From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on sa.int.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-1.6 required=5.0 tests=BAYES_00, RCVD_IN_BL_SPAMCOP_NET, RCVD_IN_DNSWL_LOW, SPF_HELO_PASS, SPF_PASS autolearn=no version=3.2.4 X-Injected-Via-Gmane: http://gmane.org/ To: community@lists.altlinux.org From: Ivan Petrov Date: Mon, 28 Jul 2008 11:32:01 +0700 Message-ID: References: <200807271950.40361.a_s_y@sama.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 8bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: host89-251-107-2.hnet.ru User-Agent: Thunderbird 2.0.0.14 (X11/20080513) In-Reply-To: <200807271950.40361.a_s_y@sama.ru> Sender: news Subject: Re: [Comm] =?koi8-r?b?08XUxdfZxSDQwcvF1Nk=?= X-BeenThere: community@lists.altlinux.org X-Mailman-Version: 2.1.10b3 Precedence: list Reply-To: ALT Linux Community general discussions List-Id: ALT Linux Community general discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jul 2008 04:35:07 -0000 Archived-At: List-Archive: List-Post: Sergey пишет: > On Sunday 27 July 2008, Ivan Petrov wrote: > >> Как бы средствами эхотага узнать, кто (с какого IP)тянет через меня >> интернет траффик? > > tcpdump, Это заработало. Он мне выдал инфу. Можно ли из неё узнать, с какого IP через меня в интернет ходят? 23:05:42.010747 IP 10.168.43.127.netbios-ns > 10.168.47.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 23:05:42.031249 IP 10.168.41.253.netbios-ns > 10.168.47.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 23:05:42.071763 IP 10.168.42.13.netbios-dgm > 10.168.47.255.netbios-dgm: NBT UDP PACKET(138) 23:05:42.079689 arp who-has host89-251-103-33.hnet.ru (00:15:17:78:81:99 (oui Unknown)) tell host89-251-103-34.hnet.ru 23:05:42.101860 IP 10.168.40.161.netbios-dgm > 10.168.47.255.netbios-dgm: NBT UDP PACKET(138) 23:05:42.101965 IP 10.168.40.161.netbios-dgm > 10.168.47.255.netbios-dgm: NBT UDP PACKET(138) 23:05:42.102080 IP 10.168.40.161.netbios-dgm > 10.168.47.255.netbios-dgm: NBT UDP PACKET(138) 23:05:42.102561 IP 10.168.42.221.netbios-dgm > 10.168.47.255.netbios-dgm: NBT UDP PACKET(138) 23:05:42.102976 IP 10.168.40.161.netbios-dgm > 10.168.47.255.netbios-dgm: NBT UDP PACKET(138) 23:05:42.108560 IP 10.168.40.212.netbios-dgm > 10.168.47.255.netbios-dgm: NBT UDP PACKET(138) 23:05:42.108945 IP 10.168.40.161.netbios-dgm > 10.168.47.255.netbios-dgm: NBT UDP PACKET(138) 23:05:42.109233 IP 10.168.40.23.netbios-ns > 10.168.47.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 23:05:42.118181 IP 10.168.43.14.netbios-ns > 10.168.47.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 23:05:42.118263 arp who-has 10.168.43.14 tell 10.168.45.43 23:05:42.118276 arp who-has 10.168.43.14 tell 10.168.40.118 23:05:42.118283 arp who-has 10.168.43.14 tell 10.168.41.204 23:05:42.118291 arp who-has 10.168.43.14 tell 10.168.42.84 23:05:42.118296 arp who-has 10.168.43.14 tell 10.168.42.124 23:05:42.118316 arp who-has 10.168.43.14 tell 10.168.42.58 23:05:42.118325 arp who-has 10.168.43.14 tell 10.168.40.233 23:05:42.118330 arp who-has 10.168.43.14 tell 10.168.40.74 23:05:42.118337 arp who-has 10.168.43.14 tell 10.168.40.61 23:05:42.118343 arp who-has 10.168.43.14 tell 10.168.41.140 23:05:42.118349 arp who-has 10.168.43.14 tell 10.168.43.167 23:05:42.118356 arp who-has 10.168.43.14 tell 10.168.40.185 23:05:42.118362 arp who-has 10.168.43.14 tell 10.168.40.220 23:05:42.118369 arp who-has 10.168.43.14 tell 10.168.41.17 23:05:42.118375 arp who-has 10.168.43.14 tell 10.168.40.164 23:05:42.118381 arp who-has 10.168.43.14 tell 10.168.43.47 23:05:42.118387 arp who-has 10.168.43.14 tell 10.168.43.127 23:05:42.118393 arp who-has 10.168.43.14 tell 10.168.40.219 23:05:42.118399 arp who-has 10.168.43.14 tell 10.168.40.189 23:05:42.118406 arp who-has 10.168.43.14 tell 10.168.40.209 23:05:42.118412 arp who-has 10.168.43.14 tell 10.168.40.122 23:05:42.118419 arp who-has 10.168.43.14 tell 10.168.41.151 23:05:42.118425 arp who-has 10.168.43.14 tell 10.168.43.82 23:05:42.118431 arp who-has 10.168.43.14 tell 10.168.43.17 23:05:42.118437 arp who-has 10.168.43.14 tell 10.168.43.2 23:05:42.118458 arp who-has 10.168.43.14 tell 10.168.40.20 23:05:42.118465 arp who-has 10.168.43.14 tell 10.168.41.174 23:05:42.118470 arp who-has 10.168.43.14 tell 10.168.43.48 23:05:42.118475 arp who-has 10.168.43.14 tell 10.168.40.201 23:05:42.118481 arp who-has 10.168.43.14 tell 10.168.41.87 23:05:42.118486 arp who-has 10.168.43.14 tell 10.168.43.173 23:05:42.118493 arp who-has 10.168.43.14 tell 10.168.44.233 23:05:42.118499 arp who-has 10.168.43.14 tell 10.168.41.6 23:05:42.118520 arp who-has 10.168.43.14 tell 10.168.41.27 23:05:42.118606 arp who-has 10.168.43.14 tell 10.168.42.52 23:05:42.118613 arp who-has 10.168.43.14 tell 10.168.41.10 23:05:42.118618 arp who-has 10.168.43.14 tell 10.168.45.16 23:05:42.118625 arp who-has 10.168.43.14 tell 10.168.40.94 23:05:42.118630 arp who-has 10.168.43.14 tell 10.168.41.213 23:05:42.118636 arp who-has 10.168.43.14 tell 10.168.44.42 23:05:42.118643 arp who-has 10.168.43.14 tell 10.168.43.154 23:05:42.118649 arp who-has 10.168.43.14 tell 10.168.42.195 23:05:42.118668 arp who-has 10.168.43.14 tell 10.168.43.51 23:05:42.118674 arp who-has 10.168.43.14 tell 10.168.44.81 23:05:42.118681 arp who-has 10.168.43.14 tell 10.168.41.11 23:05:42.118686 arp who-has 10.168.43.14 tell 10.168.40.141 23:05:42.118708 arp who-has 10.168.43.14 tell 10.168.40.187 23:05:42.118714 arp who-has 10.168.43.14 tell 10.168.40.240 23:05:42.118720 arp who-has 10.168.43.14 tell 10.168.42.115 23:05:42.118725 arp who-has 10.168.43.14 tell 10.168.42.178 23:05:42.118762 arp who-has 10.168.43.14 tell 10.168.42.202 23:05:42.118768 arp who-has 10.168.43.14 tell 10.168.42.211 23:05:42.118774 arp who-has 10.168.43.14 tell 10.168.45.6 23:05:42.118801 arp who-has 10.168.43.14 tell 10.168.42.175 23:05:42.118883 IP 10.168.43.14.netbios-dgm > 10.168.47.255.netbios-dgm: NBT UDP PACKET(138) 23:05:42.118890 arp who-has 10.168.43.14 tell 10.168.41.54 23:05:42.118948 arp who-has 10.168.43.14 tell 10.168.44.9 23:05:42.118954 arp who-has 10.168.43.14 tell 10.168.41.136 23:05:42.118959 arp who-has 10.168.43.14 tell 10.168.44.37 23:05:42.119034 arp who-has 10.168.43.14 tell 10.168.44.121 23:05:42.119053 arp who-has 10.168.43.14 tell 10.168.42.198 23:05:42.119091 arp who-has 10.168.43.14 tell 10.168.44.104 23:05:42.119097 arp who-has 10.168.43.14 tell 10.168.43.8 23:05:42.119105 arp who-has 10.168.43.14 tell 10.168.43.251 23:05:42.119111 arp who-has 10.168.43.14 tell 10.168.43.117 23:05:42.119117 arp who-has 10.168.43.14 tell 10.168.43.112 23:05:42.119146 arp who-has 10.168.43.14 tell 10.168.41.48 23:05:42.119235 arp who-has 10.168.43.14 tell 10.168.43.100 23:05:42.119305 arp who-has 10.168.43.14 tell 10.168.43.89 23:05:42.119398 arp who-has 10.168.43.14 tell 10.168.42.133 23:05:42.119462 arp who-has 10.168.43.14 tell 10.168.43.102 23:05:42.119500 arp who-has 10.168.43.14 tell 10.168.40.244 23:05:42.119774 arp who-has 10.168.43.14 tell 10.168.43.189 23:05:42.120481 arp who-has 10.168.43.14 tell 10.168.42.13 23:05:42.121727 arp who-has 10.168.43.14 tell 10.168.41.245 23:05:42.121734 arp who-has 10.168.43.14 tell 10.168.42.24 23:05:42.125025 arp who-has 10.168.43.14 tell 10.168.43.215 23:05:42.125030 arp who-has 10.168.43.14 tell 10.168.42.139 23:05:42.125103 arp who-has 10.168.43.14 tell 10.168.45.17 23:05:42.125144 arp who-has 10.168.43.14 tell 10.168.43.239 23:05:42.125163 arp who-has 10.168.43.14 tell 10.168.43.237 23:05:42.125169 arp who-has 10.168.43.14 tell 10.168.42.140 23:05:42.125191 arp who-has 10.168.43.14 tell 10.168.43.221 23:05:42.125216 arp who-has 10.168.43.14 tell 10.168.42.26 23:05:42.125481 arp who-has 10.168.43.14 tell 10.168.40.60 23:05:42.125504 arp who-has 10.168.43.14 tell 10.168.40.51 23:05:42.125623 arp who-has 10.168.43.14 tell 10.168.40.52 23:05:42.125773 arp who-has 10.168.43.14 tell 10.168.43.218 23:05:42.126952 arp who-has 10.168.43.14 tell 10.168.44.145 23:05:42.127017 arp who-has 10.168.44.145 tell 10.168.41.18 23:05:42.127032 arp who-has 10.168.44.145 tell 10.168.42.193 23:05:42.128284 arp who-has 10.168.43.14 tell 10.168.43.139 23:05:42.134994 arp who-has 10.168.43.14 tell 10.168.41.124 23:05:42.135063 arp who-has 10.168.43.14 tell 10.168.41.129 23:05:42.135241 arp who-has 10.168.43.14 tell 10.168.44.182 23:05:42.161282 IP 58.96.132.171.16473 > 10.168.44.132.58610: P 1:186(185) ack 295 win 17040 23:05:42.167829 arp who-has 10.168.43.14 tell 10.168.42.247 23:05:42.178980 arp who-has 10.168.40.161 tell 10.168.40.212 23:05:42.200550 arp who-has 10.168.43.14 tell 10.168.43.83 23:05:42.235167 IP 10.168.40.51.netbios-dgm > 10.168.47.255.netbios-dgm: NBT UDP PACKET(138) 23:05:42.235192 IP 10.168.40.51.netbios-ns > 10.168.47.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 23:05:42.238547 IP 192.168.130.116.411 > 10.168.44.132.57616: P 914:993(79) ack 1 win 64583 23:05:42.262683 arp who-has 10.168.46.193 tell 10.168.42.50 23:05:42.268072 IP 10.168.40.163.netbios-ns > 10.168.47.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 23:05:42.315587 IP 10.168.40.1.domain > 10.168.40.198.52863: 12939 NXDomain 0/1/0 (114) 23:05:42.316782 IP 10.168.40.198.40176 > 10.168.40.1.domain: 64889+ PTR? 161.40.168.10.in-addr.arpa. (44) 23:05:42.317035 IP 10.168.40.1.domain > 10.168.40.198.40176: 64889 ServFail 0/0/0 (44) 23:05:42.319876 IP 10.168.40.198.48448 > 10.168.40.1.domain: 64889+ PTR? 161.40.168.10.in-addr.arpa. (44) 23:05:42.320121 IP 10.168.40.1.domain > 10.168.40.198.48448: 64889 ServFail 0/0/0 (44) 23:05:42.320388 IP 10.168.40.198.35324 > 10.168.40.1.domain: 18453+ PTR? 221.42.168.10.in-addr.arpa. (44) 23:05:42.320627 IP 10.168.40.1.domain > 10.168.40.198.35324: 18453 ServFail 0/0/0 (44) 23:05:42.320817 IP 10.168.40.198.43770 > 10.168.40.1.domain: 18453+ PTR? 221.42.168.10.in-addr.arpa. (44) И.П.