Ä¿ÇÇÇâÀÌ ³ª´Â *NIX
Ä¿ÇǴнº
½Ã½ºÅÛ/³×Æ®¿÷/º¸¾ÈÀ» ´Ù·ç´Â °÷
*
HanIRCÀÇ #coffeenix ¹æ
[
Àåºñ ¹× ȸ¼± ÈÄ¿ø
]
> Forum <
IT ÀÏÁ¤
N
e
w
!
ÀÚµ¿È ÇÁ·ÎÁ§Æ®
HOME
>
³×Æ®¿öÅ©(network)
>
³×Æ®¿öÅ© Åø
µµ¿ò¸»
°Ë»ö :
»çÀÌÆ®
WHOIS
À¥¼¹ö Á¾·ù
ngrep »ç¿ë°ú ÇÑ±Û Ç¥½Ã
ÀÛ¼ºÀÏ : 2003/11/07 14:08
±Û¾´ÀÌ : ÁÁÀºÁøÈ£ (
http://coffeenix.net/
)
Á¶È¸¼ö : 9557
[
ÀÌÀüȸé
/
¼öÁ¤
] ºñ¹Ð¹øÈ£ :
ÀÛ¼ºÀÚ : ÁÁÀºÁøÈ£(truefeel,
http://coffeenix.net/
)
ÀÛ¼ºÀÏ : 2001.09.24 ºÎÅÍ ¼ö½Ã·Î
Á¤¸®ÀÏ : 2003.11.07(±Ý)
ngrepÀº ÆÐŶ ³»¿ëÀ» ½º´ÏÆÛó·³ º¸¿©ÁÖ´Â ÅøÀÌ´Ù. grepÀÇ ³×Æ®¿÷¿ëÀ̶ó »ý°¢ÇÏ¸é ½¬¿ï °ÍÀÌ´Ù.
ngrepÀÌ ¼³Ä¡µÈ ¼¹ö°¡ ´õ¹ÌÇãºê¿¡ ¿¬°áµÇ¾î ÀÖÀ» °æ¿ì ³»ºÎ ³×Æ®¿÷ÀÇ ¸ðµç ÆÐŶÀ» º¼ ¼öµµ ÀÖ´Ù.
1. ngrep »ç¿ë
* ngrep Ȩ :
http://ngrep.sourceforge.net/
80Æ÷Æ®¸¦ º¸±âÀ§Çؼ´Â ´ÙÀ½°ú °°ÀÌ ÇÏ¸é µÈ´Ù.
#
ngrep -t port 80
interface: eth0 (192.168.xxx.0/255.255.255.0)
filter: ip and ( port 80 )
####
T 2003/11/07 12:46:32.005250 192.168.xxx.xxx:35898 -> 218.xxx.xx.xx:80 [AP]
GET /news/ HTTP/1.1..Host: coffeenix.net..User-Agent: Mozilla/5.0 (X11; U; Linux i686;
en-US; rv:1.5) Gecko/20031007 Firebird/0.7..Accept: text/xml,application/xml,applicat
ion/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,video/x-mng,image/png,image/jpeg,image/
... Áß·« ...
........ ...., ........ - ........ .... LINUX/UNIX ....
... »ý·« ...
-t : ½Ã°£µµ ÇÔ²² Ç¥½Ã
-x : 16Áø¼ö¿Í ÇÔ²² Ç¥½Ã
-d device : µð¹ÙÀ̽º¸¦ ÁöÁ¤ÇÒ ¶§
-i : ´ë¼Ò¹®ÀÚ¸¦ ¹«½ÃÇÑ´Ù.
»ç¿ë ¿¹)
* ƯÁ¤ IP·Î ¿À°¡´Â ÆÐŶÁß 80Æ÷Æ®´Â Àç¿Ü
#
ngrep -v -qt host IP and not port 80
* Codered ÆÐŶÀ» º¼ ¶§
#
ngrep -iqt 'default.ida' port 80
* ƯÁ¤ È£½ºÆ®·Î ¿À°í°¡´Â ¸ÞÀÏ, FTP, ÅÚ³Ý ÀÛ¾÷ È®ÀÎ
#
ngrep -qx host IP and port 25 or port 110 or port 21 or port 23
* ¿À¶óŬ ¸®½º³Ê·Î °¡´Â ÆÐŶ È®ÀÎ (ÇÁ·Î±×·¥¿¡¼ ´øÁ®Áö´Â SQL¹® È®Àνà À¯¿ë)
#
ngrep -qx dst port 1521
2. ÇÑ±Û Ç¥½ÃÇÏ·Á¸é
±×·¯³ª ngrepÀº ¿µ¹®ÀÚ¿Í ¼ýÀÚ ÀÌ¿Ü´Â ¸ðµÎ Á¡(.)À¸·Î Ç¥½ÃÇÑ´Ù.
2001³â ¼ÒÀÎÀÌ ¸¸µç conv.pl À» ÀÌ¿ëÇϸé Çѱ۵µ Ç¥½ÃÇÒ ¼ö ÀÖ´Ù.
ÁÖÀÇÇÒ °ÍÀº À¥À» ÅëÇØ ÆÄÀÏÀ» Àü¼ÛÇÑ´ÙµçÁö ÇÒ °æ¿ì, ÀÌ»óÇÑ ¹®ÀÚµéÀÌ È¸é¿¡ °¡µæÂû °ÍÀÌ´Ù.
ÆÄÀÏ Àü¼ÛÀÌ ºó¹øÈ÷ ÀÌ·ïÁö´Â Æ÷Æ®¸¦ Á¦¿ÜÇÏ°í »ç¿ëÇؾßÇÑ´Ù.
#!/usr/bin/perl
#
# ngrep ÇÑ±Û Ç¥½Ã¿ë
#
# Made by ÁÁÀºÁøÈ£(truefeel)
# 2001.9.24
# T 211.xxx.xx.xxx:1886 -> 205.xxx.xxx.xxx:80 [AP]
# 47 45 54 20 2f 69 6d 61 67 65 2f 39 33 30 35 32 GET /image/93052
while ( $P=<STDIN> ) {
if ( $P =~ /^\s+(.+)/ ) {
$P_HEX = substr($P,0,54);
@HEX = split(' ',$P_HEX);
for ( $c = 0; $c <= $#HEX; $c++ ) {
# 32, 0x20 = Spacebar
if ( hex($HEX[$c]) < 32 &&
$HEX[$c] ne "0d" && $HEX[$c] ne "0a" &&
$HEX[$c] ne "08" && $HEX[$c] ne "1b" ) {
$HEX[$c] = '20';
}
}
$P_HEX = "@HEX";
$P_HEX =~ s/\s//g;
$P_CONV= pack ("H*", $P_HEX);
printf("%s",$P_CONV);
}
}
* ´Ù¿î·Îµå¿ë :
http://coffeenix.net/truefeel/files/conv.pl.txt
»ç¿ë ¹æ¹ýÀº -x ¿É¼ÇÀ» ¹Ýµå½Ã ºÙÀÌ°í »ç¿ëÇÏ¸é µÈ´Ù.
#
ngrep -qx dst port 1521 | ./conv.pl
3. ¾Ç¿ëÇÏÁö ¸»ÀÚ
ngrepÀº ¾Ç¿ëÇÒ °æ¿ì Æнº¿öµå´Â ¹°·Ð ¸ðµç ¼Û¼ö½ÅÇÏ´Â ¸ÞÀÏ ³»¿ë°ú ¸Þ½ÅÀú·Î ÇÏ´Â ´ëÈ ³»¿ë±îÁöµµ
º¼ ¼ö ÀÖ´Ù. (NIDS¼³Ä¡Çϸé ÀÌ·±°Ç ½±°Ô È®ÀÎ °¡´ÉÇÏÁö¸¸.)
°ü¸®ÀÚÀÇ µµ´ö¼º°ú °ü·ÃµÈ ºÎºÐÀÌ´Ï ÀÌ·± ¿ëµµ·Î´Â »ç¿ëÇÏÁö ¸»±â¸¦ ¹Ù¶õ´Ù.
¿ÀÁ÷ °ü¸® ¸ñÀû, ÇÁ·ÎÅäÄÝ ºÐ¼®, ³×Æ®¿÷ ÇÁ·Î±×·¡¹ÖÇÒ ¶§ ¼Û¼ö½ÅµÇ´Â ÆÐŶÀÌ Á¤»óÀûÀÎÁö È®ÀÎÇÏ´Â
¿ëµµ·Î »ç¿ëÇؾßÇÑ´Ù.
Ä¿ÇǴнº Ä«Æä ÃÖ±Ù ±Û
[04/25]
±¹°¡
[04/24]
º¸Çè
[04/22]
Re: OpenSSL Ãë¾àÁ¡ Á¤¸®, Logjam(·Î±×Àë)¿¡¼ Heartbleed±îÁö
[04/21]
LET¡¯S START WITH ON
[04/21]
º¸Çè
[04/20]
Á¦ÁÖ
[04/20]
±¹³»
[04/19]
Á¦ÁÖ
[04/18]
??? ?????
[04/17]
???? onion ?????? -
[04/11]
±¹°¡
[04/10]
Stride Into Dream:
[03/20]
Re: ¿Â¶óÀΰÔÀÓÀÇ Á¾ÁÖ±¹ ´ëÇѹα¹
[10/20]
Cross Compiler ±ò
[07/14]
SSL ¬¡¬°
N
e
w
! ÃÖ±Ù¿¡ µî·ÏÇÑ ÆäÀÌÁö
KiCad EDA Suite project (Free/Libre/Open-Source EDA Suite) (CAD)
¿ÀÇÂij½ºÄÉÀ̵å ijµå (OpenCASCADE CAD)
QCad for Windows --- GNU GPL (Free Software)
The Hello World Collection
IPMI¸¦ È°¿ëÇÑ ¸®´ª½º ¼¹ö°ü¸®
DNS ¼³Á¤ °Ë»ç
nagiosgraph ¼³Ä¡ ¹æ¹ý
Slony-I ¼³Ä¡ ¹æ¹ý (postgresql replication tool)
Qmail±â¹ÝÀÇ Anti spam ½Ã½ºÅÛ ±¸ÃàÇϱâ
clusterssh
[ ÇÔ²²ÇÏ´Â »çÀÌÆ® ]
¿î¿µÁø :
ÁÁÀºÁøÈ£(truefeel)
, ¾ß¼ö(yasu), ¹ü³ÃÀÌ, sCag
2003³â 8¿ù 4ÀÏ~