ProHoster > ื‘ืœื•ื’ > ืžื™ื ื”ืœ > ื”ืกืชื›ืœืชื™ ืขืœ ื”ืชื ื•ืขื” ืฉืœื™: ื”ื™ื ื™ื“ืขื” ืขืœื™ ื”ื›ืœ (Mac OS Catalina)

ื”ืกืชื›ืœืชื™ ืขืœ ื”ืชื ื•ืขื” ืฉืœื™: ื”ื™ื ื™ื“ืขื” ืขืœื™ ื”ื›ืœ (Mac OS Catalina)

ื”ืกืชื›ืœืชื™ ืขืœ ื”ืชื ื•ืขื” ืฉืœื™: ื”ื™ื ื™ื“ืขื” ืขืœื™ ื”ื›ืœ (Mac OS Catalina)ืื™ืฉ ืขื ืฉืงื™ืช ื ื™ื™ืจ ืขืœ ื”ืจืืฉ

ื”ื™ื•ื, ืœืื—ืจ ืขื“ื›ื•ืŸ Catalina ืž-15.6 ืœ-15.7, ืžื”ื™ืจื•ืช ื”ืื™ื ื˜ืจื ื˜ ื™ืจื“ื”, ืžืฉื”ื• ื”ื˜ืขื™ืŸ ืืช ื”ืจืฉืช ืฉืœื™ ื‘ื›ื‘ื“ื•ืช ื•ื”ื—ืœื˜ืชื™ ืœื”ืกืชื›ืœ ืขืœ ืคืขื™ืœื•ืช ื”ืจืฉืช.

ื”ืจืฆืชื™ ืืช tcpdump ื‘ืžืฉืš ื›ืžื” ืฉืขื•ืช:

sudo tcpdump -k NP > ~/log

ื•ื”ื“ื‘ืจ ื”ืจืืฉื•ืŸ ืฉืชืคืก ืืช ืขื™ื ื™:

16:43:42.919443 () ARP, Request who-has 192.168.1.51 tell 192.168.1.1, length 28
16:43:42.927716 () ARP, Request who-has 192.168.1.52 tell 192.168.1.1, length 28
16:43:42.934112 () ARP, Request who-has 192.168.1.53 tell 192.168.1.1, length 28
16:43:42.942328 () ARP, Request who-has 192.168.1.54 tell 192.168.1.1, length 28
16:43:43.021971 () ARP, Request who-has 192.168.1.55 tell 192.168.1.1, length 28

ืœืžื” ื”ื•ื ืฆืจื™ืš ืืช ื›ืœ ื”ืจืฉืช ื”ืžืงื•ืžื™ืช ืฉืœื™? ื–ื” ืกื•ืจืง ืื•ืชื• ื‘ืœื™ ืกื•ืฃ ื›ืœ ื“ืงื” 192.168.1./255, ื‘ืกื“ืจ, ื ื ื™ื— ืฉื–ื” ืฉื™ืจื•ืช ื“ืคื“ืคืŸ ืจืฉืช.

(shadowserver.org) - ืืจื’ื•ืŸ ืื‘ื˜ื—ื” ืœืœื ืžื˜ืจื•ืช ืจื•ื•ื—

16:43:33.518282 () IP scan-05l.shadowserver.org.33567 > 192.168.1.150.rsync: Flags [S], seq 1527048226, win 65535, options [mss 536], length 0

ื“ื•ืคืง ื ื•ืกืฃ (scanner-12.ch1.censys-scanner.com -> censys.io):

16:44:16.254073 () IP scanner-12.ch1.censys-scanner.com.62651 > 192.168.1.150.8843: Flags [S], seq 1454862354, win 1024, options [mss 1460], length 0

ืื•ืงื™ื™, ื‘ืกื“ืจ, ื–ื” ืœื ื ืจืื” ืžืฉื”ื• ืžื™ื•ื—ื“: ื ื™ืชื•ื—, ืกืจื™ืงืช ื”ืจืฉืช ื”ืžืงื•ืžื™ืช, ื•ื‘ื›ืŸ, ื”ื“ื‘ืจ ื”ืจื’ื™ืœ, ืื‘ืœ ืื– ืžื” ืขื ื–ื”:

16:15:56.603292 () IP 45.129.33.152.51777 > 192.168.1.150.jpegmpeg: Flags [S], seq 2349838714, win 1024, options [mss 536], length 0

ืื ืืชื” ื”ื•ืœืš ืœื›ืชื•ื‘ืช ื”-IP ื”ื–ื• http://45.129.33.152, ืืชื” ื™ื›ื•ืœ ืœืจืื•ืช ืืช ื–ื”:

ื”ืกืชื›ืœืชื™ ืขืœ ื”ืชื ื•ืขื” ืฉืœื™: ื”ื™ื ื™ื“ืขื” ืขืœื™ ื”ื›ืœ (Mac OS Catalina)ืงื•ื‘ืฆื™ ื˜ืงืกื˜ ืžื›ื™ืœื™ื ืžื™ืœื™ื•ื ื™ ื›ืชื•ื‘ื•ืช IP ืขื ื™ืฆื™ืื•ืช.

ืชื•ื›ืŸ ื”ืงื•ื‘ืฅ ื”ื–ืžื ื™:

[?1h=[?25l[H[J[mtop - 21:17:26 up 31 days,  6:44,  1 use[m[39;49m[m[39;49m[K
Tasks:[m[39;49m[1m 144 [m[39;49mtotal,[m[39;49m[1m   1 [m[39;49mrunning,[m[39;49m[1m 143 [m[39;49msleep[m[39;49m[m[39;49m[K
%Cpu(s):[m[39;49m[1m  0.8 [m[39;49mus,[m[39;49m[1m  0.0 [m[39;49msy,[m[39;49m[1m  0.0 [m[39;49mni,[m[39;49m[1m 92.0[m[39;49m[m[39;49m[K
KiB Mem :[m[39;49m[1m 32681700 [m[39;49mtotal,[m[39;49m[1m 18410244 [m[39;49mfree,[m[39;49m[m[39;49m[K
KiB Swap:[m[39;49m[1m 16449532 [m[39;49mtotal,[m[39;49m[1m 16449288 [m[39;49mfree,[m[39;49m[m[39;49m[K
[K
[7m  PID USER      PR  NI    VIRT    RES [m[39;49m[K
[m    1 root      20   0  191072   3924 [m[39;49m[K
[m    2 root      20   0       0      0 [m[39;49m[K
[m    3 root      20   0       0      0 [m[39;49m[K
[m    5 root       0 -20       0      0 [m[39;49m[K
[m    7 root      rt   0       0      0 [m[39;49m[K
[m    8 root      20   0       0      0 [m[39;49m[K
[m    9 root      20   0       0      0 [m[39;49m[K
[m   10 root      rt   0       0      0 [m[39;49m[K
[m   11 root      rt   0       0      0 [m[39;49m[K
[m   12 root      rt   0       0      0 [m[39;49m[K
[m   13 root      20   0       0      0 [m[39;49m[K
[m   15 root       0 -20       0      0 [m[39;49m[K
[m   16 root      rt   0       0      0 [m[39;49m[K[H[mtop - 21:17:29 up 31 days,  6:44,  1 use[m[39;49m[m[39;49m[K

%Cpu(s):[m[39;49m[1m  0.0 [m[39;49mus,[m[39;49m[1m  0.0 [m[39;49msy,[m[39;49m[1m  0.0 [m[39;49mni,[m[39;49m[1m100.0[m[39;49m[m[39;49m[K
KiB Mem :[m[39;49m[1m 32681700 [m[39;49mtotal,[m[39;49m[1m 18409876 [m[39;49mfree,[m[39;49m[m[39;49m[K

[K

ื•ืœื‘ืกื•ืฃ, ื—ื‘ื•ืจื” ืฉืœ ืฉืื™ืœืชื•ืช ืœื ื™ื“ื•ืขื•ืช:

16:16:07.022910 () IP 059148253194.ctinets.com.58703 > 192.168.1.150.4244: Flags [S], seq 2829545743, win 1024, options [mss 536], length 0
16:15:57.133836 () IP 45.129.33.2.55914 > 192.168.1.150.39686: Flags [S], seq 700814637, win 1024, options [mss 536], length 0
16:15:56.603292 () IP 45.129.33.152.51777 > 192.168.1.150.jpegmpeg: Flags [S], seq 2349838714, win 1024, options [mss 536], length 0
16:16:15.083755 () IP 45.129.33.154.55846 > 192.168.1.150.7063: Flags [S], seq 4079154719, win 1024, options [mss 536], length 0
16:15:43.251305 () IP 192.168.1.150.60314 > one.one.one.one.domain: 3798+ PTR? 237.171.154.149.in-addr.arpa. (46)
16:16:24.386628 () IP 45.141.84.30.50763 > 192.168.1.150.12158: Flags [S], seq 572523718, win 1024, options [mss 536], length 0
16:16:44.817035 () IP 92.63.197.66.58219 > 192.168.1.150.15077: Flags [S], seq 4012437618, win 1024, options [mss 536], length 0
16:15:43.172042 () IP 45.129.33.46.51641 > 192.168.1.150.bnetgame: Flags [S], seq 362771723, win 1024, options [mss 536], length 0
16:17:02.120063 () IP 45.129.33.23.42275 > 192.168.1.150.11556: Flags [S], seq 3354007029, win 1024, options [mss 536], length 0
16:16:00.589816 () IP 45.129.33.3.56005 > 192.168.1.150.40688: Flags [S], seq 2710391040, win 1024, options [mss 536], length 0

ืื ืื ื™ ื—ื•ืกื ืืช ื”ื“ื•ืžื™ื™ื ื™ื ื•ื›ืชื•ื‘ื•ืช ื”-IP ื”ืœืœื• ื‘ืงื•ื‘ืฅ ื”ืžืืจื—, ืื– ื‘-dump ื”ื‘ื ื™ื”ื™ื• ืื•ืชืŸ ืชืช-ืจืฉืชื•ืช IP, ืื‘ืœ ืขื ื›ืชื•ื‘ื•ืช ืงืฆื” ืฉื•ื ื•ืช, ื•ืชืชื™-ื”ื“ื•ืžื™ื™ื ื™ื ืฉืœ ื”ื“ื•ืžื™ื™ื ื™ื ืžืฉืชื ื™ื.

Mac ืœื ืžื‘ื™ืŸ ืืช ื”ืžืกื›ื” ื‘ืงื•ื‘ืฅ ื”ืžืืจื— *.example.com

ืœื ื”ื‘ื ืชื™ ืื™ืš ืœื”ืกืชื›ืœ ืขืœ ื”ื—ื‘ื™ืœื•ืช ืฉืžื•ืขื‘ืจื•ืช ื•ืื™ื–ื” ืชื”ืœื™ื›ื™ื ืื• ื“ืžื•ื ื™ื ื’ื•ืจืžื™ื ืœื—ื™ื‘ื•ืจื™ื ื”ืืœื” (ื™ืฉ ืœื™ ืžืง ื›ื‘ืจ ื›ืžื” ื™ืžื™ื), ืื‘ืœ ื–ื” ื›ื‘ืจ ื›ื™ืฃ!

ืžืงื•ืจ: www.habr.com