ΠΌΡΠΆ Ρ Ρ
Π°ΡΡΠΈΠ΅Π½Π° ΡΠΎΡΠ±Π° Π½Π° Π³Π»Π°Π²Π°ΡΠ°
ΠΠ½Π΅Ρ, ΡΠ»Π΅Π΄ ΡΠΏΠ΄Π΅ΠΉΡ Π½Π° Catalina ΠΎΡ 15.6 Π½Π° 15.7, ΡΠΊΠΎΡΠΎΡΡΡΠ° Π½Π° ΠΈΠ½ΡΠ΅ΡΠ½Π΅ΡΠ° ΠΏΠ°Π΄Π½Π°, Π½Π΅ΡΠΎ ΠΌΠ½ΠΎΠ³ΠΎ ΠΌΠΈ Π½Π°ΡΠΎΠ²Π°ΡΠ²Π°ΡΠ΅ ΠΌΡΠ΅ΠΆΠ°ΡΠ° ΠΈ ΡΠ΅ΡΠΈΡ Π΄Π° ΠΏΠΎΠ³Π»Π΅Π΄Π½Π° ΠΌΡΠ΅ΠΆΠΎΠ²Π°ΡΠ° Π°ΠΊΡΠΈΠ²Π½ΠΎΡΡ.
ΠΡΡΠΊΠ°Ρ tcpdump Π·Π° Π½ΡΠΊΠΎΠ»ΠΊΠΎ ΡΠ°ΡΠ°:
sudo tcpdump -k NP > ~/log Π ΠΏΡΡΠ²ΠΎΡΠΎ Π½Π΅ΡΠΎ, ΠΊΠΎΠ΅ΡΠΎ ΠΌΠΈ Ρ Π²Π°Π½Π° ΠΎΠΊΠΎΡΠΎ:
16:43:42.919443 () ARP, Request who-has 192.168.1.51 tell 192.168.1.1, length 28
16:43:42.927716 () ARP, Request who-has 192.168.1.52 tell 192.168.1.1, length 28
16:43:42.934112 () ARP, Request who-has 192.168.1.53 tell 192.168.1.1, length 28
16:43:42.942328 () ARP, Request who-has 192.168.1.54 tell 192.168.1.1, length 28
16:43:43.021971 () ARP, Request who-has 192.168.1.55 tell 192.168.1.1, length 28ΠΠ°ΡΠΎ ΠΌΡ ΡΡΡΠ±Π²Π° ΡΡΠ»Π°ΡΠ° ΠΌΠΈ Π»ΠΎΠΊΠ°Π»Π½Π° ΠΌΡΠ΅ΠΆΠ°? Π’ΠΎΠΉ Π³ΠΎ ΡΠΊΠ°Π½ΠΈΡΠ° Π±Π΅Π·ΠΊΡΠ°ΠΉΠ½ΠΎ Π²ΡΡΠΊΠ° ΠΌΠΈΠ½ΡΡΠ° 192.168.1./255, Π΄ΠΎΠ±ΡΠ΅, Π΄Π° ΠΊΠ°ΠΆΠ΅ΠΌ, ΡΠ΅ ΡΠΎΠ²Π° Π΅ ΡΡΠ»ΡΠ³Π° Π·Π° ΠΌΡΠ΅ΠΆΠΎΠ² Π±ΡΠ°ΡΠ·ΡΡ.
(shadowserver.org) β ΠΎΡΠ³Π°Π½ΠΈΠ·Π°ΡΠΈΡ Π·Π° ΡΠΈΠ³ΡΡΠ½ΠΎΡΡ Ρ Π½Π΅ΡΡΠΎΠΏΠ°Π½ΡΠΊΠ° ΡΠ΅Π»
16:43:33.518282 () IP scan-05l.shadowserver.org.33567 > 192.168.1.150.rsync: Flags [S], seq 1527048226, win 65535, options [mss 536], length 0ΠΡΡΠ³ΠΎ ΡΡΠΊΠ°Π»ΠΎ (scanner-12.ch1.censys-scanner.com -> censys.io):
16:44:16.254073 () IP scanner-12.ch1.censys-scanner.com.62651 > 192.168.1.150.8843: Flags [S], seq 1454862354, win 1024, options [mss 1460], length 0ΠΠΎΠ±ΡΠ΅, Π΄ΠΎΠ±ΡΠ΅, ΠΈΠ·Π³Π»Π΅ΠΆΠ΄Π° ΠΊΠ°ΡΠΎ Π½ΠΈΡΠΎ ΠΎΡΠΎΠ±Π΅Π½ΠΎ: Π°Π½Π°Π»ΠΈΠ·ΠΈ, ΡΠΊΠ°Π½ΠΈΡΠ°Π½Π΅ Π½Π° Π»ΠΎΠΊΠ°Π»Π½Π°ΡΠ° ΠΌΡΠ΅ΠΆΠ°, Π΄ΠΎΠ±ΡΠ΅, ΠΎΠ±ΠΈΡΠ°ΠΉΠ½ΠΎΡΠΎ Π½Π΅ΡΠΎ, Π½ΠΎ ΠΊΠ°ΠΊΠ²ΠΎ ΡΠ΅ ΠΊΠ°ΠΆΠ΅ΡΠ΅ Π·Π° ΡΠΎΠ²Π°:
16:15:56.603292 () IP 45.129.33.152.51777 > 192.168.1.150.jpegmpeg: Flags [S], seq 2349838714, win 1024, options [mss 536], length 0ΠΠΊΠΎ ΠΎΡΠΈΠ΄Π΅ΡΠ΅ Π½Π° ΡΠΎΠ·ΠΈ IP Π°Π΄ΡΠ΅Ρ , ΠΌΠΎΠΆΠ΅ΡΠ΅ Π΄Π° Π²ΠΈΠ΄ΠΈΡΠ΅ ΡΠΎΠ²Π°:
Π’Π΅ΠΊΡΡΠΎΠ²ΠΈΡΠ΅ ΡΠ°ΠΉΠ»ΠΎΠ²Π΅ ΡΡΠ΄ΡΡΠΆΠ°Ρ ΠΌΠΈΠ»ΠΈΠΎΠ½ΠΈ IP Π°Π΄ΡΠ΅ΡΠΈ Ρ ΠΏΠΎΡΡΠΎΠ²Π΅.
Π‘ΡΠ΄ΡΡΠΆΠ°Π½ΠΈΠ΅ Π½Π° Π²ΡΠ΅ΠΌΠ΅Π½Π½ΠΈΡ ΡΠ°ΠΉΠ»:
[?1h=[?25l[H[J[mtop - 21:17:26 up 31 days, 6:44, 1 use[m[39;49m[m[39;49m[K
Tasks:[m[39;49m[1m 144 [m[39;49mtotal,[m[39;49m[1m 1 [m[39;49mrunning,[m[39;49m[1m 143 [m[39;49msleep[m[39;49m[m[39;49m[K
%Cpu(s):[m[39;49m[1m 0.8 [m[39;49mus,[m[39;49m[1m 0.0 [m[39;49msy,[m[39;49m[1m 0.0 [m[39;49mni,[m[39;49m[1m 92.0[m[39;49m[m[39;49m[K
KiB Mem :[m[39;49m[1m 32681700 [m[39;49mtotal,[m[39;49m[1m 18410244 [m[39;49mfree,[m[39;49m[m[39;49m[K
KiB Swap:[m[39;49m[1m 16449532 [m[39;49mtotal,[m[39;49m[1m 16449288 [m[39;49mfree,[m[39;49m[m[39;49m[K
[K
[7m PID USER PR NI VIRT RES [m[39;49m[K
[m 1 root 20 0 191072 3924 [m[39;49m[K
[m 2 root 20 0 0 0 [m[39;49m[K
[m 3 root 20 0 0 0 [m[39;49m[K
[m 5 root 0 -20 0 0 [m[39;49m[K
[m 7 root rt 0 0 0 [m[39;49m[K
[m 8 root 20 0 0 0 [m[39;49m[K
[m 9 root 20 0 0 0 [m[39;49m[K
[m 10 root rt 0 0 0 [m[39;49m[K
[m 11 root rt 0 0 0 [m[39;49m[K
[m 12 root rt 0 0 0 [m[39;49m[K
[m 13 root 20 0 0 0 [m[39;49m[K
[m 15 root 0 -20 0 0 [m[39;49m[K
[m 16 root rt 0 0 0 [m[39;49m[K[H[mtop - 21:17:29 up 31 days, 6:44, 1 use[m[39;49m[m[39;49m[K
%Cpu(s):[m[39;49m[1m 0.0 [m[39;49mus,[m[39;49m[1m 0.0 [m[39;49msy,[m[39;49m[1m 0.0 [m[39;49mni,[m[39;49m[1m100.0[m[39;49m[m[39;49m[K
KiB Mem :[m[39;49m[1m 32681700 [m[39;49mtotal,[m[39;49m[1m 18409876 [m[39;49mfree,[m[39;49m[m[39;49m[K
[K
Π Π½Π°ΠΊΡΠ°Ρ, ΠΊΡΠΏ Π½Π΅ΠΈΠ·Π²Π΅ΡΡΠ½ΠΈ Π·Π°ΡΠ²ΠΊΠΈ:
16:16:07.022910 () IP 059148253194.ctinets.com.58703 > 192.168.1.150.4244: Flags [S], seq 2829545743, win 1024, options [mss 536], length 0
16:15:57.133836 () IP 45.129.33.2.55914 > 192.168.1.150.39686: Flags [S], seq 700814637, win 1024, options [mss 536], length 0
16:15:56.603292 () IP 45.129.33.152.51777 > 192.168.1.150.jpegmpeg: Flags [S], seq 2349838714, win 1024, options [mss 536], length 0
16:16:15.083755 () IP 45.129.33.154.55846 > 192.168.1.150.7063: Flags [S], seq 4079154719, win 1024, options [mss 536], length 0
16:15:43.251305 () IP 192.168.1.150.60314 > one.one.one.one.domain: 3798+ PTR? 237.171.154.149.in-addr.arpa. (46)
16:16:24.386628 () IP 45.141.84.30.50763 > 192.168.1.150.12158: Flags [S], seq 572523718, win 1024, options [mss 536], length 0
16:16:44.817035 () IP 92.63.197.66.58219 > 192.168.1.150.15077: Flags [S], seq 4012437618, win 1024, options [mss 536], length 0
16:15:43.172042 () IP 45.129.33.46.51641 > 192.168.1.150.bnetgame: Flags [S], seq 362771723, win 1024, options [mss 536], length 0
16:17:02.120063 () IP 45.129.33.23.42275 > 192.168.1.150.11556: Flags [S], seq 3354007029, win 1024, options [mss 536], length 0
16:16:00.589816 () IP 45.129.33.3.56005 > 192.168.1.150.40688: Flags [S], seq 2710391040, win 1024, options [mss 536], length 0ΠΠΊΠΎ Π±Π»ΠΎΠΊΠΈΡΠ°ΠΌ ΡΠ΅Π·ΠΈ Π΄ΠΎΠΌΠ΅ΠΉΠ½ΠΈ ΠΈ IP Π°Π΄ΡΠ΅ΡΠΈ Π² Ρ ΠΎΡΡ ΡΠ°ΠΉΠ»Π°, ΡΠΎΠ³Π°Π²Π° Π² ΡΠ»Π΅Π΄Π²Π°ΡΠΈΡ Π΄ΡΠΌΠΏ ΡΠ΅ ΠΈΠΌΠ° ΡΡΡΠΈΡΠ΅ IP ΠΏΠΎΠ΄ΠΌΡΠ΅ΠΆΠΈ, Π½ΠΎ Ρ ΡΠ°Π·Π»ΠΈΡΠ½ΠΈ ΠΊΡΠ°ΠΉΠ½ΠΈ Π°Π΄ΡΠ΅ΡΠΈ ΠΈ ΠΏΠΎΠ΄Π΄ΠΎΠΌΠ΅ΠΉΠ½ΠΈΡΠ΅ Π½Π° Π΄ΠΎΠΌΠ΅ΠΉΠ½ΠΈΡΠ΅ ΡΠ΅ ΠΏΡΠΎΠΌΠ΅Π½ΡΡ.
Mac Π½Π΅ ΡΠ°Π·Π±ΠΈΡΠ° ΠΌΠ°ΡΠΊΠ°ΡΠ° Π² Ρ ΠΎΡΡ ΡΠ°ΠΉΠ»Π° *.example.com
ΠΠ΅ ΡΠ°Π·Π±ΡΠ°Ρ ΠΊΠ°ΠΊ Π΄Π° Π³Π»Π΅Π΄Π°ΠΌ ΠΏΠ°ΠΊΠ΅ΡΠΈΡΠ΅, ΠΊΠΎΠΈΡΠΎ ΡΠ΅ ΠΏΡΠ΅Ρ Π²ΡΡΠ»ΡΡ ΠΈ ΠΊΠ°ΠΊΠ²ΠΈ ΠΏΡΠΎΡΠ΅ΡΠΈ ΠΈΠ»ΠΈ Π΄Π΅ΠΌΠΎΠ½ΠΈ ΠΏΡΠΈΡΠΈΠ½ΡΠ²Π°Ρ ΡΠ΅Π·ΠΈ Π²ΡΡΠ·ΠΊΠΈ (ΠΈΠΌΠ°ΠΌ Mac ΠΎΡ Π½ΡΠΊΠΎΠ»ΠΊΠΎ Π΄Π½ΠΈ), Π½ΠΎ Π²Π΅ΡΠ΅ Π΅ Π·Π°Π±Π°Π²Π½ΠΎ!
ΠΠ·ΡΠΎΡΠ½ΠΈΠΊ: www.habr.com