<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: CIPE <cipe-l,AT,inka,DOT,de>
Subject: tcpdump - router_eth1 IP 192.168.1.40 (local lan side)
From: James Knott <james.knott,AT,rogers,DOT,com>
Date: Thu, 11 Sep 2003 12:34:53 -0400

21:39:46.192291 192.168.1.40.ssh > 192.168.1.10.36703: P 2757886911:2757886975(64) ack 2767378536 win 8576 <nop,nop,timestamp 113515196 26687898> (DF) [tos 0x10] (ttl 64, id 35340, len 116)
21:39:46.192451 192.168.1.10.36703 > 192.168.1.40.ssh: . [tcp sum ok] ack 64 win 8832 <nop,nop,timestamp 26687904 113515196> (DF) [tos 0x10] (ttl 64, id 13063, len 52)
21:39:51.763277 192.168.1.10.34151 > 192.168.1.40.ssh: P 261372521:261372569(48) ack 276532067 win 8832 <nop,nop,timestamp 26688461 113482443> (DF) [tos 0x10] (ttl 64, id 20969, len 100)
21:39:51.764779 192.168.1.40.ssh > 192.168.1.10.34151: P 1:49(48) ack 48 win 8576 <nop,nop,timestamp 113515753 26688461> (DF) [tos 0x10] (ttl 64, id 30931, len 100)
21:39:51.764917 192.168.1.10.34151 > 192.168.1.40.ssh: . [tcp sum ok] ack 49 win 8832 <nop,nop,timestamp 26688461 113515753> (DF) [tos 0x10] (ttl 64, id 20970, len 52)
21:39:51.801631 192.168.1.40.ssh > 192.168.1.10.34151: P 49:113(64) ack 48 win 8576 <nop,nop,timestamp 113515757 26688461> (DF) [tos 0x10] (ttl 64, id 30932, len 116)
21:39:51.801799 192.168.1.10.34151 > 192.168.1.40.ssh: . [tcp sum ok] ack 113 win 8832 <nop,nop,timestamp 26688465 113515757> (DF) [tos 0x10] (ttl 64, id 20971, len 52)
21:39:59.785283 192.168.1.10.netbios-dgm > 192.168.1.255.netbios-dgm:
>>> NBT UDP PACKET(138) Res=0x110A ID=0x70F7 IP=192 (0xc0).168 (0xa8).1 (0x1).10 (0xa) Port=138 (0x8a) Length=197 (0xc5) Res2=0x0
SourceName=LINUX NameType=0x00 (Workstation)
DestName=
WARNING: Short packet. Try increasing the snap length


 (DF) (ttl 64, id 0, len 225)
21:40:30.386161 192.168.2.20.32771 > 192.168.1.10.netbios-ns:  [udp sum ok]
>>> NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
TrnID=0x4524
OpCode=0
NmFlags=0x0
Rcode=0
QueryCount=1
AnswerCount=0
AuthorityCount=0
AddressRecCount=0
QuestionRecords:
Name=*               NameType=0x00 (Workstation)
QuestionType=0x21
QuestionClass=0x1

 (DF) (ttl 63, id 0, len 78)
21:40:30.386852 192.168.1.10.netbios-ns > 192.168.2.20.32771:
>>> NBT UDP PACKET(137): QUERY; POSITIVE; RESPONSE; UNICAST
TrnID=0x4524
OpCode=0
NmFlags=0x40
Rcode=0
QueryCount=0
AnswerCount=1
AuthorityCount=0
AddressRecCount=0

ResourceRecords:
Name=*               NameType=0x00 (Workstation)
ResType=0x21
ResClass=0x1
TTL=0 (0x0)
ResourceLength=0
ResourceData=
NumNames=0x0
AdditionalData:
Data: (172 bytes)
[000] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
[010] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
[020] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
[030] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
[040] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
[050] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
[060] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
[070] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
[080] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
[090] 00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ........ ........
[0A0] 00 00 00 00 00 00 00 00  00 00 00 00              ........ ....

(DF) (ttl 64, id 0, len 257)
21:40:30.956982 192.168.2.20.32775 > 192.168.1.10.netbios-ssn: S [tcp sum ok] 3294850949:3294850949(0) win 5608 <mss 1402,sackOK,timestamp 123568 0,nop,wscale 0> (DF) (ttl 63, id 36149, len 60)
21:40:30.957128 192.168.1.10.netbios-ssn > 192.168.2.20.32775: S [tcp sum ok] 3286453376:3286453376(0) ack 3294850950 win 5792 <mss 1460,sackOK,timestamp 26692381 123568,nop,wscale 0> (DF) (ttl 64, id 0, len 60)
21:40:31.255962 192.168.2.20.32775 > 192.168.1.10.netbios-ssn: . [tcp sum ok] ack 1 win 5608 <nop,nop,timestamp 123597 26692381> (DF) (ttl 63, id 36150, len 52)
21:40:31.496751 192.168.2.20.32775 > 192.168.1.10.netbios-ssn: P 1:77(76) ack 1 win 5608 <nop,nop,timestamp 123619 26692381>
>>> NBT Packet
NBT Session Request
Flags=0x81000048
Destination=
WARNING: Short packet. Try increasing the snap length


(DF) (ttl 63, id 36151, len 128)
21:40:31.496905 192.168.1.10.netbios-ssn > 192.168.2.20.32775: . [tcp sum ok] ack 77 win 5792 <nop,nop,timestamp 26692435 123619> (DF) (ttl 64, id 1978, len 52)
21:40:31.508802 192.168.1.10.netbios-ssn > 192.168.2.20.32775: P [tcp sum ok] 1:5(4) ack 77 win 5792 <nop,nop,timestamp 26692436 123619>
>>> NBT Packet
NBT Session Granted
Flags=0x82000000


(DF) (ttl 64, id 1979, len 56)
21:40:31.826111 192.168.2.20.32775 > 192.168.1.10.netbios-ssn: . [tcp sum ok] ack 5 win 5608 <nop,nop,timestamp 123653 26692436> (DF) (ttl 63, id 36152, len 52)
21:40:31.917098 192.168.2.20.32775 > 192.168.1.10.netbios-ssn: P 77:245(168) ack 5 win 5608 <nop,nop,timestamp 123653 26692436>
>>> NBT Packet
NBT Session Packet
Flags=0x0
Length=164 (0xa4)


SMB PACKET: SMBnegprot (REQUEST)
SMB Command   =  0x72
Error class   =  0x0
Error code    =  0 (0x0)
Flags1        =  0x8
Flags2        =  0x1
Tree ID       =  0 (0x0)
Proc ID       =  0 (0x0)
UID           =  0 (0x0)
MID           =  0 (0x0)
Word Count    =  0 (0x0)

(DF) (ttl 63, id 36153, len 220)
21:40:31.941174 192.168.1.10.netbios-ssn > 192.168.2.20.32775: P 5:83(78) ack 245 win 6432 <nop,nop,timestamp 26692479 123653>
>>> NBT Packet
NBT Session Packet
Flags=0x0
Length=74 (0x4a)


SMB PACKET: SMBnegprot (REPLY)
SMB Command   =  0x72
Error class   =  0x0
Error code    =  0 (0x0)
Flags1        =  0x88
Flags2        =  0x1
Tree ID       =  0 (0x0)
Proc ID       =  0 (0x0)
UID           =  0 (0x0)
MID           =  0 (0x0)
Word Count    =  0 (0x0)

(DF) (ttl 64, id 1980, len 130)
21:40:32.305901 192.168.2.20.32775 > 192.168.1.10.netbios-ssn: . [tcp sum ok] ack 83 win 5608 <nop,nop,timestamp 123703 26692479> (DF) (ttl 63, id 36154, len 52)
21:41:00.383911 192.168.1.10.netbios-dgm > 192.168.1.255.netbios-dgm:
>>> NBT UDP PACKET(138) Res=0x110A ID=0x70F8 IP=192 (0xc0).168 (0xa8).1 (0x1).10 (0xa) Port=138 (0x8a) Length=197 (0xc5) Res2=0x0
SourceName=LINUX NameType=0x00 (Workstation)
DestName=
WARNING: Short packet. Try increasing the snap length


(DF) (ttl 64, id 0, len 225)
21:41:30.383241 192.168.1.10.netbios-dgm > 192.168.2.20.netbios-dgm:
>>> NBT UDP PACKET(138) Res=0x110A ID=0x70F9 IP=192 (0xc0).168 (0xa8).1 (0x1).10 (0xa) Port=138 (0x8a) Length=213 (0xd5) Res2=0x0
SourceName=LINUX NameType=0x00 (Workstation)
DestName=
WARNING: Short packet. Try increasing the snap length


(DF) (ttl 64, id 0, len 241)
21:41:30.986168 192.168.2.20 > 192.168.1.10: icmp: 192.168.2.20 udp port netbios-dgm unreachable [tos 0xc0] (ttl 254, id 55713, len 269)
21:41:35.383002 arp who-has 192.168.1.40 tell 192.168.1.10
21:41:35.383060 arp reply 192.168.1.40 is-at 0:c0:4f:a1:8f:94
21:42:00.382593 192.168.1.10.netbios-dgm > 192.168.1.255.netbios-dgm:
>>> NBT UDP PACKET(138) Res=0x110A ID=0x70FA IP=192 (0xc0).168 (0xa8).1 (0x1).10 (0xa) Port=138 (0x8a) Length=197 (0xc5) Res2=0x0
SourceName=LINUX NameType=0x00 (Workstation)
DestName=
WARNING: Short packet. Try increasing the snap length


(DF) (ttl 64, id 0, len 225)
21:42:31.969383 192.168.1.10.netbios-ssn > 192.168.2.20.32775: F [tcp sum ok] 83:83(0) ack 245 win 6432 <nop,nop,timestamp 26704482 123703> (DF) (ttl 64, id 1981, len 52)
21:42:32.453698 192.168.2.20.32775 > 192.168.1.10.netbios-ssn: . [tcp sum ok] ack 84 win 5608 <nop,nop,timestamp 135719 26704482> (DF) (ttl 63, id 36155, len 52)
21:42:37.450028 arp who-has 192.168.1.10 tell 192.168.1.40
21:42:37.450153 arp reply 192.168.1.10 is-at 0:5:5d:f6:4:ce
21:43:00.381190 192.168.1.10.netbios-dgm > 192.168.1.255.netbios-dgm:
>>> NBT UDP PACKET(138) Res=0x110A ID=0x70FB IP=192 (0xc0).168 (0xa8).1 (0x1).10 (0xa) Port=138 (0x8a) Length=197 (0xc5) Res2=0x0
SourceName=LINUX NameType=0x00 (Workstation)
DestName=
WARNING: Short packet. Try increasing the snap length


(DF) (ttl 64, id 0, len 225)
21:43:00.381272 192.168.1.10.netbios-dgm > 192.168.1.255.netbios-dgm:
>>> NBT UDP PACKET(138) Res=0x110A ID=0x70FC IP=192 (0xc0).168 (0xa8).1 (0x1).10 (0xa) Port=138 (0x8a) Length=213 (0xd5) Res2=0x0
SourceName=LINUX NameType=0x00 (Workstation)
DestName=
WARNING: Short packet. Try increasing the snap length


(DF) (ttl 64, id 0, len 241)
21:43:00.381285 192.168.1.10.netbios-dgm > 192.168.1.255.netbios-dgm:
>>> NBT UDP PACKET(138) Res=0x110A ID=0x70FD IP=192 (0xc0).168 (0xa8).1 (0x1).10 (0xa) Port=138 (0x8a) Length=206 (0xce) Res2=0x0
SourceName=LINUX NameType=0x00 (Workstation)
DestName=
WARNING: Short packet. Try increasing the snap length


(DF) (ttl 64, id 0, len 234)
21:44:00.379832 192.168.1.10.netbios-dgm > 192.168.1.255.netbios-dgm:
>>> NBT UDP PACKET(138) Res=0x110A ID=0x70FE IP=192 (0xc0).168 (0xa8).1 (0x1).10 (0xa) Port=138 (0x8a) Length=197 (0xc5) Res2=0x0
SourceName=LINUX NameType=0x00 (Workstation)
DestName=
WARNING: Short packet. Try increasing the snap length


(DF) (ttl 64, id 0, len 225)
21:44:30.379159 192.168.1.10.netbios-dgm > 192.168.2.20.netbios-dgm:
>>> NBT UDP PACKET(138) Res=0x110A ID=0x70FF IP=192 (0xc0).168 (0xa8).1 (0x1).10 (0xa) Port=138 (0x8a) Length=213 (0xd5) Res2=0x0
SourceName=LINUX NameType=0x00 (Workstation)
DestName=
WARNING: Short packet. Try increasing the snap length


(DF) (ttl 64, id 0, len 241)
21:44:30.962146 192.168.2.20 > 192.168.1.10: icmp: 192.168.2.20 udp port netbios-dgm unreachable [tos 0xc0] (ttl 254, id 55714, len 269)
21:44:35.378921 arp who-has 192.168.1.40 tell 192.168.1.10
21:44:35.378977 arp reply 192.168.1.40 is-at 0:c0:4f:a1:8f:94
21:44:44.864129 192.168.1.10.36792 > 192.168.1.40.ssh: P 3015965873:3015965921(48) ack 3015070553 win 8832 <nop,nop,timestamp 26717772 113513653> (DF) [tos 0x10] (ttl 64, id 924, len 100)
21:44:44.867762 192.168.1.40.ssh > 192.168.1.10.36792: P 1:97(96) ack 48 win 8576 <nop,nop,timestamp 113545063 26717772> (DF) [tos 0x10] (ttl 64, id 36177, len 148)
21:44:44.867914 192.168.1.10.36792 > 192.168.1.40.ssh: . [tcp sum ok] ack 97 win 8832 <nop,nop,timestamp 26717772 113545063> (DF) [tos 0x10] (ttl 64, id 925, len 52)
21:44:44.871878 192.168.1.40.ssh > 192.168.1.10.36792: P 97:161(64) ack 48 win 8576 <nop,nop,timestamp 113545064 26717772> (DF) [tos 0x10] (ttl 64, id 36178, len 116)
21:44:44.872022 192.168.1.10.36792 > 192.168.1.40.ssh: . [tcp sum ok] ack 161 win 8832 <nop,nop,timestamp 26717773 113545064> (DF) [tos 0x10] (ttl 64, id 926, len 52)
21:44:44.873193 192.168.1.40.ssh > 192.168.1.10.36792: P 161:225(64) ack 48 win 8576 <nop,nop,timestamp 113545064 26717773> (DF) [tos 0x10] (ttl 64, id 36179, len 116)
21:44:44.873330 192.168.1.10.36792 > 192.168.1.40.ssh: . [tcp sum ok] ack 225 win 8832 <nop,nop,timestamp 26717773 113545064> (DF) [tos 0x10] (ttl 64, id 927, len 52)
21:44:48.048418 192.168.1.10.36703 > 192.168.1.40.ssh: P 1:49(48) ack 64 win 8832 <nop,nop,timestamp 26718090 113515196> (DF) [tos 0x10] (ttl 64, id 13064, len 100)



<< | Thread Index | >> ]    [ << | Date Index | >> ]