427 Botnet fm qxd



Download 6,98 Mb.
Pdf ko'rish
bet260/387
Sana03.12.2022
Hajmi6,98 Mb.
#878307
1   ...   256   257   258   259   260   261   262   263   ...   387
Bog'liq
Botnets - The killer web applications

www.syngress.com
320
Chapter 9 • Advanced Ourmon Techniques
427_Botnet_09.qxd 1/8/07 4:45 PM Page 320

0x0000
4500 0026 6476 4000 3f11 07e9 XXXX XXXX
E..&dv@.?.......
0x0010
XXXX XXXX 8a57 1a0b 0012 86f5 3031 3233
.............0123
0x0020
3435 3637 3839 0000 0000 0000 0000
456789........
03:48:29.258352 192.168.125.43.35415 > 10.0.49.145.6667: udp 10 (DF)
0x0000
4500 0026 6477 4000 3f11 07e8 XXXX XXXX
E..&dw@.?.......
0x0010
XXXX XXXX 8a57 1a0b 0012 86f5 3031 3233
.............0123
0x0020
3435 3637 3839 0000 0000 0000 0000
456789........
T
IP
If you don’t know enough about the TCP/IP protocols, choose one of
these two well-known foundation books on TCP/IP and read it:
1.
The Protocols
(TCP/IP Illustrated, Volume 1), by W. Richard
Stevens; Addison-Wesley, 1993, ISBN 0201633469
2.
Internetworking with TCP/IP,
Vol. 1 (Fifth Edition), by Douglas
Comer.; Prentice-Hall, 2005, ISBN 0131876716
Either of these books will give you the fundamental knowledge
you need to deal with decoding TCP/IP packets. Unfortunately, Stevens
passed away in 1999, but his book is still very useful in terms of
details. Comer’s book is more up to date. 
If you want more details about tcpdump itself as a utility, you
should read the man page itself; it is well written and has examples.
Tcpdump comes from www.tcpdump.org and works on all Unix systems
as well as Windows. Another very popular free sniffer is WireShark,
which you can find at www.wireshark.org. WireShark has plenty of doc-
umentation and an extensive set of protocol dissectors. Both tools can
use the standard tcpdump format files produced as output by ourmon. 
So, what can we learn from our tcpdump data? The first line of the tcp-
dump output is as follows:
192.168.125.43.35415 > 10.0.49.145.6667: udp 10
So an internal system using the source UDP port 35415 was sending
packets at a particular external system with the destination port 6667.The
payload size (L7 data) was 10 bytes.The reason we used the 
–X
parameter was
actually to inspect the contents of the data payload above the UDP header.
The hexdump starts with 0x45, which indicates an IPv4 packet and is the

Download 6,98 Mb.

Do'stlaringiz bilan baham:
1   ...   256   257   258   259   260   261   262   263   ...   387



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish