Aller à :navigation, rechercher
Wiki

UTM/Extras/ipsec fehleranalyse

De Securepoint Wiki
































































De.png
En.png
Fr.png









02.2024






tcpdump -i A1



tcpdump -i A1 proto 1 ICMP-
tcpdump -i A1 proto 6 TCP-
tcpdump -i A1 proto 17 UDP-
tcpdump -i A1 proto 50 ESP-


tcpdump -i A1 port 80


tcpdump -i A1 host 10.0.0.1


tcpdump -i A1 net 10.0.0.0/24



tcpdump -i A1 proto 1 and host 10.0.0.10





tcpdump -i A1 proto 1 -n


tcpdump -i A1 net 10.4.0.0/24 -n


09:59:44.445502 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 1, length 40 09:59:49.847558 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 2, length 40 09:59:54.855574 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 3, length 40 09:59:59.861512 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 4, length 40




tcpdump -i any proto 1 or proto 50 -n


tcpdump -i any net 10.4.0.0/24 or host 198.51.100.4 -n


10:21:39.710743 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 1, length 40 10:21:39.710799 IP 198.51.100.75 > 198.51.100.4: ESP(spi=0xc155682b,seq=0x9), length 92 10:21:45.056141 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 2, length 40 10:21:45.056235 IP 198.51.100.75 > 198.51.100.4: ESP(spi=0xc155682b,seq=0xa), length 92 10:21:50.065278 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 3, length 40 10:21:50.065332 IP 198.51.100.75 > 198.51.100.4: ESP(spi=0xc155682b,seq=0xb), length 92 10:21:55.075902 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 4, length 40 10:21:55.075947 IP 198.51.100.75 > 198.51.100.4: ESP(spi=0xc155682b,seq=0xc), length 92


10:58:15.436094 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 1, length 40 10:58:15.436127 IP 198.51.100.75 > 10.4.0.10: ICMP echo request, id 512, seq 1, length 40 10:58:20.810201 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 2, length 40 10:58:20.810230 IP 198.51.100.75 > 10.4.0.10: ICMP echo request, id 512, seq 2, length 40 10:58:25.820479 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 3, length 40 10:58:25.820533 IP 198.51.100.75 > 10.4.0.10: ICMP echo request, id 512, seq 3, length 40 10:58:30.830402 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 4, length 40 10:58:30.830470 IP 198.51.100.75 > 10.4.0.10: ICMP echo request, id 512, seq 4, length 40




tcpdump -i A0 proto 50 -n


11:24:55.833742 IP 198.51.100.75 > 198.51.100.4: ESP(spi=0xc155682b,seq=0x45), length 92 11:25:00.890782 IP 198.51.100.75 > 198.51.100.4: ESP(spi=0xc155682b,seq=0x46), length 92 11:25:05.899056 IP 198.51.100.75 > 198.51.100.4: ESP(spi=0xc155682b,seq=0x47), length 92 11:25:10.908124 IP 198.51.100.75 > 198.51.100.4: ESP(spi=0xc155682b,seq=0x48), length 92



tcpdump -i A1 proto 1 -n


11:32:11.592831 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 1, length 40 11:32:16.733971 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 2, length 40 11:32:21.742500 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 3, length 40 11:32:26.753739 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 4, length 40


root@standort-4:~# tcpdump -i A1 host 10.4.0.10 -n 11:44:39.553889 ARP, Request who-has 10.4.0.10 tell 10.4.0.1, length 28 11:44:39.554212 ARP, Reply 10.4.0.10 is-at 08:00:27:e1:fd:ab, length 46 11:44:39.672145 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 1, length 40 11:44:44.682827 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 2, length 40 11:44:49.692773 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 3, length 40 11:44:49.699543 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 4, length 40


ip n


10.4.0.10 dev A1 lladdr 08:00:27:e1:fd:ab REACHABLE


10.4.0.10 dev A1 FAILED




tcpdump -i A1 host 10.4.0.10 -n


11:32:11.592831 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 1, length 40 11:32:16.733971 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 2, length 40 11:32:21.742500 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 3, length 40 11:32:26.753739 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 4, length 40


11:32:11.592831 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 1, length 40 11:32:39.553889 ARP, Request who-has 10.0.0.10 tell 10.4.0.10, length 28 11:32:16.733971 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 2, length 40 11:32:39.553889 ARP, Request who-has 10.0.0.10 tell 10.4.0.10, length 28 11:32:21.742500 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 3, length 40 11:32:39.553889 ARP, Request who-has 10.0.0.10 tell 10.4.0.10, length 28 11:32:26.753739 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 4, length 40 11:32:39.553889 ARP, Request who-has 10.0.0.10 tell 10.4.0.10, length 28


11:32:11.592831 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 1, length 40 11:32:39.553889 ARP, Request who-has 10.4.0.254 tell 10.4.0.10, length 28 11:32:16.733971 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 2, length 40 11:32:39.553889 ARP, Request who-has 10.4.0.254 tell 10.4.0.10, length 28 11:32:21.742500 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 3, length 40 11:32:39.553889 ARP, Request who-has 10.4.0.254 tell 10.4.0.10, length 28 11:32:26.753739 IP 10.0.0.10 > 10.4.0.10: ICMP echo request, id 512, seq 4, length 40 11:32:39.553889 ARP, Request who-has 10.4.0.254 tell 10.4.0.10, length 28




root@standort-4:~# tcpdump -i A1 port 3389 -n 14:24:14.433460 IP 10.0.0.10.50795 > 10.4.0.10.3389: Flags [S], seq 315479174, win 64240, options [mss 1341,nop,wscale 8,nop,nop,sackOK], length 0 14:24:14.433725 IP 10.4.0.10.3389 > 10.0.0.10.50795: Flags [R.], seq 0, ack 315479175, win 0, length 0


root@standort-4:~# tcpdump -i A1 port 25 -w /tmp/dump.txt -s 0 -n tcpdump: listening on A1, link-type EN10MB (Ethernet), capture size 262144 bytes 12 packets captured 12 packets received by filter 0 packets dropped by kernel


Récupérée de « https://wiki.securepoint.de/index.php?title=UTM/Extras/ipsec_fehleranalyse&oldid=90442 »