- •Лабораторная работа №2
- •Включить сбор данных на время 3-5 минут. Во время сбора данных определять количество перехваленных пакетов и т.Д.
- •Остановить сбор данных. Просмотреть полученные пакеты. Отфильтровать результаты сбора по заданному протоколу, адресу компьютера.
- •Ip, icmp,tcp, iso,udp
- •08:42:44.631952 Arp reply computer-fbe5bf.Spu58.Ru is-at 00:03:ff:67:c8:37 (oui Unknown)
- •7 Packets captured
- •130 Packets received by filter
- •0 Packets dropped by kernel
- •12 Packets captured
- •113 Packets received by filter
- •0 Packets dropped by kernel
- •Определите количество пакетов прошедших через внутреннюю сеть, через сеть с адресом 192.168.0.0/24.
- •Отследите прохождение трафика, касающегося определенного порта 80, 135, 445, 2869,49158, 49157
- •33 Packets captured
- •4973 Packets received by filter
- •0 Packets dropped by kernel
- •Отследите количество пакетов больше и меньше заданного размера
- •17 Packets captured
- •2086 Packets received by filter
- •0 Packets dropped by kernel
- •Посмотреть трафик, входящий или исходящий на компьютер 192.168.0.70 по удаленному или локальному порту 80
- •3 Packets captured
- •276 Packets received by filter
- •0 Packets dropped by kernel
- •Преобразуйте ip адрес в физические адрес машины.
- •2 Packets captured
- •148 Packets received by filter
33 Packets captured
4973 Packets received by filter
0 Packets dropped by kernel
Отследите количество пакетов больше и меньше заданного размера
D:\>windump less 100 and greater 50
windump: listening on \Device\NPF_{22DF6523-34C7-457C-8A90-162A5E47CF18}19:40:17.110860
19:40:17.218312 arp who-has 192.168.137.15 tell 192.168.137.1
19:40:17.272857 IP home-3dacc3d69f > 224.0.0.253: igmp v2 report 224.0.0.253
19:40:17.273104 IP home-3dacc3d69f > 239.192.152.143: igmp v2 report 239.192.152.143
19:40:17.273394 IP home-3dacc3d69f > 239.255.255.250: igmp v2 report 239.255.255.250
19:40:17.273555 IP home-3dacc3d69f > 224.0.0.252: igmp v2 report 224.0.0.252
19:40:17.273765 IP home-3dacc3d69f > dhcp-agents.mcast.net: igmp v2 report dhcp-agents.mcast.net
19:40:17.373551
19:40:17.602593 IP6 FE80::6D88:72AC:F04C:66A6 > FF02::1:FFA7:4B29: ICMP6, neighbor solicitation, who has FE80::A959:816D:29A7:4B29, length 32
19:40:17.602998 IP6 FE80::6D88:72AC:F04C:66A6 > FF02::1:FFDA:31F2: ICMP6, neighbor solicitation, who has FE80::DDA4:C47F:66DA:31F2, length 32
19:40:17.603149 IP6 FE80::A959:816D:29A7:4B29 > FF02::1:FF4C:66A6: ICMP6, neighb
or solicitation, who has FE80::6D88:72AC:F04C:66A6, length 32
19:40:17.616443
17 Packets captured
2086 Packets received by filter
0 Packets dropped by kernel
Посмотреть трафик, входящий или исходящий на компьютер 192.168.0.70 по удаленному или локальному порту 80
C:\Documents and Settings\Admin>windump port 80
windump: listening on \Device\NPF_{6CCB7761-9BD0-4605-B5A9-B37360767BF1}
07:58:59.323347 IP computer-fbe5bf.spu58.ru.1036 > 173.194.35.216.80: R 33704657
99:3370465799(0) ack 624031361 win 0
07:58:59.323643 IP computer-fbe5bf.spu58.ru.1039 > 74.125.232.56.80: R 754222459
:754222459(0) ack 2722394130 win 0
07:58:59.323921 IP computer-fbe5bf.spu58.ru.1038 > 74.125.232.56.80: R 19193739:
19193739(0) ack 3557641142 win 0
3 Packets captured
276 Packets received by filter
0 Packets dropped by kernel
C:\Documents and Settings\Admin>
Преобразуйте ip адрес в физические адрес машины.
D:\>windump -e
windump: listening on \Device\NPF_{22DF6523-34C7-457C-8A90-162A5E47CF18}
19:07:33.657915 20:cf:30:a8:1c:8f (oui Unknown) > 33:33:00:00:00:0c (oui Unknown), ethertype IPv6 (0x86dd), length 208: FE80::C1EC:ADA6:FB99:3CA7.51986 > FF02::C.1900: UDP, length 146
19:07:33.816446 00:23:5a:8f:67:2a (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: arp who-has 192.168.137.43