TCPdump

Автор Shadow8279, 01 Грудень 2011, 19:51:55

Попередня тема - Наступна тема

Shadow8279

Народ поможіть розшифрувати лістинги з TCPdump
Буду дуже вдячний



Лістинг 7
02:12:59.899408 eth0 < 10.15.100. 6.41343 > 192.168.2.4.30310: . 971654054:971654054(0) win 2048
02:12:59.899408 eth0 > 192.168.2. 4.30310 > 10.15.100.6.41343: R 0:0 (0) ack 971654054 win 0 (DF)
02:12:59.899408 eth0 < 10.15.100. 6.41343 > 192.168.2.4.275: . 971654054:971654054(0) win 3072
02:12:59.899408 eth0 > 192.168.2. 4.275 > 10.15.100.6.41343: R 0:0(0) ack 971654054 win 0 (DF)
02:12:59.899408 eth0 < 10.15.100. 6.41343 > 192.168.2.4.echo: . 971654054:971654054(0) win 3072
02:12:59.899408 eth0 < 10.15.100. 6.41343 > 192.168.2.4.108: . 971654054:971654054(0) win 1024
02:12:59.899408 eth0 > 192.168.2. 4.108 > 10.15.100.6.41343: R 0:0(0) ack 971654054 win 0 (DF)
02:12:59.899408 eth0 < 10.15.100.6.41343 > 192.168.2.4.13710: . 971654054:971654054(0) win 2048
02:12:59.899408 eth0 > 192.168.2. 4.13710 > 10.15.100.6.41343: R 0:0(0) ack 971654054 win 0 (DF)
02:12:59.899408 eth0 < 10.15.100.6.41343 > 192.168.2.4.38292: . 971654054:971654054(0) win 4096
02:12:59.899408 eth0 > 192.168.2.4.38292 > 10.15.100.6.41343: R 0:0(0) ack 971654054 win 0 (DF)
02:12:59.899408 eth0 < 10.15.100. .6.41343 > 192.168.2.4.2041: . 971654054:971654054(0) win 2048
02:12:59.899408 eth0 > 192.168.2 .4.2041 > 10.15.100.6.41343: R 0:0(0) ack 971654054 win 0 (DF)
02:12:59.899408 eth0 < 10.15.100 .6.41344 > 192.168.2.4.echo: . 971654054:971654054(0) win 2048
02:12:59.899408 eth0 < 10.15.100 .6.41343 > 192.168.2.4.6004: . 971654054:971654054(0) win 2048
02: 12:59.899408 eth0 > 192.168.2 4.6004 > 10.15.100.6.41343: R 0:0(0) ack 971654054 win 0 (DF)

Лістинг 8
04:17:40.580653 eth0 < 192.168.10.35. 46598 > 172.23.115.22.895: F 1918335677: 1918335677 (0) win 3072
04:17:40.580653 eth0 >172.23.115.22. 895 > 192.168.10.35.46598: R 0:0(0) ack 1918335678 win 0(DF)
04:17:40.580653 eth0 < 192.168.10.35. 46598 > 172.23.115.22.ftp: F 1918335677: 1918335677 (0) win 2048
04:17:40.580653 eth0 < 192.168.10.35. 46598 > 172.23.115.22.663: F 1918335677: 1918335677 (0) win 4096
04:17:40.580653 eth0 >172.23.115.22. 663 > 192.168.10.35.46598: R 0:0(0) ack 1918335678 win 0(DF)
04:17:40.580653 eth0 < 192.168.10.35. 46598 > 172.23.115.22.436: F 1918335677: 1918335677 (0) win 1024
04:17:40.580653 eth0 >172.23.115.22. 436 > 192.168.10.35.46598: R 0:0(0) ack 1918335678 win 0(DF)
04:17:40.580653 eth0 < 192.168.10.35. 46598 > 172.23.115.22.949: F 1918335677: 1918335677 (0) win 3072
04:17:40.580653 eth0 >172.23.115.22. 949 > 192.168.10.35.46598: R 0:0(0) ack 1918335678 win 0(DF)
04:17:40.580653 eth0 < 192.168.10.35. 46598 > 172.23.115.22.227: F 1918335677: 1918335677 (0) win 3072
04:17:40.580653 eth0 >172.23.115.22. 227 > 192.168.10.35.46598: R 0:0(0) ack 1918335678 win 0(DF)
04:17:40.580653 eth0 < 192.168.10.35. 46598 > 172.23.115.22.223: F 1918335677: 1918335677 (0) win 4096
04:17:40.580653 eth0 >172.23.115.22. 223 > 192.168.10.35.46598: R 0:0(0) ack 1918335678 win 0(DF)
04:17:40.580653 eth0 < 192.168.10.35. 46599 > 172.23.115.22.ftp: F 1918335677: 1918335677 (0) win 2048
04:17:40.580653 eth0 < 192.168.10.35. 46598 > 172.23.115.22.333: F 1918335677: 1918335677 (0) win 4096
04:17:40.580653 eth0 >172.23.115.22. 333 > 192.168.10.35.46598: R 0:0(0) ack 1918335678 win 0(DF)

Лістинг 9
03:22:46.960653 eth0 < 192.168.10.35.55133 > 172.23.115.22.19150: FP 1308848741:1308848741(0) win 2048 urg 0
03:22:46.960653 eth0 > 172.23.115.22.19150 > 192.168.10.35.55133: R 0:0(0) ack 1308848741 win 0 (DF)
03:22:46.960653 eth0 < 192.168.10.35.55133 > 172.23.115.22.smtp: FP 1308848741:1308848741(0) win 3072 urg 0
03:22:46.960653 eth0 < 192.168.10.35.55133 > 172.23.115.22.665: FP 1308848741:1308848741(0) win 4096 urg 0
03:22:46.960653 eth0 > 172.23.115 .22.665 > 192.168.10.35.55133: R 0:0(0) ack 1308848741 win 0 (DF)
03:22:46.960653 eth0 < 192.168.10.35.55133 > 172.23.115.22.33: FP 1308848741:1308848741(0) win 2048 urg 0
03:22:46.960653 eth0 > 172.23.115.22.33 > 192.168.10.35.55133: R 0:0(0) ack 1308848741 win 0 (DF)
03:22:46.960653 eth0 < 192.168.10.35.55133 > 172.23.115.22.853: FP 1308848741:1308848741(0) win 1024 urg 0
03:22:46.960653 eth0 > 172.23.115.22.853 > 192.168.10.35.55133: R 0:0(0) ack 1308848741 win 0 (DF)
03:22:46.960653 eth0 < 192.168.10.35.55134 > 172.23.115.22.smtp: FP 1308842565:1308842565(0) win 2048 urg 0
03:22:46.960653 eth0 < 192.168.10.35.55133 > 172.23.115.22.1416: FP 1308848741:1308848741(0) win 2048 urg 0
03:22:46.960653 eth0 > 172.23.11522.1416 > 192.168.10.35.55133: R 0:0(0) ack 1308848741 win 0 (DF)

Лістинг 10
10:00:17.899408 eth0 < 172.23.115.22.80 > 172.23.115.22.80: S 3477705342:3477705342 (0) win 64240 (DF)
10:00:18.520602 eth0 < 172.23.115.22.80 > 172.23.115.22.80: S 3477765723:3477765723 (0) win 64240 (DF)
10:00:19.142510 eth0 < 172.23.115.22.80 > 172.23.115.22.80: S 3477800253:3477800253 (0) win 64240 (DF)
10:00:19.764397 eth0 < 172.23.115.22.80 > 172.23.115.22.80: S 3477835208:3477835208 (0) win 64240 (DF)
10:00:20.389106 eth0 < 172.23.115.22.80 > 172.23.115.22.80: S 3477875612:3477875612 (0) win 64240 (DF)
10:00:21.018881 eth0 < 172.23.115.22.80 > 172.23.115.22.80: S 3477940389:3477940389 (0) win 64240 (DF)
10:00:21.648711 eth0 < 172.23.115.22.80 > 172.23.115.22.80: S 3478019894:3478019894 (0) win 64240 (DF)
10:00:22.278660 eth0 < 172.23.115.22.80 > 172.23.115.22.80: S 3478062291:3478062291 (0) win 64240 (DF)
10:00:22.908522 eth0 < 172.23.115.22.80 > 172.23.115.22.80: S 3478124319:3478124319 (0) win 64240 (DF)
10:00:23.538469 eth0 < 172.23.115.22.80 > 172.23.115.22.80: S 3478178435:3478178435 (0) win 64240 (DF)
10:00:24.168345 eth0 < 172.23.115.22.80 > 172.23.115.22.80: S 3478222929:3478222929 (0) win 64240 (DF)
10:00:24.798246 eth0 < 172.23.115.22.80 > 172.23.115.22.80: S 3478301576:3478301576 (0) win 64240 (DF)

Лістинг 11
08:44:18.780600 eth0 B 192.168.10.1 > 172. 23.115.255: icmp: echo request
08:44:18.780600 eth0 > 172.23.115.1 > 192.168.10.1: icmp: echo reply (DF)
08:44:18.780600 eth0 B 192.168.10.1 > 172. 23.115.255: icmp: echo request
08:44:18.780600 eth0 > 172.23.115.1 > 192.168.10.1: icmp: echo reply (DF)
08:44:19.780600 eth0 B 192.168.10.1 > 172. 23.115.255: icmp: echo request
08:44:19.780600 eth0 > 172.23.115.1 > 192.168.10.1: icmp: echo reply (DF)
08:44:20.780600 eth0 B 192.168.10.1 > 172. 23.115.255: icmp: echo request
08:44:20.780600 eth0 > 172.23.115.1 > 192.168.10.1: icmp: echo reply (DF)
08:44:21.780600 eth0 B 192.168.10.1 > 172. 23.115.255: icmp: echo request
08:44:21.780600 eth0 > 172.23.115.1 > 192.168.10.1: icmp: echo reply (DF)
08:44:22.780600 eth0 B 192.168.10.1 > 172. 23.115.255: icmp: echo request
08:44:22.780600 eth0 > 172.23.115.1 > 192.168.10.1: icmp: echo reply (DF)
08:44:23.780600 eth0 B 192.168.10.1 > 172. 23.115.255: icmp: echo request
08:44:23.780600 eth0 > 172.23.115.1 > 192.168.10.1: icmp: echo reply (DF)

Лістинг 12
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: icmp: echo request (frag 176:1480@0+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@1480 + )
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@2960+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag 176:1480@4440+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@5920+ )
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@7400+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag 176:1480@8880+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@10360+ )
14:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@11840+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@13320+ )
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (fragI 76:1480@14800+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag 176:1480@16280+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@17760+ )
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@19240+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag 176:1480@20720+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@22200+ )
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@23680+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag 176:1480@25160+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@26640+ )
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@28120+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag 176:1480@29600+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@31080+ )
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@32560+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag 176:1480@34040+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@35520+ )
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@37000+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag 176:1480@38480+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@39960+ )
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@41440+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag 176:1480@42920+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@44400+ )
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@45880+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag 176:1480@47360+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@48840+ )
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@50320+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag 176:1480@51800+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@53280+ )
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@54760+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@56240+ )
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@57720+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag 176:1480@59200+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@60680+ )
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@62160+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag 176:1480@63640+)
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@65120+ )
18:40:50.824647 eth0 < 192.168.10.35 > 172.23.115.22: (frag I 76:1480@66600+)

Лістинг 13
13:15:11.580126 eth0 < 192.168.10.35.2878 > 172.23.115.22.80: S 3477705342:3477705342 (0) win 4096
13:15:11.580126 eth0 < 192.168.10.35.2879 > 172.23.115.22.80: S 3477765723:3477765723 (0) win 4096
13:15:11.580126 eth0 < 192.168.10.35.2880 > 172.23.115.22.80: S 3477800253:3477800253 (0) win 4096
13:15:11.580126 eth0 < 192.168.10.35.2881 > 172.23.115.22.80: S 3477835208:3477835208 (0) win 4096
13:15:11.580126 eth0 < 192.168.10.35.2882 > 172.23.115.22.80: S 3477875612:3477875612 (0) win 4096
13:15:11.580126 eth0 < 192.168.10.35.2883 > 172.23.115.22.80: S 34477940389:3477940389 (0) win 4096
13:15:11.580126 eth0 < 192.168.10.35.2884 > 172.23.115.22.80: S 3478019894: 3478019894 (0) win 4096
13:15:11.580126 eth0 < 192.168.10.35.2885 > 172.23.115.22.80: S 3478062291: 3478062291 (0) win 4096
13:15:11.580126 eth0 < 192.168.10.35.2886 > 172.23.115.22.80: S 3478124319:3478124319 (0) win 4096
13:15:11.580126 eth0 < 192.168.10.35.2887 > 172.23.115.22.80: S 3478178435:3478178435 (0) win 4096
13:15:11.580126 eth0 < 192.168.10.35.2888 > 172.23.115.22.80: S 3478222929:3478222929 (0) win 4096
13:15:11.580126 eth0 < 192.168.10.35.2889 > 172.23.115.22.80: S 3478301576:3478301576 (0) win 4096
13:15:11.580126 eth0 < 192.168.10.35.2890 > 172.23.115.22.80: S 3478361194:3478361194 (0) win 4096
13:15:11.580126 eth0 < 192.168.10.35.2891 > 172.23.115.22.80: S 3478396528:3478396528 (0) win 4096
13:15:11.580126 eth0 < 192.168.10.35.2892 > 172.23.115.22.80: S 3478434574:3478434574 (0) win 4096
13:15:11.580126 eth0 < 192.168.10.35.2893 > 172.23.115.22.80: S 3478482095:3478482095 (0) win 4096

Лістинг 14
11:16:22:899931 eth0 < 192.168.10.35.2878 > 172.23 .115.22.340: F 3477705342:3477705342 (0) ack 0 win 4096
11:16:22:899931 eth0 < 192.168.10.35.2879 > 172.23 .115.22.491: SF 3477765723:3477765723 (0) win 1024
11:16:22:899931 eth0 < 192.168.10.35.2880 > 172.23 .115.22.1351: S
[ECN-Echo, CWR] 3477800253:3477800253 (0) win 4096
11:16:22:899931 eth0 < 192.168.10.35.2881 > 172.23 .115.22.2880: SFR 3477835208:3477835208 (0) win 4096
11:16:22:899931 eth0 < 192.168.10.35.2882 > 172.23 .115.22.865: SF 3477875612:3477875612 (0) 1024
11:16:22:899931 eth0 < 192.168.10.35.2883 > 172.23 .115.22.127: SFP 3477940389:3477940389 (0) win 4096
11:16:22:899931 eth0 < 192.168.10.35.2884 > 172.23 .115.22.1988: F 3478019894:3478019894 (0) ack 0 win 1024
11:16:22:899931 eth0 < 192.168.10.35.2885 > 172.23 .115.22.2883: F 3478062291:3478062291 (0) win 4096
11:16:22:899931 eth0 < 192.168.10.35.2886 > 172.23 .115.22.865: P 3478124319:3478124319 (0) win 2048
11:16:22:899931 eth0 < 192.168.10.35.2887 > 172.23 .115.22.1351: S 3478178435:3478178435 (0) win 4096
11:16:22:899931 eth0 < 192.168.10.35.2888 > 172.23 .115.22.2885: SF 3478222929:3478222929 (0) win 1024
11:16:22:899931 eth0 < 192.168.10.35.2889 > 172.23 .115.22.5716: SF 3478301576:3478301576 (0) win 2048
11:16:22:899931 eth0 < 192.168.10.35.2890 > 172.23 .115.22.2899: S
[ECN-Echo,CWR] 3478361194: 3478361194 (0) win 4096
11:16:22:899931 eth0 < 192.168.10.35.2891 > 172.23 .115.22.657: F 3478396528: 3478396528 (0) win 1024
11:16:22:899931 eth0 < 192.168.10.35.2892 > 172.23 .115.22.2891: SF 3478434574: 3478434574 (0) win 1024
11:16:22:899931 eth0 < 192.168.10.35.2893 > 172.23 .115.22.949: S 3478482095: 3478482095 (0) ack 0 win 2048

aNGeL

что именно тебя интересует?
[CCCР]: ИС-7, ИС-4, Об. 277, Об.705А, СТ-II, Об. 268, Об. 268\4, Об. 261, Об. 140, Т-62А, Об. 430У, К-91
[Германия]: Maus, Е100, G.W. E 100 [США]: T110E5 [Франция]: AMX M4 mle. 54, AMX 50B [Британия]: Super Conqueror

Shadow8279

шо саме означають дані рядки, які дії виконані, яку атаку чи дію описує той чи інший лістинг

aNGeL

Используй парсер nstreams для внятной визуальной картинки.
[CCCР]: ИС-7, ИС-4, Об. 277, Об.705А, СТ-II, Об. 268, Об. 268\4, Об. 261, Об. 140, Т-62А, Об. 430У, К-91
[Германия]: Maus, Е100, G.W. E 100 [США]: T110E5 [Франция]: AMX M4 mle. 54, AMX 50B [Британия]: Super Conqueror

Shadow8279

Мені дали ці лістинги як контрольну роботу. І мені треба в них розібратись. думав хтось поможе