Kendi portlarıma baglanmam ?

Başlatan Mx0Ub, 06 Ekim 2011 - 16:38:50

« önceki - sonraki »

0 Üyeler ve 1 Ziyaretçi konuyu incelemekte.

Yazdır
Aşağı git Sayfa1
Kullanıcı Eylemleri

Mx0Ub

06 Ekim 2011 - 16:38:50
Merhaba
Kendime bir sistem yaptım .
İşte 23,80,139 ve 445 portlara bir bağlantı olursa kayıt altına alıyorum ip yi.

Sorunsa bende kendi portlarıma baglanıyorum .
Benim ip de loglanıyor,bağlandım portlarsa 139,445 ve  Ping protokolü.


Ben elle yapmadıma gore acaba hangi program bunu yapıyor nasıl ögrenebilirim ?
Not:
Hic bi sorumluluk kabul edilmez yapılan yorumlardan ve verilen kodlardan

cagriemer

#1
06 Ekim 2011 - 17:01:18
23, 80, 139 ve 445 numarali portlara yapilan baglantilari nasil bir betikle/programla kayit altina aliyorsunuz?

Mx0Ub

#2
06 Ekim 2011 - 19:54:58
iptables ve syslog ile
Not:
Hic bi sorumluluk kabul edilmez yapılan yorumlardan ve verilen kodlardan

cagriemer

#3
07 Ekim 2011 - 01:17:27 Son düzenlenme: 07 Ekim 2011 - 01:55:50 cagriemer
Kod Seç
sudo iptables -L
cat /var/log/syslog

ciktilarini paylasir misiniz?


Ekleme: Aslinda syslog'dan ziyade iptables nereye loglama yapiyorsa onu paylasmanizi istemistim.

Mx0Ub

#4
08 Ekim 2011 - 03:20:26
iptables

Kod Seç
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
LOG        all  --  192.168.2.0/24       anywhere            LOG level warning prefix `iplog'

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination   


syslog içine loglama yapıyor

syslog içerigi tamamı cok uzun bir kısmı burda

Kod Seç
DST=192.168.2.96 LEN=106 TOS=0x00 PREC=0xC0 TTL=64 ID=45480 PROTO=ICMP TYPE=3 CODE=3 [SRC=192.168.2.96 DST=192.168.2.1 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=55598 DPT=137 LEN=58 ]
Oct  8 03:17:02 14248 kernel: [ 5976.785968] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=445 DPT=54056 WINDOW=0 RES=0x00 ACK RST URGP=0
Oct  8 03:17:02 14248 kernel: [ 5976.787563] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=139 DPT=44245 WINDOW=0 RES=0x00 ACK RST URGP=0
Oct  8 03:17:04 14248 kernel: [ 5978.219533] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50
Oct  8 03:17:15 14248 kernel: [ 5989.792288] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=173 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=48172 LEN=153
Oct  8 03:17:15 14248 kernel: [ 5989.795334] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=144 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=39891 LEN=124
Oct  8 03:17:26 14248 kernel: [ 6000.144539] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=57741 LEN=50
Oct  8 03:17:26 14248 kernel: [ 6000.245352] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50
Oct  8 03:17:27 14248 kernel: [ 6001.243541] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50
Oct  8 03:17:29 14248 kernel: [ 6003.240248] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50
Oct  8 03:17:51 14248 kernel: [ 6025.109420] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50
Oct  8 03:17:52 14248 kernel: [ 6026.107700] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50
Oct  8 03:17:54 14248 kernel: [ 6028.104374] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50
Oct  8 03:18:01 14248 arp-scan[19043]: Starting: arp-scan -q 192.168.2.1-192.168.2.255 -I wlan0
Oct  8 03:18:01 14248 kernel: [ 6035.032085] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=41055 LEN=50
Oct  8 03:18:01 14248 kernel: [ 6035.132545] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50
Oct  8 03:18:02 14248 kernel: [ 6036.131306] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50
Oct  8 03:18:02 14248 arp-scan[19043]: Ending: 255 hosts scanned in 1.282 seconds (198.91 hosts/sec). 1 responded
Oct  8 03:18:02 14248 kernel: [ 6036.507322] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=106 TOS=0x00 PREC=0xC0 TTL=64 ID=45481 PROTO=ICMP TYPE=3 CODE=3 [SRC=192.168.2.96 DST=192.168.2.1 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=60253 DPT=137 LEN=58 ]
Oct  8 03:18:03 14248 kernel: [ 6037.255188] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=77 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=56762 LEN=57
Oct  8 03:18:04 14248 kernel: [ 6038.127393] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50
Oct  8 03:18:07 14248 kernel: [ 6041.631392] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=81 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=35127 LEN=61
Oct  8 03:18:09 14248 kernel: [ 6043.087789] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=81 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=44630 LEN=61
Oct  8 03:18:09 14248 kernel: [ 6043.477270] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=83 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=47276 LEN=63
Oct  8 03:18:09 14248 kernel: [ 6043.479878] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=80 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=33913 LEN=60
Oct  8 03:18:09 14248 kernel: [ 6043.553634] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=80 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=45540 LEN=60
Oct  8 03:18:09 14248 kernel: [ 6043.556516] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=106 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=35264 LEN=86
Oct  8 03:18:09 14248 kernel: [ 6043.557214] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=120 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=49651 LEN=100
Oct  8 03:18:11 14248 kernel: [ 6045.702411] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=80 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=42054 LEN=60
Oct  8 03:18:11 14248 kernel: [ 6045.706700] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=56095 LEN=58
Oct  8 03:18:11 14248 kernel: [ 6045.708563] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=94 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=38675 LEN=74
Oct  8 03:18:12 14248 kernel: [ 6045.731615] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=51846 LEN=58
Oct  8 03:18:12 14248 kernel: [ 6045.733508] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=106 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=56848 LEN=86
Oct  8 03:18:12 14248 kernel: [ 6045.736278] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=81 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=54155 LEN=61
Oct  8 03:18:12 14248 kernel: [ 6045.740250] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=100 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=51078 LEN=80
Oct  8 03:18:12 14248 kernel: [ 6046.260464] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=282 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=53745 LEN=262
Oct  8 03:18:12 14248 kernel: [ 6046.343839] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=313 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=41575 LEN=293
Oct  8 03:18:12 14248 kernel: [ 6046.381711] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=354 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=42158 LEN=334
Oct  8 03:18:12 14248 kernel: [ 6046.518353] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=50895 LEN=160
Oct  8 03:18:12 14248 kernel: [ 6046.679885] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=213 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=53781 LEN=193
Oct  8 03:18:13 14248 kernel: [ 6046.905816] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=55747 LEN=58
Oct  8 03:18:15 14248 kernel: [ 6048.816691] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=94 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=41834 LEN=74
Oct  8 03:18:15 14248 kernel: [ 6049.639784] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=173 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=35721 LEN=153
Oct  8 03:18:15 14248 kernel: [ 6049.643216] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=144 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=48980 LEN=124
Oct  8 03:18:21 14248 kernel: [ 6055.058370] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=57612 LEN=50
Oct  8 03:18:21 14248 kernel: [ 6055.159148] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50
Oct  8 03:18:22 14248 kernel: [ 6056.158442] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50
Oct  8 03:18:24 14248 kernel: [ 6058.154837] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50
Oct  8 03:18:37 14248 kernel: [ 6070.805141] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=266 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=58153 LEN=246
Oct  8 03:18:37 14248 kernel: [ 6071.446606] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=502 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=59239 LEN=482
Oct  8 03:18:46 14248 kernel: [ 6080.021168] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=41663 LEN=50
Oct  8 03:18:46 14248 kernel: [ 6080.121920] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50
Oct  8 03:18:47 14248 kernel: [ 6081.121173] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50
Oct  8 03:18:48 14248 kernel: [ 6081.828137] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=81 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=60567 LEN=61
Oct  8 03:18:49 14248 kernel: [ 6083.117420] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50
Oct  8 03:18:58 14248 kernel: [ 6091.764716] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=81 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=60738 LEN=61
Oct  8 03:19:01 14248 arp-scan[20214]: Starting: arp-scan -q 192.168.2.1-192.168.2.255 -I wlan0
Oct  8 03:19:01 14248 kernel: [ 6094.945056] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=45322 LEN=50
Oct  8 03:19:01 14248 kernel: [ 6095.045479] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50
Oct  8 03:19:02 14248 kernel: [ 6096.043893] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50
Oct  8 03:19:02 14248 arp-scan[20214]: Ending: 255 hosts scanned in 1.258 seconds (202.70 hosts/sec). 1 responded
Oct  8 03:19:02 14248 kernel: [ 6096.107128] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=106 TOS=0x00 PREC=0xC0 TTL=64 ID=45482 PROTO=ICMP TYPE=3 CODE=3 [SRC=192.168.2.96 DST=192.168.2.1 LEN=78 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=56277 DPT=137 LEN=58 ]
Oct  8 03:19:03 14248 kernel: [ 6096.593331] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=445 DPT=57437 WINDOW=0 RES=0x00 ACK RST URGP=0
Oct  8 03:19:03 14248 kernel: [ 6096.595118] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=139 DPT=57622 WINDOW=0 RES=0x00 ACK RST URGP=0
Oct  8 03:19:04 14248 kernel: [ 6098.040591] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50
Oct  8 03:19:11 14248 kernel: [ 6104.793976] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=38905 LEN=50
Oct  8 03:19:11 14248 kernel: [ 6104.894738] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50
Oct  8 03:19:12 14248 kernel: [ 6105.893948] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50
Oct  8 03:19:14 14248 kernel: [ 6107.890040] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50
Oct  8 03:19:15 14248 kernel: [ 6109.543029] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=173 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=41714 LEN=153
Oct  8 03:19:16 14248 kernel: [ 6109.549932] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=144 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=47908 LEN=124
Oct  8 03:19:21 14248 kernel: [ 6114.933582] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=38399 LEN=50
Oct  8 03:19:21 14248 kernel: [ 6115.033918] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50
Oct  8 03:19:22 14248 kernel: [ 6116.033070] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50
Oct  8 03:19:24 14248 kernel: [ 6118.028010] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50
Oct  8 03:19:41 14248 kernel: [ 6134.925473] iplogIN=wlan0 OUT= MAC=1c:65:9d:aa:b0:e6:00:1c:a8:9b:01:7a:08:00 SRC=192.168.2.1 DST=192.168.2.96 LEN=70 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=44184 LEN=50
Oct  8 03:19:41 14248 kernel: [ 6135.030347] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50
Oct  8 03:19:42 14248 kernel: [ 6136.029332] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50
Oct  8 03:19:44 14248 kernel: [ 6138.026077] iplogIN=wlan0 OUT= MAC= SRC=192.168.2.96 DST=224.0.0.251 LEN=70 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=50


Mesaj tekrarı yüzünden mesajınız birleştirildi. Bu mesajın gönderim tarihi : 08 Ekim 2011 - 03:21:29

benim programları takip edip hangisi paket yollamıs bakmam lazım
Not:
Hic bi sorumluluk kabul edilmez yapılan yorumlardan ve verilen kodlardan

cagriemer

#5
08 Ekim 2011 - 08:38:28
Alıntı YapLOG        all  --  192.168.2.0/24       anywhere            LOG level warning prefix `iplog'

192.168.2.0 -192.168.2.255 de dahil tum IP'lerden, herhangi bir yere yapilan tum istekleri kayit altina almasini soylemissiniz. Istediginiz portlara, belirlediginiz IP araliklarindan kayit almasi icin daha spesifik kurallar tanimlamaniz gerekiyor. Ornegin komut satirina verdiginiz su asagidaki kod, tcp 80 portuna gelen tum istekleri "80'e yapilan baglanti" oneki ile kayit altina alacaktir.

Kod Seç
iptables -A INPUT -p tcp --dport 80 -j LOG --log-prefix "80'e yapilan baglanti: " --log-level 7

Bu sekilde ayri ayri portlar icin yapilandirmalar olusturmalisiniz. Benim de cok efektif kullandigim soylenemez o yuzden daha fazla yardimci olamiyorum ne yazik ki. iptables man sayfalarina bir goz atin derim. http://manpages.ubuntu.com/manpages/lucid/en/man8/iptables.8.html

Mx0Ub

#6
08 Ekim 2011 - 16:55:46
iptables -A INPUT -p tcp --dport 80 -j LOG --log-prefix "80'e yapilan baglanti: " --log-level 7

bu sekilde programlarıda log laya bilirmiyim yani

benim bilmek istediğim sadece bendeki hangi program belirli portlara baglanıyor ?
Not:
Hic bi sorumluluk kabul edilmez yapılan yorumlardan ve verilen kodlardan

cagriemer

#7
08 Ekim 2011 - 17:05:22
OUTPUT tablosu icin owner module adi verilen secenegi kullanabilirmissiniz. [1,2] Lakin daha once de dedigim gibi bu kadar ayrintiyi ben de bilmiyorum. Daha once denemisligim yok. Eger anlik olarak hani programin hangi porta baglandigini gormek isterseniz asagida verdigim komut da isinizi gorebilir. Hem tcp hem de udp uzerinden yapilan baglantilari gosterir.

Kod Seç
sudo netstat -plantu


[1] http://seclists.org/firewall-wizards/2003/Nov/58
[2] http://superuser.com/questions/34782/with-linux-iptables-is-it-possible-to-log-the-process-command-name-that-initiate
Yazdır
Yukarı git Sayfa1
Kullanıcı Eylemleri