黑匣子采集数据的过程
I did a blog post many years ago reminding folks that The Internet is not a Black Box. Virtually nothing is hidden from you. The same is true for your computer, whether it runs Linux, Mac, or Windows.
多年前,我写了一篇博客,提醒人们互联网不是黑匣子。 几乎没有任何东西对您隐藏。 无论您的计算机运行的是Linux,Mac还是Windows,都是如此。
Here's something that happened today at lunch. I was testing a local DNS Server (more on this on Thursday) and I started it up...and it didn't work.
这是今天午餐时发生的事情。 我正在测试本地DNS服务器(有关更多信息,请参见周四),并且启动了它……但它没有工作。
In order to test a DNS server on Windows, you can go to the command line and run "nslookup" then use the command "server 1.1.1.1" where 1.1.1.1 is the DNS server you'd like to try out. Go ahead and try it now. Run cmd.exe or powershell.exe and then run "nslookup" and then type any domain name. You should get an IP address.
为了在Windows上测试DNS服务器,您可以转到命令行并运行“ nslookup”,然后使用命令“ server 1.1.1.1”,其中1.1.1.1是您要尝试的DNS服务器。 继续尝试吧。 运行cmd.exe或powershell.exe,然后运行“ nslookup”,然后键入任何域名。 您应该获得一个IP地址。
Given that I was trying to run a DNS Server on localhost:53 (Port 53 is where DNS usually hangs out, just like Port 80 is where Web Servers (HTTP) hang out and 443 is where Secured Web Servers (HTTPS) usually are) I should be able to do this. I'm trying to send DNS requests to localhost:53
假设我试图在localhost:53上运行DNS服务器(端口53是DNS通常挂出的地方,就像端口80是Web服务器(HTTP)挂出的地方,而443是受保护的Web服务器(HTTPS)所在的地方)我应该能够做到这一点。 我正在尝试将DNS请求发送到localhost:53
C:\Users\scott> nslookup
Default Server: pihole
Address: 192.168.151.6
> server 127.0.0.1
Default Server: localhost
Address: 127.0.0.1
> hanselman.com
Server: localhost
Address: 127.0.0.1
*** localhost can't find hanselman.com: No response from server
> hanselman.com
Weird, that didn't work. Let me try a DNS Server I know works like Google's 8.8.8.8 public DNS
很奇怪,那没用。 让我尝试一个DNS服务器,我知道它的工作方式类似于Google的8.8.8.8公共DNS
> server 8.8.8.8
Default Server: google-public-dns-a.google.com
Address: 8.8.8.8
> hanselman.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: hanselman.com
Address: 206.72.120.92
Ok, it seems my local DNS isn't listening on point 53. Checking the logs of the Technitium local DNS server shows this:
好的,看来我的本地DNS没有在第53点上监听。检查Technitium本地DNS服务器的日志显示如下:
[2019-04-15 23:26:31 UTC] [0.0.0.0:53] [UDP] System.Net.Sockets.SocketException (10048): Only one usage of each socket address (protocol/network address/port) is normally permitted
at System.Net.Sockets.Socket.UpdateStatusAfterSocketErrorAndThrowException(SocketError error, String callerName)
at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Bind(EndPoint localEP)
at DnsServerCore.DnsServer.Start() in Z:\Technitium\Projects\DnsServer\DnsServerCore\DnsServer.cs:line 1234
[2019-04-15 23:26:31 UTC] [0.0.0.0:53] [TCP] DNS Server was bound successfully.
[2019-04-15 23:26:31 UTC] [[::]:53] [UDP] DNS Server was bound successfully.
[2019-04-15 23:26:31 UTC] [[::]:53] [TCP] DNS Server was bound successfully.
The DNS Server's process is trying to bind to TCP:53 and UDP:53 using IPv4 (expressed as "all local network adapters" with 0.0.0.0:53) and then TCP:53 and UDP:53 using IPv6 (expressed as localhost using [::]:53) but it seems like the UDP binding to port 53 on IPv4 failed. Weird.
DNS服务器的进程尝试使用IPv4(表示为“带有0.0.0.0:53的“所有本地网络适配器”)绑定到TCP:53和UDP:53,然后使用IPv6(使用localhost表示为localhost)绑定到TCP:53和UDP:53 [::]:53),但似乎UDP绑定到IPv4上的端口53失败。 奇怪的。
Someone else is listening in on Port 53 localhost via IPv4.
有人正在通过IPv4在端口53本地主机上侦听。
That's weird. How can we find out what ports are open locally?
那真是怪了。 我们如何找出本地开放的端口?
I can run "netstat" and ask Windows for a list of all TCP/IP connections and the processes that are listening on which ports. I'll also PIPE the results to "clip" which will put it in the clipboard automatically. Then I can look at it in a text editor (or I could pipe it through find or findstr).
我可以运行“ netstat”,并要求Windows提供所有TCP / IP连接以及正在侦听哪些端口的进程的列表。 我还将结果插入到“剪辑”中,这将自动将其放入剪贴板。 然后,我可以在文本编辑器中查看它(或者可以通过find或findstr通过管道传递它)。
You can run netstat --help to get the right arguments. I've asked it to tell me the process IDs and all the details it can.
您可以运行netstat --help获得正确的参数。 我已经要求它告诉我进程ID及其所有详细信息。
Active Connections
Proto Local Address State PID
TCP 0.0.0.0:53 LISTENING 27456
[dotnet.exe]
UDP 0.0.0.0:53 LISTENING 11128
[svchost.exe]
TCP [::]:53 *:* 27456
[dotnet.exe]
UDP [::]:53 *:* 27456
[dotnet.exe]
Hm, a service is already listening on port 53. I'm running Windows 10, not a Server so it's odd there's already a DNS listener on port 53.
嗯,一项服务已经在端口53上侦听。我正在运行Windows 10,而不是服务器,因此奇怪的是,端口53上已经有DNS侦听器。
I wonder what service is it?
我想知道这是什么服务?
I can check the Services Tab of the Task Manager and sort by PID. Or can I run "tasklist" and ask directly.
我可以检查任务管理器的“服务”选项卡,然后按PID排序。 或者我可以运行“任务列表”并直接询问。
C:\WINDOWS\system32>tasklist /svc /fi "pid eq 11128"
Image Name PID Services
========================= ======== ============================================
svchost.exe 11128 SharedAccess
That's Internet Connection Sharing, and it's used by Docker and other apps for NAT translation and routing. I can shut it down with the sc (service control) or with "net stop."
这就是Internet连接共享,Docker和其他应用程序将其用于NAT转换和路由。 我可以使用sc(服务控制)或“ net stop”将其关闭。
C:\WINDOWS\system32>net stop sharedaccess
The Internet Connection Sharing (ICS) service is stopping.
The Internet Connection Sharing (ICS) service was stopped successfully.
Now I can start my DNS Server again (it's written in .NET Core) and I can see with tcpview.exe that it's listening on all appropriate ports.
现在,我可以再次启动DNS服务器(它是用.NET Core编写的),并且可以通过tcpview.exe看到它正在所有适当的端口上进行监听。
In conclusion, it's a good reminder to refresh yourself on the basics of IPv4, IPv6, how processes talk to/allocate ports, what Process IDs (PIDs) are, and their relationships. Much of this is taught in computer science university courses but if you're self taught or not doing low level work every day it's easy to forget.
总之,这是一个很好的提醒,让您重新了解IPv4,IPv6的基础知识,进程如何与端口通信/分配端口,什么是进程ID(PID)及其关系。 其中很多是在计算机科学大学的课程中讲授的,但是如果您是自学成才或每天不做低级工作,则很容易忘记。
Virtually nothing on your computer is hidden from you!
实际上,您的计算机上没有任何东西被隐藏!
黑匣子采集数据的过程
扫一扫
759
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
