በራሱ ላይ የወረቀት ቦርሳ ያለው ሰው
ዛሬ, ካታሊናን ከ 15.6 ወደ 15.7 ካዘመንኩ በኋላ, የበይነመረብ ፍጥነት ወድቋል, የሆነ ነገር አውታረ መረቤን በከፍተኛ ሁኔታ እየጫነ ነበር, እና የአውታረ መረብ እንቅስቃሴን ለመመልከት ወሰንኩ.
tcpdumpን ለሁለት ሰዓታት ሮጥኩ፡-
sudo tcpdump -k NP > ~/log ዓይኔን የሳበው የመጀመሪያው ነገር፡-
16:43:42.919443 () ARP, Request who-has 192.168.1.51 tell 192.168.1.1, length 28
16:43:42.927716 () ARP, Request who-has 192.168.1.52 tell 192.168.1.1, length 28
16:43:42.934112 () ARP, Request who-has 192.168.1.53 tell 192.168.1.1, length 28
16:43:42.942328 () ARP, Request who-has 192.168.1.54 tell 192.168.1.1, length 28
16:43:43.021971 () ARP, Request who-has 192.168.1.55 tell 192.168.1.1, length 28ለምንድነው የእኔን አጠቃላይ የአካባቢ አውታረመረብ የሚያስፈልገው? በየደቂቃው ያለማቋረጥ ይቃኛል 192.168.1./255፣ እሺ፣ ይህ የኔትወርክ አሳሽ አገልግሎት ነው እንበል።
(shadowserver.org) - ለትርፍ ያልተቋቋመ የደህንነት ድርጅት
16:43:33.518282 () IP scan-05l.shadowserver.org.33567 > 192.168.1.150.rsync: Flags [S], seq 1527048226, win 65535, options [mss 536], length 0ሌላ ማንኳኳት (scanner-12.ch1.censys-scanner.com -> censys.io):
16:44:16.254073 () IP scanner-12.ch1.censys-scanner.com.62651 > 192.168.1.150.8843: Flags [S], seq 1454862354, win 1024, options [mss 1460], length 0እሺ፣ እሺ፣ ምንም የተለየ ነገር አይመስልም፡ ትንታኔ፣ የአካባቢ አውታረ መረብን መቃኘት፣ ጥሩ፣ የተለመደው ነገር፣ ግን ከዚያ ስለዚህስ?
16:15:56.603292 () IP 45.129.33.152.51777 > 192.168.1.150.jpegmpeg: Flags [S], seq 2349838714, win 1024, options [mss 536], length 0ወደዚህ አይፒ አድራሻ ከሄዱ , ይህን ማየት ይችላሉ:
የጽሑፍ ፋይሎች በሚሊዮኖች የሚቆጠሩ የአይፒ አድራሻዎችን ወደቦች ይይዛሉ።
የሙቀት ፋይል ይዘት
[?1h=[?25l[H[J[mtop - 21:17:26 up 31 days, 6:44, 1 use[m[39;49m[m[39;49m[K
Tasks:[m[39;49m[1m 144 [m[39;49mtotal,[m[39;49m[1m 1 [m[39;49mrunning,[m[39;49m[1m 143 [m[39;49msleep[m[39;49m[m[39;49m[K
%Cpu(s):[m[39;49m[1m 0.8 [m[39;49mus,[m[39;49m[1m 0.0 [m[39;49msy,[m[39;49m[1m 0.0 [m[39;49mni,[m[39;49m[1m 92.0[m[39;49m[m[39;49m[K
KiB Mem :[m[39;49m[1m 32681700 [m[39;49mtotal,[m[39;49m[1m 18410244 [m[39;49mfree,[m[39;49m[m[39;49m[K
KiB Swap:[m[39;49m[1m 16449532 [m[39;49mtotal,[m[39;49m[1m 16449288 [m[39;49mfree,[m[39;49m[m[39;49m[K
[K
[7m PID USER PR NI VIRT RES [m[39;49m[K
[m 1 root 20 0 191072 3924 [m[39;49m[K
[m 2 root 20 0 0 0 [m[39;49m[K
[m 3 root 20 0 0 0 [m[39;49m[K
[m 5 root 0 -20 0 0 [m[39;49m[K
[m 7 root rt 0 0 0 [m[39;49m[K
[m 8 root 20 0 0 0 [m[39;49m[K
[m 9 root 20 0 0 0 [m[39;49m[K
[m 10 root rt 0 0 0 [m[39;49m[K
[m 11 root rt 0 0 0 [m[39;49m[K
[m 12 root rt 0 0 0 [m[39;49m[K
[m 13 root 20 0 0 0 [m[39;49m[K
[m 15 root 0 -20 0 0 [m[39;49m[K
[m 16 root rt 0 0 0 [m[39;49m[K[H[mtop - 21:17:29 up 31 days, 6:44, 1 use[m[39;49m[m[39;49m[K
%Cpu(s):[m[39;49m[1m 0.0 [m[39;49mus,[m[39;49m[1m 0.0 [m[39;49msy,[m[39;49m[1m 0.0 [m[39;49mni,[m[39;49m[1m100.0[m[39;49m[m[39;49m[K
KiB Mem :[m[39;49m[1m 32681700 [m[39;49mtotal,[m[39;49m[1m 18409876 [m[39;49mfree,[m[39;49m[m[39;49m[K
[K
እና በመጨረሻ፣ ብዙ ያልታወቁ ጥያቄዎች፡-
16:16:07.022910 () IP 059148253194.ctinets.com.58703 > 192.168.1.150.4244: Flags [S], seq 2829545743, win 1024, options [mss 536], length 0
16:15:57.133836 () IP 45.129.33.2.55914 > 192.168.1.150.39686: Flags [S], seq 700814637, win 1024, options [mss 536], length 0
16:15:56.603292 () IP 45.129.33.152.51777 > 192.168.1.150.jpegmpeg: Flags [S], seq 2349838714, win 1024, options [mss 536], length 0
16:16:15.083755 () IP 45.129.33.154.55846 > 192.168.1.150.7063: Flags [S], seq 4079154719, win 1024, options [mss 536], length 0
16:15:43.251305 () IP 192.168.1.150.60314 > one.one.one.one.domain: 3798+ PTR? 237.171.154.149.in-addr.arpa. (46)
16:16:24.386628 () IP 45.141.84.30.50763 > 192.168.1.150.12158: Flags [S], seq 572523718, win 1024, options [mss 536], length 0
16:16:44.817035 () IP 92.63.197.66.58219 > 192.168.1.150.15077: Flags [S], seq 4012437618, win 1024, options [mss 536], length 0
16:15:43.172042 () IP 45.129.33.46.51641 > 192.168.1.150.bnetgame: Flags [S], seq 362771723, win 1024, options [mss 536], length 0
16:17:02.120063 () IP 45.129.33.23.42275 > 192.168.1.150.11556: Flags [S], seq 3354007029, win 1024, options [mss 536], length 0
16:16:00.589816 () IP 45.129.33.3.56005 > 192.168.1.150.40688: Flags [S], seq 2710391040, win 1024, options [mss 536], length 0እነዚህን ጎራዎች እና የአይፒ አድራሻዎች በአስተናጋጅ ፋይል ውስጥ ካገድኳቸው፣ የሚቀጥለው ዱፕ ተመሳሳይ የአይፒ ንዑስ አውታረ መረቦች ይኖሩታል፣ ግን የተለያዩ የመጨረሻ አድራሻዎች አሏቸው፣ እና доменов የንዑስ ጎራ ለውጦች።
ማክ በአስተናጋጁ ፋይል *.example.com ውስጥ ያለውን ጭንብል አይረዳም።
የሚተላለፉትን እሽጎች እንዴት ማየት እንዳለብኝ እና ምን ሂደቶች ወይም ዲሞኖች እነዚህን ግንኙነቶች እንደሚፈጥሩ አላሰብኩም (ለተወሰኑ ቀናት ማክ ነበረኝ) ግን ቀድሞውኑ አስደሳች ነው!
ምንጭ: hab.com
