June 2016
Beginner to intermediate
376 pages
8h 58m
Japanese
Content preview from データ分析によるネットワークセキュリティ
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
326
15
章 ネットワークマッピング
15.1.5.1
サーバの特定
サーバは、セッションを受信しているポートを探し、そのポートへの通信の多様性を調べると特
定できる。セッションを受信しているポートを特定するには、パケットの最初のフラグと残りの本体
を区別する必要がある。これは、
pcap
のデータかフロー計測データにアクセスできれば可能である
(「5.11.1 YAF」で説明したように、YAFで取得できる)。フローの場合は、SYNとACKで応答す
るホストを特定すればよい。
$ rwfilter --proto=6 --flags-init=SA|SA --pass=server_traffic.rwf \
--start-date=2013/05/13:00 --end-date=2013/05/13:00 --type=in
この方法はUDPではうまくいかない。UDPでは任意のポートにデータを送信できるし、応答がな
くても問題ないからだ。
UDPとTCPの両方で使える代わりの方法は、ポートとプロトコルの組み合
わせの多様性を調べる方法である。この方法には「15.1.4.2 プロキシの特定」で簡単に触れている
が、ここで詳しく説明する。
サーバは共有資源である。つまり、アドレスは複数のクライアントに共有されているので、時間が
経つにつれ、複数のクライアントがサーバのアドレスに接続することが見込まれる。したがって、複
数の送信元 IP・ポートのフローが、すべて同じ送信先IP・ポートと通信しているのを観測するこ ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.