• 欢迎访问速搜资源吧,如果在网站上找不到你需要的资源,可以在留言板上留言,管理员会尽量满足你!

【速搜问答】嗅探器是什么

问答 admin 3年前 (2020-07-14) 473次浏览 已收录 0个评论

汉英对照:
Chinese-English Translation:

嗅探器是一种监视网络数据运行的软件设备,协议分析器既能用于合法网络管理也能用于窃取网络信息。网络运作和维护都可以采用协议分析器:如监视网络流量、分析数据包、监视网络资源利用、执行网络安全操作规则、鉴定分析网络数据以及诊断并修复网络问题等。

Sniffer is a kind of software device that monitors the running of network data. Protocol analyzer can be used not only for legitimate network management, but also for stealing network information. Protocol analyzer can be used in network operation and maintenance, such as monitoring network traffic, analyzing data packets, monitoring network resource utilization, implementing network security operation rules, identifying and analyzing network data, diagnosing and repairing network problems, etc.

嗅探器是一种监视网络数据运行的软件设备,协议分析器既能用于合法网络管理也能用于窃取网络信息。网络运作和维护都可以采用协议分析器:如监视网络流量、分析数据包、监视网络资源利用、执行网络安全操作规则、鉴定分析网络数据以及诊断并修复网络问题等等。非法嗅探器严重威胁网络安全性,这是因为它实质上不能进行探测行为且容易随处插入,所以网络黑客常将它作为攻击武器。

Sniffer is a kind of software device that monitors the running of network data. Protocol analyzer can be used not only for legitimate network management, but also for stealing network information. Protocol analyzer can be used in network operation and maintenance, such as monitoring network traffic, analyzing data packets, monitoring network resource utilization, implementing network security operation rules, identifying and analyzing network data, diagnosing and repairing network problems, etc. Illegal sniffer is a serious threat to the network security, because it can not detect behavior and is easy to insert everywhere, so hackers often use it as an attack weapon.

嗅探器最初由 Network General 推出,由 Network Associates 所有。最近,Network Associates 决定另开辟一个嗅探器产品单元,该单元组成一家私有企业并重新命名为 Network General,如今嗅探器已成为 Network General 公司的一种特征产品商标,由于专业人士的普遍使用,嗅探器广泛应用于所有能够捕获和分析网络流量的产品。

Sniffers were originally introduced by network general and owned by network associates. Recently, network associates decided to open up another sniffer product unit, which formed a private enterprise and renamed network general. Nowadays, sniffer has become a characteristic product trademark of network general company. Due to the widespread use of professionals, sniffer is widely used in all products that can capture and analyze network traffic.

简介

brief introduction

在讲述 Sniffer 的概念之前,首先需要讲述局域网设备的一些基本概念。

Before describing the concept of sniffer, we first need to describe some basic concepts of LAN devices.

数据在网络上是以很小的称为帧(Frame)的单位传输的,帧由几部分组成,不同的部分执行不同的功能。帧通过特定的称为网络驱动程序的软件进行成型,然后通过网卡发送到网线上,通过网线到达它们的目的机器,在目的机器的一端执行相反的过程。接收端机器的以太网卡捕获到这些帧,并告诉操作系统帧已到达,然后对其进行存储。就是在这个传输和接收的过程中,存在安全方面的问题。

Data is transmitted on the network in very small units called frames, which are made up of several parts, and different parts perform different functions. Frames are shaped by special software called network driver, and then sent to the network cable through the network card. The frame reaches their destination machine through the network cable, and the opposite process is performed at one end of the destination machine. The Ethernet card of the receiving machine captures these frames, tells the operating system that the frames have arrived, and then stores them. It is in the process of transmission and reception that there are security problems.

每一个在局域网(LAN)上的工作站都有其硬件地址,这些地址惟一地表示了网络上的机器(这一点与 Internet 地址系统比较相似)。当用户发送一个数据包时,这些数据包就会发送到 LAN 上所有可用的机器。

Each workstation on a local area network (LAN) has its hardware address, which uniquely represents the machine on the network (similar to the Internet address system). When a user sends a packet, it is sent to all available machines on the LAN.

在一般情况下,网络上所有的机器都可以“听”到通过的流量,但对不属于自己的数据包则不予响应(换句话说,工作站 A 不会捕获属于工作站 B 的数据,而是简单地忽略这些数据)。如果某个工作站的网络接口处于混杂模式(关于混杂模式的概念会在后面解释),那么它就可以捕获网络上所有的数据包和帧。

In general, all machines on the network can “hear” the traffic passing through, but they will not respond to packets that are not their own (in other words, workstation a will not capture data belonging to workstation B, but simply ignore the data). If a workstation’s network interface is in hybrid mode (the concept of hybrid mode will be explained later), it can capture all packets and frames on the network.

原理

principle

Sniffer 程序是一种利用以太网的特性把网络适配卡(NIC,一般为以太网卡)置为杂乱(promiscuous)模式状态的工具,一旦网卡设置为这种模式,它就能接收传输在网络上的每一个信息包。

Sniffer program is a tool that uses the characteristics of Ethernet to set the network adapter card (NIC, generally Ethernet card) to promiscuous mode. Once the network card is set to this mode, it can receive every information packet transmitted on the network.

普通的情况下,网卡只接收和自己的地址有关的信息包,即传输到本地主机的信息包。要使 Sniffer 能接收并处理这种方式的信息,系统需要支持 BPF,Linux 下需要支持 SOCKET-PACKET。但一般情况下,网络硬件和 TCP/IP 堆栈不支持接收或者发送与本地计算机无关的数据包,所以,为了绕过标准的 TCP/IP 堆栈,网卡就必须设置为混杂模式。一般情况下,要激活这种方式,内核必须支持这种伪设备 BPFilter,而且需要 root 权限来运行这种程序,所以 Sniffer 需要 root 身份安装,如果只是以本地用户的身份进入了系统,那么不可能嗅探到 root 的密码,因为不能运行 Sniffer。

In general, the network card only receives packets related to its own address, that is, the packets transmitted to the local host. To enable sniffer to receive and process this information, the system needs to support BPF, and Linux needs to support socket-packet. In general, network hardware and TCP / IP stack do not support receiving or sending packets irrelevant to local computer. Therefore, in order to bypass the standard TCP / IP stack, the network card must be set to hybrid mode. In general, to activate this method, the kernel must support this pseudo device bpfilter, and it needs root permission to run this program. Therefore, sniffer needs to be installed as root. If you only enter the system as a local user, it is impossible to sniff the root password because sniffer cannot be run.

基于 Sniffer 这样的模式,可以分析各种信息包并描述出网络的结构和使用的机器,由于它接收任何一个在同一网段上传输的数据包,所以也就存在着捕获密码、各种信息、秘密文档等一些没有加密的信息的可能性。这成为黑客们常用的扩大战果的方法,用来夺取其他主机的控制权。

Based on the pattern of sniffer, we can analyze all kinds of information packets and describe the structure of the network and the machines used. Since it receives any data packet transmitted on the same network segment, it is possible to capture some unclassified information such as passwords, various information and secret documents. This has become a common method for hackers to expand the results of the war, to seize control of other hosts.

分类

classification

Sniffer 分为软件和硬件两种,软件的 Sniffer 有 NetXray、Packetboy、Net Monitor、Sniffer Pro、WireShark、WinNetCap 等,其优点是物美价廉,易于学习使用,同时也易于交流;缺点是无法抓取网络上所有的传输,某些情况下也就无法真正了解网络的故障和运行情况。硬件的 Sniffer 通常称为协议分析仪,一般都是商业性的,价格也比较贵。

Sniffer can be divided into software and hardware. The sniffer of software includes netxray, packetboy, net monitor, Sniffer Pro, Wireshark, winnetcap, etc. its advantages are cheap, easy to learn and use, and easy to communicate. The disadvantage is that it can’t grasp all the transmission on the network, and in some cases, it can’t really understand the fault and operation of the network. Hardware sniffer is usually called protocol analyzer, which is generally commercial and expensive.

实际上本章所讲的 Sniffer 指的是软件。它把包抓取下来,然后打开并查看其中的内容,可以得到密码等。Sniffer 只能抓取一个物理网段内的包,就是说,你和监听的目标中间不能有路由或其他屏蔽广播包的设备,这一点很重要。所以,对一般拨号上网的用户来说,是不可能利用 Sniffer 来窃听到其他人的通信内容的。

In fact, sniffer in this chapter refers to software. It grabs the package, then opens it and looks at the contents. You can get the password, etc. Sniffer can only grab packets in a physical network segment. That is to say, there must be no routing or other devices blocking broadcast packets between you and the target you are listening to. This is very important. Therefore, for the general dial-up Internet users, it is impossible to use sniffer to steal other people’s communication content.

目的

objective

当一个黑客成功地攻陷了一台主机,并拿到了 root 权限,而且还想利用这台主机去攻击同一网段上的其他主机时,他就会在这台主机上安装 Sniffer 软件,对以太网设备上传送的数据包进行侦听,从而发现感兴趣的包。如果发现符合条件的包,就把它存到一个 LOG 文件中去。通常设置的这些条件是包含字“username”或“password”的包,这样的包里面通常有黑客感兴趣的密码之类的东西。一旦黑客截获得了某台主机的密码,他就会立刻进入这台主机。

When a hacker successfully captures a host and gets the root privilege, and wants to use this host to attack other hosts in the same network segment, he will install sniffer software on this host to listen to the data packets transmitted on the Ethernet device, and discover the packets of interest. If you find a package that meets the criteria, save it to a log file. These conditions are usually set in a package that contains the word “username” or “password”, which usually contains passwords of interest to hackers. Once a hacker intercepts the password of a certain host, he will enter the host immediately.

如果 Sniffer 运行在路由器上或有路由功能的主机上,就能对大量的数据进行监控,因为所有进出网络的数据包都要经过路由器。

If sniffer runs on a router or a host with routing function, it can monitor a large amount of data, because all packets entering and leaving the network must go through the router.

Sniffer 属于第 M 层次的攻击。就是说,只有在攻击者已经进入了目标系统的情况下,才能使用 Sniffer 这种攻击手段,以便得到更多的信息。

Sniffer belongs to the M-level attack. That is to say, only when the attacker has entered the target system can sniffer be used to get more information.

Sniffer 除了能得到口令或用户名外,还能得到更多的其他信息,比如一个重要的信息、在网上传送的金融信息等等。Sniffer 几乎能得到任何在以太网上传送的数据包。

In addition to the password or user name, sniffer can also get more information, such as an important information, financial information transmitted on the Internet, and so on. Sniffer can get almost any data packet transmitted over Ethernet.

Sniffer 是一种比较复杂的攻击手段,一般只有黑客老手才有能力使用它,而对于一个网络新手来说,即使在一台主机上成功地编译并运行了 Sniffer,一般也不会得到什么有用的信息,因为通常网络上的信息流量是相当大的,如果不加选择地接收所有的包,然后从中找到所需要的信息非常困难;而且,如果长时间进行监听,还有可能把放置 Sniffer 的机器的硬盘撑爆。

Sniffer is a kind of more complex attack means. Generally, only experienced hackers have the ability to use it. For a novice network player, even if it is successfully compiled and run on a host Sniffer, in general, will not get any useful information, because the information flow on the network is usually quite large, if you do not select to receive all the packets, and then find the required information from them is very difficult; moreover, if you monitor for a long time, it may burst the hard disk of the machine where sniffer is placed.


速搜资源网 , 版权所有丨如未注明 , 均为原创丨转载请注明原文链接:【速搜问答】嗅探器是什么
喜欢 (0)
[361009623@qq.com]
分享 (0)
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址