>> Some people like to sniff glue.
有些人喜欢闻胶水。
Some people like to sniff paint.
有些人喜欢闻油漆。
Some professors like to sniff whiteboard markers.
有些教授喜欢嗅白板笔。
Some people like to sniff other things.
有些人喜欢嗅别的东西。
What about me?
关于我的什么?
Well, there's something that I love to sniff more than anything else in the world.
嗯,世界上有一种东西是我最喜欢闻的。
Packets. Of course, IP packets, which exist at layer three
of the OSI model are encapsulated inside of layer two frames.
包。当然,存在于OSI模型的第三层的IP数据包被封装在第二层框架中。
On wired lens, they are ethernet frames.
在有线镜头上,它们是以太网帧。
On wireless lens, they are 802 dot 11 frames.
在无线镜头上,它们是802点11帧。
In the context of capturing and analyzing network traffic, even though the lowest unit
to analyze is the frame, it's still called packet sniffing.
在捕获和分析网络流量的上下文中,即使要分析的最低单元是帧,它仍然被称为包嗅探。
Wouldn't it be nice if we knew about every single detail, about every little thing
that entered and exited our body?
如果我们知道每一个细节,每一个进出我们身体的小东西,那不是很好吗?
Every liquid, solid, or gas.
每一种液体、固体或气体。
Every molecule.
每一个分子。
Every atom.
每一个原子。
Well, in the wonderful world of digital networking, we can do the equivalent.
在数字网络的奇妙世界里,我们可以做到同样的事情。
Every single bit -- all the ones and zeros that go in
and out of a nick can be seen and analyzed.
每一个比特——所有进出刻痕的1和0都可以被看到和分析。
There's an option to see them in true binary.
有一个选项可以看到它们是真正的二进制。
Even hexadecimal.
甚至十六进制。
But, as humans, we prefer a format that is more intuitive.
但是,作为人类,我们更喜欢更直观的格式。
A packet sniffer implemented in software or hardware will not only intercept
and log all the ones and zeros moving in and out of a nick, but show it to us,
humans, in a human-readable format.
在软件或硬件中实现的包嗅探器不仅可以拦截和记录进出nick的所有1和0,还可以以人类可读的格式向我们显示。
In addition to binary and hexadecimal.
除了二进制和十六进制。
All of the fields of every single frame, packet, segment, data gram,
and upper layer data will be shown with their names.
每个帧、包、段、数据图和上层数据的所有字段都将显示它们的名称。
Along with their corresponding data values.
以及相应的数据值。
For example, in the IP packet, source IP address -- 192.168.1.113.
例如,在IP包中,源IP地址——192.168.1.113。
Destination IP address -- 192.168.1.107.
目标IP地址——192.168.1.107。
We will see the content as they're listed in the RFC, or other specifications.
我们将看到在RFC或其他规范中列出的内容。
Packet sniffers can provide so much insight to network traffic.
包嗅探器可以为网络流量提供很多信息。
They can monitor data in motion --
serve as primary data source for day-to-day network monitoring and management.
它们可以监视运行中的数据——作为日常网络监视和管理的主要数据源。
Monitor network usage, including internal and external users and systems.
监控网络使用情况,包括内部和外部用户和系统。
Gather and report network statistics.
收集和报告网络统计数据。
Verify ads, moves, and changes.
验证广告、移动和更改。
Verify internal control system effectiveness in firewalls, access control lists,
web filters, spam filters, and proxies.
在防火墙、访问控制列表、web过滤器、垃圾邮件过滤器和代理中验证内部控制系统的有效性。
Document regulatory compliance through logging all perimeter and end point traffic.
通过记录所有周界和终点流量,记录法规遵循情况。
Monitor WAN Bandwidth utilization.
监视WAN带宽利用率。
Monitor WAN and endpoint security status.
监视WAN和端点安全状态。
Analyze network problems.
分析网络问题。
Debug client server communications.
调试客户机服务器通信。
Debug network protocol implementations.
调试网络协议实现。
Gain information for carrying out a network intrusion.
获取进行网络入侵的信息。
Spy on other network users by eavesdropping on unencrypted data.
通过窃听未加密的数据来监视其他网络用户。
Collect sensitive information, such as login details or user cookies,
depending upon encryption being used.
根据所使用的加密,收集敏感信息,如登录细节或用户cookie。
And, capture packets for subsequent playback in replay,
man-in-the-middle, and packet injection attacks.
捕获包,以便在重播、中间人和包注入攻击中进行后续回放。
Reverse engineer proprietary protocols used over the network.
反向工程在网络上使用的专有协议。
Detect network intrusion attempts.
检测网络入侵尝试。
Detect network misuse by internal and external users.
检测内部和外部用户的网络误用。
Filter suspect content from network traffic.
从网络流量中过滤可疑内容。
While encryption doesn't stop packet sniffers from seeing header fields, including source
and destination MAC addresses that layer two source and destination IP addresses
at layer three, and source and destination ports at layer four,
the payloader data portion that's encrypted appears as gibberish to the packet sniffer.
虽然加密并不能阻止数据包嗅探器查看报头字段,包括第二层的源和目标MAC地址,第三层的源和目标IP地址,以及第四层的源和目标端口,但是对数据包嗅探器来说,加密的payloader数据部分看起来是乱码。
This is where SSL TLS encrypted data, versus plain text HTTP, comes into play.
这就是SSL TLS加密数据(而不是纯文本HTTP)发挥作用的地方。
Modifying or injecting data into the packets would cause errors that would be obvious
when the decryption would be attempted at the other end.
修改或向信息包中注入数据将导致在另一端尝试解密时明显的错误。
In a future unit, we'll explore an attack and mitigation
for capturing credentials past through SSL TLS.
在未来的单元中,我们将探索通过SSL TLS捕获经过信任的凭证的攻击和减轻措施。
A packet sniffer can only capture packet information within a given subnet
or on a particular device's nick.
包嗅探器只能捕获给定子网或特定设备nick上的包信息。
An attacker can't place a packet sniffer on their network
and capture network traffic from inside a corporate network.
攻击者无法在其网络上放置包嗅探器并从公司网络中捕获网络流量。
However, there are ways to hijack a system running on an internal network
and make it packet sniff from a remote location.
然而,有一些方法可以劫持运行在内部网络上的系统,并使其从远程位置嗅探数据包。
While there are a few dozen packet sniffers, some with specialized purposes,
there is one that stands above the rest.
虽然有几十个包嗅探器,其中一些具有专门用途,但是有一个比其他的都要好。
From Wireshark's website.
Wireshark的网站。
Wireshark is the world's foremost and widely used network protocol analyzer.
Wireshark是世界上最重要和广泛使用的网络协议分析器。
It lets you see what's happening on your network at a microscopic level, and is the de facto,
and also dejour standard, across many commercial and nonprofit enterprises,
government agencies, and educational institutions.
它可以让您在微观层面上看到您的网络上正在发生的事情,它是许多商业和非营利企业、政府机构和教育机构事实上的、也是法律上的标准。
Wireshark development thrives, thanks to the volunteer contributions of networking experts
around the globe, and is the continuation of a project started by Gerald Combs in 1998.
Wireshark的蓬勃发展得益于全球网络专家的志愿贡献,它是杰拉尔德•库姆斯(Gerald Combs) 1998年启动的一个项目的延续。
I agree.
扫一扫
5738
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
