one. Introduction to Iris features
Iris is famous for its---Eeye,eeye is a company that is known for its network security, and its scanners and other security solutions are also well-known in the industry.
Well, I'm not talking anymore, but let's just say what features and benefits Iris has. The most important feature of the
Simple compact
Iris is that after you install it, simply click on the previous button on the interface to start sniffing grab the bag.
Iris installation files are less than 5M, installed to occupy more than 10 m. Compared to sniffer pro these are slim figures.
See the following in the next picture where the words circle:
Easy to use
Not so many features + Easy-to-use interface. Of course it's easy to start.
say Iris has some of the most commendable features.
(1) Grab bag
Hey, as long as it is sniffing software this function is necessary. A very good aspect of the
Iris is to integrate the grab and decode and see the contents of the package in an interface. This way you can look at the contents of the package while grasping the bag, and the meaning of the header, etc.
(2) decoding
supports most TCP/IP protocols. This is sufficient for the general analysis and application of the bag.
(3) package Edit and resend
You can simply change the data message you've captured and resend it.
at the same time, Iris also has a simple traffic statistics analysis function.
Two. The iris installation
Iris can be run in a win95/98/me/nt/2k/xp environment. The
Iris installation is as much a wizard-like installation as a normal Windows application installation, and can be easily installed as soon as the next step is completed. So I'm not going to tell you about the iris installation
three. Iris's main interface
after we've installed Iris, we're ready to run, and Iris will have to choose to run Iris on that network adapter the first time it runs. The main interface of the
Iris is as follows:
This interface is adjustable, but it is recommended that you do not change it unless you have special requirements, because the default interface is already optimized.
four. Simple instance
After a brief overview of Iris, we go to the part where we learn the specific features, the best way to learn, of course, is practice. So I've prepared three simple examples.
(1) Capturing mailbox passwords with Iris
Sometimes we forget things, like the email password. If you keep the password on the client software then you will be able to retrieve the hope of the password. Of course, a variety of ways to retrieve the password, I am here to introduce a stupid way to
introduce stupid method is not my intention, my intention is to let everyone from this case to learn iris function.
All right, cut the crap and come to the point.
Before we start, we need to understand the two protocols that are involved in sending and receiving e-mail SMTP and POP3
SMTP is the protocol for sending mail, POP3 is the protocol that sends and receives mail. When sending and receiving emails, passwords and support names are sent in plaintext, so it gives us the opportunity to retrieve the password.
Step one: Open the Grab feature
click on the button on the toolbar that is similar to playing the health (Start/stop Capture), this is the button.
Step Two: Turn on the filter function
before the filter function is turned on, you may capture all the traffic in and out of your network card, there are crossings, there are watching lively, of course, you have to find, in order to facilitate our search targets, we need a simple filter.
Iris has a few predefined filter built-in, just one email.flt, so we don't have to bother to define it ourselves.
Select Menu Filter-->àemail.flt
Step three: Run your mail client software, and then accept the message
Step Fourth: Stop grasping the package
Click the Stop Capture button on the toolbar
Fifth step: Find the password
because the username and password of the email are transmitted in plaintext, so your password is hidden in the message you captured. Now you need only one view.
The following figure:
(2) capturing the Telnet session password with Iris
After finishing The example above, you must have a good understanding of Iris's grasping function, so that you have a deep understanding of the
Iris decoding (decode) feature
Just, In the network Analysis forum to see a grab packet analysis telnet session password, just learn from this simple tutorial as the second example.
Briefly describe the characteristics of the Telnet protocol before you begin. Of course it's also plaintext, but it has two trouble places compared to POP3 these protocols, because Telnet is an interactive protocol, so when you hit a character is likely to be sent to the server side, the server side back to the corresponding echo characters. Plus it's not POP3
The obvious pass command, so if you're using a message in the first example, it's definitely a hassle to look at a message. So we have to have some kind of new way to solve this problem.
The first step is to grab the package.
Not yet? Then keep looking at the previous example ...
The second step is to turn on the filter function
Just this time it's ready again.
Menu Filteràtext_protocol.flt
Third step telnet session
Step fourth stop grasping the package
Step fifth switch to decode decoding mode
Toggle a variety of methods
The first one you can choose the toolbar inside the
the second one you can select in the left toolbar,
the third menu Decodeàsend Buffer to decode
So we enter the iris decode mode. This time Iris decodes the TCP session based on the capture message. So we can see clearly the process of a Telnet session.
The following figure:
Red circle where you can see the password I entered.
is: IXIX instead of [mi*x*i*x*
This is because [M is a control character, * is a echoing character.
Five. How to get further help
read the above example, you must have a certain understanding of iris, you can basically use it, but if you use the process may encounter a variety of problems. So in the end I've got a few tricks for everyone
1. Look at the iris's own Help file
You can find the answer to your 90% question.
2. Go to Iris's hometown www.eeye.com look at
Some of the more difficult issues, you may not find the answer to help there, you can go to the official website of the software to see, perhaps you will have some help.
3. Using search engines such as: Google,yahoo,baidu
can not find the answer. Then Cui Hua, go to the dog.
4. If it has not been resolved, then describe the problem in detail and post for help on the forum.
Six. Conclusion
the first time you write this kind of software tutorial class, bad writing, also hope that you reader a lot of forgive.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
