{"id":731,"date":"2020-04-26T07:54:51","date_gmt":"2020-04-26T05:54:51","guid":{"rendered":"http:\/\/tech.sosthe.sk\/?p=731"},"modified":"2020-04-26T08:40:32","modified_gmt":"2020-04-26T06:40:32","slug":"sietove-nastroje","status":"publish","type":"post","link":"http:\/\/tech.sosthe.sk\/index.php\/2020\/04\/26\/sietove-nastroje\/","title":{"rendered":"WIRESHARK"},"content":{"rendered":"

Wireshark je open-source n\u00e1stroj sl\u00fa\u017eiaci prim\u00e1rne na odchyt\u00e1vanie a anal\u00fdzu sie\u0165ovej prev\u00e1dzky. \u010casto sa vyu\u017e\u00edva pri troubleshootingu, vzdel\u00e1van\u00ed, alebo m\u00f4\u017ee posl\u00fa\u017ei\u0165 hackerovi napr\u00edklad pri\u00a0odchyt\u00e1van\u00ed hesla.<\/p>\n

Wireshark si m\u00f4\u017eete zadarmo stiahnu\u0165\u00a0tu<\/a>.\u00a0<\/strong>Funguje na opera\u010dn\u00fdch syst\u00e9moch Windows, Linux aj macOS. In\u0161taluje sa ako be\u017en\u00fd program. Pri in\u0161tal\u00e1cii nie je potrebn\u00e9 meni\u0165 nastavenia, skr\u00e1tka sa treba len „preklika\u0165“ a\u017e na koniec in\u0161tal\u00e1cie. Po nain\u0161talovan\u00ed sa objav\u00ed ikonka modrej \u017eralo\u010dej plutvy, pomocou ktorej program sp\u00fa\u0161\u0165ame.\u00a0\"\"Po spusten\u00ed sa zobraz\u00ed okno programu naj\u010dastej\u0161ie v nasledovnom tvare:<\/p>\n

\"\"<\/p>\n

V polo\u017eke Capture vid\u00edte zoznam sie\u0165ov\u00fdch rozhran\u00ed s krivkou aktivity. M\u00f4\u017eete si v\u0161imn\u00fa\u0165, \u017ee po\u010d\u00edta\u010d je pripojen\u00fd do siete cez Wi-Fi rozhranie. Z ponuky si vyberiete sk\u00faman\u00e9 sie\u0165ov\u00e9 rozhranie a spust\u00edte odchyt\u00e1vanie paketov.<\/p>\n

\"\"<\/p>\n

Zobraz\u00ed sa v\u00e1m okno programu rozdelen\u00e9 na tri \u010dasti. V hornej \u010dasti uvid\u00edte jednotliv\u00e9 stiahnut\u00e9 pakety. S\u00fa farebne rozl\u00ed\u0161en\u00e9 pod\u013ea typu pou\u017eit\u00e9ho protokolu. V strednej \u010dasti je v\u00fdpis hlavi\u010dky vybran\u00e9ho paketu a v spodnej \u010dasti v\u00fdpis d\u00e1t v pakete. Aby sme programom mohli analyzova\u0165 stiahnut\u00e9 pakety je potrebn\u00e9 odchyt\u00e1vanie zastavi\u0165. Tla\u010d\u00edtka stop a \u0161tart pre odchyt\u00e1vanie n\u00e1jdete na n\u00e1strojovej li\u0161te.<\/p>\n

Ak odchyt\u00e1vame v\u0161etku prev\u00e1dzku z nejak\u00e9ho rozhrania, dostaneme vo v\u00fdslednom s\u00fabore zmes komunik\u00e1cie prostredn\u00edctvom r\u00f4znych protokolov, ako ARP, ICMP, SNMP a pod., ktor\u00e9 n\u00e1s nemusia v danej chv\u00edli zauj\u00edma\u0165. Aby sme odfiltrovali iba komunik\u00e1ciu, ktor\u00e1 n\u00e1s zauj\u00edma, napr\u00edklad na z\u00e1klade zdrojovej, alebo cie\u013eovej IP adresy, alebo na z\u00e1klade protokolu, m\u00f4\u017eeme si nastavi\u0165 filter. Ni\u017e\u0161ie uv\u00e1dzam Wireshark filtre, ktor\u00e9 s\u00fa pou\u017e\u00edvan\u00e9 naj\u010dastej\u0161ie.<\/p>\n

Filtrovanie celej komunik\u00e1cie jednej IP adresy<\/h4>\n

Nasledovn\u00fd filter n\u00e1m vytriedi prev\u00e1dzku, kde zadan\u00e1 IP adresa m\u00f4\u017ee by\u0165 zdrojov\u00e1, alebo cie\u013eov\u00e1.<\/p>\n

ip.addr == 192.168.1.145<\/pre>\n
\"\"<\/h2>\n
Filtrovanie na z\u00e1klade zdrojovej IP adresy<\/h4>\n
ip.src == 192.168.1.4<\/pre>\n
\"\"<\/p>\n
Filtrovanie na z\u00e1klade cie\u013eovej IP adresy<\/h4>\n
ip.dst == 192.168.1.145<\/pre>\n
\"\"<\/p>\n
Filtrovanie na z\u00e1klade subnetu<\/h4>\n
Nasledovn\u00fd filter n\u00e1m vytriedi prev\u00e1dzku, kde je zdrojov\u00e1, alebo cie\u013eov\u00e1 IP adresa z definovan\u00e9ho rozsahu.<\/p>\n
ip.src == 192.168.1.0\/24<\/pre>\n
\"\"<\/p>\n
Filtrovanie na z\u00e1klade MAC adresy<\/h4>\n
eth.dst == 00:90:a9:41:2a:39<\/pre>\n
\"\"<\/p>\n
Filtrovanie na z\u00e1klade slu\u017eby<\/h4>\n
Ak chceme filtrova\u0165 prev\u00e1dzku na z\u00e1klade protokolu, m\u00f4\u017eeme bu\u010f zada\u0165 priamo jeho n\u00e1zov, alebo TCP\/UDP port, na ktorom prebieha komunik\u00e1cia.<\/p>\n
tcp.port == 21<\/pre>\n
\"\"<\/p>\n
ftp<\/pre>\n
\"\"<\/p>\n
Porovn\u00e1vanie hodn\u00f4t<\/h4>\n
V pr\u00edkladoch uveden\u00fdch vy\u0161\u0161ie m\u00f4\u017eeme vidie\u0165 pou\u017eitie oper\u00e1tora \u201crovn\u00e1 sa\u201d. V nasledovnej tabu\u013eke s\u00fa uveden\u00e9 \u010fal\u0161ie oper\u00e1tory, ktor\u00e9 m\u00f4\u017eeme vyu\u017ei\u0165 pri filtrovan\u00ed.<\/p>\n\n\n\n\n\n\n\n\n
rovn\u00e1 sa<\/td>\n\u2a75<\/td>\neq<\/td>\n<\/tr>\n
nerovn\u00e1 sa<\/td>\n!=<\/td>\nne<\/td>\n<\/tr>\n
v\u00e4\u010d\u0161ie ako<\/td>\n><\/td>\ngt<\/td>\n<\/tr>\n
men\u0161ie ako<\/td>\n<<\/td>\nlt<\/td>\n<\/tr>\n
v\u00e4\u010d\u0161ie, alebo rovn\u00e9<\/td>\n>=<\/td>\nge<\/td>\n<\/tr>\n
men\u0161ie, alebo rovn\u00e9<\/td>\n<=<\/td>\nle<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
Logick\u00e9 oper\u00e1tory<\/h4>\n
Ak potrebujeme zada\u0165 \u0161pecifickej\u0161\u00ed filter zadan\u00edm viacer\u00fdch podmienok, m\u00f4\u017eeme tak spravi\u0165 pou\u017eit\u00edm nasledovn\u00fdch logick\u00fdch oper\u00e1torov.<\/p>\n\n\n\n\n\n\n
and<\/td>\n&&<\/td>\n<\/tr>\n
or<\/td>\n||<\/td>\n<\/tr>\n
xor<\/td>\n^^<\/td>\n<\/tr>\n
not<\/td>\n!<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
V nasledovnom pr\u00edklade je uveden\u00e1 zlo\u017een\u00e1 podmienka, ktor\u00e1 filtruje prev\u00e1dzku s\u00favisiacu s IP adresou 192.168.1.145, alebo 195.168.1.4 a z\u00e1rove\u0148 prebieha na TCP porte 21, \u010di\u017ee ide o FTP prev\u00e1dzku.<\/p>\n
(ip.addr == 192.168.1.145 || ip.addr == 192.168.1.4 ) && tcp.port == 21<\/pre>\n
\"\"<\/p>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
Wireshark je open-source n\u00e1stroj sl\u00fa\u017eiaci prim\u00e1rne na odchyt\u00e1vanie a anal\u00fdzu sie\u0165ovej prev\u00e1dzky. \u010casto sa vyu\u017e\u00edva pri troubleshootingu, vzdel\u00e1van\u00ed, alebo m\u00f4\u017ee posl\u00fa\u017ei\u0165 hackerovi napr\u00edklad pri\u00a0odchyt\u00e1van\u00ed hesla.…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"_links":{"self":[{"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/posts\/731"}],"collection":[{"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/comments?post=731"}],"version-history":[{"count":4,"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/posts\/731\/revisions"}],"predecessor-version":[{"id":746,"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/posts\/731\/revisions\/746"}],"wp:attachment":[{"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/media?parent=731"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/categories?post=731"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/tech.sosthe.sk\/index.php\/wp-json\/wp\/v2\/tags?post=731"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}