Haeba u hloka ho sekaseka kapa ho hokela lipakete tsa marang-rang ho Linux, ho molemo hore u sebelise sesebelisoa sa console tcpdump. Empa bothata bo hlaha ho botsamaisi ba eona bo rarahaneng. Ho tla bonahala ho mosebelisi ea tloaelehileng hore ho sebetsa le ts'ebeliso ha ho na thuso, empa hona ke molemong oa pele feela. Sengoloa se tla hlalosa hore na tcpdump e sebetsa joang, e na le syntax joang, e sebelisoa joang, 'me mehlala e mengata ea ts'ebeliso ea eona e tla fuoa.
Bona hape: Tataiso ea ho theha khokelo ea inthanete ho Ubuntu, Debian, Ubuntu Server
Kenya
Boholo ba baetsi ba lits'ebetso tse sebetsang tsa Linux li kenyelletsa ts'ebeliso ea tcpdump lethathamong la tse boletsoeng esale pele, empa haeba ka lebaka le itseng e sena ts'ebelisong ea hau, u ka lula u e jarolla le ho e kenya ka ho "Mokhatlo oa" terminal ". Haeba OS ea hau e thehiloe ho Debian, 'me tsena ke Ubuntu, Linux Mint, Kali Linux le tse ling, o hloka ho tsamaisa taelo ena:
sudo apt kenya tcpdump
Ha o kenya, o hloka ho kenya phasewete. Ka kopo elelloa hore ha o daela, ha o hlahisoe, hape le ho netefatsa tlhophiso eo u e hlokang ho kenya sebapali D ebe oa tobetsa Kena.
Haeba u na le Red Hat, Fedora kapa CentOS, joale taelo ea ho kenya e tla shebahala tjena:
sudo yam kenya tcpdump
Kamora ts'ebeliso e kentsoe, e ka sebelisoa hang-hang. Taba ena le tse ling li tla tšohloa hamorao temaneng.
Bona hape: Tataiso ea ho kenya UPP ho Ubuntu Server
Syntax
Joalo ka taelo efe kapa efe e 'ngoe, tcpdump e na le syntax ea eona. Ka ho mo tseba, o ka beha liparamente tsohle tse hlokahalang tse tla tsotelloa ha o etsa taelo. Syntax e tjena:
likhetho tsa tcpdump -e-li-interface tsa moea
Ha o sebedisa taelo, o tlameha ho qaqisa sebopeho sa pina. Lifilimi le likhetho ke lintho tse ka fetohang ka boikhethelo, empa li lumella tloaelo e bonolo.
Likhetho
Le ha ho sa hlokahale ho supa khetho, o ntse o hloka ho thathamisa tse fumanehang. Tafole ha e bonts'e lenane la bona kaofela, empa ke feela ba tummeng ka ho fetisisa, empa ba feta ho lekana ho rarolla mesebetsi e mengata.
| Mokhoa | Tlhaloso |
|---|---|
| -A | E lumella u ho hlophisa liphutheloana ka sebopeho sa ASCII |
| -l | E eketsa ts'ebetso ea moqolo. |
| -i | Kamora ho kena, o hloka ho hlakisa sebopeho sa marang-rang se tla hlahlojoa. Ho qala ho lekola li-interface tsohle, kenya lentsoe "leha e le lefe" kamora khetho |
| -c | E phethela ts'ebetso ea ho latella kamora ho hlahloba palo e boletsoeng ea lipakete |
| -w | Ho hlahisa faele ea mongolo ka tlaleho ea netefatso |
| -E | E bonts'a boemo ba khokahanyo ea inthanete |
| -L | E bontša feela liprotheine tseo sebatli se boletsoeng marang-rang se ts'ehetsang. |
| -C | E etsa file e 'ngoe nakong ea ho rekota ka sephutheloana haeba boholo ba eona bo le boholo ho feta bo boletsoeng |
| -r | E bula faele e baliloeng e entsoeng ka mokhoa oa -w |
| -j | Sebopeho sa TimeStamp se tla sebelisoa ho hatisa lipakete |
| -J | Eu lumella hore u shebelle liforomo tsohle tse fumanehang tsa TimeStamp |
| -G | Sebeletsa ho etsa file file. Khetho e boetse e hloka boleng ba nakoana, ka mor'a moo ho thehoe logi e ncha |
| -v, -vv, -vv | Ho ipapisitse le palo ea batho bao ho buuoang ka bona ka khetho, tlhahiso ea taelo e tla qaqisa haholoanyane (keketseho e lekana hantle le palo ea litlhaku) |
| -f | Seo se hlahisoang se bontša lebitso la sebaka la liaterese tsa IP |
| -F | E lumella ho bala tlhahisoleseling eseng ho tsoa khokahanong ea marang-rang, empa ho tsoa ho faele e boletsoeng |
| -D | E bonts'a marang-rang ohle a marang-rang a ka sebelisoang. |
| -n | E sitisa pontšo ea mabitso a domain |
| -Z | E bontša mosebelisi eo file lifaele tsohle li tla etsoa. |
| -K | Ho Lekola Tlhahlobo ea Tlhatlhobo |
| -q | Kakaretso ea Pontšo |
| -H | E fumana lihlooho tsa 802.11s |
| -I | E sebelisoa ha o kenya lipakete ka mokhoa oa ho beha leihlo |
Ha re se re hlahlobile likhetho, re tla ea hanyane ka tlase ho lits'ebetso tsa bona. Khabareng, ho tla hlahlojoa lifilimi.
Metlhotlo
Joalokaha ho boletsoe qalong ea sengoloa, o ka kenyelletsa likhalase tsa mofuta oa tcpdump syntax. Hona joale ho tsebahalang ka ho fetisisa ho bona ho tla nahanoa:
| Sefa | Tlhaloso |
|---|---|
| moamoheli | E hlalosa lebitso la moamoheli |
| net | E supa li-subnets tsa IP le marang-rang |
| ip | E hlalosa aterese ea protocol |
| src | E bontša lipakete tse rometsoeng ho tsoa atereseng e boletsoeng |
| dst | E bontša lipakete tse ileng tsa amoheloa ke aterese e boletsoeng |
| arp, udp, tcp | E potela ke e 'ngoe ea liprotheine |
| boema-kepe | E hlahisa tlhahisoleseling e amanang le koung e itseng |
| le, kapa | Ho kopanya lits'ilafalo tse 'maloa ka taelo. |
| tse fokolang haholo | Lipakete tsa tlhahiso li nyane kapa li kholo ho feta boholo bo boletsoeng |
Lits'oants'o tsohle tse ka holimo li ka kopantsoe, kahoo ha u fana ka taelo u tla bona feela tlhahisoleseling eo u batlang ho e bona. Ho utloisisa ka botlalo haholoanyane ts'ebeliso ea lits'oants'o tse holimo, ho bohlokoa ho fana ka mehlala.
Bona hape: Litaelo tse Sebelisoang Khafetsa ho Linux terminal
Mehlala ea Ts'ebeliso
Likhetho tsa syntax tse sebelisoang khafetsa bakeng sa taelo ea tcpdump joale li tla bontšoa. Tsena kaofela ha li na ho thathamisoa, hobane ho ka ba le palo e sa lekanyetsoang ea phapang ea bona.
Sheba lenane la libaka tse fapaneng
Ho khothalletsoa hore mosebelisi e mong le e mong a qale ka ho sheba lethathamo la maqhubu ohle a marang-rang a hae a ka lateloang. Ho tsoa tafoleng e kaholimo rea tseba hore bakeng sa sena u hloka ho sebelisa khetho -D, kahoo ho terminal, tsamaisa taelo e latelang:
sudo tcpdump -D
Mohlala:
Joalokaha u bona, mohlala o na le maqhubu a robeli a ka shebiloeng a sebelisa taelo ea tcpdump. Sengoloa se tla fana ka mehlala le maqU ka sebelisa e meng.
Ho tšoaroa ka tsela e tloaelehileng
Haeba u hloka ho latela sebopeho se le seng sa marang-rang, u ka etsa sena u sebelisa khetho -i. Se ke oa lebala ho kenya lebitso la sebapali ka mor'a ho se kenya. Mona ke mohlala oa taelo e joalo:
sudo tcpdump -i ppp0
Ka kopo ela hloko: pele ho taelo eo u hlokang ho kenya "sudo", kaha e hloka litokelo tsa superuser.
Mohlala:
Tlhokomeliso: kamora ho tobetsa Enter "ho" terminal ", lipakete tse kentsoeng li tla bonts'oa khafetsa. Ho emisa ho phalla ha bona, o hloka ho tobetsa konopo Ctrl + C.
Haeba o etsa taelo ntle le likhetho tse ling le lits'oants'o tse ling, o tla bona sebopeho se latelang sa ho bonts'a lipakete tse hlokometsoeng:
22: 18: 52.597573 IP vrrp-topf2.p.mail.ru.https> 10.0.6.67.35482: Lifolakha [P.], seq 1: 595, ack 1118, win 6494, likhetho [nop, nop, TS val 257060077 ecr 697597623], bolelele 594
Moo 'mala o totobatsoang:
- putsoa - nako ea ho amohela pakete;
- lamunu - mofuta oa protocol;
- botala - aterese ea bareki;
- violet - aterese ea moamoheli;
- bohlooho - tlhaiso-leseling e eketsehileng ka tcp;
- bofubelu - boholo ba pakete (e bontšoa ka li-byte).
Syntax ena e khona ho bontša ka fensetere. "Mokhatlo oa" terminal " ntle le ho sebelisa likhetho tse ling.
Ho ts'oaroa ha sephethephethe ka khetho ea -v
Joalokaha ho tsejoa ho tloha tafoleng, khetho -v e o lumella ho eketsa palo ea tlhaiso-leseling. A re nke mohlala. Lekola sebopeho se tšoanang:
sudo tcpdump -v -i ppp0
Mohlala:
Mona u ka bona hore mola o latelang o hlahile ho tsoa:
IP (tos 0x0, ttl 58, id 30675, offset 0, lifolakha [DF], proto TCP (6), bolelele 52
Moo 'mala o totobatsoang:
- lamunu - mofuta oa protocol;
- putsoa - mokhoa oa bophelo oa protocol;
- botala - bolelele ba hlooho ea tšimo;
- pherese - mofuta oa sephutheloana sa tcp;
- bofubedu - boholo ba pakete.
Hape ho syntax ea taelo u ka ngola khetho -vv kapa -vvv, e tla eketsa palo ea tlhahisoleseling e bontšitsoeng skrineng.
Khetho -7 le -r
Tafole ea likhetho e boletse bokhoni ba ho boloka lisebelisoa tsohle ka faele e arohaneng e le hore u ka e shebella hamorao. Khetho e ikarabella bakeng sa sena. -w. Ho e sebelisa ho bonolo haholo, e hlalose feela ka taelo, ebe u kenya lebitso la faele ea kamoso ka katoloso ".pcap". Ha re shebeng mohlala:
sudo tcpdump -i ppp0 -w file.pcap
Mohlala:
Ka kopo elelloa: ha u ntse u ngola li-file ho file, ha ho sengoloa se hlahisoang skrineng sa "terminal".
Ha o batla ho bona tlhahiso e rekotiloeng, o tlameha ho sebelisa khetho -r, ka mor'a moo ngola lebitso la faele e rekotiloeng ea pele. E sebelisoa ntle le likhetho le lifilimi tse ling:
sudo tcpdump -r file.pcap
Mohlala:
Ka bobeli ba likhetho tsena li ntle maemong ao ho ona u hlokang ho boloka lingoliloeng tse ngata bakeng sa ho li qapanya hamorao.
Filting ea IP
Ho tloha tafoleng ea faele re tseba seo dst e o lumella ho bonts'a skrineng sa "console" feela lipakete tse ileng tsa amoheloa ke aterese e hlalositsoeng syntax ea taelo. Kahoo, ho bonolo haholo ho sheba lipakete tse amoheloeng ke komporo ea hau. Ho etsa sena, sehlopha se hloka feela ho hlakisa aterese ea eona ea IP:
sudo tcpdump -i ppp0 ip dst 10.0.6.67
Mohlala:
Joalokaha u bona, ntle le dst, re ngolisa le filthara sehlopheng ip. Ka mantsoe a mang, re bolelletse khomphutha hore ha u khetha lipakete o tla ela hloko aterese ea bona ea IP, eseng likarolo tse ling.
Ka IP, o ka boela oa sefa lipakete tse tsoang. Re tla fa IP ea rona hape mohlaleng. Ka mantsoe a mang, hona joale re tla sheba hore na ke lipakete life tse rometsoeng ho tloha komporong ea rona ho liaterese tse ling. Ho etsa sena, tsamaisa taelo e latelang:
sudo tcpdump -i ppp0 ip src 10.0.6.67
Mohlala:
Joalokaha u bona, ho syntax ea taelo re fetotse filthara dst bulela src, ka hona, ke ho joetsa mochini hore o batle moreki ho feta IP.
Filter ea HOST
Ka ho bapisa le IP ho taelo, re ka bolela filthara moamoheliho sefa lipakete ka bongata bo khahlisang. Ka mantsoe a mang, ho syntax, ho fapana le aterese ea IP ea mo romelletseng / moamoheli, o tla hloka ho hlakisa moamoheli oa eona. E shebahala tjena:
sudo tcpdump -i ppp0 dst host google-public-dns-a.google.com
Mohlala:
Setšoantšong u ka bona seo ka "Mokhatlo oa" terminal " ke lipakete tse rometsoeng ho tsoa ho IP ea rona ho ea hoogle.com hostel tse hlahang. Joalokaha u ka utloisisa, sebakeng sa moamoheli oa google, o ka kenya tse ling.
Joalo ka ho sefahleho sa IP, syntax dst e ka nkeloa sebaka ke srcHo bona liphutheloana tse rometsoeng komporong ea hau:
sudo tcpdump -i ppp0 src amohela google-public-dns-a.google.com
Tlhokomeliso: senotlolo sa moamoheli se tlameha ho ba kamora dst kapa src, ho seng joalo taelo e tla lahlela phoso. Tabeng ea ho sefahleho ke IP, ho fapana le hoo, dst le src li ka pele ho filthara ea ip.
Ho kenya tshebetsong le kapa le
Haeba u hloka ho sebelisa li-filters tse 'maloa ka taelo e le' ngoe ka nako e le ngoe, joale u lokela ho kenya sefaha le kapa kapa (ho latela nyeoe). Ka ho hlakola lits'oants'o tse ling ka har'a syntax le ho li arola le basebetsi ba bang, u tla ba etsa hore ba sebetse e le bonngoe. Mohlala, e shebahala tjena:
sudo tcpdump -i ppp0 ip dst 95.47.144.254 kapa ip src 95.47.144.254
Mohlala:
Syntax ea taelo e bontša seo re batlang ho se bontša "Mokhatlo oa" terminal " lipakete tsohle tse rometsoeng ho ea atereseng 95.47.144.254 le lipakete tse fumaneng aterese e tšoanang. U ka fetola mefuta e meng ea polelo ena. Mohlala, sebakeng sa IP, qaqisa HOST kapa u tlatsetse ka ho toba liaterese ka botsona.
Seteishene sa port le tsa portrange
Sefa boema-kepe e nepahetse maemong ao ho ona u hlokang ho fumana tlhaiso-leseling ka lipakete tse nang le boema-kepe bo itseng. Kahoo, haeba o hloka feela ho bona likarabo kapa lipotso tsa DNS, o hloka ho hlakisa port 53:
sudo tcpdump -vv -i ppp0 port 53
Mohlala:
Haeba u batla ho bona lipakete tsa http, u hloka ho kenya port 80:
sudo tcpdump -vv -i ppp0 port 80
Mohlala:
Har'a lintho tse ling, hoa khonahala ho latela hang-hang mefuta ea likou. Ho sebelisoa filthara bakeng sa sena. portrange:
sudo tcpdump portrange 50-80
Joalo ka ha u bona, ka kopanelo le sethala portrange likhetho tsa boikhethelo lia hlokahala. Kenya feela mefuta.
Protocol ea Protocol
U ka hlahisa sephethephethe se tsamaeang le protocol efe kapa efe. Ho etsa sena, sebelisa lebitso la protocol ena e le sefahleho. A re shebeng mohlala udp:
sudo tcpdump -vvv -i ppp0 udp
Mohlala:
Joalokaha u bona setšoantšong, kamora ho etsa taelo ho "Mokhatlo oa" terminal " ho bontšitsoe lipakete tse nang le protocol feela udp. Ka lebaka leo, o ka sefa ka ba bang, mohlala, arp:
sudo tcpdump -vvv -i ppp0 arp
kapa tcp:
sudo tcpdump -vvv -i ppp0 tcp
Mofuta oa net
Setsebi net e thusa liphutheloana tsa likhoele tse ipapisitse le marang-rang a tsona. Ho e sebelisa ho bonolo joaloka tse ling - ho hlokahala hore u hlalose tšobotsi ho syntax net, ebe o kenya aterese ea marang-rang. Mona ke mohlala oa taelo e joalo:
sudo tcpdump -i ppp0 net 192.168.1.1
Mohlala:
Ho fepa ka boholo ba pakete
Ha rea ka ra sheba lintho tse ling tse peli tse thabisang: hanyane le e kholo. Ho tloha tafoleng le lits'ila, rea tseba hore ba sebeletsa ho hlahisa lipakete tsa data tse ngata (hanyanekapa ka tlase (e kholo) boholo bo boletsoeng kamora ho kenella semelo.
A re re re batla ho beha leihlo lipakete tse sa feteng matšoao a 50, ebe taelo e tla shebahala tjena:
sudo tcpdump -i ppp0 tlase 50
Mohlala:
Joale ha re bontsheng "Mokhatlo oa" terminal " lipakete tse kholo ho feta li-bits tse 50:
sudo tcpdump -i ppp0 kholoanyane 50
Mohlala:
Joalokaha u bona, li sebelisitsoe ka tsela e ts'oanang, phapang feela e lebitsong la sefofane.
Qeto
Qetellong ea sengoloa re ka fihlela qeto ea hore sehlopha tcpdump - Sena ke sesebelisoa se setle ka ho fetisisa seo ka sona u ka lekolang pakete efe kapa efe ea data e fetisitsoeng ka inthanete. Empa bakeng sa sena ha ho a lekana ho kenya feela taelo ka boeona "Mokhatlo oa" terminal ". Sephetho se lakatsehang se tla fumanoa feela haeba u sebelisa mefuta eohle ea likhetho le lifilimi, hammoho le motsoako oa tsona.
