From: Ivan Petrov <pravo@hnet.ru>
To: community@lists.altlinux.org
Subject: Re: [Comm] сетевые пакеты
Date: Mon, 28 Jul 2008 11:32:01 +0700
Message-ID: <g6ji3p$8q2$1@ger.gmane.org> (raw)
In-Reply-To: <200807271950.40361.a_s_y@sama.ru>
Sergey пишет:
> On Sunday 27 July 2008, Ivan Petrov wrote:
>
>> Как бы средствами эхотага узнать, кто (с какого IP)тянет через меня
>> интернет траффик?
>
> tcpdump,
Это заработало.
Он мне выдал инфу. Можно ли из неё узнать, с какого IP через меня в
интернет ходят?
23:05:42.010747 IP 10.168.43.127.netbios-ns > 10.168.47.255.netbios-ns:
NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:05:42.031249 IP 10.168.41.253.netbios-ns > 10.168.47.255.netbios-ns:
NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:05:42.071763 IP 10.168.42.13.netbios-dgm > 10.168.47.255.netbios-dgm:
NBT UDP PACKET(138)
23:05:42.079689 arp who-has host89-251-103-33.hnet.ru (00:15:17:78:81:99
(oui Unknown)) tell host89-251-103-34.hnet.ru
23:05:42.101860 IP 10.168.40.161.netbios-dgm >
10.168.47.255.netbios-dgm: NBT UDP PACKET(138)
23:05:42.101965 IP 10.168.40.161.netbios-dgm >
10.168.47.255.netbios-dgm: NBT UDP PACKET(138)
23:05:42.102080 IP 10.168.40.161.netbios-dgm >
10.168.47.255.netbios-dgm: NBT UDP PACKET(138)
23:05:42.102561 IP 10.168.42.221.netbios-dgm >
10.168.47.255.netbios-dgm: NBT UDP PACKET(138)
23:05:42.102976 IP 10.168.40.161.netbios-dgm >
10.168.47.255.netbios-dgm: NBT UDP PACKET(138)
23:05:42.108560 IP 10.168.40.212.netbios-dgm >
10.168.47.255.netbios-dgm: NBT UDP PACKET(138)
23:05:42.108945 IP 10.168.40.161.netbios-dgm >
10.168.47.255.netbios-dgm: NBT UDP PACKET(138)
23:05:42.109233 IP 10.168.40.23.netbios-ns > 10.168.47.255.netbios-ns:
NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:05:42.118181 IP 10.168.43.14.netbios-ns > 10.168.47.255.netbios-ns:
NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:05:42.118263 arp who-has 10.168.43.14 tell 10.168.45.43
23:05:42.118276 arp who-has 10.168.43.14 tell 10.168.40.118
23:05:42.118283 arp who-has 10.168.43.14 tell 10.168.41.204
23:05:42.118291 arp who-has 10.168.43.14 tell 10.168.42.84
23:05:42.118296 arp who-has 10.168.43.14 tell 10.168.42.124
23:05:42.118316 arp who-has 10.168.43.14 tell 10.168.42.58
23:05:42.118325 arp who-has 10.168.43.14 tell 10.168.40.233
23:05:42.118330 arp who-has 10.168.43.14 tell 10.168.40.74
23:05:42.118337 arp who-has 10.168.43.14 tell 10.168.40.61
23:05:42.118343 arp who-has 10.168.43.14 tell 10.168.41.140
23:05:42.118349 arp who-has 10.168.43.14 tell 10.168.43.167
23:05:42.118356 arp who-has 10.168.43.14 tell 10.168.40.185
23:05:42.118362 arp who-has 10.168.43.14 tell 10.168.40.220
23:05:42.118369 arp who-has 10.168.43.14 tell 10.168.41.17
23:05:42.118375 arp who-has 10.168.43.14 tell 10.168.40.164
23:05:42.118381 arp who-has 10.168.43.14 tell 10.168.43.47
23:05:42.118387 arp who-has 10.168.43.14 tell 10.168.43.127
23:05:42.118393 arp who-has 10.168.43.14 tell 10.168.40.219
23:05:42.118399 arp who-has 10.168.43.14 tell 10.168.40.189
23:05:42.118406 arp who-has 10.168.43.14 tell 10.168.40.209
23:05:42.118412 arp who-has 10.168.43.14 tell 10.168.40.122
23:05:42.118419 arp who-has 10.168.43.14 tell 10.168.41.151
23:05:42.118425 arp who-has 10.168.43.14 tell 10.168.43.82
23:05:42.118431 arp who-has 10.168.43.14 tell 10.168.43.17
23:05:42.118437 arp who-has 10.168.43.14 tell 10.168.43.2
23:05:42.118458 arp who-has 10.168.43.14 tell 10.168.40.20
23:05:42.118465 arp who-has 10.168.43.14 tell 10.168.41.174
23:05:42.118470 arp who-has 10.168.43.14 tell 10.168.43.48
23:05:42.118475 arp who-has 10.168.43.14 tell 10.168.40.201
23:05:42.118481 arp who-has 10.168.43.14 tell 10.168.41.87
23:05:42.118486 arp who-has 10.168.43.14 tell 10.168.43.173
23:05:42.118493 arp who-has 10.168.43.14 tell 10.168.44.233
23:05:42.118499 arp who-has 10.168.43.14 tell 10.168.41.6
23:05:42.118520 arp who-has 10.168.43.14 tell 10.168.41.27
23:05:42.118606 arp who-has 10.168.43.14 tell 10.168.42.52
23:05:42.118613 arp who-has 10.168.43.14 tell 10.168.41.10
23:05:42.118618 arp who-has 10.168.43.14 tell 10.168.45.16
23:05:42.118625 arp who-has 10.168.43.14 tell 10.168.40.94
23:05:42.118630 arp who-has 10.168.43.14 tell 10.168.41.213
23:05:42.118636 arp who-has 10.168.43.14 tell 10.168.44.42
23:05:42.118643 arp who-has 10.168.43.14 tell 10.168.43.154
23:05:42.118649 arp who-has 10.168.43.14 tell 10.168.42.195
23:05:42.118668 arp who-has 10.168.43.14 tell 10.168.43.51
23:05:42.118674 arp who-has 10.168.43.14 tell 10.168.44.81
23:05:42.118681 arp who-has 10.168.43.14 tell 10.168.41.11
23:05:42.118686 arp who-has 10.168.43.14 tell 10.168.40.141
23:05:42.118708 arp who-has 10.168.43.14 tell 10.168.40.187
23:05:42.118714 arp who-has 10.168.43.14 tell 10.168.40.240
23:05:42.118720 arp who-has 10.168.43.14 tell 10.168.42.115
23:05:42.118725 arp who-has 10.168.43.14 tell 10.168.42.178
23:05:42.118762 arp who-has 10.168.43.14 tell 10.168.42.202
23:05:42.118768 arp who-has 10.168.43.14 tell 10.168.42.211
23:05:42.118774 arp who-has 10.168.43.14 tell 10.168.45.6
23:05:42.118801 arp who-has 10.168.43.14 tell 10.168.42.175
23:05:42.118883 IP 10.168.43.14.netbios-dgm > 10.168.47.255.netbios-dgm:
NBT UDP PACKET(138)
23:05:42.118890 arp who-has 10.168.43.14 tell 10.168.41.54
23:05:42.118948 arp who-has 10.168.43.14 tell 10.168.44.9
23:05:42.118954 arp who-has 10.168.43.14 tell 10.168.41.136
23:05:42.118959 arp who-has 10.168.43.14 tell 10.168.44.37
23:05:42.119034 arp who-has 10.168.43.14 tell 10.168.44.121
23:05:42.119053 arp who-has 10.168.43.14 tell 10.168.42.198
23:05:42.119091 arp who-has 10.168.43.14 tell 10.168.44.104
23:05:42.119097 arp who-has 10.168.43.14 tell 10.168.43.8
23:05:42.119105 arp who-has 10.168.43.14 tell 10.168.43.251
23:05:42.119111 arp who-has 10.168.43.14 tell 10.168.43.117
23:05:42.119117 arp who-has 10.168.43.14 tell 10.168.43.112
23:05:42.119146 arp who-has 10.168.43.14 tell 10.168.41.48
23:05:42.119235 arp who-has 10.168.43.14 tell 10.168.43.100
23:05:42.119305 arp who-has 10.168.43.14 tell 10.168.43.89
23:05:42.119398 arp who-has 10.168.43.14 tell 10.168.42.133
23:05:42.119462 arp who-has 10.168.43.14 tell 10.168.43.102
23:05:42.119500 arp who-has 10.168.43.14 tell 10.168.40.244
23:05:42.119774 arp who-has 10.168.43.14 tell 10.168.43.189
23:05:42.120481 arp who-has 10.168.43.14 tell 10.168.42.13
23:05:42.121727 arp who-has 10.168.43.14 tell 10.168.41.245
23:05:42.121734 arp who-has 10.168.43.14 tell 10.168.42.24
23:05:42.125025 arp who-has 10.168.43.14 tell 10.168.43.215
23:05:42.125030 arp who-has 10.168.43.14 tell 10.168.42.139
23:05:42.125103 arp who-has 10.168.43.14 tell 10.168.45.17
23:05:42.125144 arp who-has 10.168.43.14 tell 10.168.43.239
23:05:42.125163 arp who-has 10.168.43.14 tell 10.168.43.237
23:05:42.125169 arp who-has 10.168.43.14 tell 10.168.42.140
23:05:42.125191 arp who-has 10.168.43.14 tell 10.168.43.221
23:05:42.125216 arp who-has 10.168.43.14 tell 10.168.42.26
23:05:42.125481 arp who-has 10.168.43.14 tell 10.168.40.60
23:05:42.125504 arp who-has 10.168.43.14 tell 10.168.40.51
23:05:42.125623 arp who-has 10.168.43.14 tell 10.168.40.52
23:05:42.125773 arp who-has 10.168.43.14 tell 10.168.43.218
23:05:42.126952 arp who-has 10.168.43.14 tell 10.168.44.145
23:05:42.127017 arp who-has 10.168.44.145 tell 10.168.41.18
23:05:42.127032 arp who-has 10.168.44.145 tell 10.168.42.193
23:05:42.128284 arp who-has 10.168.43.14 tell 10.168.43.139
23:05:42.134994 arp who-has 10.168.43.14 tell 10.168.41.124
23:05:42.135063 arp who-has 10.168.43.14 tell 10.168.41.129
23:05:42.135241 arp who-has 10.168.43.14 tell 10.168.44.182
23:05:42.161282 IP 58.96.132.171.16473 > 10.168.44.132.58610: P
1:186(185) ack 295 win 17040
23:05:42.167829 arp who-has 10.168.43.14 tell 10.168.42.247
23:05:42.178980 arp who-has 10.168.40.161 tell 10.168.40.212
23:05:42.200550 arp who-has 10.168.43.14 tell 10.168.43.83
23:05:42.235167 IP 10.168.40.51.netbios-dgm > 10.168.47.255.netbios-dgm:
NBT UDP PACKET(138)
23:05:42.235192 IP 10.168.40.51.netbios-ns > 10.168.47.255.netbios-ns:
NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:05:42.238547 IP 192.168.130.116.411 > 10.168.44.132.57616: P
914:993(79) ack 1 win 64583
23:05:42.262683 arp who-has 10.168.46.193 tell 10.168.42.50
23:05:42.268072 IP 10.168.40.163.netbios-ns > 10.168.47.255.netbios-ns:
NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
23:05:42.315587 IP 10.168.40.1.domain > 10.168.40.198.52863: 12939
NXDomain 0/1/0 (114)
23:05:42.316782 IP 10.168.40.198.40176 > 10.168.40.1.domain: 64889+ PTR?
161.40.168.10.in-addr.arpa. (44)
23:05:42.317035 IP 10.168.40.1.domain > 10.168.40.198.40176: 64889
ServFail 0/0/0 (44)
23:05:42.319876 IP 10.168.40.198.48448 > 10.168.40.1.domain: 64889+ PTR?
161.40.168.10.in-addr.arpa. (44)
23:05:42.320121 IP 10.168.40.1.domain > 10.168.40.198.48448: 64889
ServFail 0/0/0 (44)
23:05:42.320388 IP 10.168.40.198.35324 > 10.168.40.1.domain: 18453+ PTR?
221.42.168.10.in-addr.arpa. (44)
23:05:42.320627 IP 10.168.40.1.domain > 10.168.40.198.35324: 18453
ServFail 0/0/0 (44)
23:05:42.320817 IP 10.168.40.198.43770 > 10.168.40.1.domain: 18453+ PTR?
221.42.168.10.in-addr.arpa. (44)
И.П.
next prev parent reply other threads:[~2008-07-28 4:32 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-27 13:06 Ivan Petrov
2008-07-27 13:36 ` Yury Konovalov
2008-07-28 1:28 ` krapa666
2008-07-28 5:20 ` Michael A. Kangin
2008-07-27 14:50 ` Sergey
2008-07-28 4:32 ` Ivan Petrov [this message]
2008-07-28 4:51 ` Sergey
2008-07-28 5:10 ` Ivan Petrov
2008-07-28 5:24 ` Serge
2008-07-28 5:30 ` Ivan Petrov
2008-07-28 5:37 ` Sergey
2008-07-28 5:47 ` Ivan Petrov
2008-07-28 5:49 ` Sergey
2008-07-28 5:55 ` Ivan Petrov
2008-07-28 6:28 ` Sergey
2008-07-28 9:45 ` Ivan Petrov
2008-07-28 10:28 ` Andrii Dobrovol`s`kii
2008-07-28 10:40 ` Sergey
2008-07-29 7:57 ` Olexander Chernetskyy
2008-07-29 11:26 ` Ivan Petrov
2008-07-29 11:40 ` Pavel
2008-07-29 11:43 ` Pavel
2008-07-29 16:41 ` Ivan Petrov
2008-07-29 18:34 ` Paul
2008-07-30 6:55 ` Van Petrov
2008-07-29 11:43 ` Ivan Petrov
2008-07-28 5:56 ` Serge
2008-07-28 5:30 ` Michael A. Kangin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='g6ji3p$8q2$1@ger.gmane.org' \
--to=pravo@hnet.ru \
--cc=community@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Community general discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
public-inbox-index community
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.community
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git