{"id":1674,"date":"2018-11-06T17:14:42","date_gmt":"2018-11-06T09:14:42","guid":{"rendered":"http:\/\/blog.notes4it.com\/?p=1669"},"modified":"2018-11-06T17:14:42","modified_gmt":"2018-11-06T09:14:42","slug":"%e4%bd%bf%e7%94%a8tcpdump%e6%81%a2%e5%be%a9ftp%e5%af%86%e7%a2%bc","status":"publish","type":"post","link":"http:\/\/notes4it.com\/?p=1674","title":{"rendered":"\u4f7f\u7528TCPDUMP\u6062\u5fa9ftp\u5bc6\u78bc"},"content":{"rendered":"<p>\u6211\u7e3d\u662f\u628a\u6211\u7d93\u5e38\u4f7f\u7528\u7684\u6a94\u5728\u6211\u7684 ftp \u4f3a\u670d\u5668, \u5728\u540c\u4e00\u6642\u9593, \u6211\u4e5f\u6703\u4fdd\u5b58\u6211\u7684\u5bc6\u78bc\u5728\u6211\u7684 ftp \u7528\u6236\u7aef\u5728\u6211\u7684\u7b46\u8a18\u672c\u96fb\u8166\u3002\u6240\u4ee5, \u7576\u6211\u9700\u8981\u5f9e\u53e6\u4e00\u53f0\u96fb\u8166\u767b\u9304\u5230\u6211\u7684 ftp \u4f3a\u670d\u5668\u6642, \u6211\u5c31\u50cf\u5728\u8aaa &#8220;\u55ef..\u6211\u7684\u5bc6\u78bc\u662f\u4ec0\u9ebc\uff1f<br \/>\n\u7531\u65bc ftp \u662f\u901a\u904e\u7d14\u6587\u5b57\u904b\u884c\u7684, \u56e0\u6b64\u6839\u672c\u6c92\u6709\u52a0\u5bc6\u3002\u6240\u4ee5\u6211\u6703\u7528 tcpdump\u4f86\u6062\u5fa9\u6211\u7684\u5bc6\u78bc\u3002\u5df2\u6211\u7684\u4f7f\u7528\u8005\u540d\u548c\u5bc6\u78bc\u662f &#8220;<strong>everyone<\/strong>&#8220;\u3002<br \/>\n<a href=\"https:\/\/blog.notes4it.com\/wp-content\/uploads\/2017\/03\/tcpdump-20170316.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1550\" src=\"https:\/\/blog.notes4it.com\/wp-content\/uploads\/2017\/03\/tcpdump-20170316.png\" alt=\"\" width=\"700\" height=\"109\" srcset=\"http:\/\/notes4it.com\/wp-content\/uploads\/2017\/03\/tcpdump-20170316.png 858w, http:\/\/notes4it.com\/wp-content\/uploads\/2017\/03\/tcpdump-20170316-300x47.png 300w, http:\/\/notes4it.com\/wp-content\/uploads\/2017\/03\/tcpdump-20170316-768x120.png 768w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/><\/a><br \/>\n<!--more--><br \/>\nnetuser@HK1401-KVM:~$ sudo tcpdump -n -vvv -i enp6s0 -A -f &#8220;port 2121&#8221; | grep -i &#8220;<span style=\"color:#008000;\">user<\/span>|<span style=\"color:#993366;\">pass<\/span>&#8221;<br \/>\nE..7|!@.v.&amp;&#8230;.&#8221;..b&#8230;.I&#8230;&#8230;.3P&#8230;_&#8230;<span style=\"color:#008000;\">USER<\/span> <span style=\"color:#ff0000;\"><strong>everyone<br \/>\n<\/strong><\/span>E..L.E..?&#8230;..b&#8230;.&#8221;.I&#8230;..3&#8230;.P.}x.0..331 <span style=\"color:#993366;\">Pass<\/span>word required for everyone<br \/>\nE..7|#@.v.&amp;&#8230;.&#8221;..b&#8230;.I&#8230;&#8230;.WP&#8230;V&#8230;<span style=\"color:#993366;\">PASS<\/span> <span style=\"color:#ff0000;\"><strong>everyone<\/strong><\/span><br \/>\nE..k.I..?&#8230;..b&#8230;.&#8221;.I&#8230;..W&#8230;.P.}x&#8230;.230-Welcome <span style=\"color:#008000;\">user<\/span> everyone@&lt;source IP adderss&gt; to 127.0.1.1 FTP server.<br \/>\nE..E.M..?&#8230;..b&#8230;.&#8221;.I&#8230;&#8230;&#8230;.P.}x&#8230;.230 <span style=\"color:#008000;\">User<\/span> everyone logged in<br \/>\n\u8b93\u6211\u5206\u89e3\u9019\u500b\u8a9e\u6cd5<br \/>\nsudo -\u666e\u901a\u4f7f\u7528\u8005\u5728 super user \u6a21\u5f0f\u4e0b\u904b\u884c tcpdump, \u5982\u679c\u4f7f\u7528 root \u904b\u884c, \u5247\u4e0d\u9700\u8981\u3002<br \/>\ntcpdump -\u9019\u662f\u7a0b\u5f0f\u540d\u7a31\u3002<br \/>\n&#8220;-n&#8221; &#8211; \u505c\u6b62\u89e3\u6790domain\u540d\u7a31\u4e26\u50c5\u986f\u793a ip \u4f4d\u5740\u3002<br \/>\n&#8220;-vvv&#8221; &#8211; \u5728\u87a2\u5e55\u4e0a\u986f\u793a\u66f4\u591a\u8cc7\u6599\u5305\u8cc7\u6599\u3002<br \/>\n&#8220;-i enp6s0&#8221; &#8211; \u50c5\u5728 enp6s0 \u7684\u4ecb\u9762\u4e0a\u904b\u884c tcpdump\u3002<br \/>\n&#8220;-A&#8221; -\u4ee5 ascii \u986f\u793a\u8cc7\u6599\u5305 (\u5c07\u5176\u8996\u70ba\u4eba\u985e\u53ef\u8b80\u7684\u5f62\u5f0f)\u3002<br \/>\n&#8220;-f &#8220;port 2121&#8243;&#8221; &#8211; \u50c5\u6355\u7372\u8207\u57e02121\u76f8\u95dc\u7684\u8cc7\u6599\u5305\u3002(\u9019\u662f\u6211\u7684 ftp \u4f3a\u670d\u5668\u57e0\u3002)<br \/>\n&#8220;| grep -i &#8220;<span style=\"color:#008000;\">user<\/span>|<span style=\"color:#993366;\">pass<\/span>&#8220;&#8221; &#8211; to filter out the screen output with any lines that has the either user or pass as the keyword.<br \/>\n&nbsp;<br \/>\n\u5176\u4ed6\u975e\u52a0\u5bc6\u7db2\u7d61\u50b3\u8f38\u4e5f\u53ef\u4ee5\u901a\u904e\u9019\u500b\u6280\u5de7\u4f86\u6062\u5fa9\u5bc6\u78bc\u3002\u5e0c\u671b\u9019\u5c0d\u4efb\u4f55\u9700\u8981\u6062\u5fa9\u81ea\u5df1\u5bc6\u78bc\u7684\u4eba\u90fd\u6709\u5e6b\u52a9\u3002<br \/>\n&nbsp;<br \/>\n&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u6211\u7e3d\u662f\u628a\u6211\u7d93\u5e38\u4f7f\u7528\u7684\u6a94\u5728\u6211\u7684 ftp \u4f3a\u670d\u5668, \u5728\u540c\u4e00\u6642\u9593, \u6211\u4e5f\u6703\u4fdd\u5b58\u6211\u7684\u5bc6\u78bc\u5728\u6211\u7684 ftp \u7528\u6236\u7aef\u5728\u6211\u7684\u7b46\u8a18\u672c\u96fb\u8166\u3002\u6240\u4ee5, \u7576\u6211\u9700\u8981\u5f9e\u53e6\u4e00\u53f0\u96fb\u8166\u767b\u9304\u5230\u6211\u7684 ftp \u4f3a\u670d\u5668\u6642, \u6211\u5c31\u50cf\u5728\u8aaa &#8220;\u55ef..\u6211\u7684\u5bc6\u78bc\u662f\u4ec0\u9ebc\uff1f \u7531\u65bc ftp \u662f\u901a\u904e\u7d14\u6587\u5b57\u904b\u884c\u7684, \u56e0\u6b64\u6839\u672c\u6c92\u6709\u52a0\u5bc6\u3002\u6240\u4ee5\u6211\u6703\u7528 tcpdump\u4f86\u6062\u5fa9\u6211\u7684\u5bc6\u78bc\u3002\u5df2\u6211\u7684\u4f7f\u7528\u8005\u540d\u548c\u5bc6\u78bc\u662f &#8220;everyone&#8220;\u3002<\/p>\n","protected":false},"author":1,"featured_media":1550,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[179],"class_list":["post-1674","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-5","tag-tcpdump-en"],"_links":{"self":[{"href":"http:\/\/notes4it.com\/index.php?rest_route=\/wp\/v2\/posts\/1674","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/notes4it.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/notes4it.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/notes4it.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/notes4it.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1674"}],"version-history":[{"count":0,"href":"http:\/\/notes4it.com\/index.php?rest_route=\/wp\/v2\/posts\/1674\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/notes4it.com\/index.php?rest_route=\/wp\/v2\/media\/1550"}],"wp:attachment":[{"href":"http:\/\/notes4it.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1674"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/notes4it.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1674"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/notes4it.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1674"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}