[ Home | Liste | F.A.Q. |
Risorse | Cerca... ]
[ Data: precedente | successivo | indice ] [ Argomento: precedente | successivo | indice ]
[ Home | Liste | F.A.Q. |
Risorse | Cerca... ]
Archivio: Ottobre 2003 ml@sikurezza.org Soggetto: Re: IP Spoofing o BLASTER? Mittente: Paolo Montevecchi Data: 25 Oct 2003 06:34:52 -0000
Questo esempio è stato ricavato usando tcpdump con la sintassi 'tcpdump -Snevv -r filelog'. Ho potuto riscontrare che il seq # e sempre nullo (?) e che l'indirizzo mac dal quale provengono i pacchetti è proprio quello del router. Saluti Paolo --------- log file -------------- 11:44:20.957904 macsource macdest 0800 60: 127.0.0.1.80 > my_network.144.1702: R [tcp sum ok] 0:0(0) ack 54525953 win 0 (ttl 121, id 62281, len 40) 11:58:57.284484 macsource macdest 0800 60: 127.0.0.1.80 > my_network.144.1587: R [tcp sum ok] 0:0(0) ack 837156865 win 0 (ttl 122, id 43477, len 40) 12:18:30.271389 macsource macdest 0800 60: 127.0.0.1.80 > my_network.144.1101: R [tcp sum ok] 0:0(0) ack 988938241 win 0 (ttl 122, id 48826, len 40) 12:24:14.477345 macsource macdest 0800 60: 127.0.0.1.80 > my_network.213.1393: R [tcp sum ok] 0:0(0) ack 1838612481 win 0 (ttl 121, id 11606, len 40) 12:39:50.964688 macsource macdest 0800 60: 127.0.0.1.80 > my_network.213.1924: R [tcp sum ok] 0:0(0) ack 1599602689 win 0 (ttl 122, id 51895, len 40) 12:40:22.091997 macsource macdest 0800 60: 127.0.0.1.80 > my_network.144.1399: R [tcp sum ok] 0:0(0) ack 1911226369 win 0 (ttl 121, id 5215, len 40) 12:49:05.810428 macsource macdest 0800 60: 127.0.0.1.80 > my_network.144.1001: R [tcp sum ok] 0:0(0) ack 318898177 win 0 (ttl 122, id 26304, len 40) 12:59:05.365683 macsource macdest 0800 60: 127.0.0.1.80 > my_network.213.1568: R [tcp sum ok] 0:0(0) ack 556662785 win 0 (ttl 122, id 46498, len 40) 13:06:16.425692 macsource macdest 0800 60: 127.0.0.1.80 > my_network.144.1330: R [tcp sum ok] 0:0(0) ack 656670721 win 0 (ttl 122, id 23718, len 40) 13:08:41.091259 macsource macdestc 0800 60: 127.0.0.1.80 >my_network.213.1842: R [tcp sum ok] 0:0(0) ack 1357381633 win 0 (ttl 122, id 23776, len 40) 13:17:48.990198 macsource macdest 0800 60: 127.0.0.1.80 > my_network.144.1520: R [tcp sum ok] 0:0(0) ack 260833281 win 0 (ttl 121, id 10977, len 40) 13:38:54.329088 macsource macdest 0800 60: 127.0.0.1.80 > my_network.144.1487: R [tcp sum ok] 0:0(0) ack 167116801 win 0 (ttl 122, id 24512, len 40) 13:51:48.827011 macsource macdest 0800 60: 127.0.0.1.80 > my_network.144.1541: R [tcp sum ok] 0:0(0) ack 1116798977 win 0 (ttl 121, id 2714, len 40) 13:59:34.523460 macsource macdest 0800 60: 127.0.0.1.80 > my_network.144.1974: R [tcp sum ok] 0:0(0) ack 732299265 win 0 (ttl 122, id 20066, len 40) 14:32:57.873695 macsource macdest 0800 60: 127.0.0.1.80 > my_network.217.1200: R [tcp sum ok] 0:0(0) ack 409468929 win 0 (ttl 122, id 10457, len 40) 14:52:10.113867 macsource macdest 0800 60: 127.0.0.1.80 > my_network.217.1786: R [tcp sum ok] 0:0(0) ack 927793153 win 0 (ttl 122, id 348, len 40) 15:01:48.047219 macsource macdest 0800 60: 127.0.0.1.80 > my_network.217.1886: R [tcp sum ok] 0:0(0) ack 167247873 win 0 (ttl 122, id 49787, len 40) 15:26:07.176700 macsource macdest 0800 60: 127.0.0.1.80 > my_network.213.1921: R [tcp sum ok] 0:0(0) ack 1770651649 win 0 (ttl 122, id 17116, len 40) 15:31:38.244054 macsource macdest 0800 60: 127.0.0.1.80 > my_network.87.1893: R [tcp sum ok] 0:0(0) ack 540999681 win 0 (ttl 122, id 40574, len 40) 15:38:11.486313 macsource macdest 0800 60: 127.0.0.1.80 > my_network.87.1244: R [tcp sum ok] 0:0(0) ack 513474561 win 0 (ttl 122, id 1036, len 40) --------- end log file -------------- ________________________________________________________ http://www.sikurezza.org - Italian Security Mailing List
[ Home | Liste | F.A.Q. |
Risorse | Cerca... ]
www.sikurezza.org - Italian Security Mailing List
(c) 1999-2005