±âº»ÀûÀÎ ³×Æ®¿öÅ© ¸í·É¾î »ç¿ëÇϱâ (9.22 ÃÖÁ¾¼öÁ¤) | ÀÛ¼ºÀÏ : 2003/08/27 14:35 |
Á¶È¸¼ö : 35618 |
Á¦ ¸ñ : ±âº»ÀûÀÎ ³×Æ®¿öÅ© ¸í·É¾î »ç¿ëÇϱâ ÀÛ¼ºÀÚ : ÁÁÀºÁøÈ£(truefeel, http://coffeenix.net/ ) ÀÛ¼ºÀÏ : 2003.02~, ¼ö½Ã·Î Ãß°¡ Á¤¸®ÇÔ ÃÖÁ¾¼öÁ¤ÀÏ : 2003.9.22(¿ù) ¿©·¯ ³×Æ®¿öÅ© ¸í·ÉÀÇ ½ÇÁ¦ »ç¿ë ¿¹¸¦ ¼³¸íÇÑ´Ù. 1. PC³ª ¼¹ö°¡ µ¿ÀÛÁßÀÎÁö È®ÀÎÇÏ´Â ±âº»ÀûÀÎ Åø ping, fping fping ±¸ÇÒ °÷ http://www.fping.com/ ICMP ÇÁ·ÎÅäÄÝÀÇ echo request, reply typeÀ» »ç¿ëÇÏ¿© ÁöÁ¤ÇÑ ½Ã½ºÅÛÀÇ ÀÀ´äÀ» È®ÀÎÇÑ´Ù. ¿äÁòÀº ¹æȺ®À̳ª ¼¹ö¿¡¼ ÇÊÅ͸µÇÏ´Â °æ¿ì°¡ »ó´çÇϹǷΠpingÀÌ ¾ÈµÈ´Ù°í ÇØ´ç ¼¹ö°¡ Á×¾ú´Ù°í »ý°¢Çؼ´Â ¾ÈµÊ fpingÀº ping°ú °°À¸³ª ÇѹøÀÇ ¸í·ÉÀ¸·Î ¿©·¯ ¼¹öÀÇ ÀÀ´äÀ» È®ÀÎÇÒ ¼ö ÀÖ´Ù. ping < È®ÀÎÇÒ ¼¹ö ÁÖ¼Ò > fping < È®ÀÎÇÒ ¼¹ö ¸ñ·Ï ³ª¿ > fping 192.168.1.1 192.168.1.5 fping -g 192.168.123.0/24 fping < ÆÄÀϸí : ÁöÁ¤ÇÑ ÆÄÀÏ¸í¿¡ ³ª¿µÈ IP¿¡ ¸ðµÎ pingÀ» ÇÔ # fping 192.168.1.1 192.168.1.5 192.168.1.10 192.168.1.30 192.168.1.1 is alive 192.168.1.5 is alive 192.168.1.10 is alive 192.168.1.30 is unreachable 2. ¶ó¿ìÆà °æ·Î¸¦ ã´Â traceroute, tracepath traceroute ¸¦ À§Çؼ´Â ICMP type 11(time-execeeded) °¡ ÇÊÅ͸µµÇ¾î¼´Â ¾ÈµÊ 1) ICMP ´ë½Å UDP¸¦ »ç¿ëÇÏ·Á¸é traceroute -I < traceÇÒ ¼¹ö ÁÖ¼Ò > ¶Ç´Â tracepath < traceÇÒ ¼¹ö ÁÖ¼Ò > 2) TCP¸¦ »ç¿ëÇÏ´Â traceroute Åø, lft¿Í tcptraceroute lft : http://www.mainnerve.com/lft/ tcptraceroute : http://michael.toren.net/code/tcptraceroute/ lft < traceÇÒ ¼¹ö ÁÖ¼Ò > # lft -d 80 lug.or.kr (ÇØ´ç »çÀÌÆ®°¡ 80Æ÷Æ®°¡ ¿¸° °æ¿ì ÀÌ¿ë) Tracing ___________________________. TTL LFT trace to 211.214.161.175:80/tcp 1 192.168.123.254 1.4ms ... Áß·« ... 9 211.58.252.150 23.2ms 10 211.108.63.222 21.2ms 11 218.38.58.22 20.6ms 12 [target] 211.214.161.175:80 75.9ms lft¿¡¼ ³×Æ®¿öÅ©¸í, AS¹øÈ£±îÁö Ç¥½ÃÇϵµ·Ï ÇÏ·Á¸é -N¿É¼ÇÀ» »ç¿ëÇÏ¸é µÈ´Ù. # lft -N -d 80 lug.or.kr Tracing ____________________________________________________________________ LFT can't seem to round-trip. Local packet filter in the way? TTL LFT trace to 211.214.161.175:80/tcp 1 [IANA-CBLK1] 192.168.123.254 13.2ms ... Áß·« ... 9 [APNIC-CIDR-BLK2/HANANET-DONGJAK-KR] 211.58.252.150 24.2ms 10 [APNIC-CIDR-BLK2/WULSANSO-KR] 211.108.63.222 25.0ms 11 [APNIC4/HANANET-IDC-NGENE-KR] 218.38.58.22 39.4ms ** [80/tcp failed] Try alternate options or use -V to see packets. 3. ³×Æ®¿öÅ© »óÅÂÈ®ÀÎÇÏ´Â netstat ÀÚÁÖ »ç¿ëÇÏ´Â ¿É¼Ç (¿ö³« ¿É¼ÇÀ» Á¶ÇÕÇؼ ÀÚÁÖ »ç¿ëÇϹǷΠÁ¤¸®ÇÒ ÇÊ¿ä ÀÖÀ½) -n : È£½ºÆ®¸í, Æ÷Æ®¸íÀ» lookupÇÏÁö ¾Ê°í ±×´ë·Î IP, Port¹øÈ£·Î º¸¿©ÁØ´Ù. -a : ¸ðµç ³×Æ®¿÷ »óÅÂ(listening, non-listening)¸¦ º¸¿©ÁØ´Ù. -t : TCP ÇÁ·ÎÅäÄݸ¸ -u : UDP ÇÁ·ÎÅäÄݸ¸ -p : ÇØ´ç Æ÷Æ®¸¦ »ç¿ëÇÏ´Â ÇÁ·Î±×·¥°ú ÇÁ·Î¼¼½ºID(PID)¸¦ º¸¿©ÁÜ (¼Ö¶ó¸®½º¿¡¼´Â ARP Å×À̺íÀ» º¸¿©ÁÜ) -s : ÇÁ·ÎÅäÄݺ°(IP, ICMP, TCP, UDP µî)·Î Åë°è¸¦ º¸¿©ÁÜ -c : 1ÃÊ ´ÜÀ§·Î continuousÇÏ°Ô º¸¿©ÁÜ (Áö¼ÓÀûÀÎ Á¢¼Ó º¯È¸¦ È®ÀÎÇؾßÇÒ ¶§ À¯¿ë) -r : ¶ó¿ìÆà Å×À̺íÀ» º¸¿©ÁÜ. route ¸í·Éó·³ netstat -nlp Listening(l)ÁßÀÎ Æ÷Æ®/¼ÒÄÏÀ» ÇØ´ç PID¿Í ÇÁ·Î¼¼½º¸í°ú ÇÔ²² netstat -tn TCP Á¢¼Ó »óÅ netstat -un UDP Á¢¼Ó »óÅ netstat -rn routing Å×À̺í netstat -ntp TCP Á¢¼Ó »óŸ¦ ÇØ´ç PID¿Í ÇÁ·Î¼¼½º¸í°ú ÇÔ²² netstat -atnp ¸ðµç TCP Á¢¼Ó»óŸ¦ ÇØ´ç PID¿Í ÇÁ·Î¼¼½º¸í°ú ÇÔ²² netstat -s Åë°è netstat -c -t TCP Á¢¼ÓÀ» continuous ÇÏ°Ô º¸¿©ÁÜ # netstat -atnp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:515 0.0.0.0:* LISTEN 671/lpd Waiting tcp 0 0 127.0.0.1:3333 0.0.0.0:* LISTEN 738/avmilter tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 720/mysqld ... »ý·« ... 4. fuser : ÆÄÀÏÀ̳ª ¼ÒÄÏÀ» »ç¿ëÇÏ´Â ÇÁ·Î¼¼½º ID¸¦ º¸¿©ÁÜ 1) TCP 25(mail)Æ÷Æ®¸¦ »ç¿ëÇÏ´Â PID¸¦ º¸¿©ÁÜ # fuser -n tcp 25 mail/tcp: 757 2) http Æ÷Æ®¸¦ »ç¿ëÇÏ´Â PID, USER, ¸í·É¾î¸¦ º¸¿©ÁÜ (-vnÀ» -nv ó·³ »ç¿ëÇؼ´Â ¾ÈµÊ # fuser -vn tcp http USER PID ACCESS COMMAND http/tcp root 1652 f.... httpd root 1659 f.... httpd ... »ý·« ... 3) /dev/hdb1 À» »ç¿ëÇÏ´Â »ç¿ëÀÚ¿Í PID, ¸í·É¾î (umountÇؾßÇÒ ¶§ »ç¿ëÁßÀÌ¶ó ³ª¿Ã ¶§ À¯¿ëÇÏ°Ô ¾²ÀÓ) # fuser -vm /dev/hdb1 USER PID ACCESS COMMAND /dev/hdb1 truefeel 1669 f.... xmms truefeel 1670 f.... xmms 5. ÆÐŶ ¸ð´ÏÅ͸µÀ» À§ÇÑ Æ®·¡ÇÈ ´ýÇÁ Åø tcpdump 1) eth0 ÀÎÅÍÆäÀ̽º·Î ¿À°í°¡´Â Æ®·¡ÇÈ Á¤º¸¸¦ º¸¿©ÁÜ(-i eth0 ¿É¼Ç¾øÀ¸¸é eth0ÀÓ) tcpdump 2) 192.128.1.1 host·Î ¿À°í°¡´Â ¶Ç´Â Á¦¿ÜÇÑ Æ®·¡ÇÈ tcpdump host 192.128.1.1 tcpdump src host 192.128.1.1 tcpdump dst host 192.128.1.1 tcpdump not host 192.128.1.1 3) 192.128.1.1°ú 192.128.1.2 »çÀ̸¦ ¿À°í°¡´Â Æ®·¡Çȸ¸ tcpdump host 192.128.1.1 and 192.128.1.2 4) ICMP, ARP, UDP ÇÁ·ÎÅäÄݸ¸, ICMP ÇÁ·ÎÅäÄÝ 20°³¸¸ tcpdump icmp -i eth0 tcpdump arp tcpdump udp tcpdump icmp -c 20 5) À¥ Æ÷Æ®·Î ¿À°í°¡´Â ÆÐŶ¸¸ tcpdump port 80 6) dhcp ÆÐŶ È®ÀÎÇÒ ¶§ # tcpdump -v -s 1500 port 67 or port 68 tcpdump: listening on eth0 01:17:16.803166 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] xid:0x29b28363 vend-rfc1048 DHCP:REQUEST RQ:truefeel PR:SM+BR+TZ+DG+DN+NS+HN+YD+YS+NTP [tos 0x10] (ttl 16, id 0, len 328) 01:17:16.806441 192.168.1.254.bootps > 255.255.255.255.bootpc: ... »ý·« ... 6. µµ¸ÞÀÎ ³×ÀÓ Ã£±â dig, nslookup ¿ö³« ´Ù¾çÇÑ »ç¿ë¹ýÀÌ ÀÖÀ¸¹Ç·Î ±âº»ÀûÀÎ »ç¿ë°ú À¯¿ëÇÑ °Í ¸î °³¸¸ 1) linux.or.kr ÀÇ IP È®ÀÎ dig linux.or.k nslookup linux.or.kr 2) SOA, MX µîÀÇ ·¹ÄÚµå È®ÀÎ dig linux.or.kr soa dig linux.or.kr mx 3) bind ³×ÀÓ¼¹ö ¹öÀü È®ÀÎ dig @³×ÀÓ¼¹ö txt chaos version.bind nslookup -q=txt -class=CHAOS version.bind. ³×ÀÓ¼¹ö 4) Á¸ÆÄÀÏ transfer (Á¸ÆÄÀÏ Àü¼ÛÀ» Çã¿ëÇÑ °æ¿ì ÇØ´ç µµ¸ÞÀÎÀÇ ¸ðµç ¸ñ·ÏÀ» ¾òÀ» ¼ö ÀÖ´Ù.) dig @³×ÀÓ¼¹ö µµ¸ÞÀθí axfr # dig @ns.daum.net daum.net axfr ; <<>> DiG 9.2.1 <<>> @ns.daum.net daum.net axfr ;; global options: printcmd daum.net. 86400 IN SOA ns.daum.net. hostmaster.daum.net. 2003082602 2700 900 604800 86400 daum.net. 86400 IN NS ns.daum.net. daum.net. 86400 IN NS ns2.daum.net. daum.net. 86400 IN MX 10 mx1.hanmail.net. daum.net. 86400 IN MX 10 mx2.hanmail.net. daum.net. 86400 IN MX 10 mx3.hanmail.net. ... »ý·« ... 7. À¥¼¹ö benchmark ÇÒ ¶§ À¯¿ëÇÑ lynx, ab 1) time lynx -source localhost > /dev/null 2) ab -n 10 localhost/ 10ȸ ¹Ýº¹Çؼ ¿äû ab -n 10 -c 10 loclahost/ 10ȸ ¹Ýº¹, 10°ÇÀÌ µ¿½Ã Á¢¼ÓÀÏ ¶§ 8. µµ¸ÞÀÎ whois °Ë»öÇÏ´Â fwhois, whois -h whois.krnic.net ¼¹ö¿¡ linux.or.kr ¿¡ ´ëÇØ whois °Ë»ö ¿äû fwhois linux.or.kr@whois.krnic.net whois linux.or.kr -h whois.krnic.net 9. À¥¼¹ö Á¾·ù È®ÀÎ 1) telnet ÀÌ¿ë # telnet localhost 80 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. HEAD / HTTP/1.0 HTTP/1.1 200 OK Date: Tue, 20 May 2003 12:48:08 GMT Server: Apache/2.0.44 (Unix) DAV/2 PHP/4.3.1 ... »ý·« ... 2) HEAD, GET ÀÌ¿ë (perl libwww ¸ðµâ¿¡ Æ÷ÇÔµÈ ÅøÀÓ) # HEAD localhost 200 OK Date: Tue, 20 May 2003 12:51:13 GMT Accept-Ranges: bytes Server: Apache/2.0.44 (Unix) DAV/2 PHP/4.3.1 ... »ý·« ... 3) apachebench Åø ab ÀÌ¿ë # /usr/local/apache/bin/ab localhost/ ... »ý·« ... Server Software: Apache/2.0.44 Server Hostname: localhost ... »ý·« ... 4) netcat(nc)¸¦ ÀÌ¿ë (·¹µåÇÞ 8.x¿¡¼ ±âº» ¼³Ä¡µÊ) nc : http://www.atstake.com/research/tools/network_utilities/ # echo "HEAD / HTTP/1.0"|nc localhost 80 HTTP/1.1 200 OK Date: Sun, 21 Sep 2003 20:00:57 GMT Server: Apache/2.0.44 (Unix) DAV/2 PHP/4.3.2 ... »ý·« ... 10. ¼Ö¶ó¸®½º¿¡¼ ÆÐŶ ¸ð´ÏÅ͸µ snoop snoop port 53 11. ¼Ö¶ó¸®½º¿¡¼ ȸ¼±ÀÌ ¿¬°áµÆ´ÂÁö È®ÀÎÇÏ´Â ¹æ¹ý while 1 ? ndd -get /dev/hme link_status ? sleep 1 ? end |
Ä¿ÇǴнº, ½Ã½ºÅÛ ¿£Áö´Ï¾îÀÇ ½°ÅÍ / URL : http://coffeenix.net/board_view.php?bd_code=41 |