La base
Tout voir
normes internationnal
Accès Gratuit
TCPDUMP
sudo tcpdump -n -v -e -s 0 -xx -i eth0 -c 1 'tcp and (not ip6)'
[sudo] password for seb:
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
21:40:54.571328 62:cd:9e:77:a2:0e > 00:90:7f:d0:1b:75, ethertype IPv4 (0x0800), length 110: (tos 0x10, ttl 64, id 12306, offset 0, flags [DF], proto TCP (6), length 96)
192.168.100.69.22 > 192.168.101.87.36450: Flags [P.], cksum 0x4b40 (incorrect -> 0x18f9), seq 1916029347:1916029391, ack 2908793852, win 273, options [nop,nop,TS val 2913887112 ecr 75609435
44
0x0000: 0090 7fd0 1b75 62cd 9e77 a20e 0800 4510
0x0010: 0060 3012 4000 4006 bf88 c0a8 6445 c0a8
0x0020: 6557 0016 8e62 7234 49a3 ad60 abfc 8018
0x0030: 0111 4b40 0000 0101 080a adae 6388 2d11
0x0040: 1594 71b9 4731 2098 4e7c e4f3 a9a4 7b0a
0x0050: e318 9c53 cbdf 9ae1 82e3 6c5a b171 f693
0x0060: b763 bbb4 f091 fba2 b1b6 d853 819c
1 packet captured
33 packets received by filter
25 packets dropped by kernel



à partir du playload :


sudo tcpdump -n -v -e -s 0 -x -i eth0 -c 1 'tcp and (not ip6)'
[sudo] password for seb:
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
21:57:28.399227 62:cd:9e:77:a2:0e > 00:90:7f:d0:1b:75, ethertype IPv4 (0x0800), length 110: (tos 0x10, ttl 64, id 12474, offset 0, flags [DF], proto TCP (6), length 96)
192.168.100.69.22 > 192.168.101.87.36450: Flags [P.], cksum 0x4b40 (incorrect -> 0x7cda), seq 1916041231:1916041275, ack 2908793896, win 273, options [nop,nop,TS val 2914135569 ecr 75708324
44
0x0000: 4510 0060 30ba 4000 4006 bee0 c0a8 6445
0x0010: c0a8 6557 0016 8e62 7234 780f ad60 ac28
0x0020: 8018 0111 4b40 0000 0101 080a adb2 2e11
0x0030: 2d20 2c6b 2e7e 9b92 2b8a 44d5 13c8 96d9
0x0040: 3c9b 2d73 8036 4b10 1105 37c0 f56a ea6c
0x0050: d456 7745 d799 ffe8 6503 4e9b b707 d551
1 packet captured
42 packets received by filter
35 packets dropped by kernel

sur ton linux la liste des protocole est bien rangé !
head -n 22 /etc/protocols
# Internet (IP) protocols
#
# Updated from http://www.iana.org/assignments/protocol-numbers and other
# sources.
# New protocols will be added on request if they have been officially
# assigned by IANA and are not historical.
# If you need a huge list of used numbers please install the nmap package.

ip 0 IP # internet protocol, pseudo protocol number
hopopt 0 HOPOPT # IPv6 Hop-by-Hop Option [RFC1883]
icmp 1 ICMP # internet control message protocol
igmp 2 IGMP # Internet Group Management
ggp 3 GGP # gateway-gateway protocol
ipencap 4 IP-ENCAP # IP encapsulated in IP (officially ``IP'')
st 5 ST # ST datagram mode
tcp 6 TCP # transmission control protocol
egp 8 EGP # exterior gateway protocol
igp 9 IGP # any private interior gateway (Cisco)
pup 12 PUP # PARC universal packet protocol
udp 17 UDP # user datagram protocol
hmp 20 HMP # host monitoring protocol
xns-idp 22 XNS-IDP # Xerox NS IDP

les paquet en arp
sudo tcpdump -n -v -e -s 0 -x -i eth0 -c 5 ' arp'
[sudo] password for seb:
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
22:13:46.518391 00:25:90:74:5c:a6 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.100.1 tell 192.168.100.62, length 46
0x0000: 0001 0800 0604 0001 0025 9074 5ca6 c0a8
0x0010: 643e 0000 0000 0000 c0a8 6401 0000 0000
0x0020: 0000 0000 0000 0000 0000 0000 0000
22:13:54.752995 00:90:7f:d0:1b:75 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.100.8 tell 192.168.100.1, length 46
0x0000: 0001 0800 0604 0001 0090 7fd0 1b75 c0a8
0x0010: 6401 0000 0000 0000 c0a8 6408 0000 0000
0x0020: 0000 0000 0000 0000 0000 0000 0000
22:13:55.780378 00:90:7f:d0:1b:75 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.100.8 tell 192.168.100.1, length 46
0x0000: 0001 0800 0604 0001 0090 7fd0 1b75 c0a8
0x0010: 6401 0000 0000 0000 c0a8 6408 0000 0000
0x0020: 0000 0000 0000 0000 0000 0000 0000
22:13:56.804401 00:90:7f:d0:1b:75 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.100.8 tell 192.168.100.1, length 46
0x0000: 0001 0800 0604 0001 0090 7fd0 1b75 c0a8
0x0010: 6401 0000 0000 0000 c0a8 6408 0000 0000
0x0020: 0000 0000 0000 0000 0000 0000 0000
22:14:10.238126 00:25:90:74:5c:d2 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.100.1 tell 192.168.100.59, length 46
0x0000: 0001 0800 0604 0001 0025 9074 5cd2 c0a8
0x0010: 643b 0000 0000 0000 c0a8 6401 0000 0000
0x0020: 0000 0000 0000 0000 0000 0000 0000
5 packets captured
5 packets received by filter
0 packets dropped by kernel


sudo tcpdump -n -v -e -s 0 -xx -i eth0 -c 3 'arp'
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
22:14:41.572405 00:90:7f:d0:1b:75 > 62:cd:9e:77:a2:0e, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.100.69 tell 192.168.100.1, length 46
0x0000: 62cd 9e77 a20e 0090 7fd0 1b75 0806 0001
0x0010: 0800 0604 0001 0090 7fd0 1b75 c0a8 6401
0x0020: 0000 0000 0000 c0a8 6445 0000 0000 0000
0x0030: 0000 0000 0000 0000 0000 0000
22:14:41.572424 62:cd:9e:77:a2:0e > 00:90:7f:d0:1b:75, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Reply 192.168.100.69 is-at 62:cd:9e:77:a2:0e, length 28
0x0000: 0090 7fd0 1b75 62cd 9e77 a20e 0806 0001
0x0010: 0800 0604 0002 62cd 9e77 a20e c0a8 6445
0x0020: 0090 7fd0 1b75 c0a8 6401
22:15:12.292355 00:90:7f:d0:1b:75 > 62:cd:9e:77:a2:0e, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.100.69 tell 192.168.100.1, length 46
0x0000: 62cd 9e77 a20e 0090 7fd0 1b75 0806 0001
0x0010: 0800 0604 0001 0090 7fd0 1b75 c0a8 6401
0x0020: 0000 0000 0000 c0a8 6445 0000 0000 0000
0x0030: 0000 0000 0000 0000 0000 0000
3 packets captured
4 packets received by filter
0 packets dropped by kernel