\n
Herhangi bir kurum yerel a\u011fda olu\u015fan bir trafi\u011fin incelenmesi esnas\u0131nda istemcinin hangi kanaldan hangi browser \u00fczerinden ileti\u015fim kurdu\u011fu, sunucun t\u00fcr\u00fc, uptime s\u00fcresi veya ba\u011flant\u0131 esnas\u0131nda ta\u015f\u0131nan http trafi\u011fini incelemek<\/span><\/p>\n<\/div>\n<\/li>\n\u0130nternet ortam\u0131nda kurum a\u011f\u0131ndan \u00a0d\u0131\u015far\u0131ya giden internet trafi\u011finde ba\u011flant\u0131y\u0131 kuran ve ba\u011flant\u0131 kurulan sistemlerin \u00f6zelliklerini \u00f6\u011frenmek<\/span><\/li>\nEle ge\u00e7irilmi\u015f bir sistemin analizini yaparken kaydedilmi\u015f a\u011f trafi\u011fi \u00fczerinden \u00a0ba\u011flant\u0131 akt\u00f6rlerinin kimliklerini \u00f6\u011frenmek ve olu\u015fan trafi\u011fi g\u00f6rmek <\/span><\/li>\n<\/ul>\ngibi senaryolarda analizi kolayla\u015ft\u0131racak ve basite indirgeyecek bir tak\u0131m y\u00f6ntemler kullan\u0131lmal\u0131d\u0131r. A\u00e7\u0131k kaynak kodlu bir \u00e7ok yaz\u0131l\u0131mla bunlar\u0131 yapmak olduk\u00e7a kolayd\u0131r. Bu makalede ise p0f ad\u0131nda bir ara\u00e7 ile \u00a0bu i\u015flemlerin \u00a0nas\u0131l ger\u00e7ekle\u015ftirilece\u011fi basit\u00e7e anlat\u0131lacakt\u0131r.<\/span><\/p>\n\u00a0<\/b><\/p>\n
p0f Nedir ?<\/span><\/p>\n\u00a0<\/b><\/p>\n
p0f, TCP\/IP ba\u011flant\u0131 mekanizmas\u0131ndaki ba\u011flant\u0131 akt\u00f6rlerini ba\u011flant\u0131ya herhangi bir m\u00fcdahalede bulunmadan, tamamen pasif fingerprint y\u00f6ntemleri ile tespit etmeye \u00e7al\u0131\u015fan bir ara\u00e7t\u0131r. Uygulaman\u0131n baz\u0131 \u00f6zellikleri a\u015fa\u011f\u0131daki gibidir.<\/span><\/p>\n\n- Son derece h\u0131zl\u0131 bir \u015fekilde i\u015fletim sistemi tan\u0131ma<\/span><\/li>\n
- NAT arkas\u0131ndaki sistemler de dahil olmak \u00fczere sistemlerin uptime s\u00fcrelerinin \u00f6l\u00e7\u00fcm\u00fc<\/span><\/li>\n
- Hedef sistemlerin \u00f6n taraf\u0131nda \u00e7al\u0131\u015fan Load balancer, NAT, proxy gibi sistemlerin tespiti<\/span><\/li>\n
- Sahte istemci ve sunucular\u0131n tespiti \u00a0vs.<\/span><\/li>\n<\/ul>\n
\u00a0<\/b><\/p>\n
Nas\u0131l \u00c7al\u0131\u015f\u0131r ? <\/span><\/p>\n\u00a0<\/b><\/p>\n
P0f, IPv4 ve IPv6 ba\u015fl\u0131klardaki verileri, TCP ba\u015fl\u0131klar\u0131n\u0131, 3 yollu el \u00a0s\u0131k\u0131\u015fma esnas\u0131ndaki ba\u011flant\u0131y\u0131 inceler. Bunun yan\u0131s\u0131ra \u00a0uygulama d\u00fczeyinde kendine ait bir tak\u0131m payloadlar kullanarak trafi\u011fi analiz eder. \u00a0\u00a0<\/span><\/p>\n\u00a0<\/b><\/p>\n
\u00d6zellikleri ve Kullan\u0131m\u0131 <\/span><\/p>\n\u00a0<\/b><\/p>\n
Uygulama indirildikten sonra ilk olarak tar dosyas\u0131 a\u00e7\u0131l\u0131r. <\/span><\/p>\n\n
\n\n<\/colgroup>\n\n\nroot@osmncht:~\/Desktop# tar -zxvf p0f-3.08b.tgz <\/span><\/p>\n p0f-3.08b\/<\/span><\/p>\np0f-3.08b\/languages.h<\/span><\/p>\np0f-3.08b\/alloc-inl.h<\/span><\/p>\np0f-3.08b\/tools\/<\/span><\/p>\np0f-3.08b\/tools\/p0f-sendsyn6.c<\/span><\/p>\n\u2026<\/span><\/p>\n\u2026.<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n\u00a0<\/b><\/p>\n Sonras\u0131nda s\u0131k\u0131\u015ft\u0131r\u0131lm\u0131\u015f dosyalar a\u00e7\u0131ld\u0131\u011f\u0131 zaman <\/span>build.sh <\/span>\u00e7al\u0131\u015ft\u0131r\u0131labilir dosyas\u0131n\u0131n oldu\u011fu g\u00f6r\u00fclecektir. Uygulamay\u0131 kurmak i\u00e7in yap\u0131lmas\u0131 \u00a0gereken tek \u015fey bu dosyay\u0131 \u00e7al\u0131\u015ft\u0131rmakt\u0131r.<\/span><\/p>\n\n \n\n<\/colgroup>\n\n\nroot@osmncht:~\/Desktop\/p0f-3.08b# .\/build.sh <\/span><\/p>\n Welcome to the build script for p0f 3.08b!<\/span><\/p>\nCopyright (C) 2012 by Michal Zalewski <lcamtuf@coredump.cx><\/span><\/p>\n[+] Configuring production build.<\/span><\/p>\n[*] Checking for a sane build environment… OK<\/span><\/p>\n[*] Checking for working GCC… OK<\/span><\/p>\n[*] Checking for *modern* GCC… OK<\/span><\/p>\n[*] Checking if memory alignment is required… nope<\/span><\/p>\n[*] Checking for working libpcap… OK<\/span><\/p>\n[*] Checking for working BPF… OK<\/span><\/p>\n[+] Okay, you seem to be good to go. Fingers crossed!<\/span><\/p>\n[*] Compiling p0f… OK<\/span><\/p>\nWell, that’s it. Be sure to review README. If you run into any problems, you<\/span><\/p>\ncan reach the author at <lcamtuf@coredump.cx>.<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n\u00a0<\/b><\/p>\n Art\u0131k uygulama kullan\u0131ma haz\u0131rd\u0131r. Uygulaman\u0131n \u00f6zelliklerine help men\u00fcs\u00fcnden bak\u0131labilir. <\/span><\/p>\nS\u0131k kullan\u0131lacak olan baz\u0131 parametrelerin neleri ifade etti\u011fi a\u015fa\u011f\u0131da belirtilmi\u015ftir. <\/span><\/p>\n\n- \u00a0-i iface \u00a0– Dinlenilecek olan a\u011f aray\u00fcz\u00fcn\u00fc belirtir<\/span><\/li>\n
- \u00a0-r file \u00a0\u00a0– \u00c7evrimd\u0131\u015f\u0131 olarak pcap dosyalar\u0131n\u0131 okumak i\u00e7in kullan\u0131l\u0131r<\/span><\/li>\n
- \u00a0-p \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0– A\u011f aray\u00fcz\u00fcn\u00fc promiscuous modda dinlemek i\u00e7in kullan\u0131l\u0131r<\/span><\/li>\n
- \u00a0-L \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0– Kullan\u0131labilir a\u011f aray\u00fczlerini listeler<\/span><\/li>\n
- \u00a0-o file \u00a0\u00a0– Sonu\u00e7lar\u0131 harici bir dosyaya yazmak i\u00e7in kullan\u0131l\u0131r<\/span><\/li>\n
- \u00a0-d \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0– Arka planda deamon olarak \u00e7al\u0131\u015ft\u0131rmak i\u00e7in kullan\u0131l\u0131r<\/span><\/li>\n<\/ul>\n
\u00a0<\/b><\/p>\n Herhangi bir filtre kullan\u0131lmadan en temel kullan\u0131m \u015fekliyle eth0 aray\u00fcz\u00fc dinlenildi\u011fi zaman uygulaman\u0131n \u00e7al\u0131\u015fma mant\u0131\u011f\u0131 kolayca anla\u015f\u0131lacakt\u0131r. \u00d6rnek bir \u00e7\u0131kt\u0131s\u0131 a\u015fa\u011f\u0131daki gibidir. Burada uygulamay\u0131 test etmek i\u00e7in bir web uygulamas\u0131na browser \u00fczerinden eri\u015fim denenmi\u015ftir. A\u015fa\u011f\u0131daki tabloda hedef siteye ba\u011flant\u0131 kurabilmek i\u00e7in ilk olarak test makinesi ile hedef site aras\u0131nda 3 yollu el s\u0131k\u0131\u015fman\u0131n ger\u00e7ekle\u015fti\u011fi g\u00f6r\u00fclmektedir. Bunun yan\u0131s\u0131ra istemci makinenin hangi i\u015fletim sistemini kulland\u0131\u011f\u0131 da \u00e7\u0131kt\u0131lar aras\u0131ndad\u0131r.<\/span><\/p>\n\n \n\n<\/colgroup>\n\n\nroot@osmncht:~\/Desktop\/p0f-3.08b# .\/p0f -i eth0<\/span><\/p>\n — p0f 3.08b by Michal Zalewski <lcamtuf@coredump.cx> —<\/span><\/p>\n[+] Closed 1 file descriptor.<\/span><\/p>\n[+] Loaded 320 signatures from ‘p0f.fp’.<\/span><\/p>\n[+] Intercepting traffic on interface ‘eth0’.<\/span><\/p>\n[+] Default packet filtering configured [+VLAN].<\/span><\/p>\n[+] Entered main event loop.<\/span><\/p>\n.-[ 192.168.0.24\/41902 -> 192.99.12.218\/80 (syn) ]-<\/span><\/p>\n|<\/span><\/p>\n| client \u00a0\u00a0= 192.168.0.24\/41902<\/span><\/p>\n| os \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0= Linux 3.x<\/span><\/p>\n| dist \u00a0\u00a0\u00a0\u00a0= 0<\/span><\/p>\n| params \u00a0\u00a0= generic<\/span><\/p>\n| raw_sig \u00a0= 4:64+0:0:1460:mss*10,10:mss,sok,ts,nop,ws:df,id+:0<\/span><\/p>\n|<\/span><\/p>\n`—-<\/span><\/p>\n.-[ 192.168.0.24\/41902 -> 192.99.12.218\/80 (mtu) ]-<\/span><\/p>\n|<\/span><\/p>\n| client \u00a0\u00a0= 192.168.0.24\/41902<\/span><\/p>\n| link \u00a0\u00a0\u00a0\u00a0= Ethernet or modem<\/span><\/p>\n| raw_mtu \u00a0= 1500<\/span><\/p>\n|<\/span><\/p>\n`—-<\/span><\/p>\n.-[ 192.168.0.24\/41902 -> 192.99.12.218\/80 (syn+ack) ]-<\/span><\/p>\n|<\/span><\/p>\n| server \u00a0\u00a0= 192.99.12.218\/80<\/span><\/p>\n| os \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0= Linux 3.x<\/span><\/p>\n| dist \u00a0\u00a0\u00a0\u00a0= 16<\/span><\/p>\n| params \u00a0\u00a0= none<\/span><\/p>\n| raw_sig \u00a0= 4:48+16:0:1460:mss*10,9:mss,sok,ts,nop,ws:df:0<\/span><\/p>\n|<\/span><\/p>\n`—-<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n\u00a0<\/b><\/p>\n Ayn\u0131 uygulaman\u0131n devam\u0131na bak\u0131ld\u0131\u011f\u0131 zaman, hedef siteye yap\u0131lan bir http iste\u011finin p0f format\u0131nda \u00e7\u0131kt\u0131s\u0131 a\u015fa\u011f\u0131daki gibidir. Burada istemci makinenin ip adresi, ba\u011flant\u0131 kurulan browser bilgileri ve http ba\u015fl\u0131k bilgileri g\u00f6sterilmi\u015ftir.<\/span><\/p>\n\n \n\n<\/colgroup>\n\n\n.-[ 192.168.0.24\/41902 -> 192.99.12.218\/80 (http request) ]-<\/span><\/p>\n |<\/span><\/p>\n| client \u00a0\u00a0= 192.168.0.24\/41902<\/span><\/p>\n| app \u00a0\u00a0\u00a0\u00a0\u00a0= Firefox 10.x or newer<\/span><\/p>\n| lang \u00a0\u00a0\u00a0\u00a0= English<\/span><\/p>\n| params \u00a0\u00a0= none<\/span><\/p>\n| raw_sig \u00a0= 1:Host,User-Agent,Accept=<\/span><\/p>\n,Accept-Language=[en-US,en;q=0.5],Accept-Encoding=[gzip, deflate],?Cookie,Connection=[keep-alive]:Accept-Charset,Keep-Alive:Mozilla\/5.0 (X11; Linux x86_64; rv:22.0) Gecko\/20100101 Firefox\/22.0 Iceweasel\/22.0<\/span><\/p>\n|<\/span><\/p>\n`—-<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n\u00a0<\/b><\/p>\n Kurulan bir tcp ba\u011flant\u0131s\u0131nda sadece istemci makineye ait bilgiler de\u011fil, hedef uygulamaya ait birtak\u0131m bilgileri de p0f arac\u0131 ile tespit etmek m\u00fcmk\u00fcnd\u00fcr. \u00d6rnek olarak bga.com.tr adresine yap\u0131lan bir ba\u011flant\u0131 p0f arac\u0131 ile incelenirse hedef uygulamaya ait sunucu bilgileri a\u015fa\u011f\u0131daki gibi g\u00f6r\u00fclebilir.<\/span><\/p>\n\n \n\n<\/colgroup>\n\n\n.<\/span>-[ 192.168.0.27\/45954 -> 50.22.202.163\/80 (http response) ]-<\/span><\/p>\n |<\/span><\/p>\n| server \u00a0\u00a0= 50.22.202.163\/80<\/span><\/p>\n| app \u00a0\u00a0\u00a0\u00a0\u00a0= Apache 2.x<\/span><\/p>\n| lang \u00a0\u00a0\u00a0\u00a0= none<\/span><\/p>\n| params \u00a0\u00a0= none<\/span><\/p>\n| raw_sig \u00a0= 1:Date,Server,?Location,?Content-Length,Keep-Alive=[timeout=5, max=100],Connection=[Keep-Alive],Content-Type:Accept-Ranges:Apache<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n \n<\/b><\/p>\nUygulamay\u0131 online olarak test etmek isterseniz <\/span>http:\/\/lcamtuf.coredump.cx\/p0f3\/<\/span> adresini ziyaret edebilirsiniz. Ba\u011flant\u0131ya t\u0131klad\u0131\u011f\u0131n\u0131z zaman size ba\u011flant\u0131 kurmaya \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131z makine ile ilgili birtak\u0131m bilgileri g\u00f6sterecektir. <\/span><\/div>\n<\/span><\/div>\n<\/div>\nFurkan SANDAL<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"\u0130nternet teknolojisinin yayg\u0131nla\u015fmas\u0131n\u0131n sonucunda teknoloji s\u00fcrekli kendini yenilemekte ve yeni sistemler ortaya \u00e7\u0131kmaktad\u0131r. Bu teknolojilerden en s\u0131k kar\u015f\u0131la\u015f\u0131lanlar\u0131 ku\u015fkusuz web…<\/p>\n","protected":false},"author":1,"featured_media":477,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","footnotes":""},"categories":[6,1,9,10,7,4],"tags":[71,74,73,75,72],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/furkansandal.com\/wp-content\/uploads\/2015\/08\/tekno.jpg?fit=480%2C343&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6BM7I-7O","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/484"}],"collection":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/comments?post=484"}],"version-history":[{"count":0,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/posts\/484\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media\/477"}],"wp:attachment":[{"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/media?parent=484"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/categories?post=484"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/furkansandal.com\/wp-json\/wp\/v2\/tags?post=484"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
| | | | |