منظورتون این کاره؟
You can determine who is connected to a Windows Small Business Server (SBS) 2003 system from home using a VPN connection, by taking the following steps:
- Click on Start.
- Click on All Programs.
- Select Administrative Tools.
- Select Routing and Remote Access.
- You will see the remote access clients in the right-hand pane of the Routing and Remote Access window.
The window will show the username and the the amount of time the user has been connected.
If you want to see the IP address assigned to the user you can right-click on the user's connection and choose Status.
You will see the VPN IP address assigned to the user's system in the IP address field under "Network registration".
You may be able to obtain further information on the connecting system using the nbtstat command.
C:\>nbtstat -A 192.168.0.103
Server Local Area Connection:
Node IpAddress: [192.168.0.3] Scope Id: []
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
DC0H6341 <00> UNIQUE Registered
MSHOME <00> GROUP Registered
DC0H6341 <20> UNIQUE Registered
MSHOME <1E> GROUP Registered
MAC Address = 00-53-45-00-00-00
RAS Server (Dial In) Interface:
Node IpAddress: [192.168.0.108] Scope Id: []
Host not found.
In this case, I can see the user's home system is named "DC0H6341". The server assigned the address 192.168.0.103 to her system (the server is using 192.168.0.108 for itself). If I see future connections from the same user I would expect to see the same system name listed, if I issue an nbtstat command against the IP address assigned to the user's computer when the VPN connection is established.
Since there is only one connection to the VPN server at this time, I can easily determine the user's actual IP adress assigned by her ISP also by usng the netstat -a and find commands.
C:\>netstat -a | find "pptp" | find "ESTABLISHED"
TCP S
ptp pool-71-163-174-184.washdc.fios.verizon.net:2193
ESTABLISHED
In this case, I am looking for PPTP connections, since PPTP is a network protocol used for the connections. The port used on the server for the connections is port 1723, i.e. PPTP equates to TCP port 1723, so I could also use the -n option with the netstat command to look for connections to that port and obtain the IP address assigned to the user's system, or at least her router in this case, rather than its Fully Qualified Domain Name (FQDN), which happens to be pool-71-163-174-184.washdc.fios.verizon.net in this case.
C:\>netstat -an | find ":1723" | find "ESTABLISHED"
TCP 192.168.0.3:1723 71.163.174.184:2193 ESTABLISHED
I looked for ":1723", since I just wanted to see connections to port 1723 and not other ports that might have "1723" as part of the port number, e.g. "4173".
If I tried the same nbtstat -a command I used with the address assigned by the VPN server to her ISP-assigned address instead, I would get a "host not found" response, since the query would be blocked by the router at her end and would not get passed to her PC.
C:\>nbtstat -A 71.163.174.184
Server Local Area Connection:
Node IpAddress: [192.168.0.3] Scope Id: []
Host not found.
RAS Server (Dial In) Interface:
Node IpAddress: [192.168.0.108] Scope Id: []
Host not found.
If you want to review the ISP-assigned IP addresses from which users have been connecting, you can look in the logfile maintained for the connections. You can find its location by double-clicking on Remote Access Logging in the Routing and Remote Access window.
For futher details, right-click on Local File in the right-pane of the window after you have clicked on Remote Access Logging in the left pane. Then select Properties. Then click on the LogFile tab to see information on the format being used for the logfile as well as how often a new logfile is created.
In this case the logfiles are in C:\WINDOWS\system32\LogFiles. When I look in that directory, I see iaslog0.log.
If you look in the logfile, you may find it hard to parse the contents of the file manually. There are tools to help you. Microsoft offers one, iasparse.exe, on the Disc # 2 of the installation CDs for Windows Small Business Server 2003 Standard Edition. Look in the folder \Support\Tools on Disc # 2. You will see a file there named SUPTOOLS.MSI. Double-click on that file and follow the instructions that follow to install the tools, or, if you just want to install the iasparse.exe tool, double-click on the SUPPORT.CAB file in the same directory and copy it to a location on the system's hard disk.
The tool is run from a command line. For usage information type iasparse /?
C:\Program Files\SysMgmt\Support Tools>iasparse /?
USAGE: iasparse [-f:filename] [-p] [-?]
-f:filename Parses the file 'filename'
By default iasparse parses the file %windir%\system32\logfiles\ia
slog.log
-p Gives an output to screen directly. Set the Log File Directory to
\\.\pipe
-? Displays help
If you get the error message below, then you will need to specify the filename for the logfile, since it isn't the default name of iaslog.log, e.g. it may be iaslog0.log.
C:\Program Files\SysMgmt\Support Tools>iasparse
The Accounting log file "C:\WINDOWS\system32\LogFiles\iaslog.log" cannot be open
ed.
Processing cannot continue!
You can specify the location of the file with the -f: option, e.g. iasparse -f:\windows\system32\logfiles\iaslog0.log. You will probably also want to redirect the output to a file that you can view with Notepad or some other editor, since you are likely to see a lot of entries scrolling by very rapidly on the screen otherwise, e.g. you can use iasparse -f:\windows\system32\logfiles\iaslog0.log >out.txt
You will then have results that are easier to read than the raw logfile. You will still see the individual lines of raw data logged in the file, but below each line is the information in a tabular format that is easier to read, as shown below:
The line logged into the file: 192.168.0.3,SOLUTIONS\Debbie,03/14/2007,08:15:38,RAS,S,4,192.168.0.3,6,2,7,1,5,6,61,5 ,64,1,65,1,31,71.163.174.184,66,71.163.174.184,25, 311 1 192.168.0.3 03/13/2007 03:43:41 4,44,251,8,192.168.0.103,12,1400,50,7,51,1,55,1173 874538,45,2,40,1,4108,192.168.0.3,4147,311,4148,MS RASV5.20,4160,MSRASV5.10,4159,MSRAS-0-DC0H6341,4120,0x00736F6C7574696F6E73,4294967206,4, 4154,Use Windows authentication for all users,4136,4,4142,0
NAS-IP-Address : 192.168.0.3
User-Name : SOLUTIONS\Debbie
Record-Date : 03/14/2007
Record-Time : 08:15:38
Service-Name : RAS
Computer-Name : S
NAS-IP-Address : 192.168.0.3
Service-Type : Framed
Framed-Protocol : PPP
NAS-Port : 6
NAS-Port-Type : Virtual
Tunnel-Type : PPTP
Tunnel-Medium-Type : IP
Calling-Station-Id : 71.163.174.184
Tunnel-Client-Endpt : 71.163.174.184
Class : 311 1 192.168.0.3 03/13/2007 03:43:41 4
Acct-Session-Id : 251
Framed-IP-Address : 192.168.0.103
Framed-MTU : 1400
Acct-Multi-Session-Id: 7
Acct-Link-Count : 1
Event-Timestamp : 1173874538
Acct-Authentic : Local
Acct-Status-Type : Start
Client-IP-Address : 192.168.0.3
MS-RAS-Vendor : Microsoft
MS-RAS-Version : MSRASV5.20
MS-RAS-Client-Version: MSRASV5.10
MS-RAS-Client-Name : MSRAS-0-DC0H6341
MS-CHAP-Domain : 0x00736F6C7574696F6E73
MS-MPPE-Encryption-Types: Strongest Encryption
Proxy-Policy-Name : Use Windows authentication for all users
Packet-Type : Accounting-Request
Reason-Code : The operation completed successfully.
LinkBack URL
About LinkBacks
log گرفتن ازvpn
نوشته اصلی توسط SADEGH65
مجوز های ارسال و ویرایش
