{"id":116,"date":"2018-06-29T09:33:49","date_gmt":"2018-06-29T00:33:49","guid":{"rendered":"https:\/\/www.chohi.ga\/?p=116"},"modified":"2018-07-03T06:20:26","modified_gmt":"2018-07-02T21:20:26","slug":"tcpdump-%ec%82%ac%ec%9a%a9%ed%95%b4-%eb%b3%b4%ea%b8%b0","status":"publish","type":"post","link":"https:\/\/www.kkoc.org\/?p=116","title":{"rendered":"tcpdump \uc0ac\uc6a9\ud574 \ubcf4\uae30"},"content":{"rendered":"<p>\uc694\uc998 \uc9d1\uc5d0 \uc124\uce58\ud55c linux\uc11c\ubc84 \ud328\ud0b7\uc744 \ud655\uc778\ud574 \ubcf4\ub2c8, \uc218\uc2e0\ud328\ud0b7(RX)\uc774 drop\ub418\ub294 \uac83\uc744 \ud655\uc778\ud55c \ub4a4 \ud328\ud0b7 \ucea1\ucc98\ub3c4\uad6c\uc778 tcpdump\ub97c \ubcf4\uae30 \uc2dc\uc791\ud588\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\uc6d0\ub798\ub294 \uc815\ubcf4\ubcf4\uc548\uae30\uc0ac\ub97c \uacf5\ubd80\ud558\uba74\uc11c \uac04\ub2e8\ud55c \uc0ac\uc6a9\ubc95\uc740 \uc54c\uace0 \uc788\uc5c8\uc9c0\ub9cc, \uc815\uc791 dropped\ub418\uace0 \uc788\ub294 \ud328\ud0b7\uc774 \ubb54\uc9c0 \uccb4\ud06c\ud558\uae30 \uc704\ud574\uc11c\ub294 \ubb50\ub97c \ud574\uc57c \ud558\ub294\uc9c0 \ubab0\ub77c \ub2e4\uc2dc \ucc45\uc744 \ubcf4\uac8c \ub429\ub2c8\ub2e4.<\/p>\n<p>\ucc45 \uc81c\ubaa9\uc740\u00a0 Network Security Through Data Analysis \uc785\ub2c8\ub2e4.\u00a0<\/p>\n<p>\ub9c8\uc774\ud074 \ub864\ub9b0\uc2a4 \uc9c0\uc74c, \ubb38\uc131\uac74 \uc62e\uae40 ISBN : 978-89-6848-258-8\u00a0 2016\ub144 4\uc6d4\uc5d0 \ucd08\ud310\ubc1c\ud589.<\/p>\n<p>\uc544\ub798\ub294 \ubb38\uc81c\uc758 drop\ub418\ub294 \ud328\ud0b7\uc758 \uac74\uc218 \uc785\ub2c8\ub2e4. 13922\uac74&#8230;\u00a0\ub300\ub7b5 2\ucd08\uc5d0 1\uac74\uc529 \ubc1c\uc0dd\ud558\uace0 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<pre>[root@localhost ~]# ifconfig\r\nens192: flags=4163&lt;UP,BROADCAST,RUNNING,MULTICAST&gt; mtu 1500\r\ninet 192.168.22.11 netmask 255.255.255.0 broadcast 192.168.22.255\r\nether 00:0c:          txqueuelen 1000 (Ethernet)\r\nRX packets 981480 bytes 196219705 (187.1 MiB)\r\nRX errors 0<span style=\"font-size: 14pt;\"><strong> dropped 13922<\/strong><\/span> overruns 0 frame 0\r\nTX packets 767164 bytes 204743025 (195.2 MiB)\r\nTX errors 0 dropped 0 overruns 0 carrier 0 collisions 0\r\ndevice interrupt 19 memory 0xfd3a0000-fd3c0000 <\/pre>\n<p>&nbsp;<\/p>\n<p>\uc6f9\ud3ec\ud2b8(80, 443), mysql(3306)\ud3ec\ud2b8\ub97c \uc81c\uc678\ud558\uace0 tcpdump\ub97c \ubc1b\uc544 \ubcf4\uc558\ub2e4.<\/p>\n<pre>[root@localhost ~]# tcpdump -i ens192 -s 0 -w result2 ! src port 80 &amp;&amp; ! src port 443 &amp;&amp; ! src port 3306\r\ntcpdump: listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes\r\n^C862 packets captured\r\n888 packets received by filter\r\n24 packets dropped by kernel<\/pre>\n<p>tcpdump\ub97c \uc218\ud589\ud574 \ubcf4\ub2c8,\u00a0\ubabb\ubcf4\ub358 IP\uc640 \ud3ec\ud2b8\uac00 \ubcf4\uc785\ub2c8\ub2e4.<\/p>\n<blockquote>\n<p>Host: 239.255.255.250:1900<\/p>\n<\/blockquote>\n<pre>M-SEARCH * HTTP\/1.1^M\r\nHost: 239.255.255.250:1900^M\r\nMan: \"ssdp:discover\"^M\r\nST: ssdp:all^M\r\nMX: 5^M\r\n...\r\nHOST:239.255.255.250:1900^M\r\nNT:urn:schemas-upnp-org:device:InternetGatewayDevice:1^M\r\nNTS:ssdp:alive^M\r\nUSN:uuid:-----------------------3::urn:schemas-upnp-org:device:InternetGatewayDevice:1^M\r\nCache-Control:max-age=120^M\r\nLocation:http:\/\/-------------:49152\/rootDesc.xml^M\r\nServer: HFR H514G F\/W - 2.0.4 UPnP\/1.0 miniupnpd\/1.0^M\r\n...<\/pre>\n<p>\uc544\ub9c8\ub3c4 \uc9d1\uc5d0 \uc788\ub294 H614G\ubaa8\ub380\uc774 SSDP\uc11c\ube44\uc2a4\ub97c \ud558\uae30 \uc704\ud574 \uc9c8\uc758\ud55c \ub0b4\uc6a9\uc73c\ub85c \ud310\ub2e8\ub429\ub2c8\ub2e4.<\/p>\n<p>SSDP \ub780 Simple Service Discovery Protocol \uc758 \uc57d\uc790\ub85c \ub124\ud2b8\uc6cc\ud06c \uc11c\ube44\uc2a4\ub098 \uc815\ubcf4\ub97c \ucc3e\uae30\uc704\ud574\uc11c \uc0ac\uc6a9\ud558\ub294 \ub124\ud2b8\uc6cc\ud06c \ud504\ub85c\ud1a0\ucf5c\uc774\ub77c\uace0 \ud569\ub2c8\ub2e4.<\/p>\n<p>RX\ud328\ud0b7\uc911\uc5d0 dropped\ub418\ub294 \ub188\ub4e4\uc744 \ucc3e\uc544\uc57c \ud558\ub294\ub370, \uac08\uae38\uc774 \uba49\ub2c8\ub2e4.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\uc694\uc998 \uc9d1\uc5d0 \uc124\uce58\ud55c linux\uc11c\ubc84 \ud328\ud0b7\uc744 \ud655\uc778\ud574 \ubcf4\ub2c8, \uc218\uc2e0\ud328\ud0b7(RX)\uc774 drop\ub418\ub294 \uac83\uc744 \ud655\uc778\ud55c \ub4a4 \ud328\ud0b7 \ucea1\ucc98\ub3c4\uad6c\uc778 tcpdump\ub97c \ubcf4\uae30 \uc2dc\uc791\ud588\uc2b5\ub2c8\ub2e4. \uc6d0\ub798\ub294 \uc815\ubcf4\ubcf4\uc548\uae30\uc0ac\ub97c \uacf5\ubd80\ud558\uba74\uc11c \uac04\ub2e8\ud55c \uc0ac\uc6a9\ubc95\uc740 \uc54c\uace0 \uc788\uc5c8\uc9c0\ub9cc, \uc815\uc791 dropped\ub418\uace0 \uc788\ub294 \ud328\ud0b7\uc774 \ubb54\uc9c0 \uccb4\ud06c\ud558\uae30 \uc704\ud574\uc11c\ub294 \ubb50\ub97c \ud574\uc57c \ud558\ub294\uc9c0 \ubab0\ub77c \ub2e4\uc2dc \ucc45\uc744 \ubcf4\uac8c&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[4],"tags":[],"_links":{"self":[{"href":"https:\/\/www.kkoc.org\/index.php?rest_route=\/wp\/v2\/posts\/116"}],"collection":[{"href":"https:\/\/www.kkoc.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kkoc.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kkoc.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kkoc.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=116"}],"version-history":[{"count":8,"href":"https:\/\/www.kkoc.org\/index.php?rest_route=\/wp\/v2\/posts\/116\/revisions"}],"predecessor-version":[{"id":145,"href":"https:\/\/www.kkoc.org\/index.php?rest_route=\/wp\/v2\/posts\/116\/revisions\/145"}],"wp:attachment":[{"href":"https:\/\/www.kkoc.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=116"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kkoc.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=116"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kkoc.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=116"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}