ngrep - Itupalẹ Apo Nẹtiwọọki kan fun Lainos

Ngrep (grep nẹtiwọọki) jẹ itupalẹ apo-iwe netiwọki ti o rọrun sibẹsibẹ lagbara. O jẹ ohun elo-bi-epo ti a loo si fẹlẹfẹlẹ nẹtiwọọki - o baamu ijabọ ti o kọja lori wiwo nẹtiwọọki kan. O fun ọ laaye lati ṣalaye deede ti o gbooro sii tabi ikasi hexadecimal lati baamu lodi si awọn isanwo data (alaye gangan tabi ifiranṣẹ ni data ti a firanṣẹ, ṣugbọn kii ṣe metadata ti ipilẹṣẹ laifọwọyi) ti awọn apo-iwe.

Ọpa yii n ṣiṣẹ pẹlu awọn oriṣiriṣi awọn ilana, pẹlu IPv4/6, TCP, UDP, ICMPv4/6, IGMP ati Raw lori nọmba awọn atọkun. O n ṣiṣẹ ni aṣa kanna bi ohun elo imun oorun tcpdump packet.

Apoti ngrep wa lati fi sori ẹrọ lati awọn ibi ipamọ eto aiyipada ni awọn pinpin kaakiri Linux nipa lilo irinṣẹ iṣakoso package bi o ti han.

$ sudo apt install ngrep
$ sudo yum install ngrep
$ sudo dnf install ngrep

Lẹhin fifi ngrep sii, o le bẹrẹ itupalẹ ijabọ lori nẹtiwọọki Linux rẹ nipa lilo awọn apẹẹrẹ atẹle.

1. Aṣẹ atẹle yoo ṣe iranlọwọ fun ọ lati baamu gbogbo awọn ibeere ping lori wiwo iṣẹ ṣiṣe aiyipada. O nilo lati ṣii ebute miiran ki o gbiyanju lati ping ẹrọ miiran latọna jijin. Flag -q sọ fun ngrep lati ṣiṣẹ laiparuwo, lati ma ṣe jade eyikeyi alaye miiran ju awọn akọle akopọ ati awọn isanwo isanwo wọn.

$ sudo ngrep -q '.' 'icmp'

interface: enp0s3 (192.168.0.0/255.255.255.0)
filter: ( icmp ) and ((ip || ip6) || (vlan && (ip || ip6)))
match: .

I 192.168.0.104 -> 192.168.0.103 8:0
  ]...~oG[....j....................... !"#$%&'()*+,-./01234567                                                                                                             

I 192.168.0.103 -> 192.168.0.104 0:0
  ]...~oG[....j....................... !"#$%&'()*+,-./01234567                                                                                                             

I 192.168.0.104 -> 192.168.0.103 8:0
  ]....oG[............................ !"#$%&'()*+,-./01234567                                                                                                             

I 192.168.0.103 -> 192.168.0.104 0:0
  ]....oG[............................ !"#$%&'()*+,-./01234567  

O le tẹ Ctrl + C lati fopin si.

2. Lati baamu ijabọ nikan ti n lọ si aaye ibi-ajo kan pato, fun apẹẹrẹ ‘google.com’, ṣiṣe aṣẹ wọnyi, lẹhinna gbiyanju lati wọle si i lati ẹrọ lilọ kiri ayelujara kan.

$ sudo ngrep -q '.' 'host google.com'

interface: enp0s3 (192.168.0.0/255.255.255.0)
filter: ( host google.com ) and ((ip || ip6) || (vlan && (ip || ip6)))
match: .

T 172.217.160.174:443 -> 192.168.0.103:54008 [AP]
  ..................;.(...RZr..$....s=..l.Q+R.U..4..g.j..I,.l..:{y.a,....C{5>[email                                                                        

T 172.217.160.174:443 -> 192.168.0.103:54008 [AP]
  .............l.......!,0hJ....0.%F..!...l|.........PL..X...t..T.2DC..... ..y...~Y;[email 

3. Ti o ba n hiho wẹẹbu, lẹhinna ṣiṣe aṣẹ atẹle lati ṣe atẹle iru awọn faili ti aṣawakiri rẹ n bere :.

$ sudo ngrep -q '^GET .* HTTP/1.[01]'

interface: enp0s3 (192.168.0.0/255.255.255.0)
filter: ((ip || ip6) || (vlan && (ip || ip6)))
match: ^GET .* HTTP/1.[01]

T 192.168.0.104:43040 -> 172.217.160.174:80 [AP]
  GET / HTTP/1.1..Host: google.com..User-Agent: Links (2.13; Linux 4.17.6-1.el7.elrepo.x86_64 x86_64; 
  GNU C 4.8.5; text)..Accept: */*..Accept-Language: en,*;q=0.1..Accept-
  Encoding: gzip, deflate, bzip2..Accept-Charset: us-ascii,ISO-8859-1,ISO-8859-2,ISO-8859-3,ISO-8859-4,
  ISO-8859-5,ISO-8859-6,ISO-8859-7,ISO-8859-8,ISO-8859-9,ISO-8859-10,I
  SO-8859-13,ISO-8859-14,ISO-8859-15,ISO-8859-16,windows-1250,windows-1251,windows-1252,windows-1256,
  windows-1257,cp437,cp737,cp850,cp852,cp866,x-cp866-u,x-mac,x-mac-ce,x-
  kam-cs,koi8-r,koi8-u,koi8-ru,TCVN-5712,VISCII,utf-8..Connection: keep-alive.... 

4. Lati wo gbogbo orisun irekọja iṣẹ tabi ibudo ibudo 25 (SMTP), ṣiṣe aṣẹ atẹle.

$ sudo ngrep port 25

5. Lati ṣetọju eyikeyi ijabọ syslog ti o da lori nẹtiwọọki fun iṣẹlẹ ti ọrọ\"aṣiṣe", lo aṣẹ atẹle.

 
$ sudo ngrep -d any 'error' port 514

Ni pataki, ọpa yii le yipada awọn orukọ ibudo iṣẹ ti a fipamọ sinu\"/ ati be be/awọn iṣẹ" (lori awọn eto irufẹ Unix bii Linux) si awọn nọmba ibudo. Aṣẹ yii jẹ deede si aṣẹ ti o wa loke.

$ sudo ngrep -d any 'error' port syslog

6. O tun le ṣiṣe ngrep lodi si olupin HTTP kan (ibudo 80), yoo baamu gbogbo awọn ibeere si agbalejo ti o nlo bi o ti han.

$ sudo ngrep port 80

interface: eth0 (64.90.164.72/255.255.255.252)
filter: ip and ( port 80 )
####
T 67.169.59.38:42167 -> 64.90.164.74:80 [AP]
  GET / HTTP/1.1..User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; X11; Linux i
  686) Opera 7.21  [en]..Host: www.darkridge.com..Accept: text/html, applicat
  ion/xml;q=0.9, application/xhtml+xml;q=0.9, image/png, image/jpeg, image/gi
  f, image/x-xbitmap, */*;q=0.1..Accept-Charset: iso-8859-1, utf-8, utf-16, *
  ;q=0.1..Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0..Cookie: SQ
  MSESSID=5272f9ae21c07eca4dfd75f9a3cda22e..Cookie2: $Version=1..Connection:
  Keep-Alive, TE..TE: deflate, gzip, chunked, identity, trailers....
##

Bi o ṣe le rii ninu iṣujade ti o wa loke gbogbo gbigbe awọn akọle HTTP ti han ni alaye gory wọn. O nira lati ṣe atunyẹwo botilẹjẹpe, nitorinaa jẹ ki a wo ohun ti o ṣẹlẹ nigbati o ba lo -W ipo atokọ.

$ sudo ngrep -W byline port 80

interface: eth0 (64.90.164.72/255.255.255.252)
filter: ip and ( port 80 )
####
T 67.169.59.38:42177 -> 64.90.164.74:80 [AP]
GET / HTTP/1.1.
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; X11; Linux i686) Opera ...
Host: www.darkridge.com.
Accept: text/html, application/xml;q=0.9, application/xhtml+xml;q=0.9 ...
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1.
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0.
Cookie: SQMSESSID=5272f9ae21c07eca4dfd75f9a3cda22e.
Cookie2: $Version=1.
Cache-Control: no-cache.
Connection: Keep-Alive, TE.
TE: deflate, gzip, chunked, identity, trailers.

7. Lati tẹ sita timestamp kan ni irisi YYYY/MM/DD HH: MM: SS.UUUUUU ni gbogbo igba ti apo kan baamu, lo asia -t.

$ sudo ngrep -t -W byline port 80

interface: enp0s3 (192.168.0.0/255.255.255.0)
filter: ( port 80 ) and ((ip || ip6) || (vlan && (ip || ip6)))
####
T 2018/07/12 16:33:19.348084 192.168.0.104:43048 -> 172.217.160.174:80 [AP]
GET / HTTP/1.1.
Host: google.com.
User-Agent: Links (2.13; Linux 4.17.6-1.el7.elrepo.x86_64 x86_64; GNU C 4.8.5; text).
Accept: */*.
Accept-Language: en,*;q=0.1.
Accept-Encoding: gzip, deflate, bzip2.
Accept-Charset: us-ascii,ISO-8859-1,ISO-8859-2,ISO-8859-3,ISO-8859-4,ISO-8859-5,utf-8.
Connection: keep-alive.

8. Lati yago fun fifi wiwo wa ni abojuto si ipo panṣaga (nibi ti o ti ṣe idiwọ ati kika apo-iwe nẹtiwọọki kọọkan ti o de ni gbogbo rẹ), ṣafikun Flag -p .

$ sudo ngrep -p -W byline port 80

9. Aṣayan pataki miiran ni -N eyiti o wulo ni ọran ti o n ṣakiyesi awọn ilana aise tabi aimọ. O sọ fun ngrep lati ṣe afihan nọmba ilana-ipin pẹlu idanimọ ohun kikọ nikan.

$ sudo ngrep -N -W byline

Fun alaye diẹ sii, wo oju-iwe eniyan ngrep.

$ man ngrep

ibi ipamọ Github ngrep: https://github.com/jpr5/ngrep

Gbogbo ẹ niyẹn! Ngrep (grep nẹtiwọọki) jẹ oluyanju soso nẹtiwọọki kan ti o loye ọgbọn idanimọ BPF ni aṣa tcpdump kanna. A yoo fẹ lati mọ awọn ero rẹ nipa ngrep ni apakan awọn ọrọ.