427 Botnet fm qxd



Download 6,98 Mb.
Pdf ko'rish
bet183/387
Sana03.12.2022
Hajmi6,98 Mb.
#878307
1   ...   179   180   181   182   183   184   185   186   ...   387
Bog'liq
Botnets - The killer web applications

How Ourmon Works
In order to install and use ourmon, it is necessary to understand its architec-
ture. In this section please refer to Figure 6.5, the Ourmon Architecture
Overview, for our discussion. We will introduce some important configura-
tion files and output files as we go along.
First of all, we need to understand that as software, ourmon is a packet-
sniffing system and it has to be hooked up to a network in such a way that it
either gets all the packets via an Ethernet switch set up to do port mirroring
(send packets from one port to the ourmon sniffing port) or via the older
Ethernet hub technology that by default shares all packets on all Ethernet
ports. We can call this setup 
network capture
. It is also possible to run ourmon
on a single host to just look at that host’s packets, which we might call 
host
capture
.This may make sense for an important server or for a host that for
some reason you believe to be the target of hackers. Normally, however,
ourmon is an enterprise-level tool and is used for watching all the packets in
an enterprise (or all the packets in a server farm). We will assume an enter-
prise install in this book.
www.syngress.com
Ourmon: Overview and Installation • Chapter 6
227
427_Botnet_06.qxd 1/8/07 3:14 PM Page 227

Figure 6.5
Ourmon Architecture Overview
Ourmon has two big software pieces, which we call either:

The 
probe
(sometimes called the front-end in ourmon documenta-
tion), which sniffs packets and summarizes them into various bits of
statistical information.

The 
back-end graphics engine
, which processes the probe’s outputs and
makes Web graphics, ASCII reports, log entries, and reports and
makes some of the results available on the Web via the ourmon Web
interface. Some results (like logs) are not available on the Web.The
graphics engine requires the user to install a Web server (like the
popular Apache Web server).
The probe is written in C and uses the libpcap library to read packets out
of a kernel buffer. Libpcap (from www.tcpdump.org) is a library used in
UNIX systems that hides the details of packet sniffing so that tools like
ourmon and snort, which use it, are more portable.The ourmon probe is
actually called 
ourmon
(perhaps not a clever name) and is typically invoked at
boot via a shellscript called 
ourmon.sh
as follows:

Download 6,98 Mb.

Do'stlaringiz bilan baham:
1   ...   179   180   181   182   183   184   185   186   ...   387



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish