分享以前的实验
时间:2006-04-09 来源:智勇双全
首先用命令rpm –qa |grep ssh 来查看是否安装了SSH
[root@localhost root]# rpm -qa |grep ssh
openssh-3.5p1-6
openssh-server-3.5p1-6
openssh-clients-3.5p1-6
openssh-askpass-3.5p1-6
openssh-askpass-gnome-3.5p1-6
由此可以看出系统安装了 openssh
所以可以启动ssh用命令service sshd start启动
[root@localhost root]# service sshd start
Starting sshd: [ok]
[root@localhost rc.d]# /etc/rc.d/init.d/sshd start
Starting sshd: [ OK ]
查看openssh :
[root@localhost rc.d]# rpm -ql openssh
/etc/ssh
/etc/ssh/moduli
/usr/bin/ssh-keygen
/usr/libexec/openssh
/usr/libexec/openssh/ssh-keysign
/usr/share/doc/openssh-3.5p1
/usr/share/doc/openssh-3.5p1/CREDITS
/usr/share/doc/openssh-3.5p1/ChangeLog
/usr/share/doc/openssh-3.5p1/INSTALL
/usr/share/doc/openssh-3.5p1/LICENCE
/usr/share/doc/openssh-3.5p1/OVERVIEW
/usr/share/doc/openssh-3.5p1/README
/usr/share/doc/openssh-3.5p1/README.privsep
/usr/share/doc/openssh-3.5p1/README.smartcard
/usr/share/doc/openssh-3.5p1/RFC.nroff
/usr/share/doc/openssh-3.5p1/TODO
/usr/share/doc/openssh-3.5p1/WARNING.RNG
/usr/share/man/man1/ssh-keygen.1.gz
/usr/share/man/man8/ssh-keysign.8.gz
查看是否安装了openssh-server:
[root@localhost rc.d]# rpm -ql openssh-server
/etc/pam.d/sshd
/etc/rc.d/init.d/sshd
/etc/ssh
/etc/ssh/sshd_config
/usr/libexec/openssh/sftp-server
/usr/sbin/sshd
/usr/share/man/man5/sshd_config.5.gz
/usr/share/man/man8/sftp-server.8.gz
/usr/share/man/man8/sshd.8.gz
/var/empty/sshd [root@localhost rc.d]# ps -ef|grep sshd
root 1081 1 0 18:46 ? 00:00:00 /usr/sbin/sshd
root 5606 1303 0 20:11 tty1 00:00:00 grep sshd 查看端口号是否启动:
[root@localhost rc.d]# netstat -an|grep 22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 下面就是使用在win下的软件SecureCRT 4.1来做SSH的实验,用它来完成实验。
对于该软件的安装可能遇到的问题是安装不成功,关键是要把crack文件解包到安装目录下,只有那样才可以安装成功。下面是连接到虚拟机上(用SecureCRT 4.1软件) 用命令tcpdump采集SSH通信数据包我们把虚拟 的ip设置为192.168.123.1 虚拟网络转换为:本地和主机在本地主机上加一个ip为192.168.123.2 这样我们就可以把本地主机作为被监 听的对象。例如:在虚拟机打入命令:tcpdump port 22 接下去我们可以到虚拟机上去
在被监听的机子上的一举一动都会被记录下来。
例如我们在客户端输入ls命令 [root@localhost root]# tcpdump port 22
tcpdump: listening on eth0
21:19:39.114602 192.168.123.2.1275 > 192.168.123.1.ssh: P 321883683:321883731(4
) ack 2926343604 win 16352 (DF)
21:19:39.125377 192.168.123.1.ssh > 192.168.123.2.1275: P 1:49(48) ack 48 win 7
04 (DF) [tos 0x10]
21:19:39.184640 192.168.123.2.1275 > 192.168.123.1.ssh: . ack 49 win 16304 (DF)
21:19:39.354624 192.168.123.2.1275 > 192.168.123.1.ssh: P 48:96(48) ack 49 win
6304 (DF)
21:19:39.355863 192.168.123.1.ssh > 192.168.123.2.1275: P 49:97(48) ack 96 win
504 (DF) [tos 0x10]
21:19:39.414631 192.168.123.2.1275 > 192.168.123.1.ssh: . ack 97 win 16256 (DF)
21:19:39.785835 192.168.123.2.1275 > 192.168.123.1.ssh: P 96:144(48) ack 97 win
16256 (DF)
21:19:39.786738 192.168.123.1.ssh > 192.168.123.2.1275: P 97:145(48) ack 144 wi21:19:39.812688 192.168.123.1.ssh > 192.168.123.2.1275: P 145:289(144) ack 144
in 7504 (DF) [tos 0x10]
21:19:39.814780 192.168.123.2.1275 > 192.168.123.1.ssh: . ack 289 win 16064 (DF
21:19:39.815808 192.168.123.1.ssh > 192.168.123.2.1275: P 289:417(128) ack 144
in 7504 (DF) [tos 0x10]
21:19:39.817808 192.168.123.1.ssh > 192.168.123.2.1275: P 417:465(48) ack 144 w
n 7504 (DF) [tos 0x10]
21:19:39.818827 192.168.123.2.1275 > 192.168.123.1.ssh: . ack 465 win 17520 (DF
21:19:39.822365 192.168.123.1.ssh > 192.168.123.2.1275: P 465:529(64) ack 144 w
n 7504 (DF) [tos 0x10]
21:19:39.874636 192.168.123.2.1275 > 192.168.123.1.ssh: . ack 529 win 17456 (DF
这样我们就可以实现用tcpdump采集SSH通信数据包。本实验就基本完成了。
[root@localhost root]# rpm -qa |grep ssh
openssh-3.5p1-6
openssh-server-3.5p1-6
openssh-clients-3.5p1-6
openssh-askpass-3.5p1-6
openssh-askpass-gnome-3.5p1-6
由此可以看出系统安装了 openssh
所以可以启动ssh用命令service sshd start启动
[root@localhost root]# service sshd start
Starting sshd: [ok]
[root@localhost rc.d]# /etc/rc.d/init.d/sshd start
Starting sshd: [ OK ]
查看openssh :
[root@localhost rc.d]# rpm -ql openssh
/etc/ssh
/etc/ssh/moduli
/usr/bin/ssh-keygen
/usr/libexec/openssh
/usr/libexec/openssh/ssh-keysign
/usr/share/doc/openssh-3.5p1
/usr/share/doc/openssh-3.5p1/CREDITS
/usr/share/doc/openssh-3.5p1/ChangeLog
/usr/share/doc/openssh-3.5p1/INSTALL
/usr/share/doc/openssh-3.5p1/LICENCE
/usr/share/doc/openssh-3.5p1/OVERVIEW
/usr/share/doc/openssh-3.5p1/README
/usr/share/doc/openssh-3.5p1/README.privsep
/usr/share/doc/openssh-3.5p1/README.smartcard
/usr/share/doc/openssh-3.5p1/RFC.nroff
/usr/share/doc/openssh-3.5p1/TODO
/usr/share/doc/openssh-3.5p1/WARNING.RNG
/usr/share/man/man1/ssh-keygen.1.gz
/usr/share/man/man8/ssh-keysign.8.gz
查看是否安装了openssh-server:
[root@localhost rc.d]# rpm -ql openssh-server
/etc/pam.d/sshd
/etc/rc.d/init.d/sshd
/etc/ssh
/etc/ssh/sshd_config
/usr/libexec/openssh/sftp-server
/usr/sbin/sshd
/usr/share/man/man5/sshd_config.5.gz
/usr/share/man/man8/sftp-server.8.gz
/usr/share/man/man8/sshd.8.gz
/var/empty/sshd [root@localhost rc.d]# ps -ef|grep sshd
root 1081 1 0 18:46 ? 00:00:00 /usr/sbin/sshd
root 5606 1303 0 20:11 tty1 00:00:00 grep sshd 查看端口号是否启动:
[root@localhost rc.d]# netstat -an|grep 22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 下面就是使用在win下的软件SecureCRT 4.1来做SSH的实验,用它来完成实验。
对于该软件的安装可能遇到的问题是安装不成功,关键是要把crack文件解包到安装目录下,只有那样才可以安装成功。下面是连接到虚拟机上(用SecureCRT 4.1软件) 用命令tcpdump采集SSH通信数据包我们把虚拟 的ip设置为192.168.123.1 虚拟网络转换为:本地和主机在本地主机上加一个ip为192.168.123.2 这样我们就可以把本地主机作为被监 听的对象。例如:在虚拟机打入命令:tcpdump port 22 接下去我们可以到虚拟机上去
在被监听的机子上的一举一动都会被记录下来。
例如我们在客户端输入ls命令 [root@localhost root]# tcpdump port 22
tcpdump: listening on eth0
21:19:39.114602 192.168.123.2.1275 > 192.168.123.1.ssh: P 321883683:321883731(4
) ack 2926343604 win 16352 (DF)
21:19:39.125377 192.168.123.1.ssh > 192.168.123.2.1275: P 1:49(48) ack 48 win 7
04 (DF) [tos 0x10]
21:19:39.184640 192.168.123.2.1275 > 192.168.123.1.ssh: . ack 49 win 16304 (DF)
21:19:39.354624 192.168.123.2.1275 > 192.168.123.1.ssh: P 48:96(48) ack 49 win
6304 (DF)
21:19:39.355863 192.168.123.1.ssh > 192.168.123.2.1275: P 49:97(48) ack 96 win
504 (DF) [tos 0x10]
21:19:39.414631 192.168.123.2.1275 > 192.168.123.1.ssh: . ack 97 win 16256 (DF)
21:19:39.785835 192.168.123.2.1275 > 192.168.123.1.ssh: P 96:144(48) ack 97 win
16256 (DF)
21:19:39.786738 192.168.123.1.ssh > 192.168.123.2.1275: P 97:145(48) ack 144 wi21:19:39.812688 192.168.123.1.ssh > 192.168.123.2.1275: P 145:289(144) ack 144
in 7504 (DF) [tos 0x10]
21:19:39.814780 192.168.123.2.1275 > 192.168.123.1.ssh: . ack 289 win 16064 (DF
21:19:39.815808 192.168.123.1.ssh > 192.168.123.2.1275: P 289:417(128) ack 144
in 7504 (DF) [tos 0x10]
21:19:39.817808 192.168.123.1.ssh > 192.168.123.2.1275: P 417:465(48) ack 144 w
n 7504 (DF) [tos 0x10]
21:19:39.818827 192.168.123.2.1275 > 192.168.123.1.ssh: . ack 465 win 17520 (DF
21:19:39.822365 192.168.123.1.ssh > 192.168.123.2.1275: P 465:529(64) ack 144 w
n 7504 (DF) [tos 0x10]
21:19:39.874636 192.168.123.2.1275 > 192.168.123.1.ssh: . ack 529 win 17456 (DF
这样我们就可以实现用tcpdump采集SSH通信数据包。本实验就基本完成了。
相关阅读 更多 +
