设为首页收藏本站

LinuxSir.cn,穿越时空的Linuxsir!

 找回密码
 注册
搜索
热搜: shell linux mysql
LinuxSir.cn,穿越时空的Linuxsir!»论坛 运维技术 —— LinuxSir.cn 服务器架设、应用、维护 如何查询局域网内哪台机子发送数据包数? ...
返回列表 发新帖
查看: 3493|回复: 7

如何查询局域网内哪台机子发送数据包数?

[复制链接]
发表于 2005-9-20 20:55:11 | 显示全部楼层 |阅读模式
XP和LINUX的局域网.
局域网内可能有机子中了蠕虫,
但路由器功能有限,查不出数据包.

我想在LINUX下大致查出哪台机子发送和接收数据包数,
以便查得哪台机子中毒!
回复

使用道具 举报

 楼主| 发表于 2005-9-20 21:19:58 | 显示全部楼层
流量查不出来吗?

我们是通过路由上网的
回复 支持 反对

使用道具 举报

Yuri
发表于 2005-9-20 22:10:44 | 显示全部楼层
tcpdump监听一下.
或者到网关去看
回复 支持 反对

使用道具 举报

发表于 2005-9-21 07:11:23 | 显示全部楼层
对呀,tcpdump,用它抓包,然后分析包
回复 支持 反对

使用道具 举报

 楼主| 发表于 2005-9-21 22:45:41 | 显示全部楼层
[root@sail ~]# tcpdump host 192.168.1.118
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
22:22:25.389175 arp who-has 192.168.1.118 tell 192.168.1.1
22:27:58.750567 IP 192.168.1.118.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:27:58.750692 arp who-has 192.168.1.118 tell 192.168.1.163
22:31:35.230415 IP 192.168.1.118.netbios-dgm > 192.168.1.255.netbios-dgm: NBT UDP PACKET(138)
22:32:33.216193 arp who-has 192.168.1.118 tell 192.168.1.1
22:39:58.815835 IP 192.168.1.118.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:39:58.815959 arp who-has 192.168.1.118 tell 192.168.1.163
速度好慢啊,查了半天也就这么一点,
还不知道什么意思,
192.168.1.1是路由网关,
192.168.1.118是局域网内一台机子.
192.168.1.163好像不是网内的,也不知道从哪出来的,
好像就没设置163这个IP的.
回复 支持 反对

使用道具 举报

 楼主| 发表于 2005-9-21 22:46:58 | 显示全部楼层
ping163好像也是不通.
回复 支持 反对

使用道具 举报

 楼主| 发表于 2005-9-21 22:51:11 | 显示全部楼层
当测试192.168.1.68这台机子时,很快就出来了下面的东东,
大家帮我看看我台机子是不是中什么毒了?
此机为XP系统!
[root@sail ~]# tcpdump host 192.168.1.68
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
22:45:07.164113 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:07.164238 arp who-has 192.168.1.68 tell 192.168.1.111
22:45:07.914118 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:08.664437 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:08.664565 arp who-has 192.168.1.68 tell 192.168.1.111
22:45:09.414138 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:10.164149 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:10.164217 arp who-has 192.168.1.68 tell 192.168.1.111
22:45:10.914381 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:11.664164 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:11.664294 arp who-has 192.168.1.68 tell 192.168.1.111
22:45:12.414177 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:13.167577 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:13.167701 arp who-has 192.168.1.68 tell 192.168.1.111
22:45:13.917127 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:14.667133 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:14.667258 arp who-has 192.168.1.68 tell 192.168.1.111
22:45:15.417484 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:16.167155 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:16.167327 arp who-has 192.168.1.68 tell 192.168.1.111
22:45:16.917165 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:17.667421 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:17.667695 arp who-has 192.168.1.68 tell 192.168.1.111
22:45:18.417179 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:19.167190 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:19.167310 arp who-has 192.168.1.68 tell 192.168.1.111
22:45:19.917541 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:20.667201 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:20.667322 arp who-has 192.168.1.68 tell 192.168.1.111
22:45:21.417217 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:22.167596 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:22.167725 arp who-has 192.168.1.68 tell 192.168.1.111
22:45:22.917233 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:23.667246 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:23.667364 arp who-has 192.168.1.68 tell 192.168.1.111
22:45:24.418870 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:25.168233 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:25.168347 arp who-has 192.168.1.68 tell 192.168.1.111
22:45:25.918245 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:26.668565 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:26.668682 arp who-has 192.168.1.68 tell 192.168.1.111
22:45:27.418261 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:28.168273 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:28.168380 arp who-has 192.168.1.68 tell 192.168.1.111
22:45:38.158671 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:38.158771 arp who-has 192.168.1.68 tell 192.168.1.111
22:45:38.908651 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:39.658672 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:39.658772 arp who-has 192.168.1.68 tell 192.168.1.111
22:45:40.409051 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:41.158661 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:41.158784 arp who-has 192.168.1.68 tell 192.168.1.111
22:45:41.908672 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:42.658991 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:42.659120 arp who-has 192.168.1.68 tell 192.168.1.111
22:45:43.408719 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:44.158695 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:44.158813 arp who-has 192.168.1.68 tell 192.168.1.111
22:45:44.908965 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:45.658725 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:45.658836 arp who-has 192.168.1.68 tell 192.168.1.111
22:45:46.408755 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:47.160977 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:47.161102 arp who-has 192.168.1.68 tell 192.168.1.111
22:45:47.910693 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:48.660710 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:48.660839 arp who-has 192.168.1.68 tell 192.168.1.111
22:45:49.411023 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:50.160721 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
22:45:50.160851 arp who-has 192.168.1.68 tell 192.168.1.111
22:45:50.910733 IP 192.168.1.68.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
........
回复 支持 反对

使用道具 举报

 楼主| 发表于 2005-9-21 22:57:03 | 显示全部楼层
tcpdump -vv host 192.168.1.68
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
22:54:47.443957 IP (tos 0x0, ttl 128, id 29115, offset 0, flags [none], proto 17, length: 229) 192.168.1.68.netbios-dgm > 192.168.1.255.netbios-dgm:
>>> NBT UDP PACKET(138) Res=0x1102 ID=0x8109 IP=192 (0xc0).168 (0xa8).1 (0x1).68 (0x44) Port=138 (0x8a) Length=187 (0xbb) Res2=0x0
SourceName=XUFENG          NameType=0x20 (Server)
DestName=
WARNING: Short packet. Try increasing the snap length
回复 支持 反对

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 注册

本版积分规则

快速回复 返回顶部 返回列表