查看driver

#kldload snd_driver
#cat /dev/sndstat
#kldstat
查看driver

Tools and Security awareness
This is paper 4 of 4 of the server series.
The topics we will be covering are in today's paper are:
3. Tools
3.1. TCPdump
3.2. Nessus
3.3. lsof
3.4. stack smashing
3.5. tunneling
4. Conclusion
3. Tools
We will lean on certain Tools more or less in direct connection with the system but who are not
inevitably available by defect or then by the ports but not up to date, or which is caracteristic quite
specific system. Thus we here will decouvrir some Tools allowing to reinforce our safety as well
proactive manner as reactive.
3.1. TCPdump
TCPdump is the ultimate tool for sniffer the traffic of a network in order to carry out its debugging. It
will enable us to capture whole or part of the traffic local area network in order to enable us to analyze it
in order to check the correct operation of our configurations network. With this intention TCPdump
bases itself on the layer system BPF for Berkeley Packet Filter in order to intercept the Ethernet screens
and packages IP forwarding by the machine in promiscuous mode (mode where Network Interface Card
or NIC can see the whole of the traffic network) according to expressions' bpf similar to the concepts of
expressions regulières. This method of capture by BPF east provides by the bookshop libpcap
facilitating the development of sniffers enormously advanced.
TCPdump provides a number of options impressive of which we will approach most useful here. First of
all with each capture we recommend following syntax to you:
($:~)=> tcpdump -X -s 1500 -e -n -i fxp0
This line of order makes it possible to obtain a dump at the same time in hexa and ASCII, a length of
1500 bytes, posting information of heading on the level of the connection layer which will be generally
Ethernet, we do not carry out a resolution of names in order to gain in speed, discretion and facilitated of
analysis; and finally we specify the NIC on which to listen what can avèrer useful when the console
admin has several interfaces or is used as footbridge.
The exit as for it is appeared - in the case of a package TCP here - as a timestamp, then Initial the
Number Sequence followed by the number of sequence of the package, the size of the package between
brackets, flags TCP, the number of acknowledgment, the window size, flag IP informing about the state
of fragmentation and finally options TCP. The exit can of course vary if one captures a package UDP or
ICMP (with in this last case type ICMP). With the options already presented, we also obtain in the dump
the headers layer connection, you can of course remove this option for more simplicity.
FreeBSD: Tools and Security awareness 页码，1/18
http://www.techinfo.net.ru/docs/freebsd_tuning/FreeBSD_tools_and_secur
... 2004-5-28

标签：

版权申明：本站文章部分自网络，如有侵权，请联系：west999com@outlook.com
特别注意：本站所有转载文章言论不代表本站观点，本站所提供的摄影照片，插画，设计作品，如需使用，请与原作者联系，版权归原作者所有