Добавил:
Andrew1992
Факультет ИКСС, группа ИКВТ-61
Опубликованный материал нарушает ваши авторские права? Сообщите нам.
Вуз:
Предмет:
Файл:LABORATORY / WORK_2 / отчёт_Козырев
.odtОтчёт к лабораторной работе №2
Работа с программным анализатором протоколов tcpdump
Группа: ИКВТ-61
Студент: Козырев А.Б.
Цель работы: Получение базовых навыков по работе с анализатором протоколов tcpdump. Изучение принципов фильтрации пакетов.
1.
2.
localhost: 172.16.100.31
broadcast: 172.16.103.255
3.
4.
6.
sudo -tcpdump -lvnnSXX -c 10 -l | tee out.log ((src host 172.16.100.31 & dst host 172.16.100.88) || (src host 172.16.100.88 & dst host 172.16.100.31)) & (tcp[tcpflags] & (tcp-psh || tcp-psh,ack) !=0)
09:39:26.703978 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.21 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6415 0000 0000 0000 ........d.......
0x0030: 0000 0000 0000 0000 0000 0000 ............
09:39:26.735923 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.35 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6423 0000 0000 0000 ........d#......
0x0030: 0000 0000 0000 0000 0000 0000 ............
09:39:26.735946 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.34 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6422 0000 0000 0000 ........d"......
0x0030: 0000 0000 0000 0000 0000 0000 ............
09:39:26.735988 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.24 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6418 0000 0000 0000 ........d.......
0x0030: 0000 0000 0000 0000 0000 0000 ............
09:39:26.736014 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.33 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6421 0000 0000 0000 ........d!......
0x0030: 0000 0000 0000 0000 0000 0000 ............
09:39:26.736038 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.22 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6416 0000 0000 0000 ........d.......
0x0030: 0000 0000 0000 0000 0000 0000 ............
09:39:26.768016 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.23 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6417 0000 0000 0000 ........d.......
0x0030: 0000 0000 0000 0000 0000 0000 ............
09:39:27.115415 STP 802.1d, Config, Flags [none], bridge-id 8070.00:22:91:ce:85:80.8024, length 43
message-age 6.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
root-id 8000.00:0a:04:ce:56:c0, root-pathcost 33
0x0000: 0180 c200 0000 0022 91ce 85a4 0026 4242 .......".....&BB
0x0010: 0300 0000 0000 8000 000a 04ce 56c0 0000 ............V...
0x0020: 0021 8070 0022 91ce 8580 8024 0600 1400 .!.p.".....$....
0x0030: 0200 0f00 0000 0000 0000 0000 ............
09:39:27.212371 IP (tos 0x0, ttl 64, id 41051, offset 0, flags [DF], proto TCP (6), length 53)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [P.], cksum 0xf131 (correct), seq 708499533:708499534, ack 1530520869, win 4161, options [nop,nop,TS val 1213978777 ecr 2793099335], length 1
0x0000: d027 88cf e14b d027 88cf e15b 0800 4500 .'...K.'...[..E.
0x0010: 0035 a05b 4000 4006 7a00 ac10 6427 ac10 .5.[@.@.z...d'..
0x0020: 641f a5de 2b5c 2a3a d84d 5b39 e525 8018 d...+\*:.M[9.%..
0x0030: 1041 f131 0000 0101 080a 485b d899 a67b .A.1......H[...{
0x0040: 5047 29 PG)
09:39:27.212475 IP (tos 0x0, ttl 64, id 41052, offset 0, flags [DF], proto TCP (6), length 95)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [P.], cksum 0x210a (correct), seq 708499534:708499577, ack 1530520869, win 4161, options [nop,nop,TS val 1213978777 ecr 2793099335], length 43
0x0000: d027 88cf e14b d027 88cf e15b 0800 4500 .'...K.'...[..E.
0x0010: 005f a05c 4000 4006 79d5 ac10 6427 ac10 ._.\@.@.y...d'..
0x0020: 641f a5de 2b5c 2a3a d84e 5b39 e525 8018 d...+\*:.N[9.%..
0x0030: 1041 210a 0000 0101 080a 485b d899 a67b .A!.......H[...{
0x0040: 5047 0000 0027 0000 001e 00a0 a96f ba42 PG...'.......o.B
0x0050: 5d41 4aaa f435 2b76 d7c4 f300 0000 0200 ]AJ..5+v........
0x0060: 0000 0000 0000 0008 0000 0000 00 .............
7.
sudo -tcpdump -lvnnSXX -c 2 -l | tee out.log ((src host 172.16.100.31 & dst host 172.16.100.88) || (src host 172.16.100.88 & dst host 172.16.100.31)) & (tcp[tcpflags] & tcp-rst != 0)
09:49:05.019811 IP (tos 0x0, ttl 64, id 44828, offset 0, flags [DF], proto TCP (6), length 52)
172.16.100.31.56674 > 185.5.160.177.80: Flags [.], cksum 0xf4df (correct), ack 1219812345, win 577, options [nop,nop,TS val 3371850220 ecr 637588780], length 0
0x0000: 0013 8f13 b7f8 d027 88cf e14b 0800 4500 .......'...K..E.
0x0010: 0034 af1c 4000 4006 21c1 ac10 641f b905 .4..@.@.!...d...
0x0020: a0b1 dd62 0050 5087 a4b9 48b4 dbf9 8010 ...b.PP...H.....
0x0030: 0241 f4df 0000 0101 080a c8fa 59ec 2600 .A..........Y.&.
0x0040: d52c .,
09:49:05.019970 IP (tos 0x0, ttl 64, id 3445, offset 0, flags [DF], proto TCP (6), length 52)
185.5.160.177.80 > 172.16.100.31.56674: Flags [.], cksum 0x923d (correct), ack 1351066810, win 1040, options [nop,nop,TS val 637599019 ecr 3371799232], length 0
0x0000: d027 88cf e14b 0001 02a0 a7ee 0800 4500 .'...K........E.
0x0010: 0034 0d75 4000 4006 c368 b905 a0b1 ac10 .4.u@.@..h......
0x0020: 641f 0050 dd62 48b4 dbf9 5087 a4ba 8010 d..P.bH...P.....
0x0030: 0410 923d 0000 0101 080a 2600 fd2b c8f9 ...=......&..+..
0x0040: 92c0 ..
8.
sudo -tcpdump -lvnnSXX -c 4 -l | tee out.log ((src host 172.16.100.31 & dst host 172.16.100.88) || (src host 172.16.100.88 & dst host 172.16.100.31)) & (tcp[tcpflags] & (tcp-fin || tcp-fin,ack) != 0)
09:52:52.514530 IP (tos 0x0, ttl 64, id 47269, offset 0, flags [DF], proto TCP (6), length 53)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [P.], cksum 0x7fd4 (correct), seq 708539797:708539798, ack 1540564253, win 4161, options [nop,nop,TS val 1214784086 ecr 2793904629], length 1
0x0000: d027 88cf e14b d027 88cf e15b 0800 4500 .'...K.'...[..E.
0x0010: 0035 b8a5 4000 4006 61b6 ac10 6427 ac10 .5..@.@.a...d'..
0x0020: 641f a5de 2b5c 2a3b 7595 5bd3 251d 8018 d...+\*;u.[.%...
0x0030: 1041 7fd4 0000 0101 080a 4868 2256 a687 .A........Hh"V..
0x0040: 99f5 29 ..)
09:52:52.514652 IP (tos 0x0, ttl 64, id 47270, offset 0, flags [DF], proto TCP (6), length 95)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [P.], cksum 0xafac (correct), seq 708539798:708539841, ack 1540564253, win 4161, options [nop,nop,TS val 1214784086 ecr 2793904629], length 43
0x0000: d027 88cf e14b d027 88cf e15b 0800 4500 .'...K.'...[..E.
0x0010: 005f b8a6 4000 4006 618b ac10 6427 ac10 ._..@.@.a...d'..
0x0020: 641f a5de 2b5c 2a3b 7596 5bd3 251d 8018 d...+\*;u.[.%...
0x0030: 1041 afac 0000 0101 080a 4868 2256 a687 .A........Hh"V..
0x0040: 99f5 0000 0027 0000 001e 00a0 a96f ba42 .....'.......o.B
0x0050: 5d41 4aaa f435 2b76 d7c4 f300 0000 0200 ]AJ..5+v........
0x0060: 0000 0000 0000 0008 0000 0000 00 .............
09:52:52.514691 IP (tos 0x0, ttl 64, id 1199, offset 0, flags [DF], proto TCP (6), length 52)
172.16.100.31.11100 > 172.16.100.39.42462: Flags [.], cksum 0xb44d (correct), ack 708539841, win 235, options [nop,nop,TS val 2793905583 ecr 1214784086], length 0
0x0000: d027 88cf e15b d027 88cf e14b 0800 4500 .'...[.'...K..E.
0x0010: 0034 04af 4000 4006 15ae ac10 641f ac10 .4..@.@.....d...
0x0020: 6427 2b5c a5de 5bd3 251d 2a3b 75c1 8010 d'+\..[.%.*;u...
0x0030: 00eb b44d 0000 0101 080a a687 9daf 4868 ...M..........Hh
0x0040: 2256 "V
09:52:52.514814 IP (tos 0x0, ttl 64, id 1200, offset 0, flags [DF], proto TCP (6), length 191)
172.16.100.31.11100 > 172.16.100.39.42462: Flags [P.], cksum 0xae78 (correct), seq 1540564253:1540564392, ack 708539841, win 235, options [nop,nop,TS val 2793905583 ecr 1214784086], length 139
0x0000: d027 88cf e15b d027 88cf e14b 0800 4500 .'...[.'...K..E.
0x0010: 00bf 04b0 4000 4006 1522 ac10 641f ac10 ....@.@.."..d...
0x0020: 6427 2b5c a5de 5bd3 251d 2a3b 75c1 8018 d'+\..[.%.*;u...
0x0030: 00eb ae78 0000 0101 080a a687 9daf 4868 ...x..........Hh
0x0040: 2256 2900 0000 8600 0000 1e00 a0a9 6fba "V)...........o.
0x0050: 425d 414a aaf4 352b 76d7 c4f3 0000 0002 B]AJ..5+v.......
0x0060: 0000 0000 0000 0000 0800 0000 0001 0000 ................
0x0070: 0002 0030 0000 000b 0000 0000 0100 0000 ...0............
0x0080: 4c00 7b00 3800 6500 3900 3900 3700 6400 L.{.8.e.9.9.7.d.
0x0090: 3800 3400 2d00 6500 6200 6200 3900 2d00 8.4.-.e.b.b.9.-.
0x00a0: 3400 3300 3000 6600 2d00 3800 6600 3700 4.3.0.f.-.8.f.7.
0x00b0: 3200 2d00 6400 3400 3500 6400 3900 3800 2.-.d.4.5.d.9.8.
0x00c0: 3200 3100 3900 3600 3300 6400 7d 2.1.9.6.3.d.}
9.
sudo -tcpdump -lvnnSXX -c 4 -l | tee out.log „((src host 172.16.100.31 & dst host 172.16.100.88) || (src host 172.16.100.88 & dst host 172.16.100.31)) & (tcp[tcpflags] & (tcp-psh || tcp-psh,ack) != 0) & (tcp and portrange 30000-65000)“
09:59:48.336209 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.21 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6415 0000 0000 0000 ........d.......
0x0030: 0000 0000 0000 0000 0000 0000 ............
09:59:48.368191 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.34 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6422 0000 0000 0000 ........d"......
0x0030: 0000 0000 0000 0000 0000 0000 ............
09:59:48.368201 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.22 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6416 0000 0000 0000 ........d.......
0x0030: 0000 0000 0000 0000 0000 0000 ............
09:59:48.368203 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.33 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6421 0000 0000 0000 ........d!......
0x0030: 0000 0000 0000 0000 0000 0000 ............
09:59:48.368204 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.35 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6423 0000 0000 0000 ........d#......
0x0030: 0000 0000 0000 0000 0000 0000 ............
09:59:48.368206 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.24 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6418 0000 0000 0000 ........d.......
0x0030: 0000 0000 0000 0000 0000 0000 ............
09:59:48.400207 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.23 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6417 0000 0000 0000 ........d.......
0x0030: 0000 0000 0000 0000 0000 0000 ............
09:59:48.652193 IP (tos 0x0, ttl 64, id 50084, offset 0, flags [DF], proto TCP (6), length 62)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [P.], cksum 0x8c0f (correct), seq 708560291:708560301, ack 1544499826, win 4161, options [nop,nop,TS val 1215200227 ecr 2794320723], length 10
0x0000: d027 88cf e14b d027 88cf e15b 0800 4500 .'...K.'...[..E.
0x0010: 003e c3a4 4000 4006 56ae ac10 6427 ac10 .>..@.@.V...d'..
0x0020: 641f a5de 2b5c 2a3b c5a3 5c0f 3272 8018 d...+\*;..\.2r..
0x0030: 1041 8c0f 0000 0101 080a 486e 7be3 a68d .A........Hn{...
0x0040: f353 0301 0000 0000 05a0 0384 .S..........
09:59:48.652297 IP (tos 0x0, ttl 64, id 50085, offset 0, flags [DF], proto TCP (6), length 53)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [P.], cksum 0x6f33 (correct), seq 708560301:708560302, ack 1544499826, win 4161, options [nop,nop,TS val 1215200227 ecr 2794320723], length 1
0x0000: d027 88cf e14b d027 88cf e15b 0800 4500 .'...K.'...[..E.
0x0010: 0035 c3a5 4000 4006 56b6 ac10 6427 ac10 .5..@.@.V...d'..
0x0020: 641f a5de 2b5c 2a3b c5ad 5c0f 3272 8018 d...+\*;..\.2r..
0x0030: 1041 6f33 0000 0101 080a 486e 7be3 a68d .Ao3......Hn{...
0x0040: f353 29 .S)
09:59:48.652320 IP (tos 0x0, ttl 64, id 50086, offset 0, flags [DF], proto TCP (6), length 56)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [P.], cksum 0x9808 (correct), seq 708560302:708560306, ack 1544499826, win 4161, options [nop,nop,TS val 1215200227 ecr 2794320723], length 4
0x0000: d027 88cf e14b d027 88cf e15b 0800 4500 .'...K.'...[..E.
0x0010: 0038 c3a6 4000 4006 56b2 ac10 6427 ac10 .8..@.@.V...d'..
0x0020: 641f a5de 2b5c 2a3b c5ae 5c0f 3272 8018 d...+\*;..\.2r..
0x0030: 1041 9808 0000 0101 080a 486e 7be3 a68d .A........Hn{...
0x0040: f353 0000 0027 .S...'
10.
sudo -tcpdump -lvnnSXX -c 4 -l | tee out.log ((src host 172.16.100.31 & dst host 172.16.100.86) || (src host 172.16.100.86 & dst host 17clear2.16.100.31)) & (src port any and ip proto \udp and ip proto \dsn) & (udp and portrange 10000-65535)
10:12:10.278756 STP 802.1d, Config, Flags [none], bridge-id 8070.00:22:91:ce:85:80.8024, length 43
message-age 6.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
root-id 8000.00:0a:04:ce:56:c0, root-pathcost 33
0x0000: 0180 c200 0000 0022 91ce 85a4 0026 4242 .......".....&BB
0x0010: 0300 0000 0000 8000 000a 04ce 56c0 0000 ............V...
0x0020: 0021 8070 0022 91ce 8580 8024 0600 1400 .!.p.".....$....
0x0030: 0200 0f00 0000 0000 0000 0000 ............
10:12:10.740453 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.21 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6415 0000 0000 0000 ........d.......
0x0030: 0000 0000 0000 0000 0000 0000 ............
10:12:10.772455 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.22 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6416 0000 0000 0000 ........d.......
0x0030: 0000 0000 0000 0000 0000 0000 ............
10:12:10.772463 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.35 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6423 0000 0000 0000 ........d#......
0x0030: 0000 0000 0000 0000 0000 0000 ............
10:12:10.772464 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.34 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6422 0000 0000 0000 ........d"......
0x0030: 0000 0000 0000 0000 0000 0000 ............
10:12:10.776455 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.24 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6418 0000 0000 0000 ........d.......
0x0030: 0000 0000 0000 0000 0000 0000 ............
10:12:10.776464 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.33 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6421 0000 0000 0000 ........d!......
0x0030: 0000 0000 0000 0000 0000 0000 ............
10:12:10.808452 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.23 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6417 0000 0000 0000 ........d.......
0x0030: 0000 0000 0000 0000 0000 0000 ............
10:12:10.884964 IP (tos 0x0, ttl 64, id 55118, offset 0, flags [DF], proto TCP (6), length 62)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [P.], cksum 0xf1ac (correct), seq 708596789:708596799, ack 1552062199, win 4161, options [nop,nop,TS val 1215942468 ecr 2795062963], length 10
0x0000: d027 88cf e14b d027 88cf e15b 0800 4500 .'...K.'...[..E.
0x0010: 003e d74e 4000 4006 4304 ac10 6427 ac10 .>.N@.@.C...d'..
0x0020: 641f a5de 2b5c 2a3c 5435 5c82 96f7 8018 d...+\*<T5\.....
0x0030: 1041 f1ac 0000 0101 080a 4879 cf44 a699 .A........Hy.D..
0x0040: 46b3 0301 0000 0000 05a0 0384 F...........
10:12:10.885035 IP (tos 0x0, ttl 64, id 55119, offset 0, flags [DF], proto TCP (6), length 53)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [P.], cksum 0xd4d0 (correct), seq 708596799:708596800, ack 1552062199, win 4161, options [nop,nop,TS val 1215942468 ecr 2795062963], length 1
0x0000: d027 88cf e14b d027 88cf e15b 0800 4500 .'...K.'...[..E.
0x0010: 0035 d74f 4000 4006 430c ac10 6427 ac10 .5.O@.@.C...d'..
0x0020: 641f a5de 2b5c 2a3c 543f 5c82 96f7 8018 d...+\*<T?\.....
0x0030: 1041 d4d0 0000 0101 080a 4879 cf44 a699 .A........Hy.D..
0x0040: 46b3 29 F.)
v2
10:17:43.540730 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.21 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6415 0000 0000 0000 ........d.......
0x0030: 0000 0000 0000 0000 0000 0000 ............
10:17:43.576704 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.34 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6422 0000 0000 0000 ........d"......
0x0030: 0000 0000 0000 0000 0000 0000 ............
10:17:43.576714 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.33 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6421 0000 0000 0000 ........d!......
0x0030: 0000 0000 0000 0000 0000 0000 ............
10:17:43.576716 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.35 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6423 0000 0000 0000 ........d#......
0x0030: 0000 0000 0000 0000 0000 0000 ............
10:17:43.576717 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.22 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6416 0000 0000 0000 ........d.......
0x0030: 0000 0000 0000 0000 0000 0000 ............
10:17:43.576719 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.24 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6418 0000 0000 0000 ........d.......
0x0030: 0000 0000 0000 0000 0000 0000 ............
10:17:43.604669 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.23 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6417 0000 0000 0000 ........d.......
0x0030: 0000 0000 0000 0000 0000 0000 ............
10:17:44.006061 IP (tos 0x0, ttl 64, id 57793, offset 0, flags [DF], proto TCP (6), length 62)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [P.], cksum 0xd295 (correct), seq 708613411:708613421, ack 1556826674, win 4161, options [nop,nop,TS val 1216275596 ecr 2795396102], length 10
0x0000: d027 88cf e14b d027 88cf e15b 0800 4500 .'...K.'...[..E.
0x0010: 003e e1c1 4000 4006 3891 ac10 6427 ac10 .>..@.@.8...d'..
0x0020: 641f a5de 2b5c 2a3c 9523 5ccb 4a32 8018 d...+\*<.#\.J2..
0x0030: 1041 d295 0000 0101 080a 487e e48c a69e .A........H~....
0x0040: 5c06 0301 0000 0000 05a0 0384 \...........
10:17:44.006126 IP (tos 0x0, ttl 64, id 57794, offset 0, flags [DF], proto TCP (6), length 96)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [P.], cksum 0xb895 (correct), seq 708613421:708613465, ack 1556826674, win 4161, options [nop,nop,TS val 1216275596 ecr 2795396102], length 44
0x0000: d027 88cf e14b d027 88cf e15b 0800 4500 .'...K.'...[..E.
0x0010: 0060 e1c2 4000 4006 386e ac10 6427 ac10 .`..@.@.8n..d'..
0x0020: 641f a5de 2b5c 2a3c 952d 5ccb 4a32 8018 d...+\*<.-\.J2..
0x0030: 1041 b895 0000 0101 080a 487e e48c a69e .A........H~....
0x0040: 5c06 2900 0000 2700 0000 1e00 a0a9 6fba \.)...'.......o.
0x0050: 425d 414a aaf4 352b 76d7 c4f3 0000 0002 B]AJ..5+v.......
0x0060: 0000 0000 0000 0000 0800 0000 0000 ..............
10:17:44.006189 IP (tos 0x0, ttl 64, id 16023, offset 0, flags [DF], proto TCP (6), length 52)
172.16.100.31.11100 > 172.16.100.39.42462: Flags [.], cksum 0xea11 (correct), ack 708613465, win 235, options [nop,nop,TS val 2795397089 ecr 1216275596], length 0
0x0000: d027 88cf e15b d027 88cf e14b 0800 4500 .'...[.'...K..E.
0x0010: 0034 3e97 4000 4006 dbc5 ac10 641f ac10 .4>.@.@.....d...
0x0020: 6427 2b5c a5de 5ccb 4a32 2a3c 9559 8010 d'+\..\.J2*<.Y..
0x0030: 00eb ea11 0000 0101 080a a69e 5fe1 487e ............_.H~
0x0040: e48c ..
11.
sudo -tcpdump -lvvnnSXX -c 2 -l | tee out.log ((src host 172.16.100.31 & dst host 172.16.100.88) || (src host 172.16.100.88 & dst host 172.16.100.31)) & (src port < 1024 and ip proto \tcp)
10:25:01.162676 IP (tos 0x0, ttl 64, id 61292, offset 0, flags [DF], proto TCP (6), length 62)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [P.], cksum 0xe023 (correct), seq 708635249:708635259, ack 1562218415, win 4161, options [nop,nop,TS val 1216712758 ecr 2795833251], length 10
0x0000: d027 88cf e14b d027 88cf e15b 0800 4500 .'...K.'...[..E.
0x0010: 003e ef6c 4000 4006 2ae6 ac10 6427 ac10 .>.l@.@.*...d'..
0x0020: 641f a5de 2b5c 2a3c ea71 5d1d 8faf 8018 d...+\*<.q].....
0x0030: 1041 e023 0000 0101 080a 4885 9036 a6a5 .A.#......H..6..
0x0040: 07a3 0301 0000 0000 05a0 0384 ............
10:25:01.162834 IP (tos 0x0, ttl 64, id 61293, offset 0, flags [DF], proto TCP (6), length 53)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [P.], cksum 0xc347 (correct), seq 708635259:708635260, ack 1562218415, win 4161, options [nop,nop,TS val 1216712758 ecr 2795833251], length 1
0x0000: d027 88cf e14b d027 88cf e15b 0800 4500 .'...K.'...[..E.
0x0010: 0035 ef6d 4000 4006 2aee ac10 6427 ac10 .5.m@.@.*...d'..
0x0020: 641f a5de 2b5c 2a3c ea7b 5d1d 8faf 8018 d...+\*<.{].....
0x0030: 1041 c347 0000 0101 080a 4885 9036 a6a5 .A.G......H..6..
0x0040: 07a3 29 ..)
12.
sudo -tcpdump -lvvnnSXX -c 2 -l | tee out.log ((src host 172.16.100.31 & dst host 172.16.100.88) || (src host 172.16.100.88 & dst host 172.16.100.31)) & (src port > 1024 and (ip proto \tcp || ip proto \udp))
10:29:20.915446 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.34 tell 172.16.100.39, length 46 0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[.... 0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d' 0x0020: 0000 0000 0000 ac10 6422 0000 0000 0000 ........d"...... 0x0030: 0000 0000 0000 0000 0000 0000 ............ 10:29:20.915461 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.35 tell 172.16.100.39, length 46 0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[.... 0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d' 0x0020: 0000 0000 0000 ac10 6423 0000 0000 0000 ........d#...... 0x0030: 0000 0000 0000 0000 0000 0000 ............
13.
sudo -tcpdump -lvvnnSXX -c 2 -l | tee out.log ((src host 172.16.100.21 and dst host 172.16.100.88) or (src host 172.16.100.88 and dst host 172.16.100.21)) and (ip proto \udp) and (greater 50 and less 100)
10:33:24.273812 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.32 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6420 0000 0000 0000 ........d.......
0x0030: 0000 0000 0000 0000 0000 0000 ............
10:33:24.336387 IP (tos 0x0, ttl 64, id 64830, offset 0, flags [DF], proto TCP (6), length 62)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [P.], cksum 0x581a (correct), seq 708660055:708660065, ack 1567316828, win 4161, options [nop,nop,TS val 1217215939 ecr 2796336431], length 10
0x0000: d027 88cf e14b d027 88cf e15b 0800 4500 .'...K.'...[..E.
0x0010: 003e fd3e 4000 4006 1d14 ac10 6427 ac10 .>.>@.@.....d'..
0x0020: 641f a5de 2b5c 2a3d 4b57 5d6b 5b5c 8018 d...+\*=KW]k[\..
0x0030: 1041 581a 0000 0101 080a 488d 3dc3 a6ac .AX.......H.=...
0x0040: b52f 0301 0000 0000 05a0 0384 ./..........
10:33:24.336480 IP (tos 0x0, ttl 64, id 64831, offset 0, flags [DF], proto TCP (6), length 53)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [P.], cksum 0x3b3d (correct), seq 708660065:708660066, ack 1567316828, win 4161, options [nop,nop,TS val 1217215940 ecr 2796336431], length 1
0x0000: d027 88cf e14b d027 88cf e15b 0800 4500 .'...K.'...[..E.
0x0010: 0035 fd3f 4000 4006 1d1c ac10 6427 ac10 .5.?@.@.....d'..
0x0020: 641f a5de 2b5c 2a3d 4b61 5d6b 5b5c 8018 d...+\*=Ka]k[\..
0x0030: 1041 3b3d 0000 0101 080a 488d 3dc4 a6ac .A;=......H.=...
0x0040: b52f 29 ./)
10:33:24.336489 IP (tos 0x0, ttl 64, id 64832, offset 0, flags [DF], proto TCP (6), length 56)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [P.], cksum 0x6412 (correct), seq 708660066:708660070, ack 1567316828, win 4161, options [nop,nop,TS val 1217215940 ecr 2796336431], length 4
0x0000: d027 88cf e14b d027 88cf e15b 0800 4500 .'...K.'...[..E.
0x0010: 0038 fd40 4000 4006 1d18 ac10 6427 ac10 .8.@@.@.....d'..
0x0020: 641f a5de 2b5c 2a3d 4b62 5d6b 5b5c 8018 d...+\*=Kb]k[\..
0x0030: 1041 6412 0000 0101 080a 488d 3dc4 a6ac .Ad.......H.=...
0x0040: b52f 0000 0027 ./...'
10:33:24.336539 IP (tos 0x0, ttl 64, id 25558, offset 0, flags [DF], proto TCP (6), length 52)
172.16.100.31.11100 > 172.16.100.39.42462: Flags [.], cksum 0x6fb0 (correct), seq 1567316828, ack 708660070, win 235, options [nop,nop,TS val 2796337431 ecr 1217215939], length 0
0x0000: d027 88cf e15b d027 88cf e14b 0800 4500 .'...[.'...K..E.
0x0010: 0034 63d6 4000 4006 b686 ac10 641f ac10 .4c.@.@.....d...
0x0020: 6427 2b5c a5de 5d6b 5b5c 2a3d 4b66 8010 d'+\..]k[\*=Kf..
0x0030: 00eb 6fb0 0000 0101 080a a6ac b917 488d ..o...........H.
0x0040: 3dc3 =.
10:33:24.336594 IP (tos 0x0, ttl 64, id 64833, offset 0, flags [DF], proto TCP (6), length 91)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [P.], cksum 0x6b3c (correct), seq 708660070:708660109, ack 1567316828, win 4161, options [nop,nop,TS val 1217215940 ecr 2796336431], length 39
0x0000: d027 88cf e14b d027 88cf e15b 0800 4500 .'...K.'...[..E.
0x0010: 005b fd41 4000 4006 1cf4 ac10 6427 ac10 .[.A@.@.....d'..
0x0020: 641f a5de 2b5c 2a3d 4b66 5d6b 5b5c 8018 d...+\*=Kf]k[\..
0x0030: 1041 6b3c 0000 0101 080a 488d 3dc4 a6ac .Ak<......H.=...
0x0040: b52f 0000 001e 00a0 a96f ba42 5d41 4aaa ./.......o.B]AJ.
0x0050: f435 2b76 d7c4 f300 0000 0200 0000 0000 .5+v............
0x0060: 0000 0008 0000 0000 00 .........
10:33:24.336722 IP (tos 0x0, ttl 64, id 25559, offset 0, flags [DF], proto TCP (6), length 191)
172.16.100.31.11100 > 172.16.100.39.42462: Flags [P.], cksum 0x69b3 (correct), seq 1567316828:1567316967, ack 708660109, win 235, options [nop,nop,TS val 2796337431 ecr 1217215940], length 139
0x0000: d027 88cf e15b d027 88cf e14b 0800 4500 .'...[.'...K..E.
0x0010: 00bf 63d7 4000 4006 b5fa ac10 641f ac10 ..c.@.@.....d...
0x0020: 6427 2b5c a5de 5d6b 5b5c 2a3d 4b8d 8018 d'+\..]k[\*=K...
0x0030: 00eb 69b3 0000 0101 080a a6ac b917 488d ..i...........H.
0x0040: 3dc4 2900 0000 8600 0000 1e00 a0a9 6fba =.)...........o.
0x0050: 425d 414a aaf4 352b 76d7 c4f3 0000 0002 B]AJ..5+v.......
0x0060: 0000 0000 0000 0000 0800 0000 0001 0000 ................
0x0070: 0002 0030 0000 000b 0000 0000 0100 0000 ...0............
0x0080: 4c00 7b00 3800 6500 3900 3900 3700 6400 L.{.8.e.9.9.7.d.
0x0090: 3800 3400 2d00 6500 6200 6200 3900 2d00 8.4.-.e.b.b.9.-.
0x00a0: 3400 3300 3000 6600 2d00 3800 6600 3700 4.3.0.f.-.8.f.7.
0x00b0: 3200 2d00 6400 3400 3500 6400 3900 3800 2.-.d.4.5.d.9.8.
0x00c0: 3200 3100 3900 3600 3300 6400 7d 2.1.9.6.3.d.}
10:33:24.337039 IP (tos 0x0, ttl 64, id 64834, offset 0, flags [DF], proto TCP (6), length 52)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [.], cksum 0x5fa7 (correct), seq 708660109, ack 1567316967, win 4161, options [nop,nop,TS val 1217215940 ecr 2796337431], length 0
0x0000: d027 88cf e14b d027 88cf e15b 0800 4500 .'...K.'...[..E.
0x0010: 0034 fd42 4000 4006 1d1a ac10 6427 ac10 .4.B@.@.....d'..
0x0020: 641f a5de 2b5c 2a3d 4b8d 5d6b 5be7 8010 d...+\*=K.]k[...
0x0030: 1041 5fa7 0000 0101 080a 488d 3dc4 a6ac .A_.......H.=...
0x0040: b917 ..
10:33:24.389905 IP (tos 0x0, ttl 64, id 25560, offset 0, flags [DF], proto TCP (6), length 1382)
172.16.100.31.11100 > 172.16.100.39.42462: Flags [P.], cksum 0x2614 (correct), seq 1567316967:1567318297, ack 708660109, win 235, options [nop,nop,TS val 2796337484 ecr 1217215940], length 1330
0x0000: d027 88cf e15b d027 88cf e14b 0800 4500 .'...[.'...K..E.
0x0010: 0566 63d8 4000 4006 b152 ac10 641f ac10 .fc.@.@..R..d...
0x0020: 6427 2b5c a5de 5d6b 5be7 2a3d 4b8d 8018 d'+\..]k[.*=K...
0x0030: 00eb 2614 0000 0101 080a a6ac b94c 488d ..&..........LH.
0x0040: 3dc4 0021 0003 0260 029a 0260 0006 0000 =..!...`...`....
0x0050: 0010 0000 0064 c23d 5a09 e9bf f328 4268 .....d.=Z....(Bh
0x0060: 1128 cda2 0c24 ede4 30b4 e11f 0790 838e .(...$..0.......
0x0070: 0360 d386 671c 0052 7509 08e0 19e9 5080 .`..g..Ru.....P.
0x0080: 1a80 4c83 463f 400d 1c32 c7af f08d 3fb1 ..L.F?@..2....?.
0x0090: 4047 c979 a0a3 e422 9051 72d0 3800 99a3 @G.y...".Qr.8...
0x00a0: dc64 8e52 e31d 65c6 3d4a 4678 1480 1b3c .d.R..e.=JFx...<
0x00b0: dec4 4a0a 0700 0000 ffff 00e0 02a0 03e0 ..J.............
0x00c0: 0016 0000 0010 0000 0251 e49a 4d6e c230 .........Q..Mn.0
0x00d0: 1085 1dc5 4d43 a015 8b2e faa7 90b4 62d1 ....MC........b.
0x00e0: 1d5c a09c ad12 07e3 483d 423d 33cf ce38 .\......H=B=3..8
0x00f0: c449 250a 126a 54e9 d98e 1a46 0681 bff7 .I%..jT....F....
0x0100: e6df ba00 77c5 fe49 468b 62ff 2ca3 79b1 ....w..IF.b.,.y.
0x0110: 7f09 a342 1b01 362c df28 1f20 5ea4 3fab ...B..6,.(..^.?.
0x0120: fedd 7b00 dd5a e571 df86 579e 750e 40a8 ..{..Z.q..W.u.@.
0x0130: 2b0f f86f af9a fc17 2207 c3f4 1fcd bf99 +..o....".......
0x0140: edc3 9ce8 9f00 38a2 7f62 7d4d fff1 7c23 ......8..b}M..|#
0x0150: 7345 ff3c ef68 7f68 aee9 7faa faab 22ff sE.<.h.h......".
0x0160: 5c36 2dd0 3f73 b9a2 7fb6 5634 fd0b b71b \6-.?s....V4....
0x0170: e3e9 9f86 9afe 373c eae8 ffd0 cd89 fe73 ......7<.......s
0x0180: a3ee fbb7 45d1 3f59 2b11 fd4f 5c67 227f ....E.?Y+..O\g".
0x0190: 8e46 890a 5a61 7ead c4fe 1c8d bae3 b811 .F..Za~.........
0x01a0: ca60 a503 2a34 2bbd d6c2 fea9 b2ff 98fc .`..*4+.........
0x01b0: 6136 5be8 02fa 00f3 d996 c019 ad35 3453 a6[..........54S
0x01c0: 7a9b c09a 3391 ffa4 457f 22d6 f8df 4dbb z...3...E."...M.
0x01d0: a673 093d 01ba 25dd d143 9c36 4157 740e .s.=..%..C.6AWt.
0x01e0: bafd 051d 09fb 73b4 ebd8 9fa3 5dc7 feef ......s.....]...
0x01f0: 607f 8e76 1dd8 7cc8 7cbd 157d e368 9714 `..v..|.|..}.h..
0x0200: ec5f 7bf6 4fec b601 e343 77d0 26d2 92cf ._{.O....Cw.&...
0x0210: 5bc4 fe53 6547 498d 3ec4 3d0a fb73 f4bb [..SeGI.>.=..s..
0x0220: 9157 24c6 4fea abb0 7f14 0dab b219 a196 .W$.O...........
0x0230: cb71 2d4b 39ef b9fd 18b7 2a4c 8afd 6bb0 .q-K9.....*L..k.
0x0240: 7f8b de1b e8ba 45cf 4da7 c2fe 75a2 f706 ......E.M...u...
0x0250: 6553 82d6 5297 4723 ec5f 37c2 fe59 23ec eS..R.G#._7..Y#.
0x0260: 4f89 1a77 7934 f560 7e3a b2e3 67e9 dd09 O..wy4.`~:..g...
0x0270: 9fed d3f2 d7a3 6ba2 f7c7 a0f7 c7a0 f7c7 ......k.........
0x0280: a0f7 c780 f9e5 8bd0 297a 7ffa 8f47 d916 ........)z...G..
0x0290: 29b9 454a 6e91 925b b0bf 05fb af52 29f9 ).EJn..[.....R).
0x02a0: f136 0fb2 ff0a bd43 0d7a 871a f40e d5e8 .6.....C.z......
0x02b0: 1dca d033 e4f5 33d1 3be4 c17a 16d3 bee6 ...3..3.;..z....
0x02c0: fcfb 895b 9e8a fb2e 40a5 f13e 06fe 59fa ...[....@..>..Y.
0x02d0: 56f5 e58e 1b83 6600 1dc7 adaf 5768 33f2 V.....f.....Wh3.
0x02e0: 022c 2ff5 bc80 dc2f 6a2f 4016 7b5e 4058 .,/..../j/@.{^@X
0x02f0: ec79 01d6 1552 0d3a 015c 50f7 553c 1adc .y...R.:.\P.U<..
0x0300: 9708 eecb 5470 7fe1 6bc8 0298 cb46 0958 ....Tp..k....F.X
0x0310: 9f3c b9b0 05f0 0300 00ff ff00 e002 b602 .<..............
0x0320: c000 1c00 0000 1000 0002 49cc 9bc1 72d3 ..........I...r.
0x0330: 3010 8665 23d7 ee0c 302e e460 663c f22e 0..e#...0..`f<..
0x0340: 2187 9e68 2ed0 4347 9a1c fb00 3c01 efc1 !..h..CG....<...
0x0350: f490 f202 bc1f cfc2 bf2b d904 276a b924 .........+..'j.$
0x0360: e94e 269f 6529 b254 8db5 ff4a eacf 59f8 .N&.e).T...J..Y.
0x0370: 36c6 6eb3 60c7 56db 0f08 d49e 4b68 a8f6 6.n.`.V.....Kh..
0x0380: 3812 5390 445d 5339 4dd9 bdef ddfc 8be3 8.S.D]S9M.......
0x0390: 64e6 1f5b 3d96 68ed d462 61cc 7857 6d17 d..[=.h..ba.xWm.
0x03a0: b32b 0486 f5d6 bdb0 cb27 9647 bae4 da9b .+.......'.G....
0x03b0: 91f8 fcf0 4874 83bf 17ff 0d57 a0c2 72a2 ....Ht.....W..r.
0x03c0: 4b2c 9a98 0fa2 7cdf c3bd 51aa 940e 3de9 K,....|...Q...=.
0x03d0: f896 ede6 dca5 4673 be83 b877 3e1e 4e14 ......Fs...w>.N.
0x03e0: 191a 1912 6946 c73d a3bc 4a91 67f5 c711 ....iF.=..J.g...
0x03f0: ed89 d174 a941 b2e5 32d1 795f 0c4b 95d8 ...t.A..2.y_.K..
0x0400: 25ad 9496 e0cf 023a ecd6 2ac1 5b78 6221 %......:..*.[xb!
0x0410: 1518 52c7 3e78 376e 3db4 e64c e399 eb66 ..R.>x7n=..L...f
0x0420: 2781 8a2e 0326 9ac4 ceb3 c1a7 6958 4f24 '....&......iXO$
0x0430: 829f 42e4 ed98 4ed4 fcbe c7a8 d6ff b7f7 ..B...N.........
0x0440: 7544 cb8f 6660 eb36 46c6 e535 7f57 2ef8 uD..f`.6F..5.W..
0x0450: 9b77 86d6 7679 8fb6 df5d db95 9056 f67a .w..vy...]...V.z
0x0460: c301 6acb ae37 0c5d cd96 27a2 7ce0 c16d ..j..7.]..'.|..m
0x0470: 2855 4a07 1e74 0acb 7413 915a d0a0 04f2 (UJ..t..t..Z....
0x0480: 2fb2 9de8 a178 bd69 eff0 f6dd e87d c6ab /....x.i.....}..
0x0490: a80c 8950 bbf2 3b50 eaa9 396e 159e d346 ...P..;P..9n...F
0x04a0: 0df5 4be5 ce57 75da 5f54 f12c 45e7 8c7b ..K..Wu._T.,E..{
0x04b0: 2fc5 c302 979a dc91 6871 6be4 7d92 6b7f /.......hqk.}.k.
0x04c0: a5e0 6e56 2d1a 2e66 44c5 146f 5fec ed1f ..nV-..fD..o_...
0x04d0: e5ee 4711 3713 9b49 0a8a 302c f5a7 6fb4 ..G.7..I..0,..o.
0x04e0: 79f6 e1a3 febb ebef fc01 b6f8 fd2f a188 y............/..
0x04f0: f9b3 3343 8789 53ce 1836 208d 0cc6 2911 ..3C..S..6....).
0x0500: 9c4c f435 0216 e37b 4ad5 d2de 834e 63f9 .L.5...{J....Nc.
0x0510: 77d1 bd75 56a6 086e 59d7 a3d0 9f45 85b0 w..uV..nY....E..
0x0520: a7a0 c25e 9608 177d 69af 747d c1ca d202 ...^...}i.t}....
0x0530: e697 c686 9610 6eb6 56a2 4162 b205 ca07 ......n.V.Ab....
0x0540: 1786 e240 fd27 b5ec 6961 9d47 cdab c42a ...@.'..ia.G...*
0x0550: f112 b3aa 9cb6 bfd2 cd55 329c 1884 f237 .........U2....7
0x0560: 1052 b143 8fe0 d3c7 2aa3 9dc3 4d9a 3f00 .R.C....*...M.?.
0x0570: 0000 ffff ....
10:33:24.390612 IP (tos 0x0, ttl 64, id 64835, offset 0, flags [DF], proto TCP (6), length 52)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [.], cksum 0x5a11 (correct), seq 708660109, ack 1567318297, win 4154, options [nop,nop,TS val 1217215994 ecr 2796337484], length 0
0x0000: d027 88cf e14b d027 88cf e15b 0800 4500 .'...K.'...[..E.
0x0010: 0034 fd43 4000 4006 1d19 ac10 6427 ac10 .4.C@.@.....d'..
0x0020: 641f a5de 2b5c 2a3d 4b8d 5d6b 6119 8010 d...+\*=K.]ka...
0x0030: 103a 5a11 0000 0101 080a 488d 3dfa a6ac .:Z.......H.=...
0x0040: b94c .L
V2
11:35:13.972055 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.29 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 641d 0000 0000 0000 ........d.......
0x0030: 0000 0000 0000 0000 0000 0000 ............
11:35:14.101492 STP 802.1d, Config, Flags [none], bridge-id 8070.00:22:91:ce:85:80.8023, length 43
message-age 6.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
root-id 8000.00:0a:04:ce:56:c0, root-pathcost 33
0x0000: 0180 c200 0000 0022 91ce 85a3 0026 4242 .......".....&BB
0x0010: 0300 0000 0000 8000 000a 04ce 56c0 0000 ............V...
0x0020: 0021 8070 0022 91ce 8580 8023 0600 1400 .!.p.".....#....
0x0030: 0200 0f00 0000 0000 0000 0000 ............
11:35:14.228011 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.32 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6420 0000 0000 0000 ........d.......
0x0030: 0000 0000 0000 0000 0000 0000 ............
11:35:14.484014 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.35 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6423 0000 0000 0000 ........d#......
0x0030: 0000 0000 0000 0000 0000 0000 ............
11:35:14.514163 IP (tos 0x0, ttl 64, id 17023, offset 0, flags [DF], proto TCP (6), length 53)
172.16.100.39.40512 > 172.16.100.21.11100: Flags [P.], cksum 0xee8f (correct), seq 3167944910:3167944911, ack 2074178540, win 14300, options [nop,nop,TS val 2957114506 ecr 2548523], length 1
0x0000: d027 88cf e290 d027 88cf e15b 0800 4500 .'.....'...[..E.
0x0010: 0035 427f 4000 4006 d7e6 ac10 6427 ac10 .5B.@.@.....d'..
0x0020: 6415 9e40 2b5c bcd3 00ce 7ba1 73ec 8018 d..@+\....{.s...
0x0030: 37dc ee8f 0000 0101 080a b041 fc8a 0026 7..........A...&
0x0040: e32b 29 .+)
11:35:14.514239 IP (tos 0x0, ttl 64, id 17024, offset 0, flags [DF], proto TCP (6), length 95)
172.16.100.39.40512 > 172.16.100.21.11100: Flags [P.], cksum 0x1e68 (correct), seq 3167944911:3167944954, ack 2074178540, win 14300, options [nop,nop,TS val 2957114506 ecr 2548523], length 43
0x0000: d027 88cf e290 d027 88cf e15b 0800 4500 .'.....'...[..E.
0x0010: 005f 4280 4000 4006 d7bb ac10 6427 ac10 ._B.@.@.....d'..
0x0020: 6415 9e40 2b5c bcd3 00cf 7ba1 73ec 8018 d..@+\....{.s...
0x0030: 37dc 1e68 0000 0101 080a b041 fc8a 0026 7..h.......A...&
0x0040: e32b 0000 0027 0000 001e 00a0 a96f ba42 .+...'.......o.B
0x0050: 5d41 4aaa f435 2b76 d7c4 f300 0000 0200 ]AJ..5+v........
0x0060: 0000 0000 0000 0008 0000 0000 00 .............
11:35:14.514284 IP (tos 0x0, ttl 64, id 9706, offset 0, flags [DF], proto TCP (6), length 52)
172.16.100.21.11100 > 172.16.100.39.40512: Flags [.], cksum 0x4af0 (correct), ack 3167944954, win 235, options [nop,nop,TS val 2549401 ecr 2957114506], length 0
0x0000: d027 88cf e15b d027 88cf e290 0800 4500 .'...[.'......E.
0x0010: 0034 25ea 4000 4006 f47c ac10 6415 ac10 .4%.@.@..|..d...
0x0020: 6427 2b5c 9e40 7ba1 73ec bcd3 00fa 8010 d'+\.@{.s.......
0x0030: 00eb 4af0 0000 0101 080a 0026 e699 b041 ..J........&...A
0x0040: fc8a ..
11:35:14.514408 IP (tos 0x0, ttl 64, id 9707, offset 0, flags [DF], proto TCP (6), length 191)
172.16.100.21.11100 > 172.16.100.39.40512: Flags [P.], cksum 0x451b (correct), seq 2074178540:2074178679, ack 3167944954, win 235, options [nop,nop,TS val 2549401 ecr 2957114506], length 139
0x0000: d027 88cf e15b d027 88cf e290 0800 4500 .'...[.'......E.
0x0010: 00bf 25eb 4000 4006 f3f0 ac10 6415 ac10 ..%.@.@.....d...
0x0020: 6427 2b5c 9e40 7ba1 73ec bcd3 00fa 8018 d'+\.@{.s.......
0x0030: 00eb 451b 0000 0101 080a 0026 e699 b041 ..E........&...A
0x0040: fc8a 2900 0000 8600 0000 1e00 a0a9 6fba ..)...........o.
0x0050: 425d 414a aaf4 352b 76d7 c4f3 0000 0002 B]AJ..5+v.......
0x0060: 0000 0000 0000 0000 0800 0000 0001 0000 ................
0x0070: 0002 0030 0000 000b 0000 0000 0100 0000 ...0............
0x0080: 4c00 7b00 3800 6500 3900 3900 3700 6400 L.{.8.e.9.9.7.d.
0x0090: 3800 3400 2d00 6500 6200 6200 3900 2d00 8.4.-.e.b.b.9.-.
0x00a0: 3400 3300 3000 6600 2d00 3800 6600 3700 4.3.0.f.-.8.f.7.
0x00b0: 3200 2d00 6400 3400 3500 6400 3900 3800 2.-.d.4.5.d.9.8.
0x00c0: 3200 3100 3900 3600 3300 6400 7d 2.1.9.6.3.d.}
11:35:14.514684 IP (tos 0x0, ttl 64, id 17025, offset 0, flags [DF], proto TCP (6), length 52)
172.16.100.39.40512 > 172.16.100.21.11100: Flags [.], cksum 0x1374 (correct), ack 2074178679, win 14300, options [nop,nop,TS val 2957114506 ecr 2549401], length 0
0x0000: d027 88cf e290 d027 88cf e15b 0800 4500 .'.....'...[..E.
0x0010: 0034 4281 4000 4006 d7e5 ac10 6427 ac10 .4B.@.@.....d'..
0x0020: 6415 9e40 2b5c bcd3 00fa 7ba1 7477 8010 d..@+\....{.tw..
0x0030: 37dc 1374 0000 0101 080a b041 fc8a 0026 7..t.......A...&
0x0040: e699 ..
11:35:14.580005 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.33 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6421 0000 0000 0000 ........d!......
0x0030: 0000 0000 0000 0000 0000 0000 ............
14.
sudo -tcpdump -lvvnnSXX -c 2 -l | tee out.log ((src host 172.16.100.21 and dst host 172.16.100.88) or (src host 172.16.100.88 and dst host 172.16.100.21)) and (ip proto \tcp) and (src port < 1024) and (dst port > 10000) and (less 100)
11:40:14.612968 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.33 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6421 0000 0000 0000 ........d!......
0x0030: 0000 0000 0000 0000 0000 0000 ............
11:40:14.612983 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.24 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6418 0000 0000 0000 ........d.......
0x0030: 0000 0000 0000 0000 0000 0000 ............
11:40:14.612985 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.22 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 6416 0000 0000 0000 ........d.......
0x0030: 0000 0000 0000 0000 0000 0000 ............
11:40:14.642601 IP (tos 0x0, ttl 64, id 19532, offset 0, flags [DF], proto TCP (6), length 53)
172.16.100.39.40512 > 172.16.100.21.11100: Flags [P.], cksum 0x13c2 (correct), seq 3167959950:3167959951, ack 2078664870, win 14300, options [nop,nop,TS val 2957414636 ecr 2849231], length 1
0x0000: d027 88cf e290 d027 88cf e15b 0800 4500 .'.....'...[..E.
0x0010: 0035 4c4c 4000 4006 ce19 ac10 6427 ac10 .5LL@.@.....d'..
0x0020: 6415 9e40 2b5c bcd3 3b8e 7be5 e8a6 8018 d..@+\..;.{.....
0x0030: 37dc 13c2 0000 0101 080a b046 90ec 002b 7..........F...+
0x0040: 79cf 29 y.)
11:40:14.642675 IP (tos 0x0, ttl 64, id 19533, offset 0, flags [DF], proto TCP (6), length 95)
172.16.100.39.40512 > 172.16.100.21.11100: Flags [P.], cksum 0x439a (correct), seq 3167959951:3167959994, ack 2078664870, win 14300, options [nop,nop,TS val 2957414636 ecr 2849231], length 43
0x0000: d027 88cf e290 d027 88cf e15b 0800 4500 .'.....'...[..E.
0x0010: 005f 4c4d 4000 4006 cdee ac10 6427 ac10 ._LM@.@.....d'..
0x0020: 6415 9e40 2b5c bcd3 3b8f 7be5 e8a6 8018 d..@+\..;.{.....
0x0030: 37dc 439a 0000 0101 080a b046 90ec 002b 7.C........F...+
0x0040: 79cf 0000 0027 0000 001e 00a0 a96f ba42 y....'.......o.B
0x0050: 5d41 4aaa f435 2b76 d7c4 f300 0000 0200 ]AJ..5+v........
0x0060: 0000 0000 0000 0008 0000 0000 00 .............
11:40:14.642735 IP (tos 0x0, ttl 64, id 13553, offset 0, flags [DF], proto TCP (6), length 52)
172.16.100.21.11100 > 172.16.100.39.40512: Flags [.], cksum 0x7264 (correct), ack 3167959994, win 235, options [nop,nop,TS val 2849531 ecr 2957414636], length 0
0x0000: d027 88cf e15b d027 88cf e290 0800 4500 .'...[.'......E.
0x0010: 0034 34f1 4000 4006 e575 ac10 6415 ac10 .44.@.@..u..d...
0x0020: 6427 2b5c 9e40 7be5 e8a6 bcd3 3bba 8010 d'+\.@{.....;...
0x0030: 00eb 7264 0000 0101 080a 002b 7afb b046 ..rd.......+z..F
0x0040: 90ec ..
11:40:14.642858 IP (tos 0x0, ttl 64, id 13554, offset 0, flags [DF], proto TCP (6), length 191)
172.16.100.21.11100 > 172.16.100.39.40512: Flags [P.], cksum 0x6c8f (correct), seq 2078664870:2078665009, ack 3167959994, win 235, options [nop,nop,TS val 2849531 ecr 2957414636], length 139
0x0000: d027 88cf e15b d027 88cf e290 0800 4500 .'...[.'......E.
0x0010: 00bf 34f2 4000 4006 e4e9 ac10 6415 ac10 ..4.@.@.....d...
0x0020: 6427 2b5c 9e40 7be5 e8a6 bcd3 3bba 8018 d'+\.@{.....;...
0x0030: 00eb 6c8f 0000 0101 080a 002b 7afb b046 ..l........+z..F
0x0040: 90ec 2900 0000 8600 0000 1e00 a0a9 6fba ..)...........o.
0x0050: 425d 414a aaf4 352b 76d7 c4f3 0000 0002 B]AJ..5+v.......
0x0060: 0000 0000 0000 0000 0800 0000 0001 0000 ................
0x0070: 0002 0030 0000 000b 0000 0000 0100 0000 ...0............
0x0080: 4c00 7b00 3800 6500 3900 3900 3700 6400 L.{.8.e.9.9.7.d.
0x0090: 3800 3400 2d00 6500 6200 6200 3900 2d00 8.4.-.e.b.b.9.-.
0x00a0: 3400 3300 3000 6600 2d00 3800 6600 3700 4.3.0.f.-.8.f.7.
0x00b0: 3200 2d00 6400 3400 3500 6400 3900 3800 2.-.d.4.5.d.9.8.
0x00c0: 3200 3100 3900 3600 3300 6400 7d 2.1.9.6.3.d.}
11:40:14.643094 IP (tos 0x0, ttl 64, id 19534, offset 0, flags [DF], proto TCP (6), length 52)
172.16.100.39.40512 > 172.16.100.21.11100: Flags [.], cksum 0x3ae7 (correct), ack 2078665009, win 14300, options [nop,nop,TS val 2957414637 ecr 2849531], length 0
0x0000: d027 88cf e290 d027 88cf e15b 0800 4500 .'.....'...[..E.
0x0010: 0034 4c4e 4000 4006 ce18 ac10 6427 ac10 .4LN@.@.....d'..
0x0020: 6415 9e40 2b5c bcd3 3bba 7be5 e931 8010 d..@+\..;.{..1..
0x0030: 37dc 3ae7 0000 0101 080a b046 90ed 002b 7.:........F...+
0x0040: 7afb z.
11:40:14.772950 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.28 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 .......'...[....
0x0010: 0800 0604 0001 d027 88cf e15b ac10 6427 .......'...[..d'
0x0020: 0000 0000 0000 ac10 641c 0000 0000 0000 ........d.......
0x0030: 0000 0000 0000 0000 0000 0000 ............
11:40:14.839249 STP 802.1d, Config, Flags [none], bridge-id 8070.00:22:91:ce:85:80.8023, length 43
message-age 6.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
root-id 8000.00:0a:04:ce:56:c0, root-pathcost 33
0x0000: 0180 c200 0000 0022 91ce 85a3 0026 4242 .......".....&BB
0x0010: 0300 0000 0000 8000 000a 04ce 56c0 0000 ............V...
0x0020: 0021 8070 0022 91ce 8580 8023 0600 1400 .!.p.".....#....
0x0030: 0200 0f00 0000 0000 0000 0000 ............
Соседние файлы в папке WORK_2