반응형
네트워크의 기초
서버(원격 컴퓨터 설치된 프로그램)
원격
- java / net
-
IP버전
IPv4
xxx.xxx.xxx.xxx
->
용량이 증대되고 있어서
증대되는 이유는 IoT, 스마트기기의 이용량 증가 때문이다
* 네트워크 통신에는 무조건 아이피가 있어야한다.
* 아이피 종류
루프백
- 네트워크 검사용 아이피
- 127.0.0.1 (localhost)
네트워크
- 외부에서 주어진 아이피(공인아이피)
- 비공인아이피(공유기에서 제공)
http://192.168.111.128
->
IPv6
xxx.xxx.xxx.xxx.xxx.xxxTCP/IP 프로토콜
인터넷 연결을 끊고 나서 아이피로 접근 시도
ipconfig의 아이피와 네이버에서 내 아이피를 쳤을때의 아이피가 다르다. 공인아이피는 네이버에서 뜨는 아이피로서 이는 공유기 아이피 주소이다.
공유기안에 포트포워딩이라는게 있는데 이는 포트에 따라서 특정 컴퓨터를 지목해서 전송할 수 있다.
회사에서 사용한 컴퓨터를 켜놓으면 집에가서 작업할 수 있다.
hostname
localhost : 127.0.0.1
kitcoop-PC : 공인아이피
+ 도메인
=> 인터넷 주소
C:\Users\kitcoop>ping 127.0.0.1
Ping 127.0.0.1 32바이트 데이터 사용:
127.0.0.1의 응답: 바이트=32 시간<1ms TTL=128
127.0.0.1의 응답: 바이트=32 시간<1ms TTL=128
127.0.0.1의 응답: 바이트=32 시간<1ms TTL=128
127.0.0.1의 응답: 바이트=32 시간<1ms TTL=128
127.0.0.1에 대한 Ping 통계:
패킷: 보냄 = 4, 받음 = 4, 손실 = 0 (0% 손실),
왕복 시간(밀리초):
최소 = 0ms, 최대 = 0ms, 평균 = 0msC:\Users\kitcoop>ping 192.168.112.1
Ping 192.168.112.1 32바이트 데이터 사용:
192.168.112.1의 응답: 바이트=32 시간<1ms TTL=128
192.168.112.1의 응답: 바이트=32 시간<1ms TTL=128
192.168.112.1의 응답: 바이트=32 시간<1ms TTL=128
192.168.112.1의 응답: 바이트=32 시간<1ms TTL=128
192.168.112.1에 대한 Ping 통계:
패킷: 보냄 = 4, 받음 = 4, 손실 = 0 (0% 손실),
왕복 시간(밀리초):
최소 = 0ms, 최대 = 0ms, 평균 = 0ms
C:\Users\kitcoop>ping 192.168.10.1
Ping 192.168.10.1 32바이트 데이터 사용:
요청 시간이 만료되었습니다.Ping kitcoop-PC [::1] 32바이트 데이터 사용:
::1의 응답: 시간<1ms
::1의 응답: 시간<1ms
::1의 응답: 시간<1ms
::1의 응답: 시간<1ms
::1에 대한 Ping 통계:
패킷: 보냄 = 4, 받음 = 4, 손실 = 0 (0% 손실),
왕복 시간(밀리초):
최소 = 0ms, 최대 = 0ms, 평균 = 0msC:\Users\kitcoop>ping kitcoop-PC
Ping kitcoop-PC [fe80::8df4:1928:cc47:6b8f%11] 32바이트 데이터 사용:
fe80::8df4:1928:cc47:6b8f%11의 응답: 시간<1ms
fe80::8df4:1928:cc47:6b8f%11의 응답: 시간<1ms
fe80::8df4:1928:cc47:6b8f%11의 응답: 시간<1ms
fe80::8df4:1928:cc47:6b8f%11의 응답: 시간<1ms
fe80::8df4:1928:cc47:6b8f%11에 대한 Ping 통계:
패킷: 보냄 = 4, 받음 = 4, 손실 = 0 (0% 손실),
왕복 시간(밀리초):
최소 = 0ms, 최대 = 0ms, 평균 = 0msC:\Users\kitcoop>ping www.naver.com
Ping www.naver.com.nheos.com [125.209.222.142] 32바이트 데이터 사용:
요청 시간이 만료되었습니다.네이버에서 핑을 막음
[master@localhost ~]$ ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.082 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.080 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.082 ms
64 bytes from 127.0.0.1: icmp_seq=4 ttl=64 time=0.073 ms
64 bytes from 127.0.0.1: icmp_seq=5 ttl=64 time=0.082 ms
64 bytes from 127.0.0.1: icmp_seq=6 ttl=64 time=0.080 ms
64 bytes from 127.0.0.1: icmp_seq=7 ttl=64 time=0.076 ms
64 bytes from 127.0.0.1: icmp_seq=8 ttl=64 time=0.076 ms
64 bytes from 127.0.0.1: icmp_seq=9 ttl=64 time=0.077 ms
64 bytes from 127.0.0.1: icmp_seq=10 ttl=64 time=0.073 ms
64 bytes from 127.0.0.1: icmp_seq=11 ttl=64 time=0.075 ms
64 bytes from 127.0.0.1: icmp_seq=12 ttl=64 time=0.077 ms
64 bytes from 127.0.0.1: icmp_seq=13 ttl=64 time=0.122 ms
64 bytes from 127.0.0.1: icmp_seq=14 ttl=64 time=0.080 ms
64 bytes from 127.0.0.1: icmp_seq=15 ttl=64 time=0.081 ms
64 bytes from 127.0.0.1: icmp_seq=16 ttl=64 time=0.076 ms
64 bytes from 127.0.0.1: icmp_seq=17 ttl=64 time=0.077 ms
^Z
[1]+ Stopped ping 127.0.0.1
리눅스에서 ping을 치면 무한으로 뜬다.
호스트 이름이 컴퓨터였다면 포트 번호는 프로그램이다.
# The Well Known Ports are those from 0 through 1023.
# The Registered Ports are those from 1024 through 49151
[master@localhost ~]$ uname -n
localhost.localdomain
[master@localhost ~]$ uname -m
x86_64
[master@localhost ~]$ uname -r
3.10.0-862.9.1.el7.x86_64
[master@localhost ~]$ uname -s
Linux
[master@localhost ~]$ uname -v
#1 SMP Mon Jul 16 16:29:36 UTC 2018
[master@localhost ~]$ uname -a
Linux localhost.localdomain 3.10.0-862.9.1.el7.x86_64 #1 SMP Mon Jul 16 16:29:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[master@localhost ~]$ hostname
localhost.localdomain
[root@localhost ~]# hostname tester.test.com
[root@localhost ~]# hostname
tester.test.com
[root@localhost ~]# cat /etc/hostname
localhost.localdomain
[root@localhost ~]# vi /etc/hostname
[master@tester ~]$ hostname
tester.test.com
putty로 들어가서 해보자
[root@tester ~]# vi /etc/hostname
[root@tester ~]# reboot
LAN카드를 꺼보자
[root@locahost ~]# ifconfig ens33
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.111.128 netmask 255.255.255.0 broadcast 192.168.111.255
inet6 fe80::bfab:8f50:8c7b:606 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:cd:9b:a8 txqueuelen 1000 (Ethernet)
RX packets 250 bytes 29744 (29.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 250 bytes 34334 (33.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@locahost ~]# ifconfig ens33 down
[root@locahost ~]# ifconfig ens33
ens33: flags=4098<BROADCAST,MULTICAST> mtu 1500
inet 192.168.111.128 netmask 255.255.255.0 broadcast 192.168.111.255
ether 00:0c:29:cd:9b:a8 txqueuelen 1000 (Ethernet)
RX packets 250 bytes 29744 (29.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 250 bytes 34334 (33.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
LAN카드 다시 켜보자
[root@locahost ~]# ifconfig ens33
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.111.128 netmask 255.255.255.0 broadcast 192.168.111.255
inet6 fe80::bfab:8f50:8c7b:606 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:cd:9b:a8 txqueuelen 1000 (Ethernet)
RX packets 250 bytes 29744 (29.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 250 bytes 34334 (33.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@locahost ~]# ifconfig ens33 down
[root@locahost ~]# ifconfig ens33
ens33: flags=4098<BROADCAST,MULTICAST> mtu 1500
inet 192.168.111.128 netmask 255.255.255.0 broadcast 192.168.111.255
ether 00:0c:29:cd:9b:a8 txqueuelen 1000 (Ethernet)
RX packets 250 bytes 29744 (29.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 250 bytes 34334 (33.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
고정 아이피를 사용하고 싶으면 아래에서 수동으로 지정해준다
BOOTPROTO=dhcp가 static으로 바뀐다
DNS : Domain Name Service or Server
ip - 도메인주소
도메인주소 - ip
네임서버가 잘 못 되면 질의를 못한다
[master@locahost ~]$ ping www.hanb.co.kr
PING www.hanb.co.kr (218.38.58.195) 56(84) bytes of data.
64 bytes from 218.38.58.195 (218.38.58.195): icmp_seq=1 ttl=128 time=12.7 ms
64 bytes from 218.38.58.195 (218.38.58.195): icmp_seq=2 ttl=128 time=3.65 ms
64 bytes from 218.38.58.195 (218.38.58.195): icmp_seq=3 ttl=128 time=5.53 ms
64 bytes from 218.38.58.195 (218.38.58.195): icmp_seq=4 ttl=128 time=4.39 ms
64 bytes from 218.38.58.195 (218.38.58.195): icmp_seq=5 ttl=128 time=4.15 ms
64 bytes from 218.38.58.195 (218.38.58.195): icmp_seq=6 ttl=128 time=4.60 ms
^C
--- www.hanb.co.kr ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5010ms
rtt min/avg/max/mdev = 3.652/5.852/12.765/3.142 ms
[root@locahost ~]# yum -y install whois[root@locahost ~]# whois 58.229.11.125
% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
% Information related to '58.224.0.0 - 58.239.255.255'
% Abuse contact for '58.224.0.0 - 58.239.255.255' is 'hostmaster@nic.or.kr'
inetnum: 58.224.0.0 - 58.239.255.255
netname: broadNnet
descr: SK Broadband Co Ltd
admin-c: IM670-AP
tech-c: IM670-AP
country: KR
status: ALLOCATED PORTABLE
mnt-by: MNT-KRNIC-AP
mnt-irt: IRT-KRNIC-KR
last-modified: 2017-02-03T00:38:11Z
source: APNIC
irt: IRT-KRNIC-KR
address: Seocho-ro 398, Seocho-gu, Seoul, Korea
e-mail: hostmaster@nic.or.kr
abuse-mailbox: hostmaster@nic.or.kr
admin-c: IM574-AP
tech-c: IM574-AP
auth: # Filtered
mnt-by: MNT-KRNIC-AP
last-modified: 2017-10-19T07:36:36Z
source: APNIC
person: IP Manager
nic-hdl: IM670-AP
e-mail: ip-adm@skbroadband.com
address: Seoul Jung-gu Toegye-ro 24
phone: +82-2-106-2
country: KR
mnt-by: MNT-KRNIC-AP
last-modified: 2016-12-12T04:34:08Z
source: APNIC
% Information related to '58.224.0.0 - 58.239.255.255'
inetnum: 58.224.0.0 - 58.239.255.255
netname: broadNnet-KR
descr: SK Broadband Co Ltd
country: KR
admin-c: IM12-KR
tech-c: IM12-KR
status: ALLOCATED PORTABLE
mnt-by: MNT-KRNIC-AP
mnt-irt: IRT-KRNIC-KR
remarks: This information has been partially mirrored by APNIC from
remarks: KRNIC. To obtain more specific information, please use the
remarks: KRNIC whois server at whois.krnic.net.
changed: hostmaster@nic.or.kr
source: KRNIC
person: IP Manager
address: Seoul Jung-gu Toegye-ro 24
address: SK Namsan Green Bldg.
country: KR
phone: +82-2-106-2
e-mail: ip-adm@skbroadband.com
nic-hdl: IM12-KR
mnt-by: MNT-KRNIC-AP
changed: hostmaster@nic.or.kr
source: KRNIC
% This query was served by the APNIC Whois Service version 1.88.15-46 (WHOIS-US4 )
traceroute 명령 거부하여 * 로 표현이 된다
[root@locahost ~]# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
default gateway 0.0.0.0 UG 0 0 0 ens33
192.168.111.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
[root@locahost ~]# netstat -an | grep LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp6 0 0 :::111 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
unix 2 [ ACC ] STREAM LISTENING 26828 private/error
unix 2 [ ACC ] STREAM LISTENING 26831 private/retry
unix 2 [ ACC ] STREAM LISTENING 26834 private/discard
unix 2 [ ACC ] STREAM LISTENING 26837 private/local
unix 2 [ ACC ] STREAM LISTENING 26840 private/virtual
unix 2 [ ACC ] STREAM LISTENING 43908 @/tmp/dbus-dR5AT1wQ
unix 2 [ ACC ] STREAM LISTENING 26846 private/anvil
unix 2 [ ACC ] STREAM LISTENING 49448 @/tmp/.ICE-unix/5952
unix 2 [ ACC ] STREAM LISTENING 13574 /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 26133 /var/run/libvirt/libvirt-sock
unix 2 [ ACC ] STREAM LISTENING 26135 /var/run/libvirt/libvirt-sock-ro
unix 2 [ ACC ] STREAM LISTENING 23319 /var/run/NetworkManager/private-dhcp
unix 2 [ ACC ] STREAM LISTENING 26137 /var/run/libvirt/libvirt-admin-sock
unix 2 [ ACC ] STREAM LISTENING 33092 @/tmp/.ICE-unix/2054
unix 2 [ ACC ] STREAM LISTENING 27080 @/tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 43975 @/tmp/.X11-unix/X1
unix 2 [ ACC ] STREAM LISTENING 13859 /run/lvm/lvmetad.socket
unix 2 [ ACC ] STREAM LISTENING 27081 /tmp/.X11-unix/X0
unix 2 [ ACC ] STREAM LISTENING 32882 /tmp/ssh-aUp2jLwI8rTH/agent.2054
unix 2 [ ACC ] STREAM LISTENING 44091 @/tmp/dbus-ojLOXGX5
unix 2 [ ACC ] STREAM LISTENING 20015 /run/gssproxy.sock
unix 2 [ ACC ] STREAM LISTENING 43976 /tmp/.X11-unix/X1
unix 2 [ ACC ] STREAM LISTENING 51000 /run/user/0/pulse/native
unix 2 [ ACC ] STREAM LISTENING 32531 @/tmp/dbus-gA8TYHY4Wq
unix 2 [ ACC ] STREAM LISTENING 13625 /run/lvm/lvmpolld.socket
unix 2 [ ACC ] STREAM LISTENING 26849 private/scache
unix 2 [ ACC ] STREAM LISTENING 18237 /var/run/cups/cups.sock
unix 2 [ ACC ] STREAM LISTENING 43909 @/tmp/dbus-5EvFTEiw
unix 2 [ ACC ] STREAM LISTENING 18239 /var/run/rpcbind.sock
unix 2 [ ACC ] STREAM LISTENING 26843 private/lmtp
unix 2 [ ACC ] STREAM LISTENING 20039 /var/run/lsm/ipc/sim
unix 2 [ ACC ] STREAM LISTENING 39917 @/tmp/dbus-oV7lnVaJ
unix 2 [ ACC ] STREAM LISTENING 18265 @ISCSID_UIP_ABSTRACT_NAMESPACE
unix 2 [ ACC ] STREAM LISTENING 49045 @/tmp/dbus-WRaIuNrqLz
unix 2 [ ACC ] STREAM LISTENING 18259 /var/run/libvirt/virtlogd-sock
unix 2 [ ACC ] STREAM LISTENING 20053 /var/run/vmware/guestServicePipe
unix 2 [ ACC ] STREAM LISTENING 20055 /var/run/lsm/ipc/simc
unix 2 [ ACC ] STREAM LISTENING 18262 /var/run/avahi-daemon/socket
unix 2 [ ACC ] STREAM LISTENING 26787 private/tlsmgr
unix 2 [ ACC ] STREAM LISTENING 18266 /run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 49244 /tmp/ssh-m1Ev54QZJ5Ba/agent.5952
unix 2 [ ACC ] STREAM LISTENING 32965 @/tmp/dbus-DrpDoztWmO
unix 2 [ ACC ] STREAM LISTENING 49449 /tmp/.ICE-unix/5952
unix 2 [ ACC ] STREAM LISTENING 33473 /tmp/.esd-1000/socket
unix 2 [ ACC ] STREAM LISTENING 49320 @/tmp/dbus-M09qTH1eR3
unix 2 [ ACC ] STREAM LISTENING 18319 /var/run/libvirt/virtlockd-sock
unix 2 [ ACC ] STREAM LISTENING 27332 @/tmp/dbus-J2Kk9BLc
unix 2 [ ACC ] STREAM LISTENING 26783 public/qmgr
unix 2 [ ACC ] STM LISTENING 26797 private/bounce
unix 2 [ ACC ] STREAM LISTENING 26813 private/proxymap
unix 2 [ ACC ] STREAM LISTENING 26816 private/proxywrite
unix 2 [ ACC ] STREAM LISTENING 26819 private/smtp
unix 2 [ ACC ] STREAM LISTENING 26822 private/relay
FTP 실행하는 법
[root@locahost ~]# systemctl start vsftpd
[root@locahost ~]# netstat -an | grep LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp6 0 0 :::111 :::* LISTEN
tcp6 0 0 :::21 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
21번이 열려있음을 확인할 수 있다.(FTP 할당된 PORT)
[root@locahost ~]# systemctl stop vsftpd
[root@locahost ~]# netstat -an | grep LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp6 0 0 :::111 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
FTP를 끄고나면 21번이 다시 사라지는 것을 볼 수 있다.
[root@locahost ~]# netstat -p | more
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program nam
e
tcp 0 64 locahost.localdomai:ssh 192.168.111.1:51032 ESTABLISHED 7200/sshd: root
@pts
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ] DGRAM 13823 1/systemd /run/systemd/sh
utdownd
unix 2 [ ] DGRAM 19866 708/chronyd /var/run/chrony
/chronyd.sock
unix 3 [ ] DGRAM 8886 1/systemd /run/systemd/no
tify
unix 2 [ ] DGRAM 8888 1/systemd /run/systemd/cg
roups-agent
unix 5 [ ] DGRAM 8899 1/systemd /run/systemd/jo
urnal/socket
unix 29 [ ] DGRAM 8901 1/systemd /dev/log
unix 3 [ ] STREAM CONNECTED 52827 6895/gnome-terminal
unix 3 [ ] STREAM CONNECTED 51994 6525/evolution-cale
unix 3 [ ] STREAM CONNECTED 50329 6247/gvfs-goa-volum
unix 3 [ ] STREAM CONNECTED 50323 1/systemd /run/systemd/jo
urnal/stdout
unix 3 [ ] STREAM CONNECTED 39961 2531/nautilus-deskt
unix 3 [ ] STREAM CONNECTED 34074 2355/gvfs-gphoto2-v
unix 2 [ ] DGRAM 25866 1159/crond
unix 3 [ ] STREAM CONNECTED 51293 6374/nautilus-deskt
unix 3 [ ] STREAM CONNECTED 51234 5952/gnome-session- @/tmp/.ICE-unix
/5952
unix 3 [ ] STREAM CONNECTED 52089 6615/evolution-addr
unix 2 [ ] DGRAM 50957 6311/pulseaudio
unix 3 [ ] STREAM CONNECTED 36279 2476/gsd-datetime
unix 3 [ ] STREAM CONNECTED 35778 2452/gsd-sharing
unix 3 [ ] STREAM CONNECTED 34703 2064/dbus-daemon @/tmp/dbus-gA8T
YHY4Wq
--More--
[root@locahost ~]# netstat -p | grep firefox
[root@locahost ~]# netstat -p | grep firefox
tcp 0 0 locahost.localdom:34452 server-52-85-231-:https ESTABLISHED 8483/firefox
tcp 0 0 locahost.localdom:50402 85.12.30.226:https ESTABLISHED 8483/firefox
tcp 0 0 locahost.localdom:56370 ec2-52-37-53-20.u:https ESTABLISHED 8483/firefox
tcp 0 0 locahost.localdom:35304 117.18.237.29:http ESTABLISHED 8483/firefox
tcp 0 0 locahost.localdom:54410 a173-223-227-42.de:http ESTABLISHED 8483/firefox
unix 3 [ ] STREAM CONNECTED 80382 8577/firefox
unix 3 [ ] STREAM CONNECTED 80385 8483/firefox
unix 3 [ ] STREAM CONNECTED 80393 8483/firefox
unix 3 [ ] SEQPACKET CONNECTED 80298 8483/firefox
unix 3 [ ] SEQPACKET CONNECTED 80392 8483/firefox
unix 3 [ ] STREAM CONNECTED 80234 8483/firefox
unix 3 [ ] SEQPACKET CONNECTED 80297 8483/firefox
unix 3 [ ] STREAM CONNECTED 80300 8577/firefox
unix 3 [ ] STREAM CONNECTED 80395 8483/firefox
unix 3 [ ] STREAM CONNECTED 80423 8577/firefox
unix 3 [ ] STREAM CONNECTED 80376 8483/firefox
unix 3 [ ] STREAM CONNECTED 80381 8483/firefox
unix 3 [ ] STREAM CONNECTED 80379 8577/firefox
unix 3 [ ] STREAM CONNECTED 80422 8483/firefox
unix 3 [ ] STREAM CONNECTED 80384 8577/firefox
unix 3 [ ] STREAM CONNECTED 80408 8577/firefox
unix 3 [ ] STREAM CONNECTED 80396 8577/firefox
unix 3 [ ] STREAM CONNECTED 80383 8483/firefox
unix 3 [ ] SEQPACKET CONNECTED 80391 8483/firefox
unix 3 [ ] STREAM CONNECTED 80394 8577/firefox
unix 3 [ ] STREAM CONNECTED 80409 8483/firefox
unix 3 [ ] STREAM CONNECTED 80386 8577/firefox
unix 3 [ ] STREAM CONNECTED 80285 8483/firefox
unix 3 [ ] STREAM CONNECTED 80525 8577/firefox
unix 3 [ ] STREAM CONNECTED 80607 8483/firefox
unix 3 [ ] STREAM CONNECTED 80199 8483/firefox
unix 3 [ ] STREAM CONNECTED 80581 8483/firefox
unix 3 [ ] STREAM CONNECTED 80605 8483/firefox
unix 3 [ ] STREAM CONNECTED 80608 8483/firefox
unix 3 [ ] STREAM CONNECTED 80596 8483/firefox
unix 3 [ ] STREAM CONNECTED 80287 8483/firefox
unix 3 [ ] SEQPACKET CONNECTED 80604 8483/firefox
unix 3 [ ] STREAM CONNECTED 80597 8483/firefox
unix 3 [ ] STREAM CONNECTED 80582 8637/firefox
unix 3 [ ] STREAM CONNECTED 80594 8483/firefox
unix 3 [ ] STREAM CONNECTED 80606 8483/firefox
unix 3 [ ] STREAM CONNECTED 80177 8483/firefox
unix 3 [ ] STREAM CONNECTED 80202 8483/firefox
unix 3 [ ] STREAM CONNECTED 80299 8483/firefox
unix 3 [ ] STREAM CONNECTED 80277 8483/firefox
unix 3 [ ] SEQPACKET CONNECTED 80603 8483/firefox
unix 3 [ ] STREAM CONNECTED 80524 8483/firefox
unix 3 [ ] STREAM CONNECTED 80595 8483/firefox
unix 3 [ ] STREAM CONNECTED 80598 8483/firefox
unix 3 [ ] STREAM CONNECTED 80445 8483/firefox
unix 3 [ ] STREAM CONNECTED 80593 8483/firefox
[root@locahost ~]# netstat -p | grep firefox
파일질라를 실행하고 확인해보기
[root@locahost ~]# netstat -p | grep filezilla
[root@locahost ~]# netstat -p | grep filezilla
tcp 0 0 locahost.localdom:59502 192.168.0.51:ftp ESTABLISHED 8796/filezilla
unix 3 [ ] STREAM CONNECTED 82699 8796/filezilla
unix 3 [ ] STREAM CONNECTED 82684 8796/filezilla
unix 3 [ ] STREAM CONNECTED 82656 8796/filezilla
unix 3 [ ] STREAM CONNECTED 82694 8796/filezilla
[root@locahost ~]# netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
ens33 1500 1399 0 0 0 1361 0 0 0 BMRU
lo 65536 208 0 0 0 208 0 0 0 LRU
virbr0 1500 0 0 0 0 0 0 0 0 BMU
[root@locahost ~]# netstat -s
Ip:
1620 total packets received
0 forwarded
0 incoming packets discarded
1431 incoming packets delivered
1531 requests sent out
15 outgoing packets dropped
64 dropped because of missing route
Icmp:
113 ICMP messages received
0 input ICMP message failed.
ICMP input histogram:
destination unreachable: 104
timeout in transit: 3
echo replies: 6
110 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 104
echo request: 6
IcmpMsg:
InType0: 6
InType3: 104
InType11: 3
OutType3: 104
OutType8: 6
Tcp:
19 active connections openings
2 passive connection openings
0 failed connection attempts
1 connection resets received
1 connections established
1017 segments received
881 segments send out
1 segments retransmited
0 bad segments received.
0 resets sent
Udp:
197 packets received
104 packets to unknown port received.
0 packet receive errors
539 packets sent
0 receive buffer errors
0 send buffer errors
UdpLite:
TcpExt:
18 TCP sockets finished time wait in fast timer
5 delayed acks sent
3 packets directly queued to recvmsg prequeue.
2130 bytes directly received in process context from prequeue
409 packet headers predicted
2 packets header predicted and directly queued to user
137 acknowledgments not containing data payload received
478 predicted acknowledgments
TCPLossProbes: 1
TCPLossProbeRecovery: 1
1 DSACKs received
TCPDSACKIgnoredNoUndo: 1
TCPRcvCoalesce: 22
TCPOFOQueue: 8
TCPChallengeACK: 1
TCPOrigDataSent: 787
IpExt:
InNoRoutes: 2
InMcastPkts: 139
OutMcastPkts: 96
InBcastPkts: 48
OutBcastPkts: 36
InOctets: 234463
OutOctets: 170103
InMcastOctets: 21051
OutMcastOctets: 13601
InBcastOctets: 5143
OutBcastOctets: 2808
InNoECTPkts: 1670
포트스캔
원격관리
원격관리
1. telnet - telnet server(23)
암호화 X
2. ssh(Secure Shell) - ssh server(22)
암호화 O(public key)1995년 핀란드의 타투 일료넨(Tatu Ylönen)이 설립한 시큐어 셸 커뮤니케이션 시큐리티(SSH CommunicationSecurity)사에 의해 개발 및 상용화되었다.
인터넷상에서 두 호스트(Host) 사이의 통신 암호화 관련 인증 기술들을 사용하여, 안전한 접속과 통신을 제공하는 프로토콜을 의미한다. 이 프로토콜은 보안에 취약점을 가지고 있는 프로토콜, 즉 원격 로그인(rlogin), 원격 명령 실행(rsh), 원격 파일 복사(rcp), 원격 접속 서비스(telnet), 파일 전송용 프로토콜(ftp) 등을 대체하여 사용되며, 임의의 포트에 대해 안전한 채널을 제공하고 있다.
원격 접속에서 가장 중요한 부분이 인증 방법인데, 기본적으로는 사전에 미리 약속된 공개키를 사용하여 전자 서명을 통해 인증을 하지만, 공개키를 사용한 전자 서명에 의한 인증이나 다른 인증 방법들이 사용될 수 없는 경우에는 전통적인 인증 방식인 패스워드를 사용하여 인증을 하게 된다. 이러한 경우에도 호스트 사이의 모든 통신이 암호화에 의해서 자동 보호되기 때문에 어떠한 네트워크 공격으로도 패스워드가 노출되지 않는다.
보안 솔루션을 갖추지 않은 조직이나 개인이 안전한 원격 접속 작업을 할 수 있는 간편한 솔루션이 제공되며, 주요 소프트웨어 회사들도 관련 제품을 개발하고 있다. 상용화된 이후 SSH 1.2.12를 기반으로 하여 오픈소스로 작성된 OpenSSH 프로젝트가 시작되었으며, OpenSSH 7.1 버전까지 개발되었다.
[네이버 지식백과] 시큐어 셸 [Secure Shell] (두산백과)
[master@locahost ~]$ rpm -qi openssh
Name : openssh
Version : 7.4p1
Release : 16.el7
Architecture: x86_64
Install Date: 2018년 08월 13일 (월) 오후 08시 05분 18초
Group : Applications/Internet
Size : 1995364
License : BSD
Signature : RSA/SHA256, 2018년 04월 25일 (수) 오후 08시 32분 50초, Key ID 24c6a8a7f4a80eb5
Source RPM : openssh-7.4p1-16.el7.src.rpm
Build Date : 2018년 04월 11일 (수) 오후 01시 21분 33초
Build Host : x86-01.bsys.centos.org
Relocations : (not relocatable)
Packager : CentOS BuildSystem <http://bugs.centos.org>
Vendor : CentOS
URL : http://www.openssh.com/portable.html
Summary : An open source implementation of SSH protocol versions 1 and 2
Description :
SSH (Secure SHell) is a program for logging into and executing
commands on a remote machine. SSH is intended to replace rlogin and
rsh, and to provide secure encrypted communications between two
untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.
OpenSSH is OpenBSD's version of the last free version of SSH, bringing
it up to date in terms of security and features.
This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.
[root@locahost ~]# vi /etc/ssh/sshd_config
[root@locahost ~]# vi /usr/lib/firewalld/services/ssh.xml
[root@locahost ~]# vi /usr/lib/firewalld/services/ssh.xml
[root@locahost ~]# firewall-cmd --reload
success
[root@locahost ~]# vi /etc/ssh/sshd_config 
[root@locahost ~]# systemctl stop sshd
[root@locahost ~]# systemctl start sshd
[root@locahost ~]# vi /etc/ssh/sshd_config 
[root@locahost ~]# systemctl restart sshd
Access Denied!!
MaxAuthTries는 비밀번호 몇번 틀리면 강제 종료 되느냐의 정도이다
MaxSessions는 최대 접속자 수이다
3. vnc-server(원격 데스크탑) - GUI / 속도
1. 방화벽 해제
2. 프로그램 설치 / 시작
3. 접속
[root@locahost ~]# cp /lib/systemd/system/vncserver@.service
/etc/systemd/system/vncserver@:1.service
반응형
'Web & Mobile > Linux' 카테고리의 다른 글
| Lecture 69 - Linux(7) 클라우드서버(네이버 ncloud) (0) | 2019.06.25 |
|---|---|
| Lecture 68 - Linux(6) vsftpd 사용법, Linux에 MariaDB 설치법, Model1 게시판과 연동법 (0) | 2019.06.24 |
| Lecture 66 - Linux(4) RPM 패키지, YUM 패키지, 톰캣 설치법, putty 사용법, vsftp 설치법 (0) | 2019.06.20 |
| Lecture 65 - Linux(3) 작업예약, at, crontab (0) | 2019.06.19 |
| Lecture 64 - Linux(2) 사용자 계정 관리, 로그인 관리 (0) | 2019.06.18 |
댓글