黑客知识之Sniffer、黑客和网络管理

  .h.RT*.洲..E. 00 90 ab c0 68 00 52 54 ab 15 d6 de 08 00 45 00 [0-15]
  .:..@. ._堍i(1.. 03 3a f1 0a 40 00 20 06 5f dc a2 69 28 31 a7 d8 [16-31]
  .d.*.P.vZ..].P. 94 64 04 df 00 50 00 76 80 5a 99 0c 5d 15 50 18 [32-47]
  "87...POST /js/V 22 38 37 a7 00 00 50 4f 53 54 20 2f 6a 73 2f 56 [48-63]
  erifyLogin HTTP/ 65 72 69 66 79 4c 6f 67 69 6e 20 48 54 54 50 2f [64-79]
  1.1..Accept: ima 31 2e 31 0d 0a 41 63 63 65 70 74 3a 20 69 6d 61 [80-95]
  ge/gif, image/x- 67 65 2f 67 69 66 2c 20 69 6d 61 67 65 2f 78 2d [96-111]
  xbitmap, image/j 78 62 69 74 6d 61 70 2c 20 69 6d 61 67 65 2f 6a [112-127]
  peg, image/pjpeg 70 65 67 2c 20 69 6d 61 67 65 2f 70 6a 70 65 67 [128-143]
  , application/ms 2c 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6d 73 [144-159]
  word, applicatio 77 6f 72 64 2c 20 61 70 70 6c 69 63 61 74 69 6f [160-175]
  n/vnd.ms-powerpo 6e 2f 76 6e 64 2e 6d 73 2d 70 6f 77 65 72 70 6f [176-191]
  int, application 69 6e 74 2c 20 61 70 70 6c 69 63 61 74 69 6f 6e [192-207]
  /vnd.ms-excel, * 2f 76 6e 64 2e 6d 73 2d 65 78 63 65 6c 2c 20 2a [208-223]
  /*..Referer: htt 2f 2a 0d 0a 52 65 66 65 72 65 72 3a 20 68 74 74 [224-239]
  p://www.renren.c 70 3a 2f 2f 77 77 77 2e 72 65 6e 72 65 6e 2e 63 [240-255]
  om/js/FrontPage. 6f 6d 2f 6a 73 2f 46 72 6f 6e 74 50 61 67 65 0d [256-271]
  .Accept-Language 0a 41 63 63 65 70 74 2d 4c 61 6e 67 75 61 67 65 [272-287]
  : zh-cn..Content 3a 20 7a 68 2d 63 6e 0d 0a 43 6f 6e 74 65 6e 74 [288-303]
  -Type: applicati 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 [304-319]
  on/x-www-form-ur 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 [320-335]
  lencoded..Accept 6c 65 6e 63 6f 64 65 64 0d 0a 41 63 63 65 70 74 [336-351]
  -Encoding: gzip, 2d 45 6e 63 6f 64 69 6e 67 3a 20 67 7a 69 70 2c [352-367]
  deflate..User-A 20 64 65 66 6c 61 74 65 0d 0a 55 73 65 72 2d 41 [368-383]
  gent: Mozilla/4. 67 65 6e 74 3a 20 4d 6f 7a 69 6c 6c 61 2f 34 2e [384-399]
  0 (compatible; M 30 20 28 63 6f 6d 70 61 74 69 62 6c 65 3b 20 4d [400-415]
  SIE 4.01; Window 53 49 45 20 34 2e 30 31 3b 20 57 69 6e 64 6f 77 [416-431]
  s 95)..Host: www 73 20 39 35 29 0d 0a 48 6f 73 74 3a 20 77 77 77 [432-447]
  .renren.com..Con 2e 72 65 6e 72 65 6e 2e 63 6f 6d 0d 0a 43 6f 6e [448-463]
  tent-Length: 43. 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 34 33 0d [464-479]
  .Connection: Kee 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 [480-495]
  p-Alive..Cookie: 70 2d 41 6c 69 76 65 0d 0a 43 6f 6f 6b 69 65 3a [496-511]
  lang=cn; COUNTR 20 6c 61 6e 67 3d 63 6e 3b 20 43 4f 55 4e 54 52 [512-527]
  Y=21; timeDiff=2 59 3d 32 31 3b 20 74 69 6d 65 44 69 66 66 3d 32 [528-543]
  7/12/1999_17:56: 37 2f 31 32 2f 31 39 39 39 5f 31 37 3a 35 36 3a [544-559]
  15.476; SESSION= 31 35 2e 34 37 36 3b 20 53 45 53 53 49 4f 4e 3d [560-575]
  9920220612.17233 39 39 32 30 32 32 30 36 31 32 2e 31 37 32 33 33 [576-591]
  6181; AdJump=nul 36 31 38 31 3b 20 41 64 4a 75 6d 70 3d 6e 75 6c [592-607]
  l; engagekey=/re 6c 3b 20 65 6e 67 61 67 65 6b 65 79 3d 2f 72 65 [608-623]
  gion#1/gender#1/ 67 69 6f 6e 23 31 2f 67 65 6e 64 65 72 23 31 2f [624-639]
  age#21/sign#/mar 61 67 65 23 32 31 2f 73 69 67 6e 23 2f 6d 61 72 [640-655]
  ital#1/country#/ 69 74 61 6c 23 31 2f 63 6f 75 6e 74 72 79 23 2f [656-671]
  ethnicity#2/educ 65 74 68 6e 69 63 69 74 79 23 32 2f 65 64 75 63 [672-687]
  ation#5/industry 61 74 69 6f 6e 23 35 2f 69 6e 64 75 73 74 72 79 [688-703]
  #9/interests#; J 23 39 2f 69 6e 74 65 72 65 73 74 73 23 3b 20 4a [704-719]
  ServSessionId=3f 53 65 72 76 53 65 73 73 69 6f 6e 49 64 3d 33 66 [720-735]
  ee9af4c3957f28.6 65 65 39 61 66 34 63 33 39 35 37 66 32 38 2e 36 [736-751]
  30.946465712033; 33 30 2e 39 34 36 34 36 35 37 31 32 30 33 33 3b [752-767]
  AccipiterId=000 20 41 63 63 69 70 69 74 65 72 49 64 3d 30 30 30 [768-783]
  93423*DEF....log 39 33 34 32 33 2a 44 45 46 0d 0a 0d 0a 6c 6f 67 [784-799]
  inid=iaqqxaisc&p 69 6e 69 64 3d 69 61 71 71 78 6a 69 73 63 26 70 [800-815]
  assword=vra7raa& 61 73 73 77 6f 72 64 3d 76 72 61 37 72 61 61 26 [816-831]
  x=41&y=9f.X! 78 3d 34 31 26 79 3d 39 66 c8 58 21
  下面是解码后的结果。
  Flags: 0x00
  Status: 0x00
  Packet Length:844
  Timestamp: 19:28:09.400000 01/18/2000
  Ethernet Header
  Destination: 00:90:ab:c0:68:00 [0-5]
  Source: 52:54:ab:15:d6:de [6-11]
  Protocol Type:08-00 IP [12-13]
  IP Header - Internet Protocol Datagram
  Version: 4 [14 Mask 0xf0]
  Header Length: 5 [14 Mask 0xf]
  Precedence: 0 [15 Mask 0xe0]
  Type of Service: %000 [15 Mask 0x1c]
  Unused: %00 [15 Mask 0x3]
  Total Length: 826 [16-17]
  Identifier: 61706 [18-19]
  Fragmentation Flags: %010 Do Not Fragment [20 Mask 0xe0]
  Fragment Offset: 0 [20-22 Mask 0x1fffff]
  Time To Live: 32
  IP Type: 0x06 TCP [23]
  Header Checksum: 0x5fdc [24-25]
  Source IP Address: 162.105.40.49 [26-29]
  Dest. IP Address: 167.216.148.100 [30-33]
  No Internet Datagram Options
  TCP - Transport Control Protocol
  Source Port: 1247 [34-35]
  Destination Port: 80 World Wide Web HTTP [36-37]
  Sequence Number: 7766106 [38-41]
  Ack Number: 2567724309 [42-45]
  Offset: 5 [46 Mask 0xf0]
  Reserved: %000000 [46 Mask 0xfc0]
  Code: %011000 [47 Mask 0x3f]
  Ack is valid
  Push Request
  Window: 8760 [48-49]
  Checksum: 0x37a7 [50-51]
  Urgent Pointer: 0 [52-53]
  No TCP Options
  HTTP - HyperText Transfer Protocol
  POST /js/VerifyL 50 4f 53 54 20 2f 6a 73 2f 56 65 72 69 66 79 4c [54-69]
  ogin HTTP/1.1.. 6f 67 69 6e 20 48 54 54 50 2f 31 2e 31 0d 0a [70-84]
  Accept: image/gi 41 63 63 65 70 74 3a 20 69 6d 61 67 65 2f 67 69 [85-100]
  f, image/x-xbitm 66 2c 20 69 6d 61 67 65 2f 78 2d 78 62 69 74 6d [101-116]
  ap, image/jpeg, 61 70 2c 20 69 6d 61 67 65 2f 6a 70 65 67 2c 20 [117-132]
  image/pjpeg, app 69 6d 61 67 65 2f 70 6a 70 65 67 2c 20 61 70 70 [133-148]
  lication/msword, 6c 69 63 61 74 69 6f 6e 2f 6d 73 77 6f 72 64 2c [149-164]
  application/vnd 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 76 6e 64 [165-180]
  .ms-powerpoint, 2e 6d 73 2d 70 6f 77 65 72 70 6f 69 6e 74 2c 20 [181-196]
  application/vnd. 61 70 70 6c 69 63 61 74 69 6f 6e 2f 76 6e 64 2e [197-212]
  ms-excel, */*.. 6d 73 2d 65 78 63 65 6c 2c 20 2a 2f 2a 0d 0a [213-227]
  Referer: http:// 52 65 66 65 72 65 72 3a 20 68 74 74 70 3a 2f 2f [228-243]
  www.renren.com/j 77 77 77 2e 72 65 6e 72 65 6e 2e 63 6f 6d 2f 6a [244-259]
  s/FrontPage.. 73 2f 46 72 6f 6e 74 50 61 67 65 0d 0a [260-272]
  Accept-Language: 41 63 63 65 70 74 2d 4c 61 6e 67 75 61 67 65 3a [273-288]
  zh-cn.. 20 7a 68 2d 63 6e 0d 0a [289-296]
  Content-Type: ap 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 [297-312]
  plication/x-www- 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d [313-328]
  form-urlencoded. 66 6f 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 0d [329-344]
  . 0a [345]
  Accept-Encoding: 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a [346-361]
  gzip, deflate.. 20 67 7a 69 70 2c 20 64 65 66 6c 61 74 65 0d 0a [362-377]
  User-Agent: Mozi 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 6f 7a 69 [378-393]
  lla/4.0 (compati 6c 6c 61 2f 34 2e 30 20 28 63 6f 6d 70 61 74 69 [394-409]
  ble; MSIE 4.01; 62 6c 65 3b 20 4d 53 49 45 20 34 2e 30 31 3b 20 [410-425]
  Windows 95).. 57 69 6e 64 6f 77 73 20 39 35 29 0d 0a [426-438]
  Host: www.renren 48 6f 73 74 3a 20 77 77 77 2e 72 65 6e 72 65 6e [439-454]
  .com.. 2e 63 6f 6d 0d 0a [455-460]
  Content-Length: 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 [461-476]
  43.. 34 33 0d 0a [477-480]
  Connection: Keep 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 [481-496]
  -Alive.. 2d 41 6c 69 76 65 0d 0a [497-504]
  Cookie: lang=cn; 43 6f 6f 6b 69 65 3a 20 6c 61 6e 67 3d 63 6e 3b [505-520]
  COUNTRY=21; tim 20 43 4f 55 4e 54 52 59 3d 32 31 3b 20 74 69 6d [521-536]
  eDiff=27/12/1999 65 44 69 66 66 3d 32 37 2f 31 32 2f 31 39 39 39 [537-552]
  _17:56:15.476; S 5f 31 37 3a 35 36 3a 31 35 2e 34 37 36 3b 20 53 [553-568]
  ESSION=992022061 45 53 53 49 4f 4e 3d 39 39 32 30 32 32 30 36 31 [569-584]
  2.172336181; AdJ 32 2e 31 37 32 33 33 36 31 38 31 3b 20 41 64 4a [585-600]
  ump=null; engage 75 6d 70 3d 6e 75 6c 6c 3b 20 65 6e 67 61 67 65 [601-616]
  key=/region#1/ge 6b 65 79 3d 2f 72 65 67 69 6f 6e 23 31 2f 67 65 [617-632]
  nder#1/age#21/si 6e 64 65 72 23 31 2f 61 67 65 23 32 31 2f 73 69 [633-648]
  gn#/marital#1/co 67 6e 23 2f 6d 61 72 69 74 61 6c 23 31 2f 63 6f [649-664]
  untry#/ethnicity 75 6e 74 72 79 23 2f 65 74 68 6e 69 63 69 74 79 [665-680]
  #2/education#5/i 23 32 2f 65 64 75 63 61 74 69 6f 6e 23 35 2f 69 [681-696]
  ndustry#9/intere 6e 64 75 73 74 72 79 23 39 2f 69 6e 74 65 72 65 [697-712]
  sts#; JServSessi 73 74 73 23 3b 20 4a 53 65 72 76 53 65 73 73 69 [713-728]
  onId=3fee9af4c39 6f 6e 49 64 3d 33 66 65 65 39 61 66 34 63 33 39 [729-744]
  57f28.630.946465 35 37 66 32 38 2e 36 33 30 2e 39 34 36 34 36 35 [745-760]
  712033; Accipite 37 31 32 30 33 33 3b 20 41 63 63 69 70 69 74 65 [761-776]
  rId=00093423*DEF 72 49 64 3d 30 30 30 39 33 34 32 33 2a 44 45 46 [777-792]
  .... 0d 0a 0d 0a [793-796]
  loginid=iaqqxais 6c 6f 67 69 6e 69 64 3d 69 61 71 71 78 6a 69 73 [797-812]
  c&password=vra7r 63 26 70 61 73 73 77 6f 72 64 3d 76 72 61 37 72 [813-828]
  aa&x=41&y=9 61 61 26 78 3d 34 31 26 79 3d 39 [829-839]
  Frame Check Sequence: 0x66c85821
  真不幸，恰好包含了帐号eaqqxaisc和密码vra7raa！
  再细致看看，哇！cookie的信息也是全都一览无遗。推广开去，所有的HTTP页面信息、Email信息等等，没有一点障碍得全被盗取。
  一般的说，Sniffer可以截获的不仅仅是用户的ID和口令。它可以截获敏感的经济数据（如名誉卡号）、秘密的信息（E-mail）和专有信息。基于入侵者可利用的资源，一个Sniffer大概截获网络上所有的信息。
  从Sniffer上可以失掉所的的信息，只需你有足够的存储空间。为相识决这个题目，入侵者一般只截获每个包的前200-300字节。用户名和口令一般在这部分。固然，如果有足够的存储介质，会失掉更多有趣的内容。
  三． 挫败Sniffer
  sniffer是一种主动的攻击，不产生任何工具，根本上不留下什么陈迹。以是，在网络上是难以发明sniffer的。
  以下一些工尴尬刁难付对付sniffer会有些用途。
  起首，检查网络线路，确定不会有硬件接入的sniffer。
  其次，检查每一台机器的每一个通讯端口。在sniffer存在时，被窃听机器的端口被改为许诺形式（promiscuous mode），可以经过这一点检测本身是否被窃听（源自参考文献3，笔者未曾实行）。在SunOS中，可以经过ifconfig Ca来检测。
  第三，对敏感数据加密。对敏感数据的加密是宁静的必要条件。其宁静级别取决于加密算法的强度和密钥的强度。
  第四，使用宁静的拓朴结构。Sniffer无法穿过交换机、路由器、网桥。网络分段越细，则宁静程度越大。
  四． Sniffer用于网络管理
  Sniffer是被计划来诊断网络的联接情况的。ISS(Internet Security System)的总裁，大二入学本身开了ISS公司，现已成美国信息宁静的首席顾问，comp.security的FAQ都由ISS颁发。但是ISS的宁静工具却全是sniff范例的。
  现在有很多商用的sniffer，比方大大著名的netXray，其功效描述如下：
  Monitoring Network Statistics
  NetXRay provides both real time viewing and long term traffic analysis in graphical
  format. It can monitor multiple network statistics variables concurrently. This
  allows you to predict future network needs and plan for them accordingly. Alarms are
  generated whenever preset threshold parameters are exceeded, informing you about
  network exception conditions that may require immediate attention.
  NetXRay monitors and displays a network segment’s packet rate, utilization and error
  rate in real time. Statistical counters for all network detail parameters are
  maintained in memory, and may be exported to Excel format for tabulation or charting.
  The host table maintains each network node’s traffic statistics in real time.
  It keeps MAC, IP network, IP application, IPX network, and IPX transport layer
  information in separate tables, all of which may be viewed in table, bar or pie
  chart formats. The host table can be sorted by any statistical variable of your
  choice, in either ascending or descending order.
  The matrix table maintains network node pair conversation traffic statistics in
  real time. It keeps MAC, IP network, IP application, IPX network, and IPX transport
  layer information in separate tables, all of which may be viewed in traffic map,
  table, bar or pie chart formats. The matrix table can be sorted by any statistical
  variable of your choice, in either ascending or descending order.
  The traffic map provides the user a birds-eye view of the network traffic patterns
  in real time. It gives a complete graphical presentation of the traffic pattern
  between network nodes.
  NetXray就经过硬件地址和ip地址的双向剖析可以用来检测ip盗用。同样，消息的重放可以经过惹起信报庞杂，从而举行一些惩罚，但这一本领同样可以举行其他hack活动。
 

文章作者: 福州军威计算机技术有限公司
军威网络是福州最专业的电脑维修公司,专业承接福州电脑维修、上门维修、IT外包、企业电脑包年维护、局域网网络布线、网吧承包等相关维修服务。
版权声明：原创作品，允许转载，转载时请务必以超链接形式标明文章原始出处 、作者信息和声明。否则将追究法律责任。

TAG:

评论加载中... 内容： 评论者： 验证码：