-
Montrer l’option IP d’enregistrement de route :
artois# tcpdump -s 1500 -vvv -xe icmp &
artois# ping -R ftp.jussieu.fr
PING nephtys.lip6.fr (195.83.118.1) 56(124) bytes of data.
64 bytes from nephtys.lip6.fr (195.83.118.1): icmp_seq=1 ttl=54 time=13.7 ms
RR: artois.eudil.fr (193.48.57.37)
router-eudil.univ-lille1.fr (193.49.225.60)
193.49.225.1
193.49.253.114
172.21.86.60
172.21.86.33
lille-pos2-0.cssi.renater.fr (193.51.179.146)
nri-b-a0-2-580.cssi.renater.fr (193.51.179.153)
jussieu-a1-0-65.cssi.renater.fr (193.51.182.202)
artois# tcpdump ...
tcpdump: listening on vlan2
09:55:23.648014 0:b:db:5c:98:2c 0:d0:bc:bf:6c:1c ip 138: artois.eudil.fr > nephtys.lip6.fr: icmp: echo request (DF) (ttl 64, id 0, len 124, optlen=40 NOP RR{artois.eudil.fr#0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0})
4f00 007c 0000 4000 4001 da71 c130 3925
c353 7601 0107 2708 c130 3925 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0800 9d70
593d 0001 6b2b 7d3f 24e3 0900 0809 0a0b
0c0d 0e0f 1011 1213 1415 1617 1819 1a1b
1c1d 1e1f 2021 2223 2425 2627 2829 2a2b
2c2d 2e2f 3031 3233 3435 3637
09:55:23.661758 0:d0:bc:bf:6c:1c 0:b:db:5c:98:2c ip 138: nephtys.lip6.fr > artois.eudil.fr: icmp: echo reply (ttl 54, id 44009, len 124, optlen=40 RR{artois.eudil.fr router-eudil.univ-lille1.fr 193.49.225.1 193.49.253.114 172.21.86.60 172.21.86.33 lille-pos2-0.cssi.renater.fr nri-b-a0-2-580.cssi.renater.fr jussieu-a1-0-65.cssi.renater.fr#} EOL)
4f00 007c abe9 0000 3601 b362 c353 7601
c130 3925 0727 28c1 3039 25c1 31e1 3cc1
31e1 01c1 31fd 72ac 1556 3cac 1556 21c1
33b3 92c1 33b3 99c1 33b6 ca00 0000 a570
593d 0001 6b2b 7d3f 24e3 0900 0809 0a0b
0c0d 0e0f 1011 1213 1415 1617 1819 1a1b
1c1d 1e1f 2021 2223 2425 2627 2829 2a2b
2c2d 2e2f 3031 3233 3435 3637
- Montrer les ICMP 8 et 0 de demande et de réponse d’écho :
gayant05# ping gayant06
PING gayant06.priv.eudil.fr (172.26.17.139): 56 data bytes
64 bytes from 172.26.17.139: icmp_seq=0 ttl=255 time=2.0 ms
64 bytes from 172.26.17.139: icmp_seq=1 ttl=255 time=1.3 ms
64 bytes from 172.26.17.139: icmp_seq=2 ttl=255 time=1.5 ms
gayant05# tcpdump -e -x -s 128 icmp
tcpdump: listening on eth0
14:22:05.046558 0:10:b5:7:34:a3 0:10:b5:7:34:9c ip 98:
gayant05 > gayant06.priv.eudil.fr: icmp: echo request
4500 0054 b534 0000 4001 4a2b ac1a 118a
ac1a 118b 0800 49fe cc0e 0000 fd01 083a
f1b3 0000 0809 0a0b 0c0d 0e0f 1011 1213
1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
3435 3637
14:22:05.047075 0:10:b5:7:34:9c 0:10:b5:7:34:a3 ip 98:
gayant06.priv.eudil.fr > gayant05: icmp: echo reply
4500 0054 b138 0000 ff01 8f26 ac1a 118b
ac1a 118a 0000 51fe cc0e 0000 fd01 083a
f1b3 0000 0809 0a0b 0c0d 0e0f 1011 1213
1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
3435 3637
...
- Montrer les ICMP 5 de modification de route :
gayant05# route add -host gayant06 gw router-students
gayant05# ping gayant06
PING gayant06.priv.eudil.fr (172.26.17.139): 56 data bytes
64 bytes from 172.26.17.139: icmp_seq=0 ttl=255 time=1.7 ms
64 bytes from 172.26.17.139: icmp_seq=1 ttl=255 time=2.0 ms
64 bytes from 172.26.17.139: icmp_seq=2 ttl=255 time=1.7 ms
...
gayant05# tcpdump -e -x -s 128 icmp
tcpdump: listening on eth0
14:28:50.976445 0:10:b5:7:34:a3 0:d0:bc:bf:6c:38 ip 98:
gayant05 > gayant06.priv.eudil.fr: icmp: echo request
4500 0054 faa1 0000 4001 04be ac1a 118a
ac1a 118b 0800 44ca 060f 0000 9203 083a
19e6 0e00 0809 0a0b 0c0d 0e0f 1011 1213
1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
3435 3637
14:28:50.977596 0:d0:bc:bf:6c:38 0:10:b5:7:34:a3 ip 70:
router-students.priv.eudil.fr > gayant05: icmp:
redirect gayant06.priv.eudil.fr to net gayant06.priv.eudil.fr
4500 0038 a817 0000 ff01 99ed ac1a 1001
ac1a 118a 0500 ea80 ac1a 118b 4500 0054
faa1 0000 3f01 05be ac1a 118a ac1a 118b
0800 44ca 060f 0000
14:28:50.978087 0:10:b5:7:34:9c 0:10:b5:7:34:a3 ip 98:
gayant06.priv.eudil.fr > gayant05: icmp: echo reply
4500 0054 b18c 0000 ff01 8ed2 ac1a 118b
ac1a 118a 0000 4cca 060f 0000 9203 083a
19e6 0e00 0809 0a0b 0c0d 0e0f 1011 1213
1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
3435 3637
...
- Montrer les paquets ICMP 11 de datagramme trop vieux, les paquets
UDP de TTL croissants et le paquet ICMP 3 (destination inaccessible) :
pevele# traceroute -q 1 ftp.jussieu.fr
traceroute to nephtys.lip6.fr (195.83.118.1), 30 hops max, 38 byte packets
1 router-servers.eudil.fr (193.48.57.33) 2.108 ms
2 cisco1.univ-lille1.fr (134.206.3.2) 3.811 ms
...
11 nephtys.lip6.fr (195.83.118.1) 35.629 ms
pevele# tcpdump -e -x -s 128 \( icmp and dst host pevele \) or \
\( udp and dst host ftp.jussieu.fr \)
14:32:37.503746 0:60:8:71:b9:82 0:d0:bc:bf:6c:38 ip 52:
pevele.eudil.fr.51131 > nephtys.lip6.fr.33435: udp 10 [ttl 1]
4500 0026 c7bc 0000 0111 be63 c130 3922
c353 7601 c7bb 829b 0012 98dc 0101 7504
083a 63af 0700
14:32:37.504901 0:d0:bc:bf:6c:38 0:60:8:71:b9:82 ip 70:
router-servers.eudil.fr > pevele.eudil.fr: icmp:
time exceeded in-transit [tos 0xc0]
45c0 0038 aa3e 0000 ff01 1c22 c130 3921
c130 3922 0b00 11ba 0000 0000 4500 0026
c7bc 0000 0111 be63 c130 3922 c353 7601
c7bb 829b 0012 98dc
14:32:37.507148 0:60:8:71:b9:82 0:d0:bc:bf:6c:38 ip 52:
pevele.eudil.fr.51131 > nephtys.lip6.fr.33436: udp 10
4500 0026 c7bd 0000 0211 bd62 c130 3922
c353 7601 c7bb 829c 0012 0acd 0202 7504
083a f0bc 0700
14:32:37.510803 0:d0:bc:bf:6c:38 0:60:8:71:b9:82 ip 70:
cisco1.univ-lille1.fr > pevele.eudil.fr: icmp:
time exceeded in-transit [tos 0xc0]
45c0 0038 5202 0000 fe01 e5df 86ce 0302
c130 3922 0b00 9fc8 0000 0000 4500 0026
c7bd 0000 0111 be62 c130 3922 c353 7601
c7bb 829c 0012 0acd
...
16:23:02.449608 0:60:8:71:b9:82 0:d0:bc:bf:6c:38 ip 52:
pevele.eudil.fr.52994 > nephtys.lip6.fr.33445: udp 10
4500 0026 cf0d 0000 0b11 ad12 c130 3922
c353 7601 cf02 82a5 0012 eb3a 0b0b 561e
083a 1fdc 0600
16:23:02.483371 0:d0:bc:bf:6c:38 0:60:8:71:b9:82 ip 80:
nephtys.lip6.fr > pevele.eudil.fr: icmp:
nephtys.lip6.fr udp port 33445 unreachable [tos 0xc0]
45c0 0042 a24b 0000 3601 ae08 c353 7601
c130 3922 0303 30c8 0000 0000 4500 0026
cf0d 0000 0111 b712 c130 3922 c353 7601
cf02 82a5 0012 eb3a 0b0b 561e 083a 1fdc
0600
- Description du protocole UDP :
$ cat /etc/services | grep udp
echo 7/udp
discard 9/udp sink null
daytime 13/udp
...
time 37/udp timserver
...
bootps 67/udp
bootpc 68/udp
tftp 69/udp
$ echo | nc -u pevele.eudil.fr 13
Tue Nov 7 14:38:56 2000
$ netstat -A inet -u -a
udp 0 0 *:bootps *:*
udp 0 0 *:domain *:*
udp 0 0 *:ntp *:*
udp 0 0 *:netbios-dgm *:*
udp 0 0 *:netbios-ns *:*
udp 0 0 *:tftp *:*
udp 0 0 *:talk *:*
udp 0 0 *:ntalk *:*
udp 0 0 *:time *:*
udp 0 0 *:daytime *:*
udp 0 0 *:discard *:*
udp 0 0 *:chargen *:*
udp 0 0 *:echo *:*
udp 0 0 *:sunrpc *:*
udp 0 0 *:syslog *:*
...
- Montrer la perte de paquets avec les commandes :
$ nc -u -l -p 4000 | ( sleep 10 ; cat ) > /tmp/fich1
...
$ nc -u localhost 4000 < /vmlinuz
...
$ ls -l /tmp/fich1 /vmlinuz
-rw-r--r-- 1 root root 69581 Nov 7 14:43 /tmp/fich1
-rw-r--r-- 1 root root 716749 Oct 18 17:14 /vmlinuz
- Description du protocole TCP :
$ cat /etc/services | grep tcp
...
ftp-data 20/tcp
ftp 21/tcp
ssh 22/tcp # SSH Remote Login Protocol
telnet 23/tcp
smtp 25/tcp mail
time 37/tcp timserver
...
gopher 70/tcp # Internet Gopher
finger 79/tcp
www 80/tcp http # WorldWideWeb HTTP
...
$ nc pevele 21
220-Welcome, archive user @193.48.64.39 !
220-
220-The local time is: Tue Nov 7 14:51:25 2000
220-
220-This is an experimental FTP server. If have any unusual problems,
220-please report them via e-mail to <root@pevele.eudil.fr>.
220-
220-If you do have problems, please try using a dash (-) as the first
220-character of your password -- this will turn off the continuation
220-messages that may be confusing your ftp client.
220-
220 pevele.eudil.fr FTP server (Version wu-2.6.0(1) Fri Jun 23 08:07:11 CEST 2000) ready.
quit
221 Goodbye.
$ netstat -A inet -t -a -p
...
tcp *:ssh *:* LISTEN -
tcp *:telnet *:* LISTEN -
tcp *:smtp *:* LISTEN -
tcp 193.48.64.39:33785 artois.eudil.fr:3128 ESTABLISHED 502/netscape
tcp 193.48.64.39:33782 artois.eudil.fr:3128 ESTABLISHED 502/netscape
tcp 193.48.64.39:33414 pevele.eudil.fr:ssh ESTABLISHED 2204/ssh
tcp 193.48.64.39:33275 pevele.eudil.fr:ssh ESTABLISHED 1743/ssh
...
- Mode connecté :
$ netstat -A inet -t
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 94 pevele.eudil.fr:smtp 62.161.186.124:1325 ESTABLISHED
tcp 0 49 pevele.eudil.fr:1384 sofrer-nat.clients:smtp ESTABLISHED
tcp 0 0 pevele.eudil.fr:smtp 62.161.186.124:1317 TIME_WAIT
tcp 0 0 pevele.eudil.fr:smtp kipper02.priv.eudi:4510 TIME_WAIT
tcp 0 58400 pevele.eudil.f:ftp-data ttmdy070188.montro:2582 ESTABLISHEDs
tcp 0 0 pevele.eudil.fr:smtp 62.161.186.124:1311 TIME_WAIT
tcp 0 0 pevele.eudil.fr:pop3 phinaert03.priv.eu:2920 TIME_WAIT
tcp 0 0 pevele.eudil.fr:ssh goto.priv.eudil.fr:866 ESTABLISHED
tcp 0 77 pevele.eudil.fr:ftp ttmdy070188.montro:2566 ESTABLISHED
tcp 0 0 pevele.eudil.fr:smtp 207.94.47.202:3362 FIN_WAIT2
tcp 0 1 pevele.eudil.fr:1031 212.37.207.51:auth LAST_ACK
tcp 0 0 pevele.eudi:netbios-ssn corse.eudil.fr:61739 ESTABLISHED
...
- Montrer la non perte de paquets avec les commandes :
$ nc -l -p 4000 | ( sleep 10 ; cat ) > /tmp/fich1
...
$ nc localhost 4000 < /vmlinuz
...
$ ls -l /tmp/fich1 /vmlinuz
-rw-r--r-- 1 root root 716749 Nov 7 15:28 /tmp/fich1
-rw-r--r-- 1 root root 716749 Oct 18 17:14 /vmlinuz
- Montrer la phase de connexion TCP :
gayant05# nc pevele 21
...
gayant05# tcpdump -e -x -s 128 host pevele and port 21
15:31:57.189984 0:d0:bc:bf:6c:38 0:60:8:71:b9:82 ip 74:
weppes.priv.eudil.fr.2137 > pevele.eudil.fr.ftp:
S 3611621681:3611621681(0) win 32120
<mss 1460,sackOK,timestamp 110933944 0,nop,wscale 0>
(DF) [tos 0x10]
4510 003c 94a3 4000 3f06 f097 ac1a 1004
c130 3922 0859 0015 d744 f931 0000 0000
a002 7d78 7ce4 0000 0204 05b4 0402 080a
069c b7b8 0000 0000 0103 0300
15:31:57.190068 0:60:8:71:b9:82 0:d0:bc:bf:6c:38 ip 74:
pevele.eudil.fr.ftp > weppes.priv.eudil.fr.2137:
S 3640171901:3640171901(0) ack 3611621682 win 32120
<mss 1460,sackOK,timestamp 190083705 110933944,nop,wscale 0>
(DF)
4500 003c 60c3 4000 4006 2388 c130 3922
ac1a 1004 0015 0859 d8f8 9d7d d744 f932
a012 7d78 888f 0000 0204 05b4 0402 080a
0b54 7279 069c b7b8 0103 0300
15:31:57.192459 0:d0:bc:bf:6c:38 0:60:8:71:b9:82 ip 66:
weppes.priv.eudil.fr.2137 > pevele.eudil.fr.ftp:
. ack 1 win 32120 <nop,nop,timestamp 110933945 190083705>
(DF) [tos 0x10]
4510 0034 94a5 4000 3f06 f09d ac1a 1004
c130 3922 0859 0015 d744 f932 d8f8 9d7e
8010 7d78 b753 0000 0101 080a 069c b7b9
0b54 72791