- •Лабораторная работа №2
- •Включить сбор данных на время 3-5 минут. Во время сбора данных определять количество перехваленных пакетов и т.Д.
- •Остановить сбор данных. Просмотреть полученные пакеты. Отфильтровать результаты сбора по заданному протоколу, адресу компьютера.
- •Ip, icmp,tcp, iso,udp
- •08:42:44.631952 Arp reply computer-fbe5bf.Spu58.Ru is-at 00:03:ff:67:c8:37 (oui Unknown)
- •7 Packets captured
- •130 Packets received by filter
- •0 Packets dropped by kernel
- •12 Packets captured
- •113 Packets received by filter
- •0 Packets dropped by kernel
- •Определите количество пакетов прошедших через внутреннюю сеть, через сеть с адресом 192.168.0.0/24.
- •Отследите прохождение трафика, касающегося определенного порта 80, 135, 445, 2869,49158, 49157
- •33 Packets captured
- •4973 Packets received by filter
- •0 Packets dropped by kernel
- •Отследите количество пакетов больше и меньше заданного размера
- •17 Packets captured
- •2086 Packets received by filter
- •0 Packets dropped by kernel
- •Посмотреть трафик, входящий или исходящий на компьютер 192.168.0.70 по удаленному или локальному порту 80
- •3 Packets captured
- •276 Packets received by filter
- •0 Packets dropped by kernel
- •Преобразуйте ip адрес в физические адрес машины.
- •2 Packets captured
- •148 Packets received by filter
Пензенский государственный педагогический университет им. В. Г. Белинского
Кафедра прикладной математики и информатики
Лабораторная работа №2
-
Выполнил:
Бабаджанов Б. Ю.
Специальность:
Математическое обеспечение и администрирование информационных систем.
Группа:
МП-31.
Курс:
3
ПЕНЗА 2012
Задание на лабораторную работу.
Включить сбор данных на время 3-5 минут. Во время сбора данных определять количество перехваленных пакетов и т.Д.
D:\>windump
windump: listening on \Device\NPF_{22DF6523-34C7-457C-8A90-162A5E47CF18}
20:35:48.624817 PPPoE [ses 0xce1] IP 72.5.58.117.80 > home-3dacc3d69f.15883: .ack 464944897 win 3752
20:35:48.642036 IP6 FE80::5510:431B:E220:D7E5.546 > FF02::1:2.547: dhcp6 solicit
20:35:48.668973 IP 169.254.153.126.137 > 169.254.255.255.137: UDP, length 50
20:35:48.702498 IP 192.168.0.2.2796 > 255.255.255.255.7533: UDP, length 26
20:35:48.809175 14:d6:4d:3e:1e:71 (oui Unknown) > 01:80:c2:00:00:0e (oui Unknown), ethertype Unknown (0x88cc), length 60:
0x0000: 0207 0414 d64d 3e1e 6004 0607 312f 3137 .....M>.`...1/17
0x0010: 0006 0200 7800 00cc cccc cccc cccc cccc ....x...........
0x0020: cccc cccc cccc cccc cccc cccc cccc ..............
20:35:48.887459 IP6 FE80::4555:88B4:7F81:8217.1900 > FF02::C.1900: UDP, length 452
20:35:49.157603 arp who-has 192.168.137.234 tell 192.168.137.1
20:35:49.161764IP6FE80::65B4:F461:935F:5DF7>FF02::1:FFA7:D5B4:ICMP6,neighborsolicitation,whohasFE80::8D93:D728:6CA7:D5B4, length 32
20:35:49.414184 IP6 FE80::2821:DC40:5433:96B3.546 > FF02::1:2.547: dhcp6 solicit
20:35:49.418969 IP 169.254.153.126.137 > 169.254.255.255.137: UDP, length 5020:35:49.419188
20:35:49.420870 IP home-3dacc3d69f.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:19:cb:74:9e:61 (oui Unknown), length 548
64 packets captured
1242 packets received by filter
0 packets dropped by kernel
Остановить сбор данных. Просмотреть полученные пакеты. Отфильтровать результаты сбора по заданному протоколу, адресу компьютера.
Ip, icmp,tcp, iso,udp
89.108.65.143, 194.67.45.28, 217.16.29.50, 195.161.119.67, 213.180.204.46
D:\>windump ip
windump: listening on \Device\NPF_{22DF6523-34C7-457C-8A90-162A5E47CF18}
20:49:08.484079 IP 169.254.183.14 > igmp.mcast.net: igmp v3 report, 1 group record(s)
20:49:08.513164 IP 169.254.183.14.137 > 169.254.255.255.137: UDP, length 50
20:49:08.671938 IP 169.254.183.14.60922 > 239.255.255.250.1900: UDP, length 133
20:49:08.732464 IP 169.254.183.14.63981 > 239.255.255.250.3702: UDP, length 995
20:49:08.756319 IP 192.168.0.2.2796 > 255.255.255.255.7533: UDP, length 26
20:49:08.760585 IP 169.254.183.14.52854 > 239.255.255.250.1900: UDP, length 133
20:49:09.058006 IP 169.254.150.179 > igmp.mcast.net: igmp v3 report, 1 group record(s)
20:49:09.321567 IP 169.254.150.179 > igmp.mcast.net: igmp v3 report, 1 group record(s)20:49:09.484467 IP
18 packets captured
1086 packets received by filter
0 packets dropped by kernel
C:\Documents and Settings\Admin>windump ip
windump: listening on \Device\NPF_{6CCB7761-9BD0-4605-B5A9-B37360767BF1}
08:00:31.702614 IP EGF8.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:1b:fc:f5:55:60 (oui Unknown), length 300
08:00:31.972955 IP computer-fbe5bf.spu58.ru.51522 > adspu58.spu58.ru.53: 24236+ PTR? 255.255.255.255.in-addr.arpa. (46)
08:00:31.981906 IP computer-fbe5bf.spu58.ru.137 > EGF8.137: UDP, length 50
08:00:31.982486 IP EGF8.137 > computer-fbe5bf.spu58.ru.137: UDP, length 193
08:00:32.210405 IP EGF8.137 > 10.12.255.255.137: UDP, length 50
08:00:33.995329 IP computer-fbe5bf.spu58.ru.137 > 224.0.0.252.137: UDP, length 50
08:00:34.418848 IP computer-fbe5bf > all-systems.mcast.net: igmp query v2
08:00:34.706516 IP EGF8.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:1b:fc:f5:55:60 (oui Unknown), length 300
08:00:34.967818 IP 229-04 > 239.255.255.250: igmp v2 report 239.255.255.250
08:00:35.496927 IP computer-fbe5bf.spu58.ru.137 > 224.0.0.252.137: UDP, length 50
08:00:35.691356 IP KOM.138 > 10.12.255.255.138: UDP, length 175
08:00:35.947395 IP 229-04 > 224.0.0.252: igmp v2 report 224.0.0.252
08:00:36.714087 IP EGF8.137 > 10.12.255.255.137: UDP, length 50
08:00:36.999301 IP computer-fbe5bf.spu58.ru.137 > 224.0.0.252.137: UDP, length 50
08:00:37.011010 IP computer-fbe5bf > all-systems.mcast.net: igmp query v2
08:00:37.116502 IP 229-02 > 239.255.255.250: igmp v2 report 239.255.255.250
08:00:37.469981 IP EGF8.137 > 10.12.255.255.137: UDP, length 50
08:00:37.878714 IP
24 packets captured
121 packets received by filter
0 packets dropped by kernel
C:\Documents and Settings\Admin>windump icmp
windump: listening on \Device\NPF_{6CCB7761-9BD0-4605-B5A9-B37360767BF1}
08:13:35.824189 IP computer-fbe5bf.spu58.ru > 10.12.1.57: ICMP echo request, id512, seq 1280, length 40
08:13:41.031683 IP computer-fbe5bf.spu58.ru > 10.12.1.57: ICMP echo request, id512, seq 1536, length 40
08:13:46.040401 IP computer-fbe5bf.spu58.ru > 10.12.1.57: ICMP echo request, id512, seq 1792, length 40
08:13:51.064239 IP computer-fbe5bf.spu58.ru > 10.12.1.57: ICMP echo request, id512, seq 2048, length 40
8 packets captured
834 packets received by filter
0 packets dropped by kernel
C:\Documents and Settings\Admin>windump tcp
windump: listening on \Device\NPF_{6CCB7761-9BD0-4605-B5A9-B37360767BF1}
08:23:59.870923 IP computer-fbe5bf.spu58.ru.1046 > 74.125.232.55.80: S 1789075637:1789075637(0) win 65535 <mss 1460,nop,nop,sackOK>
08:23:59.873500 IP 74.125.232.55.80 > computer-fbe5bf.spu58.ru.1046: S 324276502:324276502(0) ack 1789075638 win 8192 <mss 1460,nop,nop,sackOK>
08:23:59.873544 IP computer-fbe5bf.spu58.ru.1046 > 74.125.232.55.80: . ack 1 win 65535
08:23:59.873761 IP computer-fbe5bf.spu58.ru.1046 > 74.125.232.55.80: P 1:679(678) ack 1 win 65535
08:23:59.982316 IP 74.125.232.55.80 > computer-fbe5bf.spu58.ru.1046: . 1:1461(1460) ack 679 win 64240
08:23:59.982380 IP computer-fbe5bf.spu58.ru.1046 > 74.125.232.55.80: . ack 2921 win 65535
08:23:59.984899 IP 74.125.232.55.80 > computer-fbe5bf.spu58.ru.1046: . 2921:4381(1460) ack 679 win 64240
08:24:00.006032 IP 74.125.232.55.80 > computer-fbe5bf.spu58.ru.1047: S 3143643234:3143643234(0) ack 494201200 win 8192 <mss 1460,nop,nop,sackOK>
08:24:00.006064 IP computer-fbe5bf.spu58.ru.1047 > 74.125.232.55.80: . ack 1 win 65535
08:24:00.006203 IP computer-fbe5bf.spu58.ru.1047 > 74.125.232.55.80: P 1:752(751) ack 1 win 65535
08:24:00.039090 IP 74.125.232.55.80 > computer-fbe5bf.spu58.ru.1046: . 15835:17295(1460) ack 679 win 64240
08:24:00.039108 IP 74.125.232.55.80 > computer-fbe5bf.spu58.ru.1046: . 17295:18755(1460) ack 679 win 64240
08:24:00.039143 IP computer-fbe5bf.spu58.ru.1046 > 74.125.232.55.80: . ack 21399 win 65535
176 packets captured
211 packets received by filter
0 packets dropped by kernel
C:\Documents and Settings\Admin>windump udp
windump: listening on \Device\NPF_{6CCB7761-9BD0-4605-B5A9-B37360767BF1}
08:27:17.468953 IP computer-fbe5bf.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:11:2f:57:9d:fa (oui Unknown), length
08:27:17.472429 IP adspu58.spu58.ru.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 302
08:27:17.746206 IP 10.12.1.94.137 > 10.12.255.255.137: UDP, length 68
08:27:18.434294 IP computer-fbe5bf.spu58.ru.49186 > adspu58.spu58.ru.53: 30301+ PTR? 255.255.255.255.in-addr.arpa. (46)
08:27:18.449352 IP computer-fbe5bf.spu58.ru.60857 > adspu58.spu58.ru.53: 58311+ PTR? 94.1.12.10.in-addr.arpa. (41)
08:27:18.450573 IP adspu58.spu58.ru.53 > computer-fbe5bf.spu58.ru.60857: 58311 NXDomain* 0/1/0 (104)
08:27:18.453721 IP computer-fbe5bf.spu58.ru.137 > 10.12.1.94.137: UDP, length 50
08:27:18.455777 IP 10.12.1.94.137 > computer-fbe5bf.spu58.ru.137: UDP, length 121
08:27:18.500792 IP 10.12.1.94.137 > 10.12.255.255.137: UDP, length 68
08:27:20.479905 IP computer-fbe5bf.spu58.ru.59253 > adspu58.spu58.ru.53: 22875+ PTR? 92.1.12.10.in-addr.arpa. (41)
08:27:20.480995 IP adspu58.spu58.ru.53 > computer-fbe5bf.spu58.ru.59253: 22875 NXDomain* 0/1/0 (104)
08:27:20.484215 IP computer-fbe5bf.spu58.ru.137 > 10.12.1.92.137: UDP, length 50
08:27:20.486342 IP 10.12.1.92.137 > computer-fbe5bf.spu58.ru.137: UDP, length 121
08:27:23.105856 IP 10.12.1.94.137 > 10.12.255.255.137: UDP, length 68
08:27:28.310947 IP 10.12.1.92.137 > 10.12.255.255.137: UDP, length 50
46 packets captured
68 packets received by filter
0 packets dropped by kernel
C:\Documents and Settings\Admin>
C:\Documents and Settings\Admin>windump host 10.12.1.1
windump: listening on \Device\NPF_{6CCB7761-9BD0-4605-B5A9-B37360767BF1}
08:39:35.038888 arp who-has 10.12.1.1 tell EGF8
08:39:35.973892 IP computer-fbe5bf.spu58.ru.137 > 10.12.1.1.137: UDP, length 50
08:39:35.974863 IP 10.12.1.1 > computer-fbe5bf.spu58.ru: ICMP 10.12.1.1 udp port 137 unreachable, length 86
08:39:37.473671 IP computer-fbe5bf.spu58.ru.137 > 10.12.1.1.137: UDP, length 50
08:39:37.474406 IP 10.12.1.1 > computer-fbe5bf.spu58.ru: ICMP 10.12.1.1 udp port 137 unreachable, length 86
08:39:38.976180 IP computer-fbe5bf.spu58.ru.137 > 10.12.1.1.137: UDP, length 50
08:39:38.976825 IP 10.12.1.1 > computer-fbe5bf.spu58.ru: ICMP 10.12.1.1 udp port 137 unreachable, length 86
08:39:54.849623 IP computer-fbe5bf.spu58.ru > 10.12.1.1: ICMP echo request, id 512, seq 4352, length 40
08:39:54.850711 IP 10.12.1.1 > computer-fbe5bf.spu58.ru: ICMP echo reply, id 512, seq 4352, length 40
08:39:55.851782 IP computer-fbe5bf.spu58.ru > 10.12.1.1: ICMP echo request, id 512, seq 4608, length 40
08:39:59.873849 arp who-has computer-fbe5bf.spu58.ru tell 10.12.1.1
08:39:59.873877 arp reply computer-fbe5bf.spu58.ru is-at 00:03:ff:67:c8:37 (oui Unknown)
08:40:05.478991 arp who-has AURUM tell 10.12.1.1
08:40:17.196826 arp who-has 10.12.1.1 tell EGF6
08:40:52.260203 arp who-has 10.12.1.1 tell EGF1
20 packets captured
167 packets received by filter
0 packets dropped by kernel
C:\Documents and Settings\Admin>windump host 10.12.1.2
windump: listening on \Device\NPF_{6CCB7761-9BD0-4605-B5A9-B37360767BF1}
08:42:44.630867 IP computer-fbe5bf.spu58.ru > adspu58.spu58.ru: ICMP echo request, id 512, seq 5376, length 40
08:42:44.631938 arp who-has computer-fbe5bf.spu58.ru tell adspu58.spu58.ru