TCPflow - Nyochaa na Debug Traffic Network na Linux
TCPflow bụ n'efu, isi mmalite mepere emepe, ngwa ọrụ ahịrị iwu siri ike maka nyocha okporo ụzọ netwọkụ na sistemụ Unix dị ka Linux. Ọ na-ewepụta data enwetara ma ọ bụ bufee n'elu njikọ TCP, ma chekwaa ya na faịlụ maka nyocha ọzọ, n'ụdị bara uru nke na-enye ohere maka nyocha na nbipu.
Ọ bụ ngwa tcpdump dị ka ọ na-ahazi ngwugwu site na waya ma ọ bụ site na faịlụ echekwara. Ọ na-akwado otu okwu nzacha siri ike nke onye otu ya na-akwado. Naanị ihe dị iche bụ na tcpflow na-etinye ngwugwu TCP niile n'usoro ma na-achịkọta ọsọ ọ bụla na faịlụ dị iche (faịlụ maka ntụziaka ọ bụla) maka nyocha ọzọ.
Ntọala njirimara ya gụnyere sistemu nkwụnye dị elu maka imebi njikọ HTTP abịakọrọ, mebie koodu MIME, ma ọ bụ ịkpọku mmemme ndị ọzọ maka nhazi nhazi na ọtụtụ ndị ọzọ.
Enwere ọtụtụ ikpe maka tcpflow nke gụnyere ịghọta ngwungwu netwọkụ na-akwado ma na-akwado ịrụ ọrụ nyocha netwọkụ na ịkọwa ọdịnaya nke nnọkọ HTTP.
Otu esi etinye TCPflow na Linux Systems
TCPflow dị na ebe nchekwa gọọmentị nke nkesa GNU/Linux, ị nwere ike tinye ya site na iji njikwa ngwugwu gị dịka egosiri.
$ sudo apt install tcpflow #Debian/Ubuntu $ sudo yum install tcpflow #CentOS/RHEL $ sudo dnf install tcpflow #Fedora 22+
Mgbe ị wụnye tcpflow, ị nwere ike iji ihe ùgwù superuser mee ya, ma ọ bụghị jiri iwu sudo. Mara na ọ na-ege ntị na netwọkụ na-arụ ọrụ (dịka ọmụmaatụ enp0s3).
$ sudo tcpflow tcpflow: listening on enp0s3
Site na ndabara tcpflow na-echekwa data niile ewepụtara na faịlụ nwere aha n'ụdị (nke a nwere ike ịdị iche ma ọ bụrụ na ị na-eji ụfọdụ nhọrọ dị ka timestamp).
sourceip.sourceport-destip.destport 192.168.043.031.52920-216.058.210.034.00443
Ugbu a, ka anyị mee ndepụta ndekọ iji hụ ma ejidela tcp na faịlụ ọ bụla.
$ ls -1 total 20 -rw-r--r--. 1 root root 808 Sep 19 12:49 192.168.043.031.52920-216.058.210.034.00443 -rw-r--r--. 1 root root 59 Sep 19 12:49 216.058.210.034.00443-192.168.043.031.52920
Dị ka anyị kwuru na mbụ, a na-echekwa TCP ọ bụla na faịlụ nke ya. Site na mmepụta n'elu, ị nwere ike ịhụ na e nwere faịlụ transcript atọ, nke na-egosi tcpflow na ụzọ abụọ dị iche iche, ebe IP isi na faịlụ mbụ na ebe IP na-aga na faịlụ nke abụọ na ntụgharị.
Faịlụ mbụ 192.168.043.031.52920-216.058.210.034.00443 nwere data ebufere site na onye ọbịa 192.168.043.031 (onye na-ahụ maka mpaghara nke tcpflow na-agba ọsọ) site na ọdụ ụgbọ mmiri 52920, na-anabata 5382.1 site na ọdụ ụgbọ mmiri 5382.4.
Na faịlụ nke abụọ 216.058.210.034.00443-192.168.043.031.52920 nwere data ezitere site na onye ọbịa 216.058.210.034 (onye ọbịa dịpụrụ adịpụ) site na ọdụ ụgbọ mmiri 443 iji kwado 192.168.043.03 site na ọdụ ụgbọ mmiri 192.168.043.03 site na ọdụ ụgbọ mmiri 2.
Enwekwara akụkọ XML ewepụtara, nke nwere ozi gbasara mmemme dị ka otu esi achịkọta ya, yana kọmpụta ọ na-agba na ndekọ nke njikọ tcp ọ bụla.
Dịka ị chọpụtala, tcpflow na-echekwa faịlụ transcript dị na ndekọ dị ugbu a na ndabara. Nhọrọ -o nwere ike inyere gị aka ịkọwapụta ndekọ mmepụta ebe a ga-ede faịlụ transcript.
$ sudo tcpflow -o tcpflow_files $ sudo ls -l tcpflow_files total 32 -rw-r--r--. 1 root root 1665 Sep 19 12:56 157.240.016.035.00443-192.168.000.103.45986 -rw-r--r--. 1 root root 45 Sep 19 12:56 169.044.082.101.00443-192.168.000.103.55496 -rw-r--r--. 1 root root 2738 Sep 19 12:56 172.217.166.046.00443-192.168.000.103.39954 -rw-r--r--. 1 root root 68 Sep 19 12:56 192.168.000.102.00022-192.168.000.103.42436 -rw-r--r--. 1 root root 573 Sep 19 12:56 192.168.000.103.39954-172.217.166.046.00443 -rw-r--r--. 1 root root 4067 Sep 19 12:56 192.168.000.103.45986-157.240.016.035.00443 -rw-r--r--. 1 root root 38 Sep 19 12:56 192.168.000.103.55496-169.044.082.101.00443 -rw-r--r--. 1 root root 3159 Sep 19 12:56 report.xml
Ị nwekwara ike ibipụta ọdịnaya nke ngwugwu na stdout ka a na-enweta ya, na-enweghị echekwa data ọ bụla ewepụtara na faịlụ, na-eji ọkọlọtọ -c dị ka ndị a.
Iji nwalee nke a nke ọma, mepee ọnụ ụzọ nke abụọ wee mee ping, ma ọ bụ chọgharịa na ịntanetị. Ị ga-enwe ike ịhụ nkọwa ping ma ọ bụ nkọwa ihe nchọgharị gị nke tcpflow na-ejide.
$ sudo tcpflow -c
Ọ ga-ekwe omume ijide okporo ụzọ niile na ọdụ ụgbọ mmiri, dịka ọmụmaatụ ọdụ ụgbọ mmiri 80 (HTTP). N'ihe banyere okporo ụzọ HTTP, ị ga-enwe ike ịhụ ndị isi HTTP na-esote ọdịnaya niile dị na stdout ma ọ bụ n'otu faịlụ ma ọ bụrụ na ewepu -c mgba ọkụ.
$ sudo tcpflow port 80
Iji weghara ngwugwu site na otu interface netwọk, jiri ọkọlọtọ -i kọwaa aha interface.
$ sudo tcpflow -i eth0 port 80
Ịnwekwara ike ịkọwapụta onye nnabata lekwasịrị anya (ụkpụrụ anabatara bụ adreesị IP, aha nnabata ma ọ bụ ngalaba), dịka egosiri.
$ sudo tcpflow -c host 192.68.43.1 OR $ sudo tcpflow -c host www.google.com
Ị nwere ike mee nhazi niile site na iji ihe nyocha niile nwere ọkọlọtọ -a, nke a dakọtara na -e ihe niile.
$ sudo tcpflow -a OR $ sudo tcpflow -e all
Enwere ike ịgbalite nyocha ihe akọwapụtara; nyocha ndị dịnụ gụnyere md5, http, netviz, tcpdemux na wifiviz (gbaa tcpflow -H iji lelee ozi zuru ezu gbasara nyocha ọ bụla).
$ sudo tcpflow -e http OR $ sudo tcpflow -e md5 OR $ sudo tcpflow -e netviz OR $ sudo tcpflow -e tcpdemux OR $ sudo tcpflow -e wifiviz
Ihe atụ na-esonụ na-egosi otu esi eme nyocha niile ma e wezụga tcpdemux.
$ sudo tcpflow -a -x tcpdemux
TCPflow na-agbalịkarị itinye interface netwọk n'ime ọnọdụ ịkwa iko tupu iweghara ngwugwu. Ị nwere ike igbochi nke a site na iji ọkọlọtọ -p dị ka egosiri.
$ sudo tcpflow -p -i eth0
Iji gụọ ngwugwu sitere na faịlụ tcpdump pcap, jiri ọkọlọtọ -r.
$ sudo tcpflow -f file.pcap
Ị nwere ike mee ka ọnọdụ verbose jiri -v ma ọ bụ -d 10 nhọrọ.
$ sudo tcpflow -v OR $ sudo tcpflow -d 10
Ihe dị mkpa: Otu mmachi nke tcpflow bụ na, n'oge a, ọ naghị aghọta iberibe IP, ya mere, data ebutere dị ka akụkụ nke njikọ TCP nwere iberibe IP agaghị ejide nke ọma.
Maka ozi ndị ọzọ na nhọrọ ojiji, lee tcpflow man page.
$ man tcpflow
TCPflow Github ebe nchekwa: https://github.com/simsong/tcpflow
Nke ahụ bụ ihe niile ugbu a! TCPflow bụ onye na-edekọ ọsọ TCP dị ike nke bara uru maka ịghọta ngwungwu netwọkụ na-arụ ọrụ nyocha netwọkụ, yana ọtụtụ ndị ọzọ. Gbalịa ya wee kesaa echiche gị gbasara ya na nkwupụta.