{"id":4581,"date":"2014-10-26T09:26:37","date_gmt":"2014-10-26T00:26:37","guid":{"rendered":"http:\/\/www.vincentina.net\/?p=4581"},"modified":"2014-10-29T22:13:54","modified_gmt":"2014-10-29T13:13:54","slug":"lpic303-%e3%83%8d%e3%83%83%e3%83%88%e3%83%af%e3%83%bc%e3%82%af%e7%9b%a3%e8%a6%96-02","status":"publish","type":"post","link":"https:\/\/www.vincentina.net\/?p=4581","title":{"rendered":"lpic303 \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u76e3\u8996 Wireshark"},"content":{"rendered":"

pic303 \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u76e3\u8996 tcpdump
\n<\/a>lpic303 \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u76e3\u8996 ntop<\/a><\/p>\n

\u3067\u306f\u3055\u3063\u305d\u304fWireshark\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3066\u307f\u307e\u3059\u3002\u304c\u3001\u91cd\u8981\u306a\u4e8b\u304c\u3072\u3068\u3064\u3042\u308a\u3002GUI\u3067\u78ba\u8a8d\u3067\u304d\u308b\u30c4\u30fc\u30eb\u3068\u3044\u3046\u4e8b\u3067\u899a\u3048\u3066\u3044\u305f\u306e\u3060\u3051\u308c\u3069\u3001\u3069\u3046\u3082GUI\u306eWireshark\u306fX\u306e\u4e0a\u3067\u52d5\u304f\u3082\u306e\u3089\u3057\u3044\u3002X\u3068\u3044\u3046\u304bGnome\u306a\u306e\u304b\u306a\u3002<\/p>\n

\u30ea\u30dd\u30b8\u30c8\u30ea\u306f\u3069\u308c\u3067\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3066\u30821.8.10-8\u3067\u3057\u305f\u3002<\/p>\n

Installing:\r\n\u00a0wireshark\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 x86_64\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 1.8.10-8.el6_6\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 sl-security\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 11 M\r\nInstalling for dependencies:\r\n\u00a0libsmi\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 x86_64\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 0.4.8-4.el6\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 sl\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 2.4 M<\/pre>\n
\u305f\u3044\u3057\u305f\u8cc7\u6599\u3082\u306a\u3044\u306e\u3067\u3001man\u3067\u898b\u308b\u3053\u3068\u306b\u3057\u307e\u3057\u305f\u3002<\/p>\n
NAME\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 wireshark-filter - Wireshark filter syntax and reference\r\n\r\nSYNOPSIS\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 wireshark [other options] [ -R \"filter expression\" ]\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 tshark [other options] [ -R \"filter expression\" ]<\/pre>\n
GUI\u306fWireshark\u3001CUI\u306ftshark\u306b\u306a\u308b\u3089\u3057\u3044\u3002<\/p>\n
\u3068\u308a\u3042\u3048\u305a\u5b9f\u884c\u3057\u3066\u307f\u308b\u3068\u3002<\/p>\n
# tshark -i eth1\r\nRunning as user \"root\" and group \"root\". This could be dangerous.\r\nCapturing on eth1\r\n\u00a0 0.000000\u00a0 192.168.0.1 -> 192.168.0.2\u00a0 TCP 74 40757 > zabbix-agent [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=1685235378 TSecr=0 WS=128\r\n\u00a0 0.000279\u00a0 192.168.0.1 -> 192.168.0.2\u00a0 TCP 74 50553 > zabbix-agent [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=1685235378 TSecr=0 WS=128\r\n\u00a0 0.000768\u00a0 192.168.0.2 -> 192.168.0.1\u00a0 TCP 74 zabbix-agent > 40757 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460 SACK_PERM=1 TSval=1166626 TSecr=1685235378 WS=64\r\n\u00a0 0.000793\u00a0 192.168.0.1 -> 192.168.0.2\u00a0 TCP 66 40757 > zabbix-agent [ACK] Seq=1 Ack=1 Win=14720 Len=0 TSval=1685235378 TSecr=1166626\r\n\u00a0 0.000868\u00a0 192.168.0.1 -> 192.168.0.2\u00a0 TCP 95 40757 > zabbix-agent [PSH, ACK] Seq=1 Ack=1 Win=14720 Len=29 TSval=1685235379 TSecr=1166626\r\n\u00a0 0.000920\u00a0 192.168.0.2 -> 192.168.0.1\u00a0 TCP 74 zabbix-agent > 50553 [SYN, ACK] Seq=0 Ack=1 Win=14480 Len=0 MSS=1460 SACK_PERM=1 TSval=1166626 TSecr=1685235378 WS=64<\/pre>\n
Tcpdump\u3088\u308a\u30d1\u30c3\u3068\u898b\u306f\u5206\u304b\u308a\u3084\u3059\u3044\u304b\u3082\u3057\u308c\u306a\u3044\u3002<\/p>\n
\u5229\u7528\u3067\u304d\u308b\u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30fc\u30b9\u3002<\/p>\n
# tshark -D\r\n1. eth0\r\n2. nflog (Linux netfilter log (NFLOG) interface)\r\n3. nfqueue (Linux netfilter queue (NFQUEUE) interface)\r\n4. eth1\r\n5. usbmon1 (USB bus number 1)\r\n6. any (Pseudo-device that captures on all interfaces)\r\n7. lo<\/pre>\n
\u30aa\u30d7\u30b7\u30e7\u30f3\u3002<\/p>\n
SYNOPSIS\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 tshark [ -2 ] [ -a <capture autostop condition> ] ...\u00a0 [ -b <capture ring buffer option>] ...\u00a0 [ -B <capture buffer size> ]\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [ -c <capture packet count> ] [ -C <configuration profile> ] [ -d <layer type>==<selector>,<decode-as protocol> ] [ -D ] [ -e <field> ]\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [ -E <field print option> ] [ -f <capture filter> ] [ -F <file format> ] [ -h ] [ -H <input hosts file> ] [ -i <capture interface>|- ] [ -I ]\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [ -K <keytab> ] [ -l ] [ -L ] [ -n ] [ -N <name resolving flags> ] [ -o <preference setting> ] ...\u00a0 [ -O <protocols> ] [ -p ] [ -P ] [ -q ]\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [ -r <infile> ] [ -R <read (display) filter> ] [ -s <capture snaplen> ] [ -S <separator> ] [ -t ad|a|r|d|dd|e ] [ -T pdml|psml|ps|text|fields ]\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [ -v ] [ -V ] [ -w <outfile>|- ] [ -W <file format option>] [ -x ] [ -X <eXtension option>] [ -y <capture link type> ] [ -z <statistics> ]\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [ <capture filter> ]<\/pre>\n
\u30aa\u30d7\u30b7\u30e7\u30f3\u3092\u898b\u306a\u304c\u3089\u8272\u3005\u89e6\u3063\u3066\u307f\u308b\u3093\u3060\u3051\u308c\u3069\u3001\u3084\u308c\u3070\u3084\u308b\u307b\u3069Tcpdump\u3067\u3044\u3044\u3093\u3058\u3083\u306a\u3044\u304b\u3068\u601d\u3048\u3066\u304f\u308b\u30fb\u30fb\u30fb(\u00b4\u30fb\u03c9\u30fb`)<\/p>\n
\u30b5\u30fc\u30d0\u30fc\u6a5f\u3067\u4eca\u307e\u3067X\u306a\u3093\u3066\u6570\u3048\u308b\u304f\u3089\u3044\u3057\u304b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3066\u306a\u3044\u306e\u3067\u3001\u4f7f\u3046\u306e\u304b\uff1f<\/span>\u3068\u601d\u3063\u3066\u3057\u307e\u3046\u3002<\/p>\n
\u4eca\u56de\u306f\u77ed\u3044\u3051\u3069\u3053\u308c\u3067\u7d42\u4e86\uff5e\uff01<\/p>\n
\u4ee5\u4e0b\u300110\/29\u306b\u8ffd\u8a18\u3057\u307e\u3057\u305f\u3002<\/h2>\n
\u3068\u601d\u3063\u305f\u3093\u3060\u3051\u308c\u3069\u3001Wireshark\u304c\u7d50\u69cb\u51fa\u984c\u3055\u308c\u305f\u3068Ping-t\u306b\u66f8\u3044\u3066\u3042\u3063\u305f\u306e\u3067\u3001Tcpdump\u3067\u3044\u3044\u3058\u3083\u306a\u3044\u304b<\/span>\u3068\u3044\u3046\u6c17\u6301\u3061\u3092\u6291\u3048\u3066GUI\u74b0\u5883\u304b\u3089\u4f5c\u308b\u3053\u3068\u306b\u30fb\u30fb\u30fb\u3002
\nCentOS6.5\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u4e2d\u3001minimal Desktop\u3068\u3044\u3046\u9078\u629e\u80a2\u304c\u3042\u3063\u305f\u306e\u3067\u3001\u8ff7\u308f\u305a\u305d\u308c\u3092\u9078\u3076\u3002<\/p>\n
Gnome\u306e\u753b\u9762\u3092\u898b\u308b\u306e\u306f\u304b\u306a\u30fc\u308a\u4e45\u3057\u632f\u308a\u306a\u6c17\u304c\u3057\u307e\u3059\u3002minimal Desktop\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u76f4\u5f8c\u306f\u3053\u3093\u306a\u611f\u3058\u3067\u4f55\u3082\u306a\u3044\u3067\u3059\u3002\u305d\u308a\u3083\u305d\u3046\u306a\u306e\u3067\u3059\u304c\u3059\u3063\u304d\u308a\u3057\u305fGUI\u306f\u3044\u3044\u306d\uff42<\/p>\n
\"cen02\"<\/a><\/p>\n
Wireshark\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u306f<\/p>\n
# yum install wireshark-gnome<\/p>\n
\u3067\u4f9d\u5b58\u95a2\u4fc2\u306e\u3082\u306e\u3082\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u3066\u5b8c\u4e86\u3002\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304b\u3089\u9078\u629e\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002
\n\u3055\u3059\u304c\u306b\u30d1\u30c3\u3068\u898b\u3067\u8272\u3005\u3067\u304d\u308b\u3088\u3046\u306a\uff08\u5206\u304b\u308b\u3088\u3046\u306a\uff09\u4f5c\u308a\u306b\u306a\u3063\u3066\u3044\u3066\u305d\u308c\u3089\u3057\u3044\u3068\u3053\u308d\u3092\u30af\u30ea\u30c3\u30af\u3059\u308c\u3070\u8a2d\u5b9a\u306a\u308a\u30b9\u30ad\u30e3\u30f3\u306a\u308a\u3067\u304d\u308b\u3088\u3046\u3067\u3059\u3002<\/p>\n
CentOS\u306b\u306f\u30d6\u30ea\u30c3\u30b8\u63a5\u7d9a\u3067\u30eb\u30fc\u30bf\u30fc\u304b\u3089\u30ed\u30fc\u30ab\u30ebIP\u3092\u5272\u308a\u632f\u308b\u3088\u3046\u306b\u8a2d\u5b9a\u3092\u3057\u3066\u3044\u308b\u3002\u30d7\u30ed\u30df\u30b9\u30ad\u30e3\u30b9\u30e2\u30fc\u30c9\u306a\u306e\u3067\u3001eth0\u3092\u30ad\u30e3\u30d7\u30c1\u30e3\u3059\u308b\u3068\u4eca\u4f7f\u3063\u3066\u3044\u308bWindows\u306e\u30d1\u30b1\u30c3\u30c8\u3082\u6d41\u308c\u3066\u3044\u304d\u307e\u3059\u3002<\/p>\n
\"ws001\"<\/a><\/p>\n
\u305f\u3057\u304b\u306b\u30d1\u30c3\u3068\u898b\u3067\u306f\u4f7f\u3044\u3084\u3059\u3044\u3068\u3044\u3046\u9762\u306f\u3042\u308a\u307e\u3059\u304c\u3001\u4fbf\u5229\u304b\u3068\u3044\u3046\u3068\u5fae\u5999\u306a\u3068\u3053\u3067\u3001\u9069\u6750\u9069\u6240\u306b\u4f7f\u3046\u306e\u304c\u3044\u3044\u304b\u306a\u3002<\/p>\n
\u4eca\u5ea6\u3053\u305d\u7d42\u308f\u308a\u30fc\u3002<\/p>\n
 <\/p>\n
        
Tweet<\/a><\/div><\/div>\n
\n","protected":false},"excerpt":{"rendered":"
pic303 \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u76e3\u8996 tcpdump lpic303 \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u76e3\u8996 ntop \u3067\u306f\u3055\u3063\u305d\u304fWireshark\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3066\u307f\u307e\u3059\u3002\u304c\u3001\u91cd\u8981\u306a\u4e8b\u304c\u3072\u3068\u3064\u3042\u308a\u3002GUI\u3067\u78ba\u8a8d\u3067\u304d\u308b\u30c4\u30fc\u30eb\u3068\u3044\u3046\u4e8b\u3067\u899a\u3048\u3066\u3044\u305f\u306e … “lpic303 \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u76e3\u8996 Wireshark” \u306e<\/span>\u7d9a\u304d\u3092\u8aad\u3080<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-4581","post","type-post","status-publish","format-standard","hentry","category-server"],"_links":{"self":[{"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/posts\/4581","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4581"}],"version-history":[{"count":0,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=\/wp\/v2\/posts\/4581\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.vincentina.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4581"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4581"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.vincentina.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4581"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}