Nasihu 10 kan Yadda Ake Amfani da Wireshark don Nazarin fakiti a cikin hanyar sadarwar ku
A kowace hanyar sadarwar da aka sauya, fakitoci suna wakiltar rukunin bayanan da ake watsawa tsakanin kwamfutoci. Nauyin injiniyoyin cibiyar sadarwa ne da masu gudanar da tsarin daidai su saka idanu da bincika fakiti don dalilai na tsaro da matsala.
Don yin wannan, sun dogara da shirye-shiryen software da ake kira saka idanu akan lokaci-lokaci, amma kuma don adana shi zuwa fayil don dubawa daga baya.
Shafi na Karanta: Mafi kyawun Kayan aikin Kula da bandwidth na Linux don Nazarin Amfani da hanyar sadarwa
A cikin wannan labarin, za mu raba shawarwari 10 kan yadda za a yi amfani da Wireshark don bincika fakiti a cikin hanyar sadarwar ku kuma fatan cewa lokacin da kuka isa sashin Takaitawa za ku ji daɗin ƙara shi zuwa alamun alamunku.
Shigar da Wireshark a cikin Linux
Don shigar da Wireshark, zaɓi mai sakawa dama don tsarin aikin ku/gine-gine daga https://www.wireshark.org/download.html.
Musamman, idan kuna amfani da Linux, Wireshark dole ne ya kasance kai tsaye daga rumbun ajiyar ku don rarrabawa sauƙaƙa a cikin sauƙi. Kodayake sigogin na iya banbanta, zaɓuɓɓuka da menus ya kamata suyi kama - idan ba iri ɗaya bane a kowane ɗayan.
------------ On Debian/Ubuntu based Distros ------------ $ sudo apt-get install wireshark ------------ On CentOS/RHEL based Distros ------------ $ sudo yum install wireshark ------------ On Fedora 22+ Releases ------------ $ sudo dnf install wireshark
Akwai sanannen kwaro a cikin Debian da abubuwan banbanci waɗanda zasu iya hana lissafin hanyoyin sadarwar yanar gizo sai dai idan ku wannan post ɗin.
Da zarar Wireshark yana gudana, zaka iya zaɓar keɓaɓɓen hanyar sadarwar da kake son saka idanu a ƙarƙashin Kama:
A cikin wannan labarin, zamuyi amfani da eth0 , amma zaku iya zaɓar wani idan kuna so. Kar a latsa kan aikin har yanzu - za mu yi hakan nan gaba da zarar mun sake nazarin wasu zaɓuɓɓukan kamawa.
Zaɓuɓɓukan kamawa mafi amfani waɗanda zamu bincika sune:
- Hanyar sadarwar sadarwa - Kamar yadda muka yi bayani a baya, kawai zamu bincika fakiti ne da ke zuwa ta hanyar amfani da layi0, ko mai shigowa ko mai zuwa.
- Kama matattara - Wannan zaɓin yana ba mu damar nuna irin zirga-zirgar da muke so mu saka idanu ta tashar jiragen ruwa, yarjejeniya, ko nau'in.
Kafin mu ci gaba da nasihu, yana da mahimmanci a lura cewa wasu kungiyoyi sun hana amfani da Wireshark a hanyoyin sadarwar su. Wancan ya ce, idan baku amfani da Wireshark don dalilai na kanku ku tabbata cewa ƙungiyarku ta ba da izinin amfani da ita.
A halin yanzu, kawai zaɓi eth0 daga jerin jerin abubuwa kuma danna Fara a maɓallin. Za ku fara ganin duk zirga-zirgar wucewa ta wannan hanyar. Ba shi da amfani sosai ga dalilai na saka idanu saboda yawan fakiti da aka bincika, amma farawa ne.
A cikin hoton da ke sama, za mu iya ganin gumakan don lissafa wadatattun hanyoyin, don dakatar da kamawar yanzu, da sake kunna ta (akwatin ja a hagu) da kuma daidaitawa da shirya tacewa (jan akwatin a dama). Lokacin da kake shawagi a kan ɗayan waɗannan gumakan, za a nuna kayan aikin don nuna abin da ta yi.
Zamu fara da kwatanta zabin kamawa, yayin da nasihu # 7 zuwa # 10 zasu tattauna yadda za ayi ainihin aikata wani abu mai amfani tare da kamawa.
Tukwici # 1 - Duba HTTP Traffic
Rubuta http a cikin akwatin matattara kuma danna Aiwatar. Kaddamar da burauzarku kuma je kowane rukunin yanar gizon da kuke so:
Don fara kowane tukwici na gaba, dakatar da ɗaukar hoto kai tsaye da shirya tace abun kamawa.
Tip # 2 - Bincika HTTP Traffic daga Adireshin IP ɗin da Aka Ba
A cikin wannan takamaiman bayanin, za mu sanya ip == 192.168.0.10 && zuwa matattarar matattara don sa ido kan zirga-zirgar HTTP tsakanin kwamfutar cikin gida da 192.168.0.10:
Tip # 3 - Duba HTTP Traffic zuwa Adireshin IP ɗin da Aka Ba
Kusa da alaƙa da # 2, a wannan yanayin, za mu yi amfani da ip.dst a matsayin ɓangare na matattarar kama kamar haka:
ip.dst==192.168.0.10&&http
Don haɗa nasihu # 2 da # 3, zaku iya amfani da ip.addr a cikin dokar tacewa maimakon ip.src ko ip.dst .
Tip # 4 - Kula da Apache da MySQL Hanyar Hanyar Sadarwa
Wasu lokuta kuna da sha'awar bincika zirga-zirgar da ta dace da (ko duka) yanayin komai. Misali, don lura da zirga-zirga a tashar TCP 80 (webserver) da 3306 (uwar garken bayanan MySQL/MariaDB), zaku iya amfani da yanayin OR a cikin matatar mai ɗaukar hoto:
tcp.port==80||tcp.port==3306
A cikin nasihu # 2 da # 3, || da kalmar ko samar da sakamako iri daya. Yayi daidai da && da kalmar kuma.
Tip # 5 - Amince da fakiti ga adireshin IP ɗin da aka ba
Don keɓe fakiti waɗanda basu dace da dokar tacewa ba, yi amfani da ! sannan a haɗa dokar a cikin maganan. Misali, don ware fakitin da suka samo asali daga ko ake jagorantar su zuwa adireshin IP ɗin da aka bayar, zaka iya amfani da:
!(ip.addr == 192.168.0.10)
Tukwici # 6 - Kula da Hanyoyin Sadarwar Yankin Gida (192.168.0.0/24)
Dokar tace mai zuwa zata nuna zirga-zirgar gida ne kawai tare da ware fakitoci masu zuwa da zuwa daga Intanet:
ip.src==192.168.0.0/24 and ip.dst==192.168.0.0/24
Tip # 7 - Kula da Abubuwan Tattaunawar TCP
Don bincika abubuwan tattaunawar TCP (musayar bayanai), danna-dama akan fakiti da aka ba kuma zaɓi Bi rafin TCP. Wani taga zai tashi tare da abun tattaunawar.
Wannan zai hada da taken HTTP idan muna binciken zirga-zirgar yanar gizo, da kuma duk wata takaddun shaidar rubutu bayyananniya da aka watsa yayin aiwatar idan akwai.
Tukwici # 8 - Shirya Dokokin Launin launi
Zuwa yanzu na tabbata kun riga kun lura cewa kowane layi a cikin taga kamarsa yana da launi. Ta hanyar tsoho, zirga-zirgar HTTP tana bayyana a cikin koren bango tare da rubutu baƙar fata, yayin da ake nuna kurakurai na checksum a cikin jan rubutu tare da baƙar fata.
Idan kuna son canza waɗannan saitunan, danna gunkin rulesa'idodin dokokin canza launi, zaɓi matattarar da aka ba, kuma latsa Shirya.
Tukwici # 9 - Ajiye Kama zuwa Fayil
Ajiye abubuwan kamawa zai ba mu damar iya bincika shi da cikakken bayani. Don yin wannan, je zuwa Fayil → Fitarwa kuma zaɓi tsarin fitarwa daga jerin:
Tukwici # 10 - Yi aiki tare da ptaukan Samfura
Idan kuna tunanin cibiyar sadarwar ku "" mara dadi ", Wireshark yana ba da jerin fayilolin kama kama waɗanda za ku iya amfani da su don koyarwa da koya. Za ku iya zazzage waɗannan SampleCaptures ɗin ku shigo da su ta hanyar menu menu Shigo da menu.
Wireshark kyauta ce kuma budaddiyar masarrafar buɗewa, kamar yadda zaku iya gani a cikin ɓangarorin tambayoyin FAQ na gidan yanar gizon hukuma. Kuna iya saita matattar kamawa ko kafin ko bayan fara dubawa.
Idan baku lura ba, matatar tana da cikakkiyar sifa wacce za ta ba ku damar sauƙin bincika zaɓuɓɓukan da aka yi amfani da su da za ku iya siffanta su daga baya. Tare da wannan, sama ita ce iyaka!
Kamar koyaushe, kada ku yi jinkirin jefa mana layi ta amfani da fom ɗin yin sharhi a ƙasa idan kuna da wasu tambayoyi ko abubuwan lura game da wannan labarin.