LinuxSir.cn,穿越时空的Linuxsir!

 找回密码
 注册
搜索
热搜: shell linux mysql
查看: 3232|回复: 9

求解tcpdump的输出

[复制链接]
发表于 2004-3-11 22:49:37 | 显示全部楼层 |阅读模式
以下这段输出究竟是怎么一回事,是我在ping人家还是人家在ping我,请各位老手指教,在下对网络问题所知甚少。

  1. 22:47:43.460118 218.13.103.118.33034 > 211.93.98.22.http: . ack 529 win 6432 (DF)
  2. 22:47:43.513066 218.13.103.155.1111 > 218.13.103.118.135: S 3736448122:3736448122(0) win 16384 <mss 1360,nop,nop,sackOK> (DF)
  3. 22:47:43.513103 218.13.103.118 > 218.13.103.155: icmp: host 218.13.103.118 unreachable - admin prohibited [tos 0xc0]
  4. 22:47:43.532062 218.13.103.155.1112 > 218.13.103.118.microsoft-ds: S 3736489770:3736489770(0) win 16384 <mss 1360,nop,nop,sackOK> (DF)
  5. 22:47:43.532108 218.13.103.118 > 218.13.103.155: icmp: host 218.13.103.118 unreachable - admin prohibited [tos 0xc0]
  6. 22:47:43.533063 218.13.103.155.1114 > 218.13.103.118.6129: S 3736532674:3736532674(0) win 16384 <mss 1360,nop,nop,sackOK> (DF)
  7. 22:47:43.533094 218.13.103.118 > 218.13.103.155: icmp: host 218.13.103.118 unreachable - admin prohibited [tos 0xc0]
  8. 22:47:44.141613 211.93.98.22.http > 218.13.103.118.33032: . 24182:25594(1412) ack 7105 win 22264 (DF)
  9. 22:47:44.141655 218.13.103.118.33032 > 211.93.98.22.http: . ack 28068 win 48008 (DF)
  10. 22:47:44.607919 218.13.103.118.33029 > 211.93.98.22.http: F 4389:4389(0) ack 27410 win 60716 (DF)
  11. 22:47:46.459754 218.13.103.155.1114 > 218.13.103.118.6129: S 3736532674:3736532674(0) win 16384 <mss 1360,nop,nop,sackOK> (DF)
  12. 22:47:46.459793 218.13.103.118 > 218.13.103.155: icmp: host 218.13.103.118 unreachable - admin prohibited [tos 0xc0]
  13. 22:47:46.463618 218.13.103.155.1111 > 218.13.103.118.135: S 3736448122:3736448122(0) win 16384 <mss 1360,nop,nop,sackOK> (DF)
  14. 22:47:46.463662 218.13.103.118 > 218.13.103.155: icmp: host 218.13.103.118 unreachable - admin prohibited [tos 0xc0]
  15. 22:47:46.463619 218.13.103.155.1112 > 218.13.103.118.microsoft-ds: S 3736489770:3736489770(0) win 16384 <mss 1360,nop,nop,sackOK> (DF)
  16. 22:47:46.463679 218.13.103.118 > 218.13.103.155: icmp: host 218.13.103.118 unreachable - admin prohibited [tos 0xc0]
  17. 22:47:47.353617 218.37.97.9.1241 > 218.13.103.118.auth: S 1009074823:1009074823(0) win 64240 <mss 1412,nop,nop,sackOK> (DF)
  18. 22:47:47.353671 218.13.103.118 > 218.37.97.9: icmp: host 218.13.103.118 unreachable - admin prohibited [tos 0xc0]
  19. 22:47:50.377683 218.37.97.9.1241 > 218.13.103.118.auth: S 1009074823:1009074823(0) win 64240 <mss 1412,nop,nop,sackOK> (DF)
  20. 22:47:50.377720 218.13.103.118 > 218.37.97.9: icmp: host 218.13.103.118 unreachable - admin prohibited [tos 0xc0]
  21. 22:47:52.467957 218.13.103.155.1114 > 218.13.103.118.6129: S 3736532674:3736532674(0) win 16384 <mss 1360,nop,nop,sackOK> (DF)
  22. 22:47:52.467994 218.13.103.118 > 218.13.103.155: icmp: host 218.13.103.118 unreachable - admin prohibited [tos 0xc0]
  23. 22:47:52.468675 218.13.103.155.1111 > 218.13.103.118.135: S 3736448122:3736448122(0) win 16384 <mss 1360,nop,nop,sackOK> (DF)
  24. 22:47:52.468716 218.13.103.118 > 218.13.103.155: icmp: host 218.13.103.118 unreachable - admin prohibited [tos 0xc0]
  25. 22:47:52.471702 218.13.103.155.1112 > 218.13.103.118.microsoft-ds: S 3736489770:3736489770(0) win 16384 <mss 1360,nop,nop,sackOK> (DF)
  26. 22:47:52.471744 218.13.103.118 > 218.13.103.155: icmp: host 218.13.103.118 unreachable - admin prohibited [tos 0xc0]
  27. 22:47:56.992217 211.93.98.22.http > 218.13.103.118.33032: F 28068:28068(0) ack 7105 win 22264 (DF)
  28. 22:47:57.032052 218.13.103.118.33032 > 211.93.98.22.http: . ack 28069 win 48008 (DF)
  29. 22:47:58.474406 211.93.98.22.http > 218.13.103.118.33034: F 529:529(0) ack 922 win 7368 (DF)
  30. 22:47:58.474548 218.13.103.118.33032 > 211.93.98.22.http: F 7105:7105(0) ack 28069 win 48008 (DF)
  31. 22:47:58.513804 218.13.103.118.33034 > 211.93.98.22.http: . ack 530 win 6432 (DF)
  32. 22:47:59.191153 211.93.98.22.http > 218.13.103.118.33032: . ack 7106 win 22264 (DF)
  33. 22:48:04.244360 218.56.14.186.3896 > 218.13.103.118.http: S 3488696364:3488696364(0) win 16384 <mss 1412,nop,nop,sackOK> (DF)
  34. 22:48:04.244414 218.13.103.118 > 218.56.14.186: icmp: host 218.13.103.118 unreachable - admin prohibited [tos 0xc0]
  35. 22:48:07.171853 218.56.14.186.3896 > 218.13.103.118.http: S 3488696364:3488696364(0) win 16384 <mss 1412,nop,nop,sackOK> (DF)
  36. 22:48:07.171891 218.13.103.118 > 218.56.14.186: icmp: host 218.13.103.118 unreachable - admin prohibited [tos 0xc0]
  37. 22:48:12.059748 218.13.103.118.33029 > 211.93.98.22.http: F 4389:4389(0) ack 27410 win 60716 (DF)
  38. 22:48:13.188193 218.56.14.186.3896 > 218.13.103.118.http: S 3488696364:3488696364(0) win 16384 <mss 1412,nop,nop,sackOK> (DF)
  39. 22:48:13.188234 218.13.103.118 > 218.56.14.186: icmp: host 218.13.103.118 unreachable - admin prohibited [tos 0xc0]
  40. 22:48:18.452796 218.13.91.130.2570 > 218.13.103.118.microsoft-ds: S 2678426851:2678426851(0) win 16384 <mss 1412,nop,nop,sackOK> (DF)
  41. 22:48:18.452850 218.13.103.118 > 218.13.91.130: icmp: host 218.13.103.118 unreachable - admin prohibited [tos 0xc0]
  42. 22:48:20.872742 218.13.91.130.2570 > 218.13.103.118.microsoft-ds: S 2678426851:2678426851(0) win 16384 <mss 1412,nop,nop,sackOK> (DF)
  43. 22:48:20.872780 218.13.103.118 > 218.13.91.130: icmp: host 218.13.103.118 unreachable - admin prohibited [tos 0xc0]

复制代码
发表于 2004-3-11 23:07:30 | 显示全部楼层
icmp: host 218.13.103.118 unreachable - admin prohibited [tos 0xc0]
主机不可达
218.13.103.118.33034 > 211.93.98.22.http: . ack 529 win 6432 (DF)
应该是http请求吧
你自己的ip多少
 楼主| 发表于 2004-3-11 23:33:16 | 显示全部楼层
最初由 dancingpig 发表
icmp: host 218.13.103.118 unreachable - admin prohibited [tos 0xc0]
主机不可达
218.13.103.118.33034 > 211.93.98.22.http: . ack 529 win 6432 (DF)
应该是http请求吧
你自己的ip多少

218.13.103.118
是别人在ping我吗?兄弟说详细一点。
发表于 2004-3-12 09:28:38 | 显示全部楼层
22:48:20.872780 218.13.103.118 > 218.13.91.130: icmp: host 218.13.103.118 unreachable - admin prohibited [tos 0xc0] 218.13.103.118 到218.13.91.130的主机不可达信息
 楼主| 发表于 2004-3-12 12:15:31 | 显示全部楼层
最初由 dancingpig 发表
22:48:20.872780 218.13.103.118 > 218.13.91.130: icmp: host 218.13.103.118 unreachable - admin prohibited [tos 0xc0] 218.13.103.118 到218.13.91.130的主机不可达信息

嗯,终于有点明白了。
上面这条输出结果的意思是218.13.103.118(本机)向218.13.91.130发送"主机不可到达"类型的icmp消息包。
好像网络上很多针对M$的冲击波在攻击我的机子,呵呵。。。
发表于 2004-10-30 23:07:32 | 显示全部楼层
ping 的信息,一般是echo 这个

有点类似hello,问好的握手

我也不是很清楚, ping好像也有icmp这个协议的哦
发表于 2004-10-31 01:29:27 | 显示全部楼层
不是ping来的
发表于 2004-10-31 08:53:15 | 显示全部楼层
admin prohibited
好像是你的iptables不允许ping到自己。是不是?
发表于 2004-10-31 10:29:06 | 显示全部楼层
看明白了,可能是病毒流量,在扫描你。 如果是TCP连接,那么你的

防火墙会自动地reject,也就是说发送一个icmp不可到达的错误给对

方。Home king兄的输出里面还有自己上网的流量,那时正常流量。

看样子是有人中了病毒,以前我经常用嗅探的方法捕捉中病毒的机器

有的时候还远程登录上去实地察看一下,呵呵。

一般在校园网等大的网络里面很大一部分流量是病毒扫描流量,还有扫描代理的,DNS查询,Home king的tcpdump好像没有过滤输出。
发表于 2004-10-31 10:36:44 | 显示全部楼层
+---------------------------------------------------------------------------------------------------
| SYN 标志,初始化一个到home king机器135端口的一个连接,试图扫描你是否有win RPC 漏洞,然后实施攻击。
+---------------------------------------------------------------------------------------------------
22:47:43.513066 218.13.103.155.1111 > 218.13.103.118.135: S 3736448122:3736448122(0) win 16384 <mss 1360,nop,nop,sackOK> (DF)

+-----------------------------------------------------------------------------------------------------------------------
|本地的防火墙拒绝了这个连接,发送一个icmp不可到达的错误。这里要注意的是,如果你没有防火墙并且没有开这个端口,那么返回的就是一个端口不可到达的Icmp,而不是主机不可到达。
+-----------------------------------------------------------------------------------------------------------------------
22:47:43.513103 218.13.103.118 > 218.13.103.155: icmp: host 218.13.103.118 unreachable - admin prohibited [tos 0xc0]
您需要登录后才可以回帖 登录 | 注册

本版积分规则

快速回复 返回顶部 返回列表