiti wanda basa wuce alamar 50-bit din ba, to umurnin zaiyi kama da haka:
sudo tcpdump -i ppp0 kasa da 50
Misali:
Yanzu bari mu nuna a ciki "Terminal" fakitoci mafi girma fiye da 50
sudo tcpdump -i ppp0 mafi girma 50
Misali:
Kamar yadda kake gani, ana amfani dasu a wannan hanyar, bambanci kawai shine a cikin sunan matatar.
Kammalawa
A ƙarshen labarin, zamu iya yanke hukuncin cewa ƙungiyar tcpdump - Wannan ingantaccen kayan aiki ne wanda zaku iya waƙa da duk fakiti data watsa ta yanar gizo. Amma saboda wannan bai isa kawai shigar da umarnin kanta ba "Terminal". Za a samu sakamakon da ake so ne kawai idan kun yi amfani da kowane irin zaɓi da matattara, gami da haɗuwarsu.
