22 Dokokin Sadarwar Linux don Sysadmin
Ayyukan mai gudanar da tsarin na yau da kullun sun haɗa da daidaitawa, kiyayewa, gyara matsala, da sarrafa sabar da cibiyoyin sadarwa a cikin cibiyoyin bayanai. Akwai kayan aiki da abubuwan amfani da yawa a cikin Linux waɗanda aka tsara don dalilai na gudanarwa.
A cikin wannan labarin, za mu sake nazarin wasu kayan aikin layin umarni da aka fi amfani da su don gudanar da hanyar sadarwa a cikin Linux, ƙarƙashin nau'ikan daban-daban. Za mu yi bayanin wasu misalan amfani na yau da kullun, waɗanda za su sauƙaƙe sarrafa hanyar sadarwa a cikin Linux.
A wannan shafi
- ifconfig Command
- ip Command
- Ifup Command
- Ethtool Command
- Kwamandan ping
- Kwamandan traceroute
- mtr Command
- Kwamandan hanya
- nmcli Command
- Umarnin netstat
- ss Command
- nc Command
- Nmap Command
- Hukumar mai masaukin baki
- nuna Umurnin
- Nslookup Command
- Tcpdump Command
- Wireshark Utility
- bmon Tool
- iptables Firewall
- firewalld
- UFW Firewall
- Yadda ake Amfani da Rubutun Injin Rubutun Nmap (NSE) a cikin Linux
- Jagora Mai Kyau zuwa Nmap (Scanner Tsaro na Yanar Gizo) a cikin Kali Linux
- Bincika Duk Adireshin IP na Mai watsa shiri kai tsaye Haɗe akan hanyar sadarwa a cikin Linux
- Jagora ta asali akan IPTables (Linux Firewall) Tukwici/Umurni
- 25 Dokokin Gudun Wuta na IPtable Duk Mai Gudanar da Linux Ya Kamata Ya sani
- Yadda Ake Saita Tacewar Wuta ta Iptables Don kunna Sabis na Nisa
- Yadda ake Toshe Buƙatun Ping ICMP zuwa Tsarin Linux
- Dokokin 'FirewallD' masu amfani don Sanyawa da Sarrafa Wuta a cikin Linux
- Yadda ake saita 'FirewallD' a cikin RHEL/CentOS 7 da Fedora 21
- Yadda ake Fara/Dakata da Kunna/A kashe FirewallD da Iptables Firewall a Linux
- Kafa Samba da Sanya FirewallD da SELinux don Ba da izinin Rarraba Fayil akan Linux/Windows
Wannan jeri daidai yake da amfani ga injiniyoyin hanyar sadarwar Linux na cikakken lokaci.
Kanfigareshan hanyar sadarwa, Shirya matsala, da Kayan aikin gyara kurakurai
ifconfig kayan aiki ne na ƙirar umarni-layi don daidaita yanayin mu'amalar hanyar sadarwa kuma ana amfani dashi don fara musanyawa a lokacin taya tsarin. Da zarar uwar garken ya tashi yana aiki, ana iya amfani da shi don sanya Adireshin IP zuwa wurin dubawa da kunna ko musaki abin dubawa akan buƙata.
Hakanan ana amfani dashi don duba adireshin IP, adireshin Hardware/MAC, da kuma girman MTU (Mafi girman Rukunin watsawa) na musaya masu aiki a halin yanzu. ifconfig don haka yana da amfani don gyarawa ko yin gyaran tsarin.
Anan akwai misali don nuna matsayin duk mu'amalar cibiyar sadarwa mai aiki.
$ ifconfig enp1s0 Link encap:Ethernet HWaddr 28:d2:44:eb:bd:98 inet addr:192.168.0.103 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::8f0c:7825:8057:5eec/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:169854 errors:0 dropped:0 overruns:0 frame:0 TX packets:125995 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:174146270 (174.1 MB) TX bytes:21062129 (21.0 MB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:15793 errors:0 dropped:0 overruns:0 frame:0 TX packets:15793 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:2898946 (2.8 MB) TX bytes:2898946 (2.8 MB)
Don jera duk musaya da ake samu a halin yanzu, ko sama ko ƙasa, yi amfani da tutar -a
.
$ ifconfig -a
Don sanya adireshin IP zuwa wurin dubawa, yi amfani da umarni mai zuwa.
$ sudo ifconfig eth0 192.168.56.5 netmask 255.255.255.0
Don kunna hanyar sadarwa ta hanyar sadarwa, rubuta.
$ sudo ifconfig up eth0
Don kashe ko kashe cibiyar sadarwa, rubuta.
$ sudo ifconfig down eth0
Lura: Ko da yake ifconfig babban kayan aiki ne, yanzu ya ƙare (ba a ƙare ba), maye gurbinsa shine umarnin ip wanda aka bayyana a ƙasa.
Menene Bambanci Tsakanin ifconfig da ip Command don ƙarin koyo game da shi.)
Umurni mai zuwa zai nuna adireshin IP da sauran bayanai game da hanyar sadarwa.
$ ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 28:d2:44:eb:bd:98 brd ff:ff:ff:ff:ff:ff inet 192.168.0.103/24 brd 192.168.0.255 scope global dynamic enp1s0 valid_lft 5772sec preferred_lft 5772sec inet6 fe80::8f0c:7825:8057:5eec/64 scope link valid_lft forever preferred_lft forever 3: wlp2s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 38:b1:db:7c:78:c7 brd ff:ff:ff:ff:ff:ff ...
Don sanya Adireshin IP na ɗan lokaci zuwa takamaiman hanyar sadarwa (eth0), rubuta.
$ sudo ip addr add 192.168.56.1 dev eth0
Don cire adireshin IP da aka sanya daga cibiyar sadarwa (eth0), rubuta.
$ sudo ip addr del 192.168.56.15/24 dev eth0
Don nuna teburin maƙwabta na yanzu a cikin kernel, rubuta.
$ ip neigh 192.168.0.1 dev enp1s0 lladdr 10:fe:ed:3d:f3:82 REACHABLE
umurnin ifup yana aiki da hanyar sadarwa ta hanyar sadarwa, yana samar da shi don canja wuri da karɓar bayanai.
$ sudo ifup eth0
Umurnin ifdown yana kashe hanyar sadarwa ta hanyar sadarwa, yana ajiye shi cikin yanayin da ba zai iya canja wurin bayanai ko karɓar bayanai ba.
$ sudo ifdown eth0
Umurnin ifquery da ake amfani da shi don tantance tsarin haɗin yanar gizo, yana ba ku damar karɓar amsoshin tambaya game da yadda aka daidaita ta a halin yanzu.
$ sudo ifquery eth0
ethtool kayan aiki ne na layin umarni don tambaya da canza sigogin mai sarrafa keɓancewar hanyar sadarwa da direbobin na'ura. Misalin da ke ƙasa yana nuna yadda ake amfani da ethtool da umarni don duba sigogi don mu'amalar cibiyar sadarwa.
$ sudo ethtool enp0s3 Settings for enp0s3: Supported ports: [ TP ] Supported link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Supported pause frame use: No Supports auto-negotiation: Yes Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Advertised pause frame use: No Advertised auto-negotiation: Yes Speed: 1000Mb/s Duplex: Full Port: Twisted Pair PHYAD: 0 Transceiver: internal Auto-negotiation: on MDI-X: off (auto) Supports Wake-on: umbg Wake-on: d Current message level: 0x00000007 (7) drv probe link Link detected: yes
ping (Packet INTERnet Groper) kayan aiki ne da aka saba amfani dashi don gwada haɗin kai tsakanin tsarin biyu akan hanyar sadarwa (Local Area Network (LAN) ko Wide Area Network (WAN)). Yana amfani da ICMP (Ka'idar Saƙon Saƙon Intanet) don sadarwa zuwa nodes akan hanyar sadarwa.
Don gwada haɗin kai zuwa wani kumburi, kawai samar da IP ko sunan mai masauki, misali.
$ ping 192.168.0.103 PING 192.168.0.103 (192.168.0.103) 56(84) bytes of data. 64 bytes from 192.168.0.103: icmp_seq=1 ttl=64 time=0.191 ms 64 bytes from 192.168.0.103: icmp_seq=2 ttl=64 time=0.156 ms 64 bytes from 192.168.0.103: icmp_seq=3 ttl=64 time=0.179 ms 64 bytes from 192.168.0.103: icmp_seq=4 ttl=64 time=0.182 ms 64 bytes from 192.168.0.103: icmp_seq=5 ttl=64 time=0.207 ms 64 bytes from 192.168.0.103: icmp_seq=6 ttl=64 time=0.157 ms ^C --- 192.168.0.103 ping statistics --- 6 packets transmitted, 6 received, 0% packet loss, time 5099ms rtt min/avg/max/mdev = 0.156/0.178/0.207/0.023 ms
Hakanan zaka iya gaya wa ping ya fita bayan ƙayyadadden adadin fakiti na ECHO_REQUEST, ta amfani da tutar -c kamar yadda aka nuna.
$ ping -c 4 192.168.0.103 PING 192.168.0.103 (192.168.0.103) 56(84) bytes of data. 64 bytes from 192.168.0.103: icmp_seq=1 ttl=64 time=1.09 ms 64 bytes from 192.168.0.103: icmp_seq=2 ttl=64 time=0.157 ms 64 bytes from 192.168.0.103: icmp_seq=3 ttl=64 time=0.163 ms 64 bytes from 192.168.0.103: icmp_seq=4 ttl=64 time=0.190 ms --- 192.168.0.103 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3029ms rtt min/avg/max/mdev = 0.157/0.402/1.098/0.402 ms
Traceroute shine mai amfani da layin umarni don gano cikakken hanya daga tsarin gida zuwa wani tsarin hanyar sadarwa. Yana buga adadin hops (na'ura mai ba da hanya tsakanin hanyoyin sadarwa) a wannan hanyar da kuke tafiya don isa uwar garken ƙarshe. Abu ne mai sauƙin amfani don warware matsalar hanyar sadarwa mai amfani bayan umarnin ping.
A cikin wannan misalin, muna bin diddigin fakitin hanyoyin da ake ɗauka daga tsarin gida zuwa ɗaya daga cikin sabar Google tare da adireshin IP 216.58.204.46.
$ traceroute 216.58.204.46 traceroute to 216.58.204.46 (216.58.204.46), 30 hops max, 60 byte packets 1 gateway (192.168.0.1) 0.487 ms 0.277 ms 0.269 ms 2 5.5.5.215 (5.5.5.215) 1.846 ms 1.631 ms 1.553 ms 3 * * * 4 72.14.194.226 (72.14.194.226) 3.762 ms 3.683 ms 3.577 ms 5 108.170.248.179 (108.170.248.179) 4.666 ms 108.170.248.162 (108.170.248.162) 4.869 ms 108.170.248.194 (108.170.248.194) 4.245 ms 6 72.14.235.133 (72.14.235.133) 72.443 ms 209.85.241.175 (209.85.241.175) 62.738 ms 72.14.235.133 (72.14.235.133) 65.809 ms 7 66.249.94.140 (66.249.94.140) 128.726 ms 127.506 ms 209.85.248.5 (209.85.248.5) 127.330 ms 8 74.125.251.181 (74.125.251.181) 127.219 ms 108.170.236.124 (108.170.236.124) 212.544 ms 74.125.251.181 (74.125.251.181) 127.249 ms 9 216.239.49.134 (216.239.49.134) 236.906 ms 209.85.242.80 (209.85.242.80) 254.810 ms 254.735 ms 10 209.85.251.138 (209.85.251.138) 252.002 ms 216.239.43.227 (216.239.43.227) 251.975 ms 209.85.242.80 (209.85.242.80) 236.343 ms 11 216.239.43.227 (216.239.43.227) 251.452 ms 72.14.234.8 (72.14.234.8) 279.650 ms 277.492 ms 12 209.85.250.9 (209.85.250.9) 274.521 ms 274.450 ms 209.85.253.249 (209.85.253.249) 270.558 ms 13 209.85.250.9 (209.85.250.9) 269.147 ms 209.85.254.244 (209.85.254.244) 347.046 ms 209.85.250.9 (209.85.250.9) 285.265 ms 14 64.233.175.112 (64.233.175.112) 344.852 ms 216.239.57.236 (216.239.57.236) 343.786 ms 64.233.175.112 (64.233.175.112) 345.273 ms 15 108.170.246.129 (108.170.246.129) 345.054 ms 345.342 ms 64.233.175.112 (64.233.175.112) 343.706 ms 16 108.170.238.119 (108.170.238.119) 345.610 ms 108.170.246.161 (108.170.246.161) 344.726 ms 108.170.238.117 (108.170.238.117) 345.536 ms 17 lhr25s12-in-f46.1e100.net (216.58.204.46) 345.382 ms 345.031 ms 344.884 ms
MTR kayan aikin bincike ne na layin umarni na zamani wanda ya haɗu da aikin ping da traceroute cikin kayan aikin bincike guda ɗaya. Ana sabunta fitowar sa a ainihin-lokaci, ta tsohuwa har sai kun fita daga shirin ta latsa q
.
Hanya mafi sauƙi na tafiyar da mtr ita ce samar da sunan mai masauki ko adireshin IP a matsayin hujja, kamar haka.
$ mtr google.com OR $ mtr 216.58.223.78
linux-console.net (0.0.0.0) Thu Jul 12 08:58:27 2018 First TTL: 1 Host Loss% Snt Last Avg Best Wrst StDev 1. 192.168.0.1 0.0% 41 0.5 0.6 0.4 1.7 0.2 2. 5.5.5.215 0.0% 40 1.9 1.5 0.8 7.3 1.0 3. 209.snat-111-91-120.hns.net.in 23.1% 40 1.9 2.7 1.7 10.5 1.6 4. 72.14.194.226 0.0% 40 89.1 5.2 2.2 89.1 13.7 5. 108.170.248.193 0.0% 40 3.0 4.1 2.4 52.4 7.8 6. 108.170.237.43 0.0% 40 2.9 5.3 2.5 94.1 14.4 7. bom07s10-in-f174.1e100.net 0.0% 40 2.6 6.7 2.3 79.7 16.
Kuna iya iyakance adadin pings zuwa takamaiman ƙima kuma ku fita mtr bayan waɗannan pings, ta amfani da alamar -c
kamar yadda aka nuna.
$ mtr -c 4 google.com
Hanyar hanya ce mai amfani da layin umarni don nunawa ko sarrafa tebur ɗin tuƙin IP na tsarin Linux. Ana amfani da shi musamman don saita tsayayyen hanyoyi zuwa takamaiman runduna ko cibiyoyin sadarwa ta hanyar sadarwa.
Kuna iya duba tebur na Kernel IP ta hanyar bugawa.
$ route Destination Gateway Genmask Flags Metric Ref Use Iface default gateway 0.0.0.0 UG 100 0 0 enp0s3 192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
Akwai umarni da yawa da za ku iya amfani da su don saita hanyar sadarwa. Ga wasu masu amfani:
Ƙara tsohowar ƙofa zuwa teburin tuƙi.
$ sudo route add default gw <gateway-ip>
Ƙara hanyar sadarwa zuwa tebur mai tuƙi.
$ sudo route add -net <network ip/cidr> gw <gateway ip> <interface>
Share takamammen shigarwar hanya daga tebur mai tuƙi.
$ sudo route del -net <network ip/cidr>
Nmcli abu ne mai sauƙin amfani, kayan aikin layin umarni na rubutu don ba da rahoton matsayin cibiyar sadarwa, sarrafa haɗin yanar gizo, da sarrafa NetworkManager.
Don duba duk na'urorin sadarwar ku, rubuta.
$ nmcli dev status DEVICE TYPE STATE CONNECTION virbr0 bridge connected virbr0 enp0s3 ethernet connected Wired connection 1
Don bincika haɗin yanar gizo akan tsarin ku, rubuta.
$ nmcli con show Wired connection 1 bc3638ff-205a-3bbb-8845-5a4b0f7eef91 802-3-ethernet enp0s3 virbr0 00f5d53e-fd51-41d3-b069-bdfd2dde062b bridge virbr0
Don ganin hanyoyin haɗin kai kawai, ƙara alamar -a
.
$ nmcli con show -a
Kayan aikin Binciken Yanar Gizo da Ayyukan Bincike
netstat kayan aiki ne na layin umarni wanda ke nuna bayanai masu fa'ida kamar haɗin yanar gizo, tebur na tuƙi, ƙididdiga masu dubawa, da ƙari mai yawa, dangane da tsarin sadarwar Linux. Yana da amfani don magance matsalar hanyar sadarwa da nazarin ayyuka.
Bugu da ƙari, shi ma kayan aiki ne na ɓoyayyen sabis na cibiyar sadarwa da ake amfani da shi don bincika waɗanne shirye-shirye ne ke sauraron waɗanne tashoshin jiragen ruwa. Misali, umarni mai zuwa zai nuna duk tashoshin jiragen ruwa na TCP a yanayin sauraro da kuma irin shirye-shiryen da ke saurare a kansu.
$ sudo netstat -tnlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 1257/master tcp 0 0 127.0.0.1:5003 0.0.0.0:* LISTEN 1/systemd tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 1015/dovecot tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 1015/dovecot tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd tcp 0 0 0.0.0.0:465 0.0.0.0:* LISTEN 1257/master tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 1404/pdns_server tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 1064/pure-ftpd (SER tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 972/sshd tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 975/cupsd tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1257/master tcp 0 0 0.0.0.0:8090 0.0.0.0:* LISTEN 636/lscpd (lscpd - tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 1015/dovecot tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 1015/dovecot tcp6 0 0 :::3306 :::* LISTEN 1053/mysqld tcp6 0 0 :::3307 :::* LISTEN 1211/mysqld tcp6 0 0 :::587 :::* LISTEN 1257/master tcp6 0 0 :::110 :::* LISTEN 1015/dovecot tcp6 0 0 :::143 :::* LISTEN 1015/dovecot tcp6 0 0 :::111 :::* LISTEN 1/systemd tcp6 0 0 :::80 :::* LISTEN 990/httpd tcp6 0 0 :::465 :::* LISTEN 1257/master tcp6 0 0 :::53 :::* LISTEN 1404/pdns_server tcp6 0 0 :::21 :::* LISTEN 1064/pure-ftpd (SER tcp6 0 0 :::22 :::* LISTEN 972/sshd tcp6 0 0 ::1:631 :::* LISTEN 975/cupsd tcp6 0 0 :::25 :::* LISTEN 1257/master tcp6 0 0 :::993 :::* LISTEN 1015/dovecot tcp6 0 0 :::995 :::* LISTEN 1015/dovecot
Don duba tebur na kwaya, yi amfani da tutar -r
(wanda yayi daidai da gudanar da umarnin hanya a sama).
$ netstat -r Destination Gateway Genmask Flags MSS Window irtt Iface default gateway 0.0.0.0 UG 0 0 0 enp0s3 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 enp0s3 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
Lura: Ko da yake Netstat babban kayan aiki ne, yanzu ya ƙare (wanda ba a gama ba), maye gurbinsa shine umarnin ss wanda aka bayyana a ƙasa.
ss (ƙididdigar soket) babban mai amfani da layin umarni ne don bincika kwasfa. Yana zubar da kididdigar soket kuma yana nuna bayanai kama da netstat. Bugu da ƙari, yana nuna ƙarin TCP da bayanan jihar idan aka kwatanta da sauran kayan aiki iri ɗaya.
Misali mai zuwa yana nuna yadda ake lissafin duk tashoshin jiragen ruwa na TCP (sockets) waɗanda ke buɗe akan sabar.
$ ss -ta State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 100 *:submission *:* LISTEN 0 128 127.0.0.1:fmpro-internal *:* LISTEN 0 100 *:pop3 *:* LISTEN 0 100 *:imap *:* LISTEN 0 128 *:sunrpc *:* LISTEN 0 100 *:urd *:* LISTEN 0 128 *:domain *:* LISTEN 0 9 *:ftp *:* LISTEN 0 128 *:ssh *:* LISTEN 0 128 127.0.0.1:ipp *:* LISTEN 0 100 *:smtp *:* LISTEN 0 128 *:8090 *:* LISTEN 0 100 *:imaps *:* LISTEN 0 100 *:pop3s *:* ESTAB 0 0 192.168.0.104:ssh 192.168.0.103:36398 ESTAB 0 0 127.0.0.1:34642 127.0.0.1:opsession-prxy ESTAB 0 0 127.0.0.1:34638 127.0.0.1:opsession-prxy ESTAB 0 0 127.0.0.1:34644 127.0.0.1:opsession-prxy ESTAB 0 0 127.0.0.1:34640 127.0.0.1:opsession-prxy LISTEN 0 80 :::mysql :::* ...
Don nuna duk haɗin TCP masu aiki tare da masu ƙidayar lokaci, gudanar da umarni mai zuwa.
$ ss -to
NC (NetCat) kuma ana kiranta da Network Swiss Army wuka, kayan aiki ne mai ƙarfi da ake amfani da shi don kusan kowane aiki da ya shafi TCP, UDP, ko UNIX-domain sockets. Ana amfani da shi don buɗe haɗin TCP, sauraron TCP na sabani. da tashoshin jiragen ruwa na UDP, yin binciken tashar jiragen ruwa da ƙari.
Hakanan zaka iya amfani da shi azaman wakili na TCP mai sauƙi, don gwajin daemon cibiyar sadarwa, don bincika idan ana iya isa ga tashar jiragen ruwa mai nisa, da ƙari mai yawa. Bugu da ƙari, zaku iya amfani da nc tare da umarnin pv don canja wurin fayiloli tsakanin kwamfutoci biyu.
[Za ku iya kuma so: 8 Netcat (nc) Umurni tare da Misalai]
Misali mai zuwa zai nuna yadda ake duba jerin tashoshin jiragen ruwa.
$ nc -zv server2.tecmint.lan 21 22 80 443 3000
Hakanan zaka iya ƙayyade kewayon tashoshin jiragen ruwa kamar yadda aka nuna.
$ nc -zv server2.tecmint.lan 20-90
Misali mai zuwa yana nuna yadda ake amfani da nc don buɗe haɗin TCP zuwa tashar jiragen ruwa 5000 akan uwar garken2.tecmint.lan, ta amfani da tashar jiragen ruwa 3000 azaman tashar tashar tushe, tare da ƙarewar daƙiƙa 10.
$ nc -p 3000 -w 10 server2.tecmint.lan 5000
Nmap (Taswirar hanyar sadarwa) kayan aiki ne mai ƙarfi kuma mai matuƙar dacewa don tsarin Linux/masu gudanar da hanyar sadarwa. Ana amfani da shi don tattara bayanai game da runduna ɗaya ko bincika cibiyoyin sadarwa gaba ɗaya. Hakanan ana amfani da Nmap don yin sikanin tsaro, bincike na hanyar sadarwa da nemo buɗaɗɗen tashoshin jiragen ruwa akan runduna masu nisa da sauransu.
Kuna iya bincika mai watsa shiri ta amfani da sunan mai masauki ko adireshin IP, alal misali.
$ nmap google.com Starting Nmap 6.40 ( http://nmap.org ) at 2018-07-12 09:23 BST Nmap scan report for google.com (172.217.166.78) Host is up (0.0036s latency). rDNS record for 172.217.166.78: bom05s15-in-f14.1e100.net Not shown: 998 filtered ports PORT STATE SERVICE 80/tcp open http 443/tcp open https Nmap done: 1 IP address (1 host up) scanned in 4.92 seconds
A madadin, yi amfani da adireshin IP kamar yadda aka nuna.
$ nmap 192.168.0.103 Starting Nmap 6.40 ( http://nmap.org ) at 2018-07-12 09:24 BST Nmap scan report for 192.168.0.103 Host is up (0.000051s latency). Not shown: 994 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 902/tcp open iss-realsecure 4242/tcp open vrml-multi-use 5900/tcp open vnc 8080/tcp open http-proxy MAC Address: 28:D2:44:EB:BD:98 (Lcfc(hefei) Electronics Technology Co.) Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds
Karanta labaran mu masu amfani akan umarnin nmap.
Abubuwan Neman DNS
umarnin mai watsa shiri abu ne mai sauƙi don aiwatar da bincike na DNS, yana fassara sunayen masu watsa shiri zuwa adiresoshin IP kuma akasin haka.
$ host google.com google.com has address 172.217.166.78 google.com mail is handled by 20 alt1.aspmx.l.google.com. google.com mail is handled by 30 alt2.aspmx.l.google.com. google.com mail is handled by 40 alt3.aspmx.l.google.com. google.com mail is handled by 50 alt4.aspmx.l.google.com. google.com mail is handled by 10 aspmx.l.google.com.
dig (Groper information groper) kuma wani sauƙi ne na neman kayan aikin DNS, wanda ake amfani da shi don bincika bayanan da suka danganci DNS kamar A Record, CNAME, MX Record da sauransu, misali:
$ dig google.com ; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7 <<>> google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23083 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 14 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 72 IN A 172.217.166.78 ;; AUTHORITY SECTION: com. 13482 IN NS c.gtld-servers.net. com. 13482 IN NS d.gtld-servers.net. com. 13482 IN NS e.gtld-servers.net. com. 13482 IN NS f.gtld-servers.net. com. 13482 IN NS g.gtld-servers.net. com. 13482 IN NS h.gtld-servers.net. com. 13482 IN NS i.gtld-servers.net. com. 13482 IN NS j.gtld-servers.net. com. 13482 IN NS k.gtld-servers.net. com. 13482 IN NS l.gtld-servers.net. com. 13482 IN NS m.gtld-servers.net. com. 13482 IN NS a.gtld-servers.net. com. 13482 IN NS b.gtld-servers.net. ;; ADDITIONAL SECTION: a.gtld-servers.net. 81883 IN A 192.5.6.30 b.gtld-servers.net. 3999 IN A 192.33.14.30 c.gtld-servers.net. 14876 IN A 192.26.92.30 d.gtld-servers.net. 85172 IN A 192.31.80.30 e.gtld-servers.net. 95861 IN A 192.12.94.30 f.gtld-servers.net. 78471 IN A 192.35.51.30 g.gtld-servers.net. 5217 IN A 192.42.93.30 h.gtld-servers.net. 111531 IN A 192.54.112.30 i.gtld-servers.net. 93017 IN A 192.43.172.30 j.gtld-servers.net. 93542 IN A 192.48.79.30 k.gtld-servers.net. 107218 IN A 192.52.178.30 l.gtld-servers.net. 6280 IN A 192.41.162.30 m.gtld-servers.net. 2689 IN A 192.55.83.30 ;; Query time: 4 msec ;; SERVER: 192.168.0.1#53(192.168.0.1) ;; WHEN: Thu Jul 12 09:30:57 BST 2018 ;; MSG SIZE rcvd: 487
Nslookup kuma sanannen mai amfani-layin umarni ne don neman sabar DNS duka ta hanyar mu'amala da kuma ba tare da mu'amala ba. Ana amfani da shi don bincika bayanan albarkatun DNS (RR). Kuna iya nemo rikodin \A (adireshin IP) na yanki kamar yadda aka nuna.
$ nslookup google.com Server: 192.168.0.1 Address: 192.168.0.1#53 Non-authoritative answer: Name: google.com Address: 172.217.166.78
Hakanan zaka iya yin binciken yankin baya kamar yadda aka nuna.
$ nslookup 216.58.208.174 Server: 192.168.0.1 Address: 192.168.0.1#53 Non-authoritative answer: 174.208.58.216.in-addr.arpa name = lhr25s09-in-f14.1e100.net. 174.208.58.216.in-addr.arpa name = lhr25s09-in-f174.1e100.net. Authoritative answers can be found from: in-addr.arpa nameserver = e.in-addr-servers.arpa. in-addr.arpa nameserver = f.in-addr-servers.arpa. in-addr.arpa nameserver = a.in-addr-servers.arpa. in-addr.arpa nameserver = b.in-addr-servers.arpa. in-addr.arpa nameserver = c.in-addr-servers.arpa. in-addr.arpa nameserver = d.in-addr-servers.arpa. a.in-addr-servers.arpa internet address = 199.180.182.53 b.in-addr-servers.arpa internet address = 199.253.183.183 c.in-addr-servers.arpa internet address = 196.216.169.10 d.in-addr-servers.arpa internet address = 200.10.60.53 e.in-addr-servers.arpa internet address = 203.119.86.101 f.in-addr-servers.arpa internet address = 193.0.9.1
Linux Network Packet Analyzers
Tcpdump ne mai ƙarfi sosai kuma ana amfani da shi a ko'ina. Ana amfani da shi don kamawa da bincika fakitin TCP/IP da aka watsa ko karɓa akan hanyar sadarwa akan ƙayyadaddun keɓancewa.
Don ɗaukar fakiti daga mahaɗin da aka bayar, saka shi ta amfani da zaɓin -i
.
$ tcpdump -i eth1 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes 09:35:40.287439 IP linux-console.net.ssh > 192.168.0.103.36398: Flags [P.], seq 4152360356:4152360552, ack 306922699, win 270, options [nop,nop,TS val 2211778668 ecr 2019055], length 196 09:35:40.287655 IP 192.168.0.103.36398 > linux-console.net.ssh: Flags [.], ack 196, win 5202, options [nop,nop,TS val 2019058 ecr 2211778668], length 0 09:35:40.288269 IP linux-console.net.54899 > gateway.domain: 43760+ PTR? 103.0.168.192.in-addr.arpa. (44) 09:35:40.333763 IP gateway.domain > linux-console.net.54899: 43760 NXDomain* 0/1/0 (94) 09:35:40.335311 IP linux-console.net.52036 > gateway.domain: 44289+ PTR? 1.0.168.192.in-addr.arpa. (42)
Don ɗaukar takamaiman adadin fakiti, yi amfani da zaɓin -c
don shigar da lambar da ake so.
$ tcpdump -c 5 -i eth1
Hakanan zaka iya ɗauka da adana fakiti zuwa fayil don bincike na gaba, yi amfani da alamar -w
don tantance fayil ɗin fitarwa.
$ tcpdump -w captured.pacs -i eth1
Wireshark sanannen ne, mai ƙarfi, mai sauƙin amfani, kuma kayan aiki mai sauƙin amfani don ɗauka da nazarin fakiti a cikin hanyar sadarwar fakiti, a cikin ainihin lokaci.
Hakanan zaka iya ajiye bayanan da aka kama zuwa fayil don dubawa na gaba. Masu gudanar da tsarin da injiniyoyin cibiyar sadarwa ke amfani da shi don saka idanu da duba fakitin don dalilai na tsaro da warware matsalar.
bmon mai ƙarfi ne, sa ido kan hanyar sadarwa na tushen umarni da mai amfani da gyara kurakurai don tsarin Unix-kamar, yana ɗaukar ƙididdiga masu alaƙa da hanyar sadarwa kuma yana buga su a gani a cikin tsarin abokantaka na ɗan adam. Abin dogara ne kuma mai inganci na ainihin lokacin bandwidth mai saka idanu da ƙididdige ƙima.
Kayan aikin Gudanarwar Firewall Linux
iptables kayan aiki ne na layin umarni don daidaitawa, kiyayewa, da kuma duba teburin tace fakitin IP da ka'idojin NAT. Ana amfani da shi don saitawa da sarrafa Tacewar wuta ta Linux (Netfilter). Yana ba ku damar lissafin dokokin tace fakitin da ke akwai; ƙara ko share ko gyara dokokin tace fakiti; jeri lissafin kowace-ka'ida na dokokin tace fakiti.
Kuna iya koyon yadda ake amfani da Iptables don dalilai daban-daban daga jagororin mu masu sauƙi amma cikakkun bayanai.
Firewalld mai ƙarfi ne mai ƙarfi daemon don sarrafa tacewar ta Linux (Netfilter), kamar iptables. Yana amfani da shiyoyin cibiyoyin sadarwa maimakon INPUT, OUTPUT, da FORWARD CHAINS a cikin iptables. A kan rarrabawar Linux na yanzu kamar RHEL/CentOS 7 da Fedora 21+, iptables ana maye gurbinsu da wuta.
Don farawa da Firewalld, tuntuɓi waɗannan jagororin da aka jera a ƙasa:
Muhimmi: Har yanzu ana goyan bayan Iptables kuma ana iya shigar dashi tare da manajan fakitin YUM. Koyaya, ba za ku iya amfani da Firewalld da iptables a lokaci ɗaya akan sabar iri ɗaya ba - dole ne ku zaɓi ɗaya.
UFW sananne ne kuma tsoho kayan aikin daidaitawar wuta akan rarrabawar Debian da Ubuntu Linux. Ana amfani da shi don kunna/kashe tsarin Tacewar zaɓi, ƙara/share/gyara/sake saita dokokin tace fakiti, da ƙari mai yawa.
Don duba halin Firewall UFW, rubuta.
$ sudo ufw status
Idan UFW Tacewar zaɓi ba ta aiki, zaku iya kunna ko kunna ta ta amfani da umarni mai zuwa.
$ sudo ufw enable
Don musaki UFW Tacewar zaɓi, yi amfani da umarni mai zuwa.
$ sudo ufw disable
Karanta labarinmu Yadda ake Saita Wutar Wuta ta UFW akan Ubuntu da Debian.
Idan kuna son samun ƙarin bayani game da wani shiri na musamman, kuna iya tuntuɓar shafukansa na mutum kamar yadda aka nuna.
$ man programs_name
Wannan ke nan a yanzu! A cikin wannan cikakkiyar jagorar, mun sake nazarin wasu kayan aikin layin umarni da aka fi amfani da su don gudanar da hanyar sadarwa a cikin Linux, ƙarƙashin nau'ikan daban-daban, don masu gudanar da tsarin, kuma daidai da amfani ga masu gudanar da hanyar sadarwa na cikakken lokaci/injiniyoyi.
Kuna iya raba ra'ayoyinku game da wannan jagorar ta hanyar sharhin da ke ƙasa. Idan mun rasa wasu kayan aikin sadarwar Linux akai-akai akai-akai da mahimman kayan aikin sadarwar Linux ko duk wani bayani mai alaƙa, kuma bari mu sani.