tcpdump traffic capture.

Issues related to configuring your network
Post Reply
hack3rcon
Posts: 757
Joined: 2014/11/24 11:04:37

tcpdump traffic capture.

Post by hack3rcon » 2019/07/15 12:46:54

Hello,
From below "tcpdump" traffic capture can anyone find the network problem:

Code: Select all

# tcpdump -i enp0s8
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s8, link-type EN10MB (Ethernet), capture size 262144 bytes
17:11:53.039721 IP 192.168.0.4 > mct01s09-in-f14.1e100.net: ICMP echo request, id 1, seq 546, length 72
17:11:53.847580 IP 192.168.0.4.56338 > 239.255.255.250.1900: UDP, length 133
17:11:56.869114 IP 192.168.0.4.56338 > 239.255.255.250.1900: UDP, length 133
17:11:57.074158 IP 192.168.0.4 > mct01s09-in-f14.1e100.net: ICMP echo request, id 1, seq 547, length 72
17:12:01.105760 IP 192.168.0.4 > mct01s09-in-f14.1e100.net: ICMP echo request, id 1, seq 548, length 72
17:12:02.460119 IP 192.168.0.4.58880 > 192.168.0.2.domain: 20911+ A? psi3.secunia.com. (34)
17:12:02.568819 IP 192.168.0.2.domain > 192.168.0.4.58880: 20911 3/0/0 CNAME psi3.secunia.com.s3-website-us-west-2.amazonaws.com., CNAME s3-website-us-west-2.amazonaws.com., A 52.218.249.179 (126)
17:12:02.571064 IP 192.168.0.4.24273 > s3-website-us-west-2.amazonaws.com.https: Flags [S], seq 3048656599, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
17:12:05.076372 IP 192.168.0.4.55049 > 192.168.0.2.domain: 5968+ A? boot-01.net.anydesk.com. (41)
17:12:05.159576 IP 192.168.0.4 > mct01s09-in-f14.1e100.net: ICMP echo request, id 1, seq 549, length 72
17:12:05.171652 IP 192.168.0.2.domain > 192.168.0.4.55049: 5968 1/0/0 A 176.9.44.38 (57)
17:12:05.173367 IP 192.168.0.4.24274 > relay-b54a2115.net.anydesk.com.https: Flags [S], seq 2271021429, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
17:12:07.800665 ARP, Request who-has 192.168.0.4 tell 192.168.0.2, length 28
17:12:07.801573 ARP, Reply 192.168.0.4 is-at 08:00:27:86:32:a6 (oui Unknown), length 46
17:12:08.174927 IP 192.168.0.4.24274 > relay-b54a2115.net.anydesk.com.https: Flags [S], seq 2271021429, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
17:12:09.123317 IP 192.168.0.4.24276 > relay-b54a2115.net.anydesk.com.6568: Flags [S], seq 2875150279, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
17:12:09.208112 IP 192.168.0.4 > mct01s09-in-f14.1e100.net: ICMP echo request, id 1, seq 550, length 72
17:12:10.104652 IP 192.168.0.4.24275 > relay-b54a2115.net.anydesk.com.http: Flags [S], seq 2130365915, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
17:12:11.578688 IP 192.168.0.4.24273 > s3-website-us-west-2.amazonaws.com.https: Flags [S], seq 3048656599, win 8192, options [mss 1460,nop,nop,sackOK], length 0
17:12:12.120255 IP 192.168.0.4.24276 > relay-b54a2115.net.anydesk.com.6568: Flags [S], seq 2875150279, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
Thank you.

User avatar
fdisk
Posts: 42
Joined: 2017/11/04 00:59:56

Re: tcpdump traffic capture.

Post by fdisk » 2019/07/15 15:51:07

Packets are not being answered from anywhere but from local net.

Depending on your network setup this could mean:
* Router is not doing NAT correctly
* Network behind router has no route back to 192.168.0.0/24

Post Reply