Em 05-09-2013 09:32, Henrique Rosa escreveu:
Bom dia , pessoal!
Estou iniciando o uso do linux e na empresa preciso aprender a usar o
iptraf.
Filtrei o trafico entre minha máquina (192.168.0.229) e o proxy
(192.168.0.4) e não consigo entender o resultado.
Tô achando que a rede está sendo hackeada, mas é mera desconfiança.
Segue uma parte do log gerado:
Thu Sep 5 09:24:07 2013; ******** IP traffic monitor started ********
Thu Sep 5 09:24:07 2013; TCP; eth2; 2948 bytes; from 192.168.0.4:665
<http://192.168.0.4:665> to 192.168.0.229:50778
<http://192.168.0.229:50778> (source MAC addr 000475812901); first packet
Thu Sep 5 09:24:07 2013; TCP; eth2; 52 bytes; from
192.168.0.229:50778 <http://192.168.0.229:50778> to 192.168.0.4:665
<http://192.168.0.4:665> (source MAC addr 5cf9ddec32fc); first packet
Thu Sep 5 09:24:07 2013; ARP request for 192.168.0.107; eth2; 66
bytes; from b0487add2b3d to ffffffffffff
Thu Sep 5 09:24:07 2013; ARP request for 192.168.0.59; eth2; 66
bytes; from b0487add2b3d to ffffffffffff
Thu Sep 5 09:24:07 2013; Non-IP (0x4); eth2; 66 bytes; from
a45630b83d36 to 0180c2000000
Thu Sep 5 09:24:07 2013; ARP request for 192.168.1.21; eth2; 40
bytes; from 002722d4cf26 to ffffffffffff
Thu Sep 5 09:24:07 2013; ARP request for 192.168.0.232; eth2; 40
bytes; from 000475812901 to 00306789dcc2
Thu Sep 5 09:24:07 2013; ARP reply from 192.168.0.232; eth2; 40
bytes; from 00306789dcc2 to 000475812901
Thu Sep 5 09:24:07 2013; ARP request for 192.168.0.249; eth2; 40
bytes; from b0487add3ba1 to ffffffffffff
Thu Sep 5 09:24:07 2013; UDP; eth2; 1448 bytes; source MAC address
bc5ff434ace5; from 192.168.0.154:889 <http://192.168.0.154:889> to
192.168.0.255:889 <http://192.168.0.255:889>
Thu Sep 5 09:24:07 2013; UDP; eth2; 1448 bytes; source MAC address
bc5ff434ace5; from 192.168.0.154:889 <http://192.168.0.154:889> to
192.168.0.255:889 <http://192.168.0.255:889>
Thu Sep 5 09:24:07 2013; ARP request for 192.168.0.100; eth2; 52
bytes; from 5cf9ddec32dc to ffffffffffff
Thu Sep 5 09:24:07 2013; Non-IP (0x86dd); eth2; 52 bytes; from
5cf9ddec32b7 to 333300010002
Thu Sep 5 09:24:07 2013; Non-IP (0x86dd); eth2; 40 bytes; from
002511f29501 to 333300010003
Thu Sep 5 09:24:07 2013; Non-IP (0x86dd); eth2; 52 bytes; from
002511f29501 to 333300010003
Thu Sep 5 09:24:07 2013; ARP request for 192.168.2.1; eth0; 930
bytes; from 1078d2d327eb to d4ca6d64d4ea
Thu Sep 5 09:24:07 2013; ARP reply from 192.168.2.1; eth0; 930 bytes;
from d4ca6d64d4ea to 1078d2d327eb
Thu Sep 5 09:24:07 2013; ARP request for 192.168.0.249; eth2; 40
bytes; from b0487add3ba1 to ffffffffffff
Thu Sep 5 09:24:07 2013; UDP; eth2; 78 bytes; source MAC address
002511f29501; from 192.168.0.238:137 <http://192.168.0.238:137> to
192.168.0.255:137 <http://192.168.0.255:137>
Thu Sep 5 09:24:07 2013; UDP; eth2; 234 bytes; source MAC address
000475812901; from 192.168.0.4:138 <http://192.168.0.4:138> to
192.168.0.255:138 <http://192.168.0.255:138>
Thu Sep 5 09:24:07 2013; ARP request for 192.168.0.107; eth2; 52
bytes; from 5cf9ddec32b7 to ffffffffffff
QUEM PODE AJUDAR, sobre o log acima, e ONDE ACHAR Manual (de
preferencia em portugues) do IPtraf ?
Obrigado por qualquer ajuda!
@bs pinguiniano !
Bom dia Henrique.
Antes de mais nada, você tem conhecimentos do protocolo IP? O log acima
está de fácil entendimento se você sabe o que significa UDP, ARP, TCP,
MAC Address.
--
Atenciosamente,
Allan Carvalho