Tcpdump, san zirga-zirgar hanyoyin sadarwar hanyar sadarwa daga tashar

Damián A.

4 minti

Game da tcpdump

A cikin labarin na gaba zamuyi la'akari da tcpdump. Wannan kayan aikin zai bamu damar duba bayani game da shigarwa da barin hanyar sadarwa ƙaddara. Kayan aiki ne wanda zai bamu damar ganin bayanan fakitin. Wannan bayanin zai zama inda fakiti masu shigowa suka fito da kuma inda fakiti masu fita suke tafiya, suna ba wasu ƙarin bayanai. Zamu iya adana sakamakon a cikin fayil don sake dubashi daga baya.

Wannan shirin yana aiki akan yawancin tsarin sarrafa UNIX: Gnu / Linux, Solaris, BSD, Mac OS X, HP-UX da AIX da sauransu. A kan waɗannan tsarin, tcpdump yana amfani da ɗakin karatu na libpcap don ɗaukar fakiti da ke yawo akan hanyar sadarwa. Hakanan akwai daidaitawa don tsarin Windows Windows da ake kira WinDump wanda ke yin amfani da ɗakin karatu na Winpcap.

Akan UNIX da sauran tsarukan aiki ya zama dole ayi gatan gudanarwa (tushen) don amfani da tcpdump. Masu amfani za su iya yin amfani da matattara iri-iri don kayan aikin su ya fi kyau. Tace magana ce wacce take bayan zabin kuma hakan yana bamu damar zabar abubuwanda muke nema. Idan babu masu tace abubuwa tcpdump zai watsar da duk wata hanyar wucewa ta hanyar adaftar cibiyar sadarwa da aka zaba.

Tcpdump tsoho hali

Kisa de tcpdump ba tare da sigogi ba zai nemi farkon aikin dubawa Zai samo kuma ya nuna bayanai game da fakiti masu shiga ko barin na'urar hanyar sadarwa. Za a yi hakan har sai an katse aikin (latsa Ctrl + C) ko aka soke. Don amfani da shi kawai zamu rubuta a cikin m (Ctrl + Alt + T):

tcpdump ta tsohuwa 

sudo tcpdump

Da zarar umarnin ya ƙare, fitarwa zai nuna adadin fakiti nawa aka kama, nawa aka karɓa a zahiri, kuma nawa suka bar kwaya.

fakitoci sakamakon sakamako na karshe tcpdump

Sigogin nunawa

Za mu iya za ai wani daban-daban ke dubawa don duba bayanan zirga-zirga. Don gano tare da waɗancan tashoshi tcpdump zai gudana, za mu yi amfani da siga '-D' wanda zai nuna jerin na'urorin ana iya amfani dashi azaman sigogi.

sudo tcpdump -D

Yanzu muna da jerin abubuwan da ake amfani dasu, zamu iya tantance ɗaya don amfani.

tcpdump zaɓi na zaɓi 

sudo tcpdump -i enp0s3

Iyakance adadin fakitoci don kamawa

Idan muna son iyakance fitarwa zuwa wasu takamaiman fakiti, za mu yi amfani da '-c' siga don tantance fakiti nawa muke son kamawa da nunawa bayanin kafin ya kare. Misali zai kasance mai zuwa:

tcpdump iyaka fakitoci

sudo tcpdump -c 20

Duba bayanai daki-daki tare da tcpdump

Zai iya zama Nuna cikakken bayani ta amfani da ma'aunin '-v'. Wannan bayanin ya hada da rayuwa (TTL), tsayin fakiti, yarjejeniya, da sauran bayanai masu amfani wajen gano cutar. Don haɓaka yawan fitarwa ga kowane kunshin, za mu yi amfani da ma'aunin '-vv' ko '-vvv'. Wasu misalai zasu kasance:

sudo tcpdump -vv

sudo tcpdump -vvv

Adana kuma karanta fayiloli

Tcpdump iya adana sakamakon a fayil don kallo daga baya ta kayan aiki. Don wannan za mu yi amfani da siga '-w' tare da sunan fayil don rubuta shi. Dole ne mu tuna da hakan fayil ɗin da aka kirkira za'a iya karanta shi ta tcpdump kawai. Fayil ɗin da aka ƙirƙira baya cikin tsarin rubutu bayyananne.

Don rubuta fitowar kayan aiki a cikin fayil, dole ne mu sanya shi duk sunan da muke so. Misali zai kasance mai zuwa:

sudo tcpdump -w paquetes.dump

Don karanta wannan fayil ɗin daga baya, zamu yi amfani da saitin '-r' kamar yadda aka nuna a cikin masu zuwa:

ƙirƙirar fayil ɗin tcpdump 

sudo tcpdump -r paquetes.dump

Mai sauƙi tcpdump matattara

Za'a iya amfani da filtata don kama fakitoci zuwa da daga wasu runduna da / ko mashigai, da fakiti waɗanda suke amfani da takamaiman yarjejeniya (misali, TCP ko UDP). Akwai wasu matatun da suka ci gaba, amma a ƙasa za mu ga wasu misalai masu sauƙi kawai:

Kama fakitin TCP kawai

sudo tcpdump 'tcp'

Fakitin UDP kawai

sudo tcpdump 'udp'

Kama fakitin HTTP (yawanci yana amfani da tashar jiragen ruwa 80)

sudo tcpdump 'tcp port 80'

Packauki fakiti masu tafiya zuwa ko daga takamaiman masauki

sudo tcpdump 'host ubunlog.com'

Kama fakitin HTTP da ke tafiya zuwa ko daga takamaiman masauki

sudo tcpdump 'tcp port 80 and host ubunlog.com'

Bayan duk wannan, ina tsammanin an tabbatar da hakan tcpdump kayan aiki ne mai sauki kuma mai amfani don amfani, nunawa, da adana bayanan fakiti masu alaƙa da haɗin cibiyar sadarwa. Koyaya, yayin da muke wasa tcpdump za mu gano wasu siffofin waɗanda ba a nuna su a cikin wannan labarin ba. Hakanan zamu sami damar tuntuɓar shafi na takardu cewa wannan kayan aikin yana bamu damar ganin damar sa dalla-dalla.


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.