LABORATORY / WORK_2 / отчёт_Козырев
.pdfОтчёт к лабораторной работе №2 Работа с программным анализатором протоколов tcpdump
Группа: ИКВТ-61
Студент: Козырев А.Б.
Цель работы: Получение базовых навыков по работе с анализатором протоколов tcpdump. Изучение принципов фильтрации пакетов.
1.
2.
localhost: 172.16.100.31 broadcast: 172.16.103.255
3.
4.
6.
sudo -tcpdump -lvnnSXX -c 10 -l | tee out.log ((src host 172.16.100.31 & dst host 172.16.100.88) || (src host 172.16.100.88 & dst host 172.16.100.31)) & (tcp[tcpflags] & (tcp-psh || tcp-psh,ack) !=0)
09:39:26.703978 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.21 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 ....... |
'... |
[.... |
||
0x0010: 0800 0604 0001 d027 |
88cf e15b ac10 6427 ....... |
'...[..d' |
||
0x0020: |
0000 0000 0000 ac10 6415 0000 0000 0000 ........ |
d....... |
||
0x0030: |
0000 0000 0000 0000 |
0000 0000 ............ |
|
|
09:39:26.735923 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.35 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 ....... |
'... |
[.... |
||
0x0010: 0800 0604 0001 d027 |
88cf e15b ac10 6427 ....... |
'...[..d' |
||
0x0020: |
0000 0000 0000 ac10 6423 0000 0000 0000 ........ |
d#...... |
||
0x0030: |
0000 0000 0000 0000 |
0000 0000 ............ |
|
|
09:39:26.735946 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.34 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 ....... |
'... |
[.... |
||
0x0010: 0800 0604 0001 d027 |
88cf e15b ac10 6427 ....... |
'...[..d' |
||
0x0020: |
0000 0000 0000 ac10 6422 0000 0000 0000 ........ |
d"...... |
||
0x0030: |
0000 0000 0000 0000 |
0000 0000 ............ |
|
|
09:39:26.735988 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.24 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 ....... |
'... |
[.... |
||
0x0010: 0800 0604 0001 d027 |
88cf e15b ac10 6427 ....... |
'...[..d' |
||
0x0020: |
0000 0000 0000 ac10 6418 0000 0000 0000 ........ |
d....... |
||
0x0030: |
0000 0000 0000 0000 |
0000 0000 ............ |
|
|
09:39:26.736014 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.33 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 ....... |
'... |
[.... |
||
0x0010: 0800 0604 0001 d027 |
88cf e15b ac10 6427 ....... |
'...[..d' |
||
0x0020: |
0000 0000 0000 ac10 6421 0000 0000 0000 ........ |
d!...... |
||
0x0030: |
0000 0000 0000 0000 |
0000 0000 ............ |
|
|
09:39:26.736038 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.22 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 ....... |
'... |
[.... |
||
0x0010: 0800 0604 0001 d027 |
88cf e15b ac10 6427 ....... |
'...[..d' |
||
0x0020: |
0000 0000 0000 ac10 6416 0000 0000 0000 ........ |
d....... |
||
0x0030: |
0000 0000 0000 0000 |
0000 0000 ............ |
|
|
09:39:26.768016 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.23 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 ....... |
'... |
[.... |
||
0x0010: 0800 0604 0001 d027 |
88cf e15b ac10 6427 ....... |
'...[..d' |
||
0x0020: |
0000 0000 0000 ac10 6417 0000 0000 0000 ........ |
d....... |
||
0x0030: |
0000 0000 0000 0000 |
0000 0000 ............ |
|
|
09:39:27.115415 STP 802.1d, Config, Flags [none], bridge-id 8070.00:22:91:ce:85:80.8024, length 43 message-age 6.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
root-id 8000.00:0a:04:ce:56:c0, root-pathcost 33 |
|
|
|||||
0x0000: 0180 c200 0000 0022 91ce |
85a4 0026 |
4242 ....... |
"..... |
&BB |
|||
0x0010: 0300 |
0000 0000 |
8000 000a 04ce 56c0 |
0000 ............ |
|
V... |
||
0x0020: |
0021 |
8070 0022 |
91ce 8580 8024 0600 1400 .!.p."..... |
$.... |
|||
0x0030: |
0200 |
0f00 0000 0000 0000 |
0000 |
............ |
|
|
|
09:39:27.212371 IP (tos 0x0, ttl 64, id 41051, offset 0, flags [DF], proto TCP (6), length 53)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [P.], cksum 0xf131 (correct), seq 708499533:708499534, ack 1530520869, win 4161, options [nop,nop,TS val 1213978777 ecr 2793099335], length 1
0x0000: d027 88cf e14b d027 88cf e15b 0800 4500 .'... |
K.'... |
[..E. |
|
||
0x0010: 0035 a05b 4000 4006 7a00 ac10 6427 ac10 .5.[@.@.z... |
d'.. |
||||
0x0020: 641f a5de 2b5c 2a3a d84d 5b39 e525 8018 d... |
+\*:.M[9.%.. |
||||
0x0030: |
1041 f131 0000 0101 080a 485b d899 a67b .A.1...... |
H[... |
{ |
||
0x0040: |
5047 29 |
PG) |
|
|
|
09:39:27.212475 IP (tos 0x0, ttl 64, id 41052, offset 0, flags [DF], proto TCP (6), length 95)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [P.], cksum 0x210a (correct), seq 708499534:708499577, ack 1530520869, win 4161, options [nop,nop,TS val 1213978777 ecr 2793099335], length 43
0x0000: d027 88cf e14b d027 88cf e15b 0800 4500 .'... |
K.'... |
[..E. |
|
||
0x0010: 005f a05c 4000 4006 79d5 ac10 6427 ac10 ._.\@.@.y... |
d'.. |
||||
0x0020: 641f a5de 2b5c 2a3a d84e 5b39 e525 8018 d... |
+\*:.N[9.%.. |
||||
0x0030: 1041 |
210a 0000 0101 080a 485b d899 a67b .A!....... |
H[... |
{ |
||
0x0040: 5047 |
0000 0027 0000 |
001e 00a0 a96f ba42 PG...'....... |
o.B |
||
0x0050: 5d41 4aaa f435 2b76 d7c4 f300 0000 0200 ]AJ..5+v........ |
|
||||
0x0060: 0000 |
0000 0000 0008 |
0000 0000 00 ............. |
|
|
|
7.
sudo -tcpdump -lvnnSXX -c 2 -l | tee out.log ((src host 172.16.100.31 & dst host 172.16.100.88) || (src host 172.16.100.88 & dst host 172.16.100.31)) & (tcp[tcpflags] & tcp-rst != 0)
09:49:05.019811 IP (tos 0x0, ttl 64, id 44828, offset 0, flags [DF], proto TCP (6), length 52) 172.16.100.31.56674 > 185.5.160.177.80: Flags [.], cksum 0xf4df (correct), ack 1219812345, win 577, options
[nop,nop,TS val 3371850220 ecr 637588780], length 0
0x0000: 0013 8f13 b7f8 d027 |
88cf e14b 0800 4500 ....... |
'...K..E. |
|
0x0010: 0034 af1c 4000 4006 21c1 ac10 641f b905 .4..@.@.!...d... |
|||
0x0020: a0b1 dd62 0050 5087 a4b9 48b4 dbf9 8010 ... |
b.PP...H..... |
||
0x0030: |
0241 f4df 0000 0101 |
080a c8fa 59ec 2600 .A.......... |
Y.&. |
0x0040: |
d52c |
., |
|
09:49:05.019970 IP (tos 0x0, ttl 64, id 3445, offset 0, flags [DF], proto TCP (6), length 52)
185.5.160.177.80 > 172.16.100.31.56674: Flags [.], cksum 0x923d (correct), ack 1351066810, win 1040, options
[nop,nop,TS val 637599019 ecr 3371799232], length 0 |
|
|
|
0x0000: d027 88cf e14b 0001 02a0 a7ee 0800 4500 .'... |
K........ |
E. |
|
0x0010: 0034 0d75 |
4000 4006 c368 b905 a0b1 ac10 .4.u@.@..h...... |
||
0x0020: 641f 0050 dd62 48b4 dbf9 5087 a4ba 8010 d..P.bH...P..... |
|||
0x0030: 0410 923d |
0000 0101 080a 2600 fd2b c8f9 ... |
=...... |
&..+.. |
0x0040: 92c0 |
.. |
|
|
8.
sudo -tcpdump -lvnnSXX -c 4 -l | tee out.log ((src host 172.16.100.31 & dst host 172.16.100.88) || (src host 172.16.100.88 & dst host 172.16.100.31)) & (tcp[tcpflags] & (tcp-fin || tcp-fin,ack) != 0)
09:52:52.514530 IP (tos 0x0, ttl 64, id 47269, offset 0, flags [DF], proto TCP (6), length 53)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [P.], cksum 0x7fd4 (correct), seq 708539797:708539798, ack 1540564253, win 4161, options [nop,nop,TS val 1214784086 ecr 2793904629], length 1
0x0000: d027 88cf e14b d027 |
88cf e15b 0800 4500 .'... |
K.'...[..E. |
||
0x0010: 0035 b8a5 4000 4006 61b6 ac10 6427 ac10 .5..@.@.a...d'.. |
||||
0x0020: 641f a5de 2b5c 2a3b 7595 5bd3 251d 8018 |
d... |
+\*;u.[.%... |
||
0x0030: |
1041 7fd4 0000 0101 |
080a 4868 2256 a687 |
.A........ |
Hh"V.. |
0x0040: |
99f5 29 |
..) |
|
|
09:52:52.514652 IP (tos 0x0, ttl 64, id 47270, offset 0, flags [DF], proto TCP (6), length 95)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [P.], cksum 0xafac (correct), seq 708539798:708539841, ack 1540564253, win 4161, options [nop,nop,TS val 1214784086 ecr 2793904629], length 43
0x0000: d027 88cf e14b d027 88cf e15b 0800 4500 .'...K.'...[..E.
0x0010: 005f b8a6 |
4000 4006 618b ac10 6427 ac10 ._..@.@.a...d'.. |
|||
0x0020: 641f a5de 2b5c 2a3b 7596 5bd3 251d 8018 d... |
|
+\*;u.[.%... |
||
0x0030: 1041 afac 0000 0101 080a 4868 2256 a687 .A........ |
|
Hh"V.. |
||
0x0040: |
99f5 0000 |
0027 0000 001e 00a0 a96f ba42 ..... |
' |
.......o.B |
0x0050: |
5d41 4aaa f435 2b76 d7c4 f300 0000 0200 ]AJ..5+v........ |
|||
0x0060: 0000 0000 0000 0008 0000 0000 00 .............
09:52:52.514691 IP (tos 0x0, ttl 64, id 1199, offset 0, flags [DF], proto TCP (6), length 52)
172.16.100.31.11100 > 172.16.100.39.42462: Flags [.], cksum 0xb44d (correct), ack 708539841, win 235, options [nop,nop,TS val 2793905583 ecr 1214784086], length 0
0x0000: d027 88cf e15b d027 88cf e14b 0800 4500 .'...[.'...K..E.
0x0010: 0034 |
04af 4000 4006 15ae ac10 641f ac10 .4..@.@..... |
d... |
0x0020: 6427 |
2b5c a5de 5bd3 251d 2a3b 75c1 8010 d'+\..[.%.*;u... |
|
0x0030: 00eb b44d 0000 0101 080a a687 9daf 4868 ...M.......... |
Hh |
|
0x0040: 2256 |
"V |
|
09:52:52.514814 IP (tos 0x0, ttl 64, id 1200, offset 0, flags [DF], proto TCP (6), length 191)
172.16.100.31.11100 > 172.16.100.39.42462: Flags [P.], cksum 0xae78 (correct), seq 1540564253:1540564392, ack 708539841, win 235, options [nop,nop,TS val 2793905583 ecr 1214784086], length 139
0x0000: |
d027 88cf e15b d027 88cf e14b 0800 4500 .'... |
[.'...K..E. |
0x0010: |
00bf 04b0 4000 4006 1522 ac10 641f ac10 .... |
@.@.."..d... |
0x0020: 6427 |
2b5c a5de 5bd3 251d 2a3b 75c1 8018 d'+\..[.%.*;u... |
|||
0x0030: 00eb ae78 |
0000 0101 080a a687 9daf 4868 ...x.......... |
Hh |
||
0x0040: |
2256 |
2900 |
0000 8600 0000 1e00 a0a9 6fba "V)........... |
o. |
0x0050: |
425d |
414a aaf4 352b 76d7 c4f3 0000 0002 B]AJ..5+v....... |
|
|
0x0060: 0000 0000 0000 0000 0800 0000 0001 0000 |
................ |
||
0x0070: 0002 0030 0000 000b 0000 0000 0100 0000 |
...0............ |
||
0x0080: 4c00 |
7b00 3800 6500 3900 3900 3700 6400 L.{.8.e.9.9.7.d. |
||
0x0090: 3800 3400 2d00 6500 6200 6200 3900 2d00 8.4.-.e.b.b.9.-. |
|||
0x00a0: 3400 3300 3000 6600 2d00 3800 6600 3700 |
4.3.0.f.-.8.f.7. |
||
0x00b0: 3200 2d00 6400 3400 3500 6400 3900 3800 |
2.-.d.4.5.d.9.8. |
||
0x00c0: 3200 |
3100 3900 3600 3300 6400 7d |
2.1.9.6.3.d.} |
|
9.
sudo -tcpdump -lvnnSXX -c 4 -l | tee out.log „((src host 172.16.100.31 & dst host 172.16.100.88) || (src host 172.16.100.88 & dst host 172.16.100.31)) & (tcp[tcpflags] & (tcp-psh || tcp-psh,ack) != 0) & (tcp and portrange 30000-65000)“
09:59:48.336209 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.21 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 ....... |
'... |
[.... |
||
0x0010: 0800 0604 0001 d027 |
88cf e15b ac10 6427 ....... |
'...[..d' |
||
0x0020: |
0000 0000 0000 ac10 6415 0000 0000 0000 ........ |
d....... |
||
0x0030: |
0000 0000 0000 0000 |
0000 0000 ............ |
|
|
09:59:48.368191 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.34 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 ....... |
'... |
[.... |
||
0x0010: 0800 0604 0001 d027 |
88cf e15b ac10 6427 ....... |
'...[..d' |
||
0x0020: |
0000 0000 0000 ac10 6422 0000 0000 0000 ........ |
d"...... |
||
0x0030: |
0000 0000 0000 0000 |
0000 0000 ............ |
|
|
09:59:48.368201 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.22 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 ....... |
'... |
[.... |
||
0x0010: 0800 0604 0001 d027 |
88cf e15b ac10 6427 ....... |
'...[..d' |
||
0x0020: |
0000 0000 0000 ac10 6416 0000 0000 0000 ........ |
d....... |
||
0x0030: |
0000 0000 0000 0000 |
0000 0000 ............ |
|
|
09:59:48.368203 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.33 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 ....... |
'... |
[.... |
||
0x0010: 0800 0604 0001 d027 |
88cf e15b ac10 6427 ....... |
'...[..d' |
||
0x0020: |
0000 0000 0000 ac10 6421 0000 0000 0000 ........ |
d!...... |
||
0x0030: |
0000 0000 0000 0000 |
0000 0000 ............ |
|
|
09:59:48.368204 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.35 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 ....... |
'... |
[.... |
||
0x0010: 0800 0604 0001 d027 |
88cf e15b ac10 6427 ....... |
'...[..d' |
||
0x0020: |
0000 0000 0000 ac10 6423 0000 0000 0000 ........ |
d#...... |
||
0x0030: |
0000 0000 0000 0000 |
0000 0000 ............ |
|
|
09:59:48.368206 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.24 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 ....... |
'... |
[.... |
||
0x0010: 0800 0604 0001 d027 |
88cf e15b ac10 6427 ....... |
'...[..d' |
||
0x0020: |
0000 0000 0000 ac10 6418 0000 0000 0000 ........ |
d....... |
||
0x0030: |
0000 0000 0000 0000 |
0000 0000 ............ |
|
|
09:59:48.400207 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.23 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 ....... |
'... |
[.... |
||
0x0010: 0800 0604 0001 d027 |
88cf e15b ac10 6427 ....... |
'...[..d' |
||
0x0020: |
0000 0000 0000 ac10 6417 0000 0000 0000 ........ |
d....... |
||
0x0030: |
0000 0000 0000 0000 |
0000 0000 ............ |
|
|
09:59:48.652193 IP (tos 0x0, ttl 64, id 50084, offset 0, flags [DF], proto TCP (6), length 62)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [P.], cksum 0x8c0f (correct), seq 708560291:708560301, ack 1544499826, win 4161, options [nop,nop,TS val 1215200227 ecr 2794320723], length 10
0x0000: d027 88cf e14b d027 88cf e15b 0800 4500 .'... |
K.'...[..E. |
|
0x0010: |
003e c3a4 4000 4006 56ae ac10 6427 ac10 .>..@.@.V...d'.. |
|
0x0020: |
641f a5de 2b5c 2a3b c5a3 5c0f 3272 8018 d... |
+\*;..\.2r.. |
0x0030: |
1041 8c0f 0000 0101 080a 486e 7be3 a68d .A........ |
Hn{... |
|
0x0040: |
f353 0301 0000 0000 05a0 0384 |
.S.......... |
|
09:59:48.652297 IP (tos 0x0, ttl 64, id 50085, offset 0, flags [DF], proto TCP (6), length 53)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [P.], cksum 0x6f33 (correct), seq 708560301:708560302, ack 1544499826, win 4161, options [nop,nop,TS val 1215200227 ecr 2794320723], length 1
0x0000: d027 88cf e14b d027 88cf e15b 0800 4500 .'... |
K.'... |
[..E. |
||
0x0010: 0035 c3a5 4000 4006 56b6 ac10 6427 ac10 .5..@.@.V...d'.. |
||||
0x0020: 641f a5de 2b5c 2a3b c5ad 5c0f 3272 8018 d... |
+\*;..\.2r.. |
|||
0x0030: |
1041 6f33 0000 0101 080a 486e 7be3 a68d .Ao3...... |
Hn{... |
||
0x0040: |
f353 29 |
.S) |
|
|
09:59:48.652320 IP (tos 0x0, ttl 64, id 50086, offset 0, flags [DF], proto TCP (6), length 56)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [P.], cksum 0x9808 (correct), seq 708560302:708560306, ack 1544499826, win 4161, options [nop,nop,TS val 1215200227 ecr 2794320723], length 4
0x0000: d027 88cf e14b d027 88cf e15b 0800 4500 .'...K.'...[..E.
0x0010: |
0038 c3a6 4000 4006 56b2 ac10 6427 ac10 .8..@.@.V...d'.. |
0x0020: |
641f a5de 2b5c 2a3b c5ae 5c0f 3272 8018 d...+\*;..\.2r.. |
0x0030: |
1041 9808 0000 0101 080a 486e 7be3 a68d .A........ |
Hn{... |
|
0x0040: |
f353 0000 0027 |
.S...' |
|
10.
sudo -tcpdump -lvnnSXX -c 4 -l | tee out.log ((src host 172.16.100.31 & dst host 172.16.100.86) || (src host 172.16.100.86 & dst host 17clear2.16.100.31)) & (src port any and ip proto \udp and ip proto \dsn) & (udp and portrange 10000-65535)
10:12:10.278756 STP 802.1d, Config, Flags [none], bridge-id 8070.00:22:91:ce:85:80.8024, length 43 message-age 6.00s, max-age 20.00s, hello-time 2.00s, forwarding-delay 15.00s
root-id 8000.00:0a:04:ce:56:c0, root-pathcost 33 |
|
|
|||||
0x0000: 0180 c200 0000 0022 91ce |
85a4 0026 |
4242 ....... |
"..... |
&BB |
|||
0x0010: 0300 |
0000 0000 |
8000 000a 04ce 56c0 |
0000 ............ |
|
V... |
||
0x0020: |
0021 |
8070 0022 |
91ce 8580 8024 0600 1400 .!.p."..... |
$.... |
|||
0x0030: |
0200 |
0f00 0000 0000 0000 |
0000 |
............ |
|
|
|
10:12:10.740453 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.21 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 ....... |
'... |
[.... |
||
0x0010: 0800 0604 0001 d027 |
88cf e15b ac10 6427 ....... |
'...[..d' |
||
0x0020: |
0000 0000 0000 ac10 6415 0000 0000 0000 ........ |
d....... |
||
0x0030: |
0000 0000 0000 0000 |
0000 0000 ............ |
|
|
10:12:10.772455 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.22 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 ....... |
'... |
[.... |
||
0x0010: 0800 0604 0001 d027 |
88cf e15b ac10 6427 ....... |
'...[..d' |
||
0x0020: |
0000 0000 0000 ac10 6416 0000 0000 0000 ........ |
d....... |
||
0x0030: |
0000 0000 0000 0000 |
0000 0000 ............ |
|
|
10:12:10.772463 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.35 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 ....... |
'... |
[.... |
||
0x0010: 0800 0604 0001 d027 |
88cf e15b ac10 6427 ....... |
'...[..d' |
||
0x0020: |
0000 0000 0000 ac10 6423 0000 0000 0000 ........ |
d#...... |
||
0x0030: |
0000 0000 0000 0000 |
0000 0000 ............ |
|
|
10:12:10.772464 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.34 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 ....... |
'... |
[.... |
||
0x0010: 0800 0604 0001 d027 |
88cf e15b ac10 6427 ....... |
'...[..d' |
||
0x0020: |
0000 0000 0000 ac10 6422 0000 0000 0000 ........ |
d"...... |
||
0x0030: |
0000 0000 0000 0000 |
0000 0000 ............ |
|
|
10:12:10.776455 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.24 tell 172.16.100.39, length 46
0x0000: |
ffff ffff ffff d027 88cf e15b 0806 0001 ....... |
'... |
[.... |
0x0010: |
0800 0604 0001 d027 88cf e15b ac10 6427 ....... |
'...[..d' |
|
0x0020: |
0000 0000 0000 ac10 6418 0000 0000 0000 ........ |
d....... |
0x0030: |
0000 0000 0000 0000 0000 0000 ............ |
|
10:12:10.776464 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.33 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 ....... |
'... |
[.... |
||
0x0010: 0800 0604 0001 d027 |
88cf e15b ac10 6427 ....... |
'...[..d' |
||
0x0020: |
0000 0000 0000 ac10 6421 0000 0000 0000 ........ |
d!...... |
||
0x0030: |
0000 0000 0000 0000 |
0000 0000 ............ |
|
|
10:12:10.808452 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.23 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 ....... |
'... |
[.... |
||
0x0010: 0800 0604 0001 d027 |
88cf e15b ac10 6427 ....... |
'...[..d' |
||
0x0020: |
0000 0000 0000 ac10 6417 0000 0000 0000 ........ |
d....... |
||
0x0030: |
0000 0000 0000 0000 |
0000 0000 ............ |
|
|
10:12:10.884964 IP (tos 0x0, ttl 64, id 55118, offset 0, flags [DF], proto TCP (6), length 62)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [P.], cksum 0xf1ac (correct), seq 708596789:708596799, ack 1552062199, win 4161, options [nop,nop,TS val 1215942468 ecr 2795062963], length 10
0x0000: d027 |
88cf e14b d027 88cf e15b 0800 4500 .'... |
K.'...[..E. |
||||
0x0010: 003e d74e |
4000 4006 |
4304 ac10 6427 ac10 .>.N@.@.C...d'.. |
||||
0x0020: 641f a5de 2b5c 2a3c 5435 5c82 96f7 8018 d... |
+\*<T5\..... |
|||||
0x0030: |
1041 f1ac 0000 0101 080a 4879 cf44 a699 .A........ |
Hy.D.. |
||||
0x0040: |
46b3 |
0301 |
0000 0000 |
05a0 0384 |
F........... |
|
10:12:10.885035 IP (tos 0x0, ttl 64, id 55119, offset 0, flags [DF], proto TCP (6), length 53)
172.16.100.39.42462 > 172.16.100.31.11100: Flags [P.], cksum 0xd4d0 (correct), seq 708596799:708596800, ack 1552062199, win 4161, options [nop,nop,TS val 1215942468 ecr 2795062963], length 1
0x0000: d027 88cf e14b d027 88cf e15b 0800 4500 .'...K.'...[..E.
0x0010: |
0035 d74f 4000 4006 430c ac10 6427 ac10 .5.O@.@.C...d'.. |
0x0020: |
641f a5de 2b5c 2a3c 543f 5c82 96f7 8018 d...+\*<T?\..... |
0x0030: |
1041 d4d0 0000 0101 080a 4879 cf44 a699 .A........ |
Hy.D.. |
|
0x0040: |
46b3 29 |
F.) |
|
v2
10:17:43.540730 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.21 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 ....... |
'... |
[.... |
||
0x0010: 0800 0604 0001 d027 |
88cf e15b ac10 6427 ....... |
'...[..d' |
||
0x0020: |
0000 0000 0000 ac10 6415 0000 0000 0000 ........ |
d....... |
||
0x0030: |
0000 0000 0000 0000 |
0000 0000 ............ |
|
|
10:17:43.576704 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.34 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 ....... |
'... |
[.... |
||
0x0010: 0800 0604 0001 d027 |
88cf e15b ac10 6427 ....... |
'...[..d' |
||
0x0020: |
0000 0000 0000 ac10 6422 0000 0000 0000 ........ |
d"...... |
||
0x0030: |
0000 0000 0000 0000 |
0000 0000 ............ |
|
|
10:17:43.576714 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.33 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 ....... |
'... |
[.... |
||
0x0010: 0800 0604 0001 d027 |
88cf e15b ac10 6427 ....... |
'...[..d' |
||
0x0020: |
0000 0000 0000 ac10 6421 0000 0000 0000 ........ |
d!...... |
||
0x0030: |
0000 0000 0000 0000 |
0000 0000 ............ |
|
|
10:17:43.576716 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.35 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 ....... |
'... |
[.... |
||
0x0010: 0800 0604 0001 d027 |
88cf e15b ac10 6427 ....... |
'...[..d' |
||
0x0020: |
0000 0000 0000 ac10 6423 0000 0000 0000 ........ |
d#...... |
||
0x0030: |
0000 0000 0000 0000 |
0000 0000 ............ |
|
|
10:17:43.576717 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.22 tell 172.16.100.39, length 46
0x0000: ffff ffff ffff d027 88cf e15b 0806 0001 ....... |
'... |
[.... |
||
0x0010: 0800 0604 0001 d027 |
88cf e15b ac10 6427 ....... |
'...[..d' |
||
0x0020: |
0000 0000 0000 ac10 6416 0000 0000 0000 ........ |
d....... |
||
0x0030: |
0000 0000 0000 0000 |
0000 0000 ............ |
|
|
10:17:43.576719 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.100.24 tell 172.16.100.39, length 46
0x0000: |
ffff ffff ffff d027 88cf e15b 0806 0001 ....... |
'... |
[.... |
0x0010: |
0800 0604 0001 d027 88cf e15b ac10 6427 ....... |
'...[..d' |
|