{"id":484,"date":"2015-08-16T18:41:53","date_gmt":"2015-08-16T15:41:53","guid":{"rendered":"https:\/\/furkansandal.com\/ag-trafiginde-pasif-isletim-sistemi-ve-uygulama-tespiti\/"},"modified":"2015-08-16T20:45:58","modified_gmt":"2015-08-16T17:45:58","slug":"ag-trafiginde-pasif-isletim-sistemi-ve-uygulama-tespiti","status":"publish","type":"post","link":"https:\/\/furkansandal.com\/ag-trafiginde-pasif-isletim-sistemi-ve-uygulama-tespiti\/","title":{"rendered":"A\u011f Trafi\u011finde Pasif \u0130\u015fletim Sistemi ve Uygulama Tespiti"},"content":{"rendered":"
\n

\u0130nternet teknolojisinin yayg\u0131nla\u015fmas\u0131n\u0131n sonucunda teknoloji s\u00fcrekli kendini yenilemekte ve yeni sistemler ortaya \u00e7\u0131kmaktad\u0131r. Bu teknolojilerden en s\u0131k kar\u015f\u0131la\u015f\u0131lanlar\u0131 ku\u015fkusuz web sunucular,g\u00fcvenlik duvarlar\u0131, web uygulama g\u00fcvenlik duvarlar\u0131, IPS cihazlar\u0131 ve Load balancer(y\u00fck dengeleyici) gibi cihazlard\u0131r.\u00a0<\/span>
\nBir\u00e7ok kurumda uygulama sunucular\u0131na direk eri\u015fim olmaz ve arada sizi ba\u015fka bir cihaz kar\u015f\u0131lar. S\u0131zma testlerinde bilgi toplama a\u015famas\u0131nda veya \u00a0ele ge\u00e7irilmi\u015f bir linux ya da windows sistemin adli bili\u015fim \u00e7al\u0131\u015fmalar\u0131nda ba\u011flant\u0131 esnas\u0131ndaki akt\u00f6rlerin kimler oldu\u011fu \u00f6nemlidir. <\/span><\/p>\n

<\/a>A\u015fa\u011f\u0131da \u00f6rnek olarak bahsedilen, <\/span><\/div>\n
    \n
  • \n
    \n

    Herhangi bir kurum yerel a\u011fda olu\u015fan bir trafi\u011fin incelenmesi esnas\u0131nda istemcinin hangi kanaldan hangi browser \u00fczerinden ileti\u015fim kurdu\u011fu, sunucun t\u00fcr\u00fc, uptime s\u00fcresi veya ba\u011flant\u0131 esnas\u0131nda ta\u015f\u0131nan http trafi\u011fini incelemek<\/span><\/p>\n<\/div>\n<\/li>\n

  • \u0130nternet ortam\u0131nda kurum a\u011f\u0131ndan \u00a0d\u0131\u015far\u0131ya giden internet trafi\u011finde ba\u011flant\u0131y\u0131 kuran ve ba\u011flant\u0131 kurulan sistemlerin \u00f6zelliklerini \u00f6\u011frenmek<\/span><\/li>\n
  • Ele ge\u00e7irilmi\u015f bir sistemin analizini yaparken kaydedilmi\u015f a\u011f trafi\u011fi \u00fczerinden \u00a0ba\u011flant\u0131 akt\u00f6rlerinin kimliklerini \u00f6\u011frenmek ve olu\u015fan trafi\u011fi g\u00f6rmek <\/span><\/li>\n<\/ul>\n

    gibi senaryolarda analizi kolayla\u015ft\u0131racak ve basite indirgeyecek bir tak\u0131m y\u00f6ntemler kullan\u0131lmal\u0131d\u0131r. A\u00e7\u0131k kaynak kodlu bir \u00e7ok yaz\u0131l\u0131mla bunlar\u0131 yapmak olduk\u00e7a kolayd\u0131r. Bu makalede ise p0f ad\u0131nda bir ara\u00e7 ile \u00a0bu i\u015flemlerin \u00a0nas\u0131l ger\u00e7ekle\u015ftirilece\u011fi basit\u00e7e anlat\u0131lacakt\u0131r.<\/span><\/p>\n

    \u00a0<\/b><\/p>\n

    p0f Nedir ?<\/span><\/p>\n

    \u00a0<\/b><\/p>\n

    p0f, TCP\/IP ba\u011flant\u0131 mekanizmas\u0131ndaki ba\u011flant\u0131 akt\u00f6rlerini ba\u011flant\u0131ya herhangi bir m\u00fcdahalede bulunmadan, tamamen pasif fingerprint y\u00f6ntemleri ile tespit etmeye \u00e7al\u0131\u015fan bir ara\u00e7t\u0131r. Uygulaman\u0131n baz\u0131 \u00f6zellikleri a\u015fa\u011f\u0131daki gibidir.<\/span><\/p>\n

      \n
    • Son derece h\u0131zl\u0131 bir \u015fekilde i\u015fletim sistemi tan\u0131ma<\/span><\/li>\n
    • NAT arkas\u0131ndaki sistemler de dahil olmak \u00fczere sistemlerin uptime s\u00fcrelerinin \u00f6l\u00e7\u00fcm\u00fc<\/span><\/li>\n
    • Hedef sistemlerin \u00f6n taraf\u0131nda \u00e7al\u0131\u015fan Load balancer, NAT, proxy gibi sistemlerin tespiti<\/span><\/li>\n
    • Sahte istemci ve sunucular\u0131n tespiti \u00a0vs.<\/span><\/li>\n<\/ul>\n

      \u00a0<\/b><\/p>\n

      Nas\u0131l \u00c7al\u0131\u015f\u0131r ? <\/span><\/p>\n

      \u00a0<\/b><\/p>\n

      P0f, IPv4 ve IPv6 ba\u015fl\u0131klardaki verileri, TCP ba\u015fl\u0131klar\u0131n\u0131, 3 yollu el \u00a0s\u0131k\u0131\u015fma esnas\u0131ndaki ba\u011flant\u0131y\u0131 inceler. Bunun yan\u0131s\u0131ra \u00a0uygulama d\u00fczeyinde kendine ait bir tak\u0131m payloadlar kullanarak trafi\u011fi analiz eder. \u00a0\u00a0<\/span><\/p>\n

      \u00a0<\/b><\/p>\n

      \u00d6zellikleri ve Kullan\u0131m\u0131 <\/span><\/p>\n

      \u00a0<\/b><\/p>\n

      Uygulama indirildikten sonra ilk olarak tar dosyas\u0131 a\u00e7\u0131l\u0131r. <\/span><\/p>\n

      \n\n\n<\/colgroup>\n\n\n
      root@osmncht:~\/Desktop# tar -zxvf p0f-3.08b.tgz <\/span><\/p>\n

      p0f-3.08b\/<\/span><\/p>\n

      p0f-3.08b\/languages.h<\/span><\/p>\n

      p0f-3.08b\/alloc-inl.h<\/span><\/p>\n

      p0f-3.08b\/tools\/<\/span><\/p>\n

      p0f-3.08b\/tools\/p0f-sendsyn6.c<\/span><\/p>\n

      \u2026<\/span><\/p>\n

      \u2026.<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n

      \u00a0<\/b><\/p>\n

      Sonras\u0131nda s\u0131k\u0131\u015ft\u0131r\u0131lm\u0131\u015f dosyalar a\u00e7\u0131ld\u0131\u011f\u0131 zaman <\/span>build.sh <\/span>\u00e7al\u0131\u015ft\u0131r\u0131labilir dosyas\u0131n\u0131n oldu\u011fu g\u00f6r\u00fclecektir. Uygulamay\u0131 kurmak i\u00e7in yap\u0131lmas\u0131 \u00a0gereken tek \u015fey bu dosyay\u0131 \u00e7al\u0131\u015ft\u0131rmakt\u0131r.<\/span><\/p>\n

      \n\n\n<\/colgroup>\n\n\n
      root@osmncht:~\/Desktop\/p0f-3.08b# .\/build.sh <\/span><\/p>\n

      Welcome to the build script for p0f 3.08b!<\/span><\/p>\n

      Copyright (C) 2012 by Michal Zalewski <lcamtuf@coredump.cx><\/span><\/p>\n

      [+] Configuring production build.<\/span><\/p>\n

      [*] Checking for a sane build environment… OK<\/span><\/p>\n

      [*] Checking for working GCC… OK<\/span><\/p>\n

      [*] Checking for *modern* GCC… OK<\/span><\/p>\n

      [*] Checking if memory alignment is required… nope<\/span><\/p>\n

      [*] Checking for working libpcap… OK<\/span><\/p>\n

      [*] Checking for working BPF… OK<\/span><\/p>\n

      [+] Okay, you seem to be good to go. Fingers crossed!<\/span><\/p>\n

      [*] Compiling p0f… OK<\/span><\/p>\n

      Well, that’s it. Be sure to review README. If you run into any problems, you<\/span><\/p>\n

      can reach the author at <lcamtuf@coredump.cx>.<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n

      \u00a0<\/b><\/p>\n

      Art\u0131k uygulama kullan\u0131ma haz\u0131rd\u0131r. Uygulaman\u0131n \u00f6zelliklerine help men\u00fcs\u00fcnden bak\u0131labilir. <\/span><\/p>\n

      S\u0131k kullan\u0131lacak olan baz\u0131 parametrelerin neleri ifade etti\u011fi a\u015fa\u011f\u0131da belirtilmi\u015ftir. <\/span><\/p>\n