Yog tias koj xav tau los soj ntsuam lossis cuam tshuam cov pob khoom siv rau hauv Linux, nws yog qhov zoo tshaj plaws los siv lub chaw tso cai pabcuam qis rau qhov no. tcpdump. Tab sis qhov teeb meem tshwm sim nyob rau hauv nws txoj kev tswj nyuaj. Nws yuav zoo li tsis yooj yim rau tus neeg siv coj los ua haujlwm nrog lub chaw ua haujlwm, tab sis qhov no tsuas yog thaum xub thawj siab. Tsab xov xwm yuav piav qhia li cas tcpdump yog lub koom haum, qhov twg syntax nws muaj, yuav siv li cas, thiab ntau cov qauv ntawm kev siv nws.
Saib kuj: Tutorials rau teeb saum kev sib txuas hauv Internet hauv Ubuntu, Debian, Neeg Ubuntu Neeg
Installation
Feem ntau cov neeg tsim haujlwm ntawm Linux-based operating systems muaj xws li tcpdump chaw tso dej hauv daim ntawv teev npe ua ntej, tab sis yog vim qee qhov tsis yog hauv koj qhov kev faib tawm, koj yeej ib txwm download tau thiab nruab ntawm "Terminal". Yog hais tias koj OS yog raws li Debian, thiab qhov no yog Ubuntu, Linux Mint, Kali Linux thiab cov zoo li no, koj yuav tsum khiav cov lus qhia no:
sudo apt nruab tcpdump
Thaum txhim kho koj yuav tsum sau ib lo lus zais. Thov nco ntsoov tias thaum ntaus nws tsis yog tso tawm kom pom, tseem yuav kom paub tseeb tias qhov kev txhim kho, koj yuav tsum sau tus cim "D" thiab nias Sau.
Yog tias koj muaj Red Hat, Fedora los yog CentOS, qhov kev hais kom ua yuav zoo li no:
sudo yam nruab tcpdump
Tom qab siv hluavtaws xob, koj tuaj yeem siv nws. Qhov no thiab ntau ntau yuav muab los tham tom qab nyob rau hauv cov ntawv nyeem.
Saib kuj: PHP Installation Guide rau Ubuntu Server
Syntax
Zoo li lwm yam hais kom ua, tcpdump muaj nws cov syntax. Paub nws, koj tuaj yeem teev tag nrho cov kev tsim nyog uas yuav raug coj mus rau hauv tus account thaum executing qhov hais kom ua. Lub syntax yog:
tcpdump xaiv -i interface lim
Thaum siv qhov kev hais kom ua, koj yuav tsum qhia lub interface kom khiav. Cov ntxaiv thiab cov kev xaiv tsis yog cov uas yuav tsum tau hloov, tab sis lawv tso cai rau ntau txoj kev tsim kho.
Kev xaiv
Txawm hais tias nws tsis tsim nyog los qhia qhov kev xaiv, nws tseem yog qhov tseem ceeb los sau cov sawv daws yuav muaj. Lub rooj tsis qhia lawv daim ntawv teev npe tag nrho, tab sis tsuas yog cov sawv daws nyiam tshaj plaws xwb, tab sis lawv muaj ntau tshaj qhov txaus los daws qhov feem ntau ntawm cov dej num.
| Kev xaiv | Txhais |
|---|---|
| -A | Tso cai rau koj xaiv cov pob ntawv hauv ASCII hom |
| -l | Ntxiv ib qho kev ua haujlwm ntxiv. |
| -i | Tom qab nkag koj yuav tsum qhia lub network interface uas yuav tau saib xyuas. Yuav pib nrhiav txhua qhov interfaces, ntaus lo lus "ib qho" tom qab qhov kev xaiv. |
| -c | Ua tiav cov txheej txheem kev taug qab tom qab kuaj xyuas cov naj npawb ntawm cov pob. |
| -w | Tsim cov ntawv luam nrog cov ntaub ntawv pov thawj. |
| -e li | Qhia txog kev txuas hauv internet ntawm cov ntaub ntawv pob ntawv. |
| -L | Qhia txog tsuas yog cov txheej txheem uas tau txais kev txhawb los ntawm qhov kev sib tham ntawm lub network. |
| -C | Tsim lwm cov ntaub ntawv thaum sau ib lub pob yog tias nws loj npaum li cas tshaj li qhov tau hais tseg. |
| -r | Qhib ib cov ntaub ntawv rau kev nyeem ntawv uas tau tsim muaj nrog kev xaiv -w. |
| -j | TimeStamp hom yuav muab siv los sau cov pob khoom. |
| -J | Tso cai rau koj mus saib tag nrho cov muaj tawm ntaub ntawv TimeStamp |
| -G | Siv los tsim cov ntaub ntawv nrog cov cav. Qhov kev xaiv no tseem yuav tsum tau muaj nuj nqi ib ntus, tom qab uas tau tsim ib daim ntawv tshiab |
| -v, -vv, -vvv | Nyob ntawm seb muaj pes tsawg tus cim hauv kev xaiv, qhov kev tso tawm ntawm qhov hais kom ua yuav ua tau ntau yam ntxiv (qhov nce yog ncaj qha rau cov cim ntawm cov cim) |
| -f | Cov zis qhia tau hais tias lub npe ntawm tus IP chaw nyob |
| -F | Tso cai rau koj nyeem cov ntaub ntawv tsis yog ntawm lub network interface, tab sis los ntawm cov ntaub ntawv teev cia |
| -D | Qhia tag nrho txhua lub network interfaces uas tuaj yeem siv tau. |
| -n | Deactivates cov zaub ntawm cov npe sau |
| -Z | Qhia cov neeg siv nyob rau hauv uas suav tag nrho cov ntaub ntawv yuav raug tsim. |
| -K | Hla checksum kev ntsuam xyuas |
| -q | Qhia txog cov lus qhia luv luv |
| -H | Nrhiav tau 802.11s headers |
| - Kuv | Siv thaum ntim pob khoom hauv kev ntsuas hom. |
Thaum kuaj xyuas cov kev xaiv, hauv qab no peb ncaj qha mus rau lawv daim ntawv thov. Lub sijhawm no, yuav pom cov ntxaij lim dej.
Cov ntxaij lim dej
Raws li tau hais ntawm qhov pib ntawm tsab xov xwm heev, koj tuaj yeem ntxiv cov ntxig rau cov tcpdump syntax. Tam sim no cov neeg nyiam tshaj plaws ntawm lawv yuav tsum xav txog:
| Lim | Txhais |
|---|---|
| party | Qhia meej rau tus tswv tsev lub npe. |
| net | Teev tus IP subnet thiab network |
| ip | Qhia meej txog qhov chaw nyob |
| src | Qhia txog cov pob ntawv uas raug xa tawm los ntawm qhov chaw nyob |
| dst | Qhia txog cov pob ntawv uas tau txais los ntawm qhov chaw nyob. |
| arp, udp, tcp | Filtering los ntawm ib qho ntawm cov txheej txheem |
| chaw nres nkoj | Qhia txog cov ntaub ntawv hais txog qhov chaw nres nkoj tshwj xeeb. |
| thiab, lossis | Siv los ua ke ntau cov ntxaij lim dej hauv kev hais kom ua. |
| tsawg, ntau dua | Cov khoom tso zis me me los yog loj tshaj qhov teev loj |
Tag nrho cov lim dej saum toj no tuaj yeem sib koom ua ke, yog li ntawm qhov muab cov lus txib koj yuav pom cov ntaub ntawv koj xav pom xwb. Yuav kom nkag siab txog ntau yam kev siv cov duab saum toj no, nws tsim nyog rau kev muab piv txwv.
Saib kuj: Nquag Siv Commands hauv Linux Terminal
Piv txwv ntawm kev siv
Nquag siv tcpdump syntax xaiv tam sim no yuav teev. Tag nrho cov ntawm lawv tsis tau teev, vim lawv cov variations yuav infinite.
Saib daim ntawv sau interface
Nws raug pom zoo tias txhua tus neeg tau pib tshawb xyuas cov npe ntawm tag nrho nws lub network interfaces uas tuaj yeem siv. Los ntawm cov lus saum toj no peb paub tias qhov no koj yuav tsum tau siv qhov kev xaiv -D, yog li ntawd nyob rau hauv lub davhlau ya nyob twg khiav cov lus txib nram qab no:
sudo tcpdump -D
Piv txwv:
Raws li koj tau pom, muaj yim interfaces hauv qhov ua piv txwv uas tuaj yeem tau siv cov lus hais tcpdump. Tsab xov xwm yuav muab cov qauv ntawm ppp0, koj tuaj yeem siv lwm yam.
Kev tsav tsheb khiav ceev
Yog tias koj xav tau los taug qab ib lub network nkaus xwb, koj tuaj yeem ua qhov no nrog rau qhov kev xaiv -i. Tsis txhob hnov qab nkag mus rau lub npe hu ua tom qab nkag mus. Ntawm no yog ib qho piv txwv ntawm executing xws li ib tug hais kom ua:
sudo tcpdump -i ppp0
Thov nco ntsoov: koj yuav tsum sau "sudo" ua ntej qhov kev txiav txim nws tus kheej, vim nws yuav tsum muaj tus superuser txoj cai.
Piv txwv:
Lus Cim: tom qab nias sau Hauv lub "Terminal", cov ntaub ntawv cuam tshuam yuav muab tso tawm tas li. Tiv thaiv lawv cov ndlwg, koj yuav tsum nias qhov tseem ceeb ua ke Ctrl + C.
Yog hais tias koj khiav cov lus txib tsis muaj kev xaiv ntxiv thiab cov ntxaij lim dej, koj yuav pom cov nram qab no rau kev nthuav qhia cov pob khoom taug qab:
22: 18: 52.597573 IP vrrp-topf2.p.mail.ru.https> 10.0.6.67.35482: Chij [P.], seq 1: 595, ack 1118, win 6494, kev xaiv [nop, nop, TS val 257060077 ecr 697597623], ntev 594
Qhov xim qhov twg yog qhov tseem ceeb:
- xiav - lub sij hawm tau txais pob khoom;
- txiv kab ntxwv - raws tu qauv version;
- ntsuab - tus neeg xa ntawv qhov chaw nyob;
- liab doog - qhov chaw nyob ntawm tus neeg tau txais txiaj ntsig;
- grey - ntxiv txog tcp;
- liab - pob ntawv loj (tso tawm kom pom hauv cov bytes).
Cov syntax no muaj peev xwm los tso rau hauv lub qhov rais "Terminal" tsis tas siv cov kev xaiv ntxiv.
Kev ntes tsheb khiav nrog kev xaiv -v
Raws li paub los ntawm lub rooj, qhov kev xaiv -v tso cai rau koj nce cov nqi ntawm cov ntaub ntawv. Cia peb xav txog ib qho piv txwv. Kos cov tib lub interface:
sudo tcpdump -v -i ppp0
Piv txwv:
Ntawm no koj tuaj yeem pom tias cov kab hauv qab no tshwm nyob hauv cov qhov tso tawm:
IP (tos 0x0, ttl 58, id 30675, offset 0, chij [DF], proto TCP (6), ntev 52
Qhov xim qhov twg yog qhov tseem ceeb:
- txiv kab ntxwv - raws tu qauv version;
- xiav - lub neej ntawm qhov kev sau ntawv;
- ntsuab - qhov ntev ntawm lub tshav pob;
- ntshav - version ntawm pob tcp;
- liab - pob ntawv loj.
Kuj nyob rau hauv qhov kev ua syntax koj tau sau qhov kev xaiv -vv los yog -vvv, uas yuav ntxiv cov nqi ntawm cov lus qhia nyob rau ntawm qhov screen.
-W thiab -r xaiv
Cov lus xaiv tau hais txog kev khaws tag nrho cov zis tawm hauv cov ntaub ntawv cais tawm kom lawv tuaj yeem saib tom qab. Qhov kev xaiv no yog lub luag hauj lwm rau qhov no. -w. Nws yog qhov yooj yim siv, cia li nkag mus rau hauv qhov kev hais kom ua thiab ces nkag mus rau lub npe ntawm cov ntaub ntawv tom ntej nrog qhov kev txuas ntxiv ".pcap". Xav txog txhua tus qauv:
sudo tcpdump -i ppp0 -w file.pcap
Piv txwv:
Thov cim: thaum sau cov ntawv sau rau ib daim ntawv, tsis muaj cov ntawv sau qhia txog "Terminal".
Thaum koj xav saib cov zis cia, koj yuav tsum siv qhov kev xaiv -rua raws li lub npe ntawm cov ntaub ntawv kaw tseg yav dhau los. Nws yog siv tsis muaj lwm yam kev xaiv thiab cov ntxaij lim dej:
sudo tcpdump -r ntaub ntawv.pcap
Piv txwv:
Ob qho tib si ntawm cov kev xaiv no zoo meej nyob rau hauv cov xwm txheej uas koj xav tau kom txuag tau nyiaj ntau ntawm cov ntawv rau tom ntej kev tshuaj xyuas.
IP limitation
Los ntawm cov lim lub rooj, peb paub tias dst tso cai rau koj mus tso tawm rau hauv kev sib tw tso tawm tsuas yog cov pob ntawv uas tau txais los ntawm qhov chaw nyob hauv cov lus hais ua syntax. Yog li, nws yog ib qho yooj yim mus saib cov pob ntawv tau txais los ntawm koj lub computer. Ua li no, pab neeg no yuav tsum qhia koj tus IP qhov chaw nyob:
sudo tcpdump -i ppp0 ip dst 10.0.6.67
Piv txwv:
Raws li koj tau pom, dua li dst, hauv pawg neeg, peb kuj sau npe rau lub lim ip. Hauv lwm lo lus, peb hais rau lub computer tias thaum xaiv cov pob ntawv, nws yuav xyuam xim rau lawv qhov chaw nyob tus IP, thiab tsis rau lwm yam tsis.
Los ntawm IP, koj tuaj yeem lim thiab xa cov ntawv tuaj. Hauv qhov ua piv txwv peb muab peb tus IP dua. Ntawd yog, peb yuav tam sim no taug qab cov ntaub ntawv xa los ntawm peb lub computer mus rau lwm qhov chaw. Ua li no, khiav cov lus txib nram qab no:
sudo tcpdump -i ppp0 ip src 10.0.6.67
Piv txwv:
Raws li koj tau pom, peb hloov lub lim hauv qhov kev hais ua syntax. dst on src, yog li qhia lub cav mus nrhiav tus neeg xa ntawv los ntawm tus IP.
HOST lim
Los ntawm analogy nrog tus IP nyob rau hauv pab neeg, peb muaj peev xwm qhia ib lim partymus rau cov nroj tsuag tawm nrog cov tswv tsev paj nruag. Ntawd yog, nyob rau hauv syntax, hloov IP chaw nyob ntawm tus neeg xa ntawv / tus neeg tuaj, koj yuav tsum qhia nws tus tswv tsev. Nws zoo li no:
sudo tcpdump -i ppp0 dst host google-public-dns-a.google.com
Piv txwv:
Hauv daim duab koj pom tau tias hauv "Terminal" Tsuas cov packets uas raug xa tawm ntawm peb tus IP rau google.com party yog tso tawm kom pom. Raws li koj tau pom, tsis txhob siv Google, koj tuaj yeem nkag rau lwm yam.
Raws li nrog tus IP filtering, lub syntax yog: dst yuav hloov los ntawm srcTxhawm rau pom cov pob ntawv uas xa mus rau koj lub computer:
sudo tcpdump -i ppp0 src party google-public-dns-a.google.com
Lus Cim: tus tswv tsev lim dej yuav tsum yog tom qab dst los yog src, txwv tsis pub cov lus txib yuav tsim ib qho yuam kev. Nyob rau hauv cov ntaub ntawv ntawm tus IP filtering, ntawm qhov tawm tsam, dst thiab src yog nyob rau hauv pem hauv ntej ntawm lub lim lim.
Lim thiab thiab los yog
Yog tias koj xav siv ntau cov ntxaij lim dej ib zaug hauv ib qho lus txib, ces koj yuav tsum tau thov lub lim. thiab los yog los yog (nyob ntawm rooj plaub). Los ntawm specifying cov ntxaij lim dej hauv cov syntax thiab cais lawv nrog cov nqe lus no, koj "ua" haujlwm ua ib qho. Nyob rau hauv ib qho piv txwv, nws zoo li no:
sudo tcpdump -i ppp0 IP dst 95.47.144.254 los yog IP src 95.47.144.254
Piv txwv:
Los ntawm cov lus hais syntax koj tuaj yeem pom tias peb xav tso saib "Terminal" tag nrho cov pob ntawv uas raug xa mus rau qhov chaw nyob 95.47.144.254 thiab cov ntawv ntim tau txais los ntawm tib lub chaw nyob. Koj tuaj yeem pauv tau lwm lub zog rau hauv qhov kev qhia no. Piv txwv, siv IP, hais kom meej HOST los sis hloov chaw nyob ncaj qha.
Lim chaw nres nkoj thiab portrange
Lim chaw nres nkoj zoo rau thaum koj xav tau cov ntaub ntawv hais txog cov pob ntawv nrog lub chaw nres nkoj tshwj xeeb. Yog li, yog tias koj tsuas xav pom cov lus teb lossis cov lus nug txog DNS, koj yuav tsum qhia kom meej txog qhov chaw nres nkoj 53:
sudo tcpdump -vv -i ppp0 chaw nres nkoj 53
Piv txwv:
Yog tias koj xav saib http tej pob khoom, koj yuav tsum nkag rau qhov chaw nres nkoj 80:
sudo tcpdump -vv -i ppp0 chaw nres nkoj 80
Piv txwv:
Ntawm lwm yam, nws yog ua tau mus taug qab tam sim ntawd qhov ntau ntawm cov chaw nres nkoj. Ua li no, siv lub lim portrange:
sudo tcpdump portrange 50-80
Raws li koj tau pom, ua ke nrog lub lim portrange Nws tsis tas yuav qhia kom meej ntxiv. Cia li teem caij.
Kev Lim Teeb Tsa
Koj tuaj yeem tso saib cov tsheb sib npaug nkaus xwb uas tau pom zoo rau txhua qhov qauv. Ua li no, siv lub npe ntawm qhov kev cai lij choj no. Cia peb saib ib qho piv txwv udp:
sudo tcpdump -vvv -i ppp0 udp
Piv txwv:
Raws li koj tau pom nyob rau hauv cov duab, tom qab executing qhov hais kom ua "Terminal" tsuas yog cov ntaub ntawv nrog rau raws tu qauv tau tso tawm kom pom udp. Li no, koj tuaj yeem lim los ntawm lwm tus, piv txwv li, arp:
sudo tcpdump -vvv -i ppp0 arp
los yog tcp:
sudo tcpdump -vvv -i ppp0 tcp
Ntaus lim
Tus neeg teb xov tooj net pab lim tawm cov ntaub ntawv raws li lub npe ntawm lawv lub network. Nws yog li yooj yim mus siv li tus so - koj yuav tsum qhia lub attribute hauv lub syntax net, ces nkag mus rau qhov chaw nyob hauv network. Ntawm no yog ib qho piv txwv ntawm xws li ib lo lus txib:
sudo tcpdump -i ppp0 net 192.168.1.1
Piv txwv:
Lim los ntawm pob loj
Peb tsis tau xav txog ob qho kev nthuav dav ntxiv: tsawg dua thiab ntau dua. Los ntawm lub rooj nrog cov ntxaij lim dej, peb paub tias lawv ua hauj lwm rau cov ntaub ntawv ntxiv cov ntaub ntawv (tsawg dua) los yog tsawg dua (ntau dua) qhov loj me me tom qab tus cwj pwm nkag.
Piv txwv tias peb tsuas xav saib xyuas cov ntawv ntim uas tsis pub tshaj 50 khoom, ces qhov kev txiav txim yuav zoo li no:
sudo tcpdump -i ppp0 tsawg 50
Piv txwv:
Tam sim no cia peb tso rau hauv "Terminal" packets loj tshaj 50 khoom:
sudo tcpdump -i ppp0 dua 50
Piv txwv:
Raws li koj tau pom, lawv siv sib npaug zos, qhov sib txawv ntawm qhov sib txawv yog lub npe ntawm lub lim.
Xaus
Nyob rau ntawm qhov kawg ntawm tsab xov xwm peb tuaj yeem txiav txim siab tias pab pawg tcpdump - Qhov no yog ib lub cuab tam zoo uas koj tuaj yeem taug qab cov ntaub ntawv xa mus rau hauv Internet. Tab sis qhov no nws tsis txaus kom nkag mus rau qhov kev txiav txim xwb nws tus kheej "Terminal". Yuav kom ua tiav qhov kev xav tau yuav tsuas yog tias koj siv txhua hom kev xaiv thiab cov ntxaij lim dej, nrog rau lawv cov kev sib txuas lus.
