Escolar Documentos
Profissional Documentos
Cultura Documentos
Monitorando as conexes pela interface eth0 com destino ao host 192.168.210.201 sem resolver
nomes ou portas:
# tcpdump -i eth0 dst 192.168.210.201 -nn
09:23:09.826907 IP 192.168.210.5.22 > 192.168.210.201.2210: P 188964:189112(148)
ack 833 win 8576
09:23:09.826958 IP 192.168.210.5.22 > 192.168.210.201.2210: P 189112:189260(148)
ack 833 win 8576
Monitorando as conexes pela interface eth0 com origem do host 192.168.210.201 e com destino o
host 192.168.210.5 sem resolver nomes ou portas:
# tcpdump -i eth0 src 192.168.210.201 and dst 192.168.210.5 -nn
09:24:42.805222 IP 192.168.210.201.2210 > 192.168.210.5.22: . ack 1005731904 win
65287
09:24:43.003885 IP 192.168.210.201.2210 > 192.168.210.5.22: . ack 133 win 65155
Monitorando as conexes pela interface eth0 com origem do host 192.168.210.201 e com destino o
host 192.168.210.5, MENOS a porta 22 (ssh), sem resolver nomes ou portas:
# tcpdump -i eth0 src 192.168.210.201 and dst 192.168.210.5 and not port 22 -nn
09:27:40.065359 IP 192.168.210.201.2346 > 192.168.210.5.98: . ack 3794525559 win
64846
09:27:40.232109 IP 192.168.210.201.2346 > 192.168.210.5.98: F 0:0(0) ack 1 win
64846
Monitorando as conexes pela interface eth0 tanto origem como destino o host host
192.168.210.201:
# tcpdump -i eth0 host 192.168.210.201 -nn
09:28:12.404899 IP 192.168.210.5.22 > 192.168.210.201.2210: P
2104076:2104224(148) ack 9465 win 16080
09:28:12.404943 IP 192.168.210.5.22 > 192.168.210.201.2210: P
2104224:2104372(148) ack 9465 win 16080
Monitorando as conexes pela interface eth0 com origem do host 192.168.210.201 e com destino o
host 192.168.210.5, MENOS a porta 22 (ssh), sem resolver nomes ou portas e inserindo a sada do
comando no arquivo log_tcpdump (no diretrio corrente):
# tcpdump -i eth0 src 192.168.210.201 and dst 192.168.210.5 and not port 22 -nn -w
log_tcpdump
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 68 bytes
^C7 packets captured
7 packets received by filter
0 packets dropped by kernel
# ls
log_tcpdump
Monitorar conexes entrantes / saintes na porta 80 (http) na interface eth0 (ao no especificar
device de escuta "-i ethX", por padro a interface eth0 escutada):
# tcpdump port 80
09:37:00.589858 IP 5b.16.344a.static.theplanet.com.http >
master.ctberrini.com.br.46682: P 814487551:814488703(1152) ack 4015645779 win 1758
09:37:00.664095 IP master.ctberrini.com.br.46682 >
5b.16.344a.static.theplanet.com.http: . ack 1152 win 0
09:37:01.830973 IP 5b.16.344a.static.theplanet.com.http >
master.ctberrini.com.br.46682: . ack 1 win 1758
Ol pessoal,
Para muitos o contedo do mesmo ser ridiculamente bsico (fcil), mas trabalhando na rea de
suporte tcnico, vejo que meus clientes no sabem nem um pouco do que se passa em seu firewall.
Bom, vamos para o que interessa, segue a dica. Grato desde j e ansioso pelas crticas construtivas.