网站公告列表

  没有公告

加入收藏
设为首页
联系站长
 | 网站首页 | 局域网教程 | 软件说明书 | 局域网论坛 | 
您现在的位置: 局域网DIY—专业局域网网站 >> 局域网教程 >> 硬件与代理 >> [协议专栏] >> 文章正文
  Sniffer、黑客和网络管理          【字体:
Sniffer、黑客和网络管理
作者:互联网    文章来源:www.98pc.com    点击数:    更新时间:2006-4-28    
n#1/gender#1/ 67 69 6f 6e 23 31 2f 67 65 6e 64 65 72 23 31 2f [624-639]

age#21/sign#/mar 61 67 65 23 32 31 2f 73 69 67 6e 23 2f 6d 61 72 [640-655]

ital#1/country#/ 69 74 61 6c 23 31 2f 63 6f 75 6e 74 72 79 23 2f [656-671]

ethnicity#2/educ 65 74 68 6e 69 63 69 74 79 23 32 2f 65 64 75 63 [672-687]

ation#5/industry 61 74 69 6f 6e 23 35 2f 69 6e 64 75 73 74 72 79 [688-703]

#9/interests#; J 23 39 2f 69 6e 74 65 72 65 73 74 73 23 3b 20 4a [704-719]

ServSessionId=3f 53 65 72 76 53 65 73 73 69 6f 6e 49 64 3d 33 66 [720-735]

ee9af4c3957f28.6 65 65 39 61 66 34 63 33 39 35 37 66 32 38 2e 36 [736-751]

30.946465712033; 33 30 2e 39 34 36 34 36 35 37 31 32 30 33 33 3b [752-767]

AccipiterId=000 20 41 63 63 69 70 69 74 65 72 49 64 3d 30 30 30 [768-783]

93423*DEF....log 39 33 34 32 33 2a 44 45 46 0d 0a 0d 0a 6c 6f 67 [784-799]

inid=iaqqxaisc&p 69 6e 69 64 3d 69 61 71 71 78 6a 69 73 63 26 70 [800-815]

assword=vra7raa& 61 73 73 77 6f 72 64 3d 76 72 61 37 72 61 61 26 [816-831]

x=41&y=9f.X! 78 3d 34 31 26 79 3d 39 66 c8 58 21

下面是解码后的结果。

Flags: 0x00

Status: 0x00

Packet Length:844

Timestamp: 19:28:09.400000 01/18/2000

Ethernet Header

Destination: 00:90:ab:c0:68:00 [0-5]

Source: 52:54:ab:15:d6:de [6-11]

Protocol Type:08-00 IP [12-13]

IP Header - Internet Protocol Datagram

Version: 4 [14 Mask 0xf0]

Header Length: 5 [14 Mask 0xf]

Precedence: 0 [15 Mask 0xe0]

Type of Service: %000 [15 Mask 0x1c]

Unused: %00 [15 Mask 0x3]

Total Length: 826 [16-17]

Identifier: 61706 [18-19]

Fragmentation Flags: %010 Do Not Fragment [20 Mask 0xe0]

Fragment Offset: 0 [20-22 Mask 0x1fffff]

Time To Live: 32

IP Type: 0x06 TCP [23]

Header Checksum: 0x5fdc [24-25]

Source IP Address: 162.105.40.49 [26-29]

Dest. IP Address: 167.216.148.100 [30-33]

No Internet Datagram Options

TCP - Transport Control Protocol

Source Port: 1247 [34-35]

Destination Port: 80 World Wide Web HTTP [36-37]

Sequence Number: 7766106 [38-41]

Ack Number: 2567724309 [42-45]

Offset: 5 [46 Mask 0xf0]

Reserved: %000000 [46 Mask 0xfc0]

Code: %011000 [47 Mask 0x3f]

Ack is valid

Push Request

Window: 8760 [48-49]

Checksum: 0x37a7 [50-51]

Urgent Pointer: 0 [52-53]

No TCP Options

HTTP - HyperText Transfer Protocol

POST /js/VerifyL 50 4f 53 54 20 2f 6a 73 2f 56 65 72 69 66 79 4c [54-69]

ogin HTTP/1.1.. 6f 67 69 6e 20 48 54 54 50 2f 31 2e 31 0d 0a [70-84]

Accept: image/gi 41 63 63 65 70 74 3a 20 69 6d 61 67 65 2f 67 69 [85-100]

f, image/x-xbitm 66 2c 20 69 6d 61 67 65 2f 78 2d 78 62 69 74 6d [101-116]

ap, image/jpeg, 61 70 2c 20 69 6d 61 67 65 2f 6a 70 65 67 2c 20 [117-132]

image/pjpeg, app 69 6d 61 67 65 2f 70 6a 70 65 67 2c 20 61 70 70 [133-148]

lication/msword, 6c 69 63 61 74 69 6f 6e 2f 6d 73 77 6f 72 64 2c [149-164]

application/vnd 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 76 6e 64 [165-180]

.ms-powerpoint, 2e 6d 73 2d 70 6f 77 65 72 70 6f 69 6e 74 2c 20 [181-196]

application/vnd. 61 70 70 6c 69 63 61 74 69 6f 6e 2f 76 6e 64 2e [197-212]

ms-excel, */*.. 6d 73 2d 65 78 63 65 6c 2c 20 2a 2f 2a 0d 0a [213-227]

Referer: http:// 52 65 66 65 72 65 72 3a 20 68 74 74 70 3a 2f 2f [228-243]

www.renren.com/j 77 77 77 2e 72 65 6e 72 65 6e 2e 63 6f 6d 2f 6a [244-259]

s/FrontPage.. 73 2f 46 72 6f 6e 74 50 61 67 65 0d 0a [260-272]

Accept-Language: 41 63 63 65 70 74 2d 4c 61 6e 67 75 61 67 65 3a [273-288]

zh-cn.. 20 7a 68 2d 63 6e 0d 0a [289-296]

Content-Type: ap 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 [297-312]

plication/x-www- 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d [313-328]

form-urlencoded. 66 6f 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 0d [329-344]

. 0a [345]

Accept-Encoding: 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a [346-361]

gzip, deflate.. 20 67 7a 69 70 2c 20 64 65 66 6c 61 74 65 0d 0a [362-377]

User-Agent: Mozi 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 6f 7a 69 [378-393]

lla/4.0 (compati 6c 6c 61 2f 34 2e 30 20 28 63 6f 6d 70 61 74 69 [394-409]

ble; MSIE 4.01; 62 6c 65 3b 20 4d 53 49 45 20 34 2e 30 31 3b 20 [410-425]

Windows 95).. 57 69 6e 64 6f 77 73 20 39 35 29 0d 0a [426-438]

Host: www.renren 48 6f 73 74 3a 20 77 77 77 2e 72 65 6e 72 65 6e [439-454]

.com.. 2e 63 6f 6d 0d 0a [455-460]

Content-Length: 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 [461-476]

43.. 34 33 0d 0a [477-480]

Connection: Keep 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 [481-496]

-Alive.. 2d 41 6c 69 76 65 0d 0a [497-504]

Cookie: lang=cn; 43 6f 6f 6b 69 65 3a 20 6c 61 6e 67 3d 63 6e 3b [505-520]

COUNTRY=21; tim 20 43 4f 55 4e 54 52 59 3d 32 31 3b 20 74 69 6d [521-536]

eDiff=27/12/1999 65 44 69 66 66 3d 32 37 2f 31 32 2f 31 39 39 39 [537-552]

_17:56:15.476; S 5f 31 37 3a 35 36 3a 31 35 2e 34 37 36 3b 20 53 [553-568]

ESSION=992022061 45 53 53 49 4f 4e 3d 39 39 32 30 32 32 30 36 31 [569-584]

2.172336181; AdJ 32 2e 31 37 32 33 33 36 31 38 31 3b 20 41 64 4a [585-600]

ump=null; engage 75 6d 70 3d 6e 75 6c 6c 3b 20 65 6e 67 61 67 65 [601-616]

key=/region#1/ge 6b 65 79 3d 2f 72 65 67 69 6f 6e 23 31 2f 67 65 [617-632]

nder#1/age#21/si 6e 64 65 72 23 31 2f 61 67 65 23 32 31 2f 73 69 [633-648]

gn#/marital#1/co 67 6e 23 2f 6d 61 72 69 74 61 6c 23 31 2f 63 6f [649-664]

untry#/ethnicity 75 6e 74 72 79 23 2f 65 74 68 6e 69 63 69 74 79 [665-680]

#2/education#5/i 23 32 2f 65 64 75 63 61 74 69 6f 6e 23 35 2f 69 [681-696]

ndustry#9/intere 6e 64 75 73 74 72 79 23 39 2f 69 6e 74 65 72 65 [697-712]

sts#; JServSessi 73 74 73 23 3b 20 4a 53 65 72 76 53 65 73 73 69 [713-728]

onId=3fee9af4c39 6f 6e 49 64 3d 33 66 65 65 39 61 66 34 63 33 39 [729-744]

57f28.630.946465 35 37 66 32 38 2e 36 33 30 2e 39 34 36 34 36 35 [745-760]

712033; Accipite 37 31 32 30 33 33 3b 20 41 63 63 69 70 69 74 65 [761-776]

rId=00093423*DEF 72 49 64 3d 30 30 30 39 33 34 32 33 2a 44 45 46 [777-792]

.... 0d 0a 0d 0a [793-796]

loginid=iaqqxais 6c 6f 67 69 6e 69 64 3d 69 61 71 71 78 6a 69 73 [797-812]

c&password=vra7r 63 26 70 61 73 73 77 6f 72 64 3d 76 72 61 37 72 [813-828]

aa&x=41&y=9 61 61 26 78 3d 34 31 26 79 3d 39 [829-839]

Frame Check Sequence: 0x66c85821

真不幸,刚好包含了帐号eaqqxaisc和密码vra7raa!

再仔细看看,哇!cookie的信息也是全都一览无遗。推广开去,所有的HTTP页面信息、Email信息等等,没有一点障碍得全被窃取。

一般的说,Sniffer可以截获的不仅仅是用户的ID和口令。它可以截获敏感的经济数据(如信用卡号)、秘密的信息(E-mail)和专有信息。基于入侵者可利用的资源,一个Sniffer可能截获网络上所有的信息。

从Sniffer上可以得到所的的信息,只要你有足够的存储空间。为了解决这个问题,入侵者一般只截获每个包的前200-300字节。用户名和口令一般在这部分。当然,如果有足够的存储介质,会得到更多有趣的内容。


三. 挫败Sniffer

sniffer是一种被动的攻击,不产生任何东西,基本上不留下什么痕迹。所以,在网络上是难以发现sniffer的。

以下一些工作对于对付sniffer会有些用处。

首先,检查网络线路,确定不会有硬件接入的sniffer。

其次,检查每一台机器的每一个通信端口。在sniffer存在时,被窃听机器的端口被改为许诺模式(promiscuous mode),可以通过这一点检测自己是否被窃听(源自参考文献3,笔者未曾实验)。在SunOS中,可以通过ifconfig –a来检测。

第三,对敏感数据加密。对敏感数据的加密是安全的必要条件。其安全级别取决于加密算法的强度和密钥的强度。

第四,使用安全的拓朴结构。Sniffer无法穿过交换机、路由器、网桥。网络分段越细,则安全程度越大。


四. Sniffer用于网络管理

Sniffer是被设计来诊断网络的联接情况的。ISS(Internet Security System)的总裁,大二退学自己开了ISS公司,现已成美国信息安全的首席顾问,comp.security的FAQ都由ISS发表。但是ISS的安全工具却全是sniff类型的。

现在有许多商用的sniffer,例如大大有名的netXray,其功能描述如下:

Monitoring Network Statistics


NetXRay provides both real time viewing and long term traffic analysis in graphical format. It can monitor multiple network statistics variables concurrently. This allows you to predict future network needs and plan for them accordingly. Alarms are generated whenever preset threshold parameters are exceeded, informing you about network exception conditions that may require immediate attention.


NetXRay monitors and displays a network segment’s packet rate, utilization and error rate in real time. Statistical counters for all network detail parameters are maintained in memory, and may be exported to Excel format for tabulation or charting.


The host table maintains each network node’s traffic statistics in real time. It keeps MAC, IP network, IP application, IPX network, and IPX transport layer information in separate tables, all of which may be viewed in table, bar or pie chart formats. The host table can be sorted by any statistical variable of your choice, in either ascending or descending order.


The matrix table maintains network node pair conversation traffic statistics in real time. It keeps MAC, IP network, IP application, IPX network, and IPX transport layer information in separate tables, all of which may be viewed in traffic map, table, bar or pie chart formats. The matrix table can be sorted by any statistical variable of your choice, in either ascending or descending order.


The traffic map provides the user a birds-eye view of the network traffic patterns in real time. It gives a complete graphical presentation of the traffic pattern between network nodes.

NetXray就通过硬件地址和ip地址的双向解析可以用来检测ip盗用。同样,消息的重放可以通过引起信报错乱,从而进行一些惩罚,但这一手段同样可以进行其他hack活动。

参考文献

Anonymous Maximum Security Sams Publishing 1997

Anonymous Maximum Security(Second Edition) Sams Publishing 1998

上一页  [1] [2] 
文章录入:wuwq    责任编辑:wuwq 
  • 上一篇文章:

  • 下一篇文章:
    • 发表评论】【加入收藏】【告诉好友】【打印此文】【关闭窗口
    最新热点 最新推荐 相关文章
    交换环境下的Sniffer
    封包探嗅器(Sniffer)
    Sniffer-黑客们最常用的入侵
    Sniffer常见问题集
    再议 Sniffer
    SNIFFER嗅探器检测工具和对策
    Sniffer pro 使用辅助说明
    Sniffer使用简介(下)
    Sniffer使用简介(上)
    Sniffer--会“抓毒”的网络分
      网友评论:(只显示最新10条。评论内容只代表网友观点,与本站立场无关!)
    | 设为首页 | 加入收藏 | 联系站长 | 友情链接 | 版权申明 | 网站公告 |

    局域网DIY】.版权所有 客服QQ:5820031 站长:晨光
    Copyright © 2000-2020 www.LANDIY.net All Rights Reserved
     


    粤ICP备05009256号