Yog tias koj yuav tsum txheeb xyuas lossis cuam tshuam cov pob khoom network hauv Linux, tom qab ntawd nws yog qhov zoo tshaj plaws los siv tus nqi hluav taws xob tcpdumpCov. Tab sis cov teeb meem tshwm sim hauv nws cov kev tswj hwm nyuaj. Nws yuav zoo li rau tus neeg siv nruab nrab uas ua haujlwm nrog tus nqi hluav taws xob tsis yooj yim, tab sis qhov no tsuas yog thaum xub thawj siab. Tsab xov xwm yuav qhia koj seb tcpdump ua haujlwm li cas, nws muaj syntax dab tsi, yuav siv nws li cas, thiab ntau cov piv txwv ntawm kev siv nws yuav raug muab.
Saib ntxiv: Cov Lus Qhia rau teeb tsa Is Taws Nem Kev sib txuas hauv Ubuntu, Debian, Ubuntu Server
Txhim Kho
Cov neeg tsim kho feem ntau ntawm Linux-ua haujlwm cov haujlwm suav nrog tcpdump nyob rau hauv daim ntawv teev npe ntawm cov neeg tuaj koom ua ntej, tab sis yog tias qee qhov nws tsis nyob hauv koj qhov kev faib tawm, koj tuaj yeem rub tawm thiab nruab los ntawm "Chaw Nres Tsheb"Cov. Yog tias koj lub OS ua raws Debian, thiab cov no yog Ubuntu, Linux Mint, Kali Linux thiab cov zoo li, koj yuav tsum khiav cov lus txib no:
sudo apt nruab tcpdump
Thaum txhim kho, koj yuav tsum sau tus password. Thov nco ntsoov tias thaum hu xov tooj, nws tsis yog qhov tshwm tawm, tseem kom paub meej tias qhov chaw teeb tsa koj xav tau ntaus cim D thiab nyem Sau.
Yog tias koj muaj Red Hat, Fedora lossis CentOS, tom qab ntawd lub installation teeb tsa yuav zoo li no:
sudo yam nruab tcpdump
Tom qab cov nqi hluav taws xob tau teeb tsa, nws tuaj yeem siv tam sim ntawd. Qhov no thiab ntau ntxiv yuav tau tham txog tom qab hauv cov ntawv nyeem.
Saib ntxiv: Cov Lus Qhia Ua PHP Installation ntawm Ubuntu Server
Syntax
Zoo li lwm cov lus txib, tcpdump nws muaj nws cov syntax. Paub txog nws, koj tuaj yeem tsim txhua qhov tsim nyog uas yuav raug coj los siv thaum ua tiav cov lus txib. Cov syntax muaj raws li nram no:
tcpdump xaiv -i interface lim
Thaum siv lo lus txib, koj yuav tsum qhia lub interface rau kev taug. Ntxaij lim dej thiab cov kev xaiv muaj qhov hloov pauv tau, tab sis lawv tso cai rau kev hloov pauv tau yooj yim.
Xaiv
Txawm hais tias nws tsis tas yuav qhia qhov kev xaiv, koj tseem yuav tau sau cov npe muaj. Lub rooj tsis qhia tag nrho cov npe, tab sis tsuas yog cov neeg nyiam tshaj plaws, tab sis lawv ntau dua qhov txaus los daws qhov feem ntau ntawm cov dej num.
| Xaiv | Kev Txhais Tau |
|---|---|
| -Qhov- | Tso cai rau koj txheeb cov pob nrog ASCII hom |
| -l | Ntxiv ib qho "scroll function". |
| -i | Tom qab nkag mus, koj yuav tsum qhia kom meej lub network cuam tshuam uas yuav raug saib xyuas. Txhawm rau pib saib xyuas txhua qhov cuam tshuam, sau lo lus "ib qho" tom qab kev xaiv |
| -c | Xaus cov txheej txheem taug qab tom qab txheeb xyuas cov naj npawb ntawm pob ntawv |
| -w | Tsim cov ntawv sau cia nrog daim ntawv qhia txog qhov tseeb |
| -e | Qhia cov ntaub ntawv cov khoom sib txuas hauv internet qib |
| -L | Qhia txog cov kev cai uas daim kev cai tswjhwm network interface txhawb nqa. |
| -C | Tsim lwm cov ntawv thaum sau ntim pob yog tias nws qhov loj me dua li teev cia |
| -r | Qhib cov ntawv nyeem nyeem uas tau tsim los siv xaiv -w |
| -j | TimeStamp hom yuav raug siv los sau ntim cov ntawv ntim |
| -J | Tso cai rau koj saib tag nrho cov qauv TimeStamp |
| -G | Pab los tsim cov ntawv sau cia. Cov kev xaiv kuj xav tau tus nqi ib ntus, tom qab ntawd ib lub cav tshiab yuav tsim |
| -v, -vv, -vvv | Nyob ntawm cov naj npawb ntawm cov cim hauv qhov xaiv, cov zis ntawm cov lus txib yuav ua kom ntxaws dua ntxiv (qhov nce nce ncaj qha rau cov naj npawb ntawm cov cim) |
| -f | Cov zis qhia lub npe sau npe ntawm IP chaw nyob |
| -F | Tso cai rau nyeem cov ntaub ntawv tsis yog los ntawm lub network interface, tab sis los ntawm cov ntaub ntawv sau tseg |
| -D | Ua kom pom txhua qhov cuam tshuam hauv lub network uas tuaj yeem siv tau. |
| -n | Deactivates cov zaub ntawm cov npe sau npe |
| -Z | Qhia meej tias tus neeg siv nyob rau hauv uas nws tus account txhua cov ntaub ntawv yuav raug tsim. |
| -K | Skipping Checksum Kev Tshawb Xyuas |
| -q | Nthuav Tawm Cov Lus Qhia |
| -H | Tshawb 802.11s Cov Hauv Paus Loj |
| -I | Siv thaum tuav cov ntim khoom hauv kev tshuaj xyuas hom |
Muaj kev soj ntsuam cov kev xaiv, qis dua me ntsis peb yuav ncaj qha mus rau lawv cov ntawv thov. Hauv lub sijhawm, lim yuav txiav txim siab.
Lub taub lim
Raws li tau hais tseg thaum pib ntawm tsab xov xwm, koj tuaj yeem ntxiv cov ntxaij lim dej rau lub tcpdump syntax. Tam sim no cov neeg nyiam tshaj plaws yuav raug txiav txim siab:
| Lim | Kev Txhais Tau |
|---|---|
| tswv | Qhia kom meej tus tswv tsev lub npe |
| net | Qhia txog IP subnets thiab networks |
| ip | Qhia meej chaw nyob ntawm cov cim |
| src | Qhia cov pob ntawv uas tau xa tawm los ntawm qhov chaw nyob tshwj xeeb |
| dst | Qhia cov pob ntawv uas tau txais los ntawm qhov chaw nyob tshwj xeeb |
| arp, udp, tcp | Lim los ntawm ib qho ntawm cov twg |
| chaw nres nkoj | Qhia cov ntaub ntawv cuam tshuam nrog cov chaw nres nkoj tshwj xeeb |
| thiab, lossis | Ua ke ntau cov ntxaij lim dej hauv ib qho kev hais kom ua. |
| tsawg dua | Cov ntawv ntim tawm rau me me lossis loj dua qhov teev loj |
Tag nrho cov ntxaij lim dej saum toj no tuaj yeem sib koom ua ke, yog li hauv kev tshaj tawm cov lus txib koj yuav tsuas pom cov ntaub ntawv uas koj xav pom. Txhawm rau kom nkag siab cov ntsiab lus ntau dua kev siv cov ntawv lim dej saum toj no, nws tsim nyog muab piv txwv.
Saib ntxiv: Cov Lus Qhia Uas Siv Ntau Dhau Hauv Linux Terminal
Pab Piv Txwv
Feem ntau siv cov lus xaiv syntax rau cov lus txib tcpdump yuav tam sim no tau qhia. Txhua tus tsis tuaj yeem sau npe tau, vim tias tuaj yeem muaj tus naj npawb tsis paub ntawm lawv cov kev hloov pauv.
Saib daim ntawv teev cov cuam tshuam
Nws raug pom zoo tias txhua tus neeg siv pib tshawb xyuas cov npe ntawm txhua qhov ntawm nws lub network cuam tshuam uas tuaj yeem taug qab. Los ntawm cov lus saum toj no peb paub tias rau qhov no koj yuav tsum siv txoj kev xaiv -D, yog li nyob hauv lub davhlau ya nyob twg, khiav cov lus txib nram qab no:
sudo tcpdump -D
Ib qho piv txwv:
Raws li koj tuaj yeem pom, tus piv txwv muaj yim lub cuam tshuam uas tuaj yeem pom nrog siv tcpdump hais kom ua. Kab lus yuav muab cov piv txwv nrog pobKoj tuaj yeem siv lwm qhov.
Cov tsheb qub kev ntes
Yog tias koj xav tau taug qab ib qho network interface, koj tuaj yeem ua qhov no siv cov kev xaiv -iCov. Tsis txhob hnov qab sau lub npe ntawm tus interface tom qab nkag mus. Ntawm no yog ib qho piv txwv ntawm cov lus txib no:
sudo tcpdump -i ppp0
Thov nco tseg: ua ntej cov lus txib koj yuav tsum nkag mus rau "sudo", vim nws yuav tsum muaj superuser cov cai.
Ib qho piv txwv:
Nco tseg: tom qab nias sau rau hauv "Lub Chaw Nres Tsheb", cov pob ntawv cuam tshuam yuav muab coj los nthuav qhia tsis tu ncua. Txhawm rau tso lawv cov ntws mus, koj yuav tsum nias tus yuam sij ua ke Ctrl + C.
Yog tias koj tso cov lus txib yam tsis muaj kev xaiv ntxiv thiab cov ntxaij lim dej, koj yuav pom cov ntawv hauv qab no rau kev ua kom pom cov ntawv ntim:
22: 18: 52.597573 IP vrrp-topf2.p.mail.ru.https> 10.0.6.67.35482: Chij [P.], seq 1: 595, ack 1118, yeej 6494, kev xaiv [nop, nop, TS val 257060077 ecr 697597623], ntev 594
Qhov twg cov xim yog tseem ceeb:
- xiav - lub sijhawm tau txais ntawm pob ntawv;
- txiv kab ntxwv - raws tu qauv version;
- ntsuab - xa chaw nyob;
- violet - qhov chaw nyob ntawm tus tau txais;
- grey - cov ntaub ntawv ntxiv txog tcp;
- liab - pob ntawv loj (tso tawm hauv bytes).
Cov syntax no muaj peev xwm ua kom pom cov qhov rai. "Chaw Nres Tsheb" tsis tas siv cov kev xaiv ntxiv.
Kev ntes tsheb khiav nrog -v kev xaiv
Raws li tau paub los ntawm cov lus, cov kev xaiv -v tso cai rau koj los nce cov ntaub ntawv. Cia peb xav txog ib qho piv txwv. Kos rau tib lub interface:
sudo tcpdump -v -i ppp0
Ib qho piv txwv:
Ntawm no koj tuaj yeem pom tias cov kab hauv qab no tau tshwm sim hauv qhov tsim tawm:
IP (tos 0x0, ttl 58, id 30675, offset 0, chij [DF], proto TCP (6), ntev 52
Qhov twg cov xim yog tseem ceeb:
- txiv kab ntxwv - raws tu qauv version;
- xiav - raws tu qauv lifespan;
- ntsuab - qhov ntev ntawm daim teb;
- xaum xim - tcp pob version;
- xim liab - pob ntawv loj.
Tsis tas li ntawd nyob rau hauv nqe lus txib syntax koj tuaj yeem sau ib qho kev xaiv -vv lossis -vvv, uas yuav txuas ntxiv nce ntau ntawm cov ntaub ntawv tso tawm kom pom ntawm qhov screen.
Kev xaiv -w thiab -r
Cov kab lus xaiv tau hais txog qhov peev xwm los cawm txhua qhov tawm hauv cov ntawv cais uas koj tuaj yeem pom nws tom qab. Cov kev xaiv yog lub luag haujlwm rau qhov no. -wCov. Siv nws yog qhov yooj yim heev, tsuas yog qhia nws rau hauv cov lus txib, thiab tom qab ntawd sau lub npe ntawm cov ntaub ntawv yav tom ntej nrog txuas ntxiv ".pcap"Cov. Cia saib ib qho piv txwv:
sudo tcpdump -i ppp0 -w file.pcap
Ib qho piv txwv:
Thov nco tseg: thaum sau cov cav mus rau ib qho ntawv, tsis muaj ntawv sau nyob rau ntawm "Terminal" screen.
Thaum koj xav saib cov ntawv sau cia, koj yuav tsum siv txoj hauv kev -r, tom qab ntawv sau lub npe ntawm cov ntawv ua ntej ntawd. Nws yog siv tsis muaj lwm txoj hau kev thiab cov ntxaij lim dej:
sudo tcpdump -r file.pcap
Ib qho piv txwv:
Ob qho ntawm cov kev xaiv no zoo heev rau qhov xwm txheej uas koj xav tau khaws cov ntawv loj rau cov ntawv tom qab tshawb.
Tus IP Lim
Los ntawm cov lus lim peb paub tias dst tso cai rau koj ua kom pom ntawm lub vijtsam console tsuas yog cov pob ntawv uas tau txais los ntawm qhov chaw nyob uas tau teev nyob hauv cov lus sau ua ke. Yog li, nws yooj yim heev rau koj saib cov pob uas tau txais los ntawm koj lub khoos phis tawm. Txhawm rau ua qhov no, pab pawg tsuas xav tau qhia nws qhov chaw nyob hauv IP:
sudo tcpdump -i ppp0 ip dst 10.0.6.67
Ib qho piv txwv:
Raws li koj tau pom, dua li dst, Peb kuj tau sau npe lub lim rau hauv pab pawg ipCov. Hauv lwm lo lus, peb tau hais rau lub khoos phis tawm tias thaum xaiv cov pob ntawv nws yuav mloog zoo rau lawv qhov chaw nyob hauv IP, thiab tsis yog rau lwm yam kev ntsuas.
Los ntawm IP, koj tuaj yeem lim cov pob tawm. Peb yuav muab peb tus IP rov qab rau hauv qhov piv txwv. Ntawd yog, tam sim no peb yuav taug qab cov pob ntawv twg tau xa los ntawm peb lub computer mus rau lwm qhov chaw nyob. Ua li no, khiav cov lus txib nram qab no:
sudo tcpdump -i ppp0 ip src 10.0.6.67
Ib qho piv txwv:
Raws li koj tuaj yeem pom, hauv nqe lus txib syntax peb hloov lub lim dst rau src, yog li qhia lub tshuab kom saib tus xa tawm li tus IP.
HOST Liming
Los ntawm kev sib piv nrog tus IP hauv qhov kev hais kom ua, peb tuaj yeem qhia lub lim tswvyuav lim dej ntim nrog tus tswv ntawm kev txaus siab. Ntawd yog, nyob rau hauv qhov syntax, hloov chaw IP chaw ntawm tus xa / txais, koj yuav tsum tau qhia nws tus tswv. Nws zoo li qhov no:
sudo tcpdump -i ppp0 dst tswv google- koom pheej-dns-a.google.com
Ib qho piv txwv:
Hauv cov duab koj tuaj yeem pom tias nyob hauv "Chaw Nres Tsheb" tsuas yog cov pob ntawv uas tau xa los ntawm peb tus IP rau google.com tus tswv. Raws li koj tuaj yeem nkag siab, hloov chaw ntawm google host, koj tuaj yeem nkag mus lwm qhov.
Ib yam li IP filtering, cov ntawv cim dst tuaj yeem hloov los ntawm srcTxhawm rau saib cov pob uas tau xa rau koj lub khoos phis tawm:
sudo tcpdump -i ppp0 src tswv google- koom pheej-dns-a.google.com
Nco tseg: lub tshuab lim yuav tsum yog tom qab dst lossis src, txwv tsis pub qhov hais kom ua yuav pov yuam kev. Cov dej hauv lim los ntawm IP, ntawm qhov tsis sib haum, dst thiab src nyob rau hauv pem hauv ntej ntawm ip lim.
Thov lub thiab thiab lim
Yog tias koj xav tau siv ntau lub lim dej hauv ib qho lus txib ib zaug, ces koj yuav tsum siv lub tshuab lim thiab lossis lossis (nyob ntawm rooj plaub). Los ntawm kev txheeb xyuas cov ntxaij lim dej hauv cov lus syntax thiab cais lawv nrog cov tswj hwm no, koj yuav ua kom lawv ua haujlwm ib. Piv txwv li, nws zoo li qhov no:
sudo tcpdump -i ppp0 ip dst 95.47.144.254 lossis ip src 95.47.144.254
Ib qho piv txwv:
Qhov syntax nqe lus qhia yam peb xav pom "Chaw Nres Tsheb" txhua pob uas tau xa mus rau qhov chaw nyob 95.47.144.254 thiab pob ntawv tau txais los ntawm tib qho chaw nyob. Koj tuaj yeem hloov qee yam hloov hauv qhov qhia no. Piv txwv, hloov IP, qhia HOST lossis hloov chaw nyob lawv tus kheej.
Chaw nres nkoj thiab portrange lim
Lim chaw nres nkoj zoo meej nyob rau hauv rooj plaub uas koj yuav tsum tau txais cov ntaub ntawv hais txog pob ntawv nrog cov chaw nres nkoj tshwj xeeb. Yog li, yog tias koj tsuas xav pom cov lus teb lossis nug DNS, koj yuav tsum sau qhia chaw nres nkoj 53:
sudo tcpdump -vv -i ppp0 chaw nres nkoj 53
Ib qho piv txwv:
Yog tias koj xav saib http pob ntawv, koj yuav tsum nkag mus rau hauv chaw nres nkoj 80:
sudo tcpdump -vv -i ppp0 chaw nres nkoj 80
Ib qho piv txwv:
Ntawm lwm yam, nws muaj peev xwm tam sim ntawd taug qab qhov ntau ntawm cov chaw nres nkoj. Lim tau siv rau qhov no. tso ua ke:
sudo tcpdump tshem tawm 50-80
Raws li koj tuaj yeem pom, hauv kev sib txuas nrog lub lim tso ua ke xaiv cov kev xaiv uas yuav tsum tau. Tsuas yog teev qhov ntau.
Raws tu qauv lim
Koj tseem tuaj yeem tso tawm kev tsav tsheb nkaus xwb uas phim cov qauv twg. Ua li no, siv lub npe ntawm raws tu qauv no ua lub taub lim. Cia saib ib qho piv txwv udp:
sudo tcpdump -vvv -i ppp0 udp
Ib qho piv txwv:
Raws li koj tuaj yeem pom hauv daim duab, tom qab tua cov lus txib hauv "Chaw Nres Tsheb" tsuas yog pob cov ntawv pov thawj uas muaj cov kab ke tau pom udpCov. Raws li, koj tuaj yeem lim los ntawm lwm tus, piv txwv li, arp:
sudo tcpdump -vvv -i ppp0 arp
lossis tcp:
sudo tcpdump -vvv -i ppp0 tcp
Lim lim
Neeg teb xov tooj net pab lim cov ntim khoom raws li lawv cov npe. Siv nws yog qhov yooj yim li qhov seem - koj yuav tsum tau qhia meej txog ib qho kev ntaus nqi hauv kab lus net, mam li nkag mus rau hauv qhov chaw nyob network. Ntawm no yog ib qho piv txwv ntawm cov lus txib no:
sudo tcpdump -i ppp0 net 192.168.1.1
Ib qho piv txwv:
Pob ntawv raws li cov lim
Peb tsis tau xav txog ob lub limtiam zoo dua: tsawg dua thiab ntau duaCov. Los ntawm lub rooj nrog cov lim, peb paub tias lawv pabcuam rau cov ntaub ntawv xa tawm cov ntaub ntawv ntau dua (tsawg dua) lossis tsawg dua (ntau dua) qhov loj me tom qab nkag mus rau ntawm tus cwj pwm.
Cia li xav tias peb xav saib xyuas tsuas yog cov ntawv ntim uas tsis muaj ntau tshaj li 50-ntsis cim, tom qab ntawd cov lus txib yuav zoo li no:
sudo tcpdump -i ppp0 tsawg 50
Ib qho piv txwv:
Tam sim no cia peb saib hauv "Chaw Nres Tsheb" cov pob loj dua 50 qhov:
sudo tcpdump -i ppp0 ntau dua 50
Ib qho piv txwv:
Raws li koj tuaj yeem pom, lawv tau siv tib txoj kev, qhov sib txawv tsuas yog hauv lub npe lim.
Xaus
Qhov kawg ntawm tsab xov xwm, peb tuaj yeem xaus lus tias pawg neeg tcpdump - Qhov no yog ib qho cuab yeej zoo uas koj tuaj yeem taug qab cov ntaub ntawv pob ntawv xa mus nyob hauv Is Taws Nem. Tab sis rau qhov no nws tsis txaus tsuas yog nkag mus rau lo lus txib nws tus kheej mus rau "Chaw Nres Tsheb"Cov. Cov txiaj ntsig xav tau tsuas yog tau yog tias koj siv txhua hom kev xaiv thiab lim, nrog rau lawv cov kev sib txuas ua ke.
