스니퍼링을 이렇게 해주는 툴이 리눅스에 있는지???
=====Sniffing ==============================================================
Running a packet sniffer to see the actual determining of shares
NOTE R_SRVSVC RPC Client call srvsvcNetrShareEnum(..)
This frame is a NetShareEnum request, which requests a list of shared resources.
19 31.348 STUDENT7 *SMBSERVER R_SRVSVC RPC Client call srvsvcNetrShareEnum(..)
STUDENT7 *SMBSERVER IP
FRAME Base frame properties
FRAME Time of capture = Dec 3, 1997 91254.18
FRAME Time delta from previous physical frame 0 milliseconds
FRAME Frame number 19
FRAME Total frame length 238 bytes
FRAME Capture frame length 238 bytes
FRAME Frame data Number of data bytes remaining = 238 (0x00EE)
ETHERNET ETYPE = 0x0800 Protocol = IP DOD Internet Protocol
ETHERNET Destination address 00C04FC48C9D
ETHERNET .......0 = Individual address
ETHERNET ......0. = Universally administered address
ETHERNET Source address 00C04FC48C93
ETHERNET .......0 = No routing information present
ETHERNET ......0. = Universally administered address
ETHERNET Frame Length 238 (0x00EE)
ETHERNET Ethernet Type 0x0800 (IP DOD Internet Protocol)
ETHERNET Ethernet Data Number of data bytes remaining = 224 (0x00E0)
IP ID = 0x1A08; Proto = TCP; Len 224
IP Version = 4 (0x4)
IP Header Length = 20 (0x14)
IP Service Type = 0 (0x0)
IP Precedence = Routine
IP ...0.... = Normal Delay
IP ....0... = Normal Throughput
IP .....0.. = Normal Reliability
IP Total Length = 224 (0xE0)
IP Identification = 6664 (0x1A08)
IP Flags Summary = 2 (0x2)
IP .......0 = Last fragment in datagram
IP ......1. = Cannot fragment datagram
IP Fragment Offset = 0 (0x0) bytes
IP Time to Live = 128 (0x80)
IP Protocol = TCP - Transmission Control
IP Checksum = 0x415E
IP Source Address = 204.73.131.19
IP Destination Address = 204.73.131.11
IP Data Number of data bytes remaining = 204 (0x00CC)
TCP .AP..., len 184, seq 73409249-73409432, ack 1505236, win 8278, src 1832 dst
139 (NBT Session)
TCP Source Port = 0x0728
TCP Destination Port = NETBIOS Session Service
TCP Sequence Number = 73409249 (0x46022E1)
TCP Acknowledgement Number = 1505236 (0x16F7D4)
TCP Data Offset = 20 (0x14)
TCP Reserved = 0 (0x0000)
TCP Flags = 0x18 .AP...
TCP ..0..... = No urgent data
TCP ...1.... = Acknowledgement field significant
TCP ....1... = Push function
TCP .....0.. = No Reset
TCP ......0. = No Synchronize
TCP .......0 = No Fin
TCP Window = 8278 (0x2056)
TCP Checksum = 0x40ED
TCP Urgent Pointer = 0 (0x0)
TCP Data Number of data bytes remaining = 184 (0x00B8)
NBT SS Session Message, Len 180
NBT Packet Type = Session Message
NBT Packet Flags = 0 (0x0)
NBT .......0 = Add 0 to Length
NBT Packet Length = 180 (0xB4)
NBT SS Data Number of data bytes remaining = 180 (0x00B4)
SMB C transact TransactNmPipe, FID = 0x800
SMB SMB Status = Error Success
SMB Error class = No Error
SMB Error code = No Error
SMB Header PID = 0x7CC0 TID = 0x0800 MID = 0x00C0 UID = 0x0800
SMB Tree ID (TID) = 2048 (0x800)
SMB Process ID (PID) = 31936 (0x7CC0)
SMB User ID (UID) = 2048 (0x800)
SMB Multiplex ID (MID) = 192 (0xC0)
SMB Flags Summary = 24 (0x18)
SMB .......0 = Lock & Read and Write & Unlock not supported
SMB ......0. = Send No Ack not supported
SMB ....1... = Using caseless pathnames
SMB ...1.... = Canonicalized pathnames
SMB ..0..... = No Opportunistic lock
SMB .0...... = No Change Notify
SMB 0....... = Client command
SMB flags2 Summary = 32771 (0x8003)
SMB ...............1 = Understands long filenames
SMB ..............1. = Understands extended attributes
SMB ...0............ = No DFS capabilities
SMB ..0............. = No paging of IO
SMB .0.............. = Using SMB status codes
SMB 1............... = Using UNICODE strings
SMB Command = R transact
SMB Word count = 16
SMB Word parameters
SMB Total parm bytes = 0
SMB Total data bytes = 96
SMB Max parm bytes = 0
SMB Max data bytes = 1024
SMB Max setup words = 0 (0x0)
SMB Transact Flags Summary = 0 (0x0)
SMB ...............0 = Leave session intact
SMB ..............0. = Response required
SMB Transact timeout = 0 (0x0)
SMB Parameter bytes = 0 (0x0)
SMB Parameter offset = 84 (0x54)
SMB Data bytes = 96 (0x60)
SMB Data offset = 84 (0x54)
SMB Max setup words = 2
SMB Setup words
SMB Pipe function = Transact named pipe (TransactNmPipe)
SMB File ID (FID) = 2048 (0x800)
SMB Byte count = 113
SMB Byte parameters
SMB File name = \PIPE\
SMB Transaction data
SMB Data Number of data bytes remaining = 96 (0x0060)
MSRPC c/o RPC Request call 0x1 opnum 0xF context 0x0 hint 0x48
MSRPC Version = 5 (0x5)
MSRPC Version (Minor) = 0 (0x0)
MSRPC Packet Type = Request
MSRPC Flags 1 = 3 (0x3)
MSRPC .......1 = Reserved -or- First fragment (AES/DC)
MSRPC ......1. = Last fragment -or- Cancel pending
MSRPC .....0.. = Not a fragment -or- No cancel pending (AES/DC)
MSRPC ....0... = Receiver to repond with a fack PDU -or- Reserved (AES/DC)
MSRPC ...0.... = Not used -or- Does not support concurrent multiplexing (AES/DC)
MSRPC ..0..... = Not for an idempotent request -or- Did not execute guaranteed call
(Fault PDU only) (AES/DC)
MSRPC .0...... = Not for a broadcast request -or- 'Maybe' call semantics not
requested (AES/DC)
MSRPC 0....... = Reserved -or- No object UUID specified in the optional object field
(AES/DC)
MSRPC Packed Data Representation
MSRPC Fragment Length = 96 (0x60)
MSRPC Authentication Length = 0 (0x0)
MSRPC Call Identifier = 1 (0x1)
MSRPC Bind Frame Number = 17 (0x11)
MSRPC Abstract Interface UUID = 4B324FC8-1670-01D3-1278-5A47BF6EE188
MSRPC Allocation Hint = 72 (0x48)
MSRPC Presentation Context Identifier = 0 (0x0)
MSRPC Operation Number (c/o Request prop. dg header prop) = 15 (0xF)
MSRPC Stub Data
R_SRVSVC RPC Client call srvsvcNetrShareEnum(..)
R_SRVSVC SRVSVC_HANDLE ServerName = 204.73.131.11
R_SRVSVC LPSHARE_ENUM_STRUCT InfoStruct {..}
R_SRVSVC DWORD Level = 1 (0x1)
R_SRVSVC _SHARE_ENUM_UNION ShareInfo {..}
R_SRVSVC Switch Value = 1 (0x1)
R_SRVSVC SHARE_INFO_1_CONTAINER *Level1 {..}
R_SRVSVC DWORD EntriesRead = 0 (0x0)
R_SRVSVC LPSHARE_INFO_1 Buffer = 0 (0x0)
R_SRVSVC DWORD PreferedMaximumLength = 4294967295 (0xFFFFFFFF)
00000 00 C0 4F C4 8C 9D 00 C0 4F C4 8C 93 08 00 45 00 ..O.....O.....E.
00010 00 E0 1A 08 40 00 80 06 41 5E CC 49 83 13 CC 49 ....@...A^.I...I
00020 83 0B 07 28 00 8B 04 60 22 E1 00 16 F7 D4 50 18 ...(...`".....P.
00030 20 56 40 ED 00 00 00 00 00 B4 FF 53 4D 42 25 00 V@........SMB%.
00040 00 00 00 18 03 80 24 82 00 00 00 00 00 00 00 00 ......$.........
00050 00 00 00 08 C0 7C 00 08 C0 00 10 00 00 60 00 00 .....|.......`..
00060 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 54 ...............T
00070 00 60 00 54 00 02 00 26 00 00 08 71 00 00 5C 00 .`.T...&...q..\.
00080 50 00 49 00 50 00 45 00 5C 00 00 00 00 2D 05 00 P.I.P.E.\....-..
00090 00 03 10 00 00 00 60 00 00 00 01 00 00 00 48 00 ......`.......H.
000A0 00 00 00 00 0F 00 36 1C 14 00 0E 00 00 00 00 00 ......6.........
000B0 00 00 0E 00 00 00 32 00 30 00 34 00 2E 00 37 00 ......2.0.4...7.
000C0 33 00 2E 00 31 00 33 00 31 00 2E 00 31 00 31 00 3...1.3.1...1.1.
000D0 00 00 01 00 00 00 01 00 00 00 A0 FB 12 00 00 00 ................
000E0 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 ..............
댓글 달기