Re: Is my home computer at risk knowing that nmap says...
- From: "GM" <gaetan_martineau@xxxxxxxx>
- Date: 29 May 2006 16:41:19 -0700
Very interesting. Hop 2-3 a dialing link. Well I think so, yes (see
below)
Notice the time to live value on the right. It is stepping smoothly. Make
sure this is occurring. Make note of where the ICMP packets are coming from.
Does it look reasonable? Also, look at this same tcpdump output when you
nmap your "home system". Do the TTLs match what you expect?
Yes-yes. The only trouble here is I don't know what to expect... (!)
Your remark on "hop6/7" also make sense; this is what I can recognize
from our IAP. The complete traceroute output is:
traceroute to 64.6.196.207 (64.6.196.207), 30 hops max, 40 byte packets
1 router (192.168.39.1) 0.985 ms 0.636 ms 0.654 ms
2 our_gateway (10.142.170.113) 3.202 ms 2.193 ms 2.839 ms
3 192.168.5.13 889.343 ms 889.158 ms 888.693 ms
4 192.168.100.14 885.440 ms 883.861 ms 882.051 ms
5 192.168.100.18 881.153 ms 879.320 ms 1181.450 ms
6 inet-TOT-IPstar.inter.net.th (203.151.72.141) 1180.673 ms
1178.886 ms 1177.090 ms
7 203-154-152-201.inter.net.th (203.154.152.201) 1176.163 ms
1174.187 ms 1172.555 ms
8 203-151-72-30.inter.net.th (203.151.72.30) 1169.568 ms 1167.831
ms 1474.569 ms
9 203-150-222-9.inter.net.th (203.150.222.9) 932.377 ms 930.234 ms
928.780 ms
10 61.19.15.253 927.135 ms 926.265 ms 921.041 ms
11 202.47.253.138 916.432 ms 914.835 ms 1221.659 ms
12 202.47.253.233 1532.653 ms 1530.273 ms 1528.470 ms
13 ge-1-6.r01.lsanca03.us.bb.verio.net (204.1.253.17) 1525.583 ms
1523.703 ms 1521.384 ms
14 xe-0-1-0.r21.lsanca03.us.bb.gin.ntt.net (129.250.5.46) 1518.997 ms
1516.689 ms 1825.108 ms
15 p64-2-1-0.r21.mlpsca01.us.bb.gin.ntt.net (129.250.5.22) 1553.579
ms 1551.943 ms 1549.578 ms
16 p64-0-0-0.r20.sttlwa01.us.bb.gin.ntt.net (129.250.4.22) 1858.269
ms 1547.197 ms 1854.621 ms
17 xe-1-3-0.r21.sttlwa01.us.bb.gin.ntt.net (129.250.4.17) 1537.562 ms
1535.718 ms 1842.443 ms
18 p64-0-0-0.r21.nycmny01.us.bb.gin.ntt.net (129.250.5.17) 1841.747
ms 1840.465 ms 1838.016 ms
19 xe-4-1.r03.nycmny01.us.bb.gin.ntt.net (129.250.2.221) 1836.751 ms
1834.576 ms 1833.082 ms
20 ge-0.group.nycmny01.us.bb.gin.ntt.net (129.250.10.174) 1829.529 ms
1827.341 ms 1827.304 ms
21 POS7-0.WANA-MTRLPQ.IP.GROUPTELECOM.NET (66.59.191.173) 931.720 ms
1241.903 ms 931.254 ms
22 216.18.72.146 1242.108 ms 1241.142 ms 1238.960 ms
23 h216-18-114-18.gtconnect.net (216.18.114.18) 1238.106 ms
1235.625 ms 1233.313 ms
24 h66-201-197-6.gtcust.grouptelecom.net (66.201.197.6) 1232.390 ms
1230.494 ms 1228.975 ms
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
Running tcpdump (as you did type it; I must admit I did did not man
much) while running traceroute reveal plenty of interesting thing,
interesting in the way that I understand as much of it as I do
understand thaļ; I mean not too much! But I can sure read that TTL, for
example, decrease to 241... then go back up to 243... (?huh?) On the
other hand, the output from a nmap gives me a single line... (see way
below in this long appendix...) My feeling is that is a bit strange to
have a single line... Trying the same tcpdump while running ftp also
reveals little. On the other hand, if I type tcp instead of icmp, I get
plenty of stuff. The same holds if I use tcp while running nmap...
Thanks. I think I learned something today...
Gaetan
(I tried to symplify the listing by running some s/time exceeded
in-transit/time/ and
s/ offset 0, flags \[none\], length: 56)/ off0,/)
colibri:/home/gaetan # /usr/sbin/tcpdump -n -v icmp
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size
96 bytes
05:27:19.311500 IP (tos 0xc0, ttl 64, id 35981, offset 0, flags
[none], length: 96) 192.168.39.1 > 192.168.39.199: icmp 76:time
05:27:19.313429 IP (tos 0xc0, ttl 64, id 35982, offset 0, flags
[none], length: 96) 192.168.39.1 > 192.168.39.199: icmp 76:time
05:27:19.314917 IP (tos 0xc0, ttl 64, id 35983, offset 0, flags
[none], length: 96) 192.168.39.1 > 192.168.39.199: icmp 76:time
05:27:19.317116 IP (tos 0xc0, ttl 254, id 24138, offset 0, flags
[none], length: 96) 10.142.170.113 > 192.168.39.199: icmp 76:time
05:27:19.317495 IP (tos 0xc0, ttl 254, id 24139, offset 0, flags
[none], length: 96) 10.142.170.113 > 192.168.39.199: icmp 76:time
05:27:19.320475 IP (tos 0xc0, ttl 254, id 24140, offset 0, flags
[none], length: 96) 10.142.170.113 > 192.168.39.199: icmp 76:time
05:27:20.061319 IP (tos 0x0, ttl 252, id 11549, off0, 192.168.100.14 >
192.168.39.199: icmp 36:time
05:27:20.061726 IP (tos 0x0, ttl 252, id 11550, off0, 192.168.100.14 >
192.168.39.199: icmp 36:time
05:27:20.061927 IP (tos 0x0, ttl 252, id 11551, off0, 192.168.100.14 >
192.168.39.199: icmp 36:time
05:27:20.062129 IP (tos 0x0, ttl 251, id 58993, off0, 192.168.100.18 >
192.168.39.199: icmp 36:time
05:27:20.062566 IP (tos 0x0, ttl 251, id 58994, off0, 192.168.100.18 >
192.168.39.199: icmp 36:time
05:27:20.062769 IP (tos 0xc0, ttl 253, id 18054, off0, 192.168.5.13 >
192.168.39.199: icmp 36:time
05:27:20.062968 IP (tos 0xc0, ttl 253, id 18055, off0, 192.168.5.13 >
192.168.39.199: icmp 36:time
05:27:20.063164 IP (tos 0xc0, ttl 253, id 18056, off0, 192.168.5.13 >
192.168.39.199: icmp 36:time
05:27:20.372017 IP (tos 0x0, ttl 251, id 58995, off0, 192.168.100.18 >
192.168.39.199: icmp 36:time
05:27:20.372439 IP (tos 0x0, ttl 250, id 16858, off0, 203.151.72.141 >
192.168.39.199: icmp 36:time
05:27:20.372640 IP (tos 0x0, ttl 250, id 16859, off0, 203.151.72.141 >
192.168.39.199: icmp 36:time
05:27:20.372840 IP (tos 0x0, ttl 250, id 16860, off0, 203.151.72.141 >
192.168.39.199: icmp 36:time
05:27:20.373038 IP (tos 0x0, ttl 249, id 36268, off0, 203.154.152.201 >
192.168.39.199: icmp 36:time
05:27:20.373471 IP (tos 0x0, ttl 249, id 36269, off0, 203.154.152.201 >
192.168.39.199: icmp 36:time
05:27:20.373673 IP (tos 0x0, ttl 249, id 36270, off0, 203.154.152.201 >
192.168.39.199: icmp 36:time
05:27:20.373874 IP (tos 0x0, ttl 248, id 35707, off0, 203.151.72.30 >
192.168.39.199: icmp 36:time
05:27:20.682641 IP (tos 0x0, ttl 248, id 35710, off0, 203.151.72.30 >
192.168.39.199: icmp 36:time
05:27:20.683003 IP (tos 0x0, ttl 248, id 35709, off0, 203.151.72.30 >
192.168.39.199: icmp 36:time
05:27:28.449948 IP (tos 0x0, ttl 247, id 0, off0, 203.150.222.9 >
192.168.39.199: icmp 36:time
05:27:28.450358 IP (tos 0x0, ttl 247, id 0, off0, 203.150.222.9 >
192.168.39.199: icmp 36:time
05:27:28.450549 IP (tos 0x0, ttl 247, id 0, off0, 203.150.222.9 >
192.168.39.199: icmp 36:time
05:27:28.450732 IP (tos 0x0, ttl 246, id 0, off0, 61.19.15.253 >
192.168.39.199: icmp 36:time
05:27:28.450918 IP (tos 0x0, ttl 245, id 0, off0, 202.47.253.138 >
192.168.39.199: icmp 36:time
05:27:28.451386 IP (tos 0x0, ttl 245, id 0, off0, 202.47.253.138 >
192.168.39.199: icmp 36:time
05:27:28.451575 IP (tos 0x0, ttl 246, id 0, off0, 61.19.15.253 >
192.168.39.199: icmp 36:time
05:27:28.451763 IP (tos 0x0, ttl 246, id 0, off0, 61.19.15.253 >
192.168.39.199: icmp 36:time
05:27:28.760433 IP (tos 0x0, ttl 245, id 0, off0, 202.47.253.138 >
192.168.39.199: icmp 36:time
05:27:29.071234 IP (tos 0x0, ttl 241, id 0, off0, 129.250.5.46 >
192.168.39.199: icmp 36:time
05:27:29.071631 IP (tos 0x0, ttl 241, id 0, off0, 129.250.5.46 >
192.168.39.199: icmp 36:time
05:27:29.071820 IP (tos 0x0, ttl 243, id 13390, off0, 204.1.253.17 >
192.168.39.199: icmp 36:time
05:27:29.072004 IP (tos 0x0, ttl 243, id 13392, off0, 204.1.253.17 >
192.168.39.199: icmp 36:time
05:27:29.072188 IP (tos 0x0, ttl 243, id 13391, off0, 204.1.253.17 >
192.168.39.199: icmp 36:time
05:27:29.072606 IP (tos 0x0, ttl 244, id 0, off0, 202.47.253.233 >
192.168.39.199: icmp 36:time
05:27:29.072793 IP (tos 0x0, ttl 244, id 0, off0, 202.47.253.233 >
192.168.39.199: icmp 36:time
05:27:29.072978 IP (tos 0x0, ttl 244, id 0, off0, 202.47.253.233 >
192.168.39.199: icmp 36:time
05:27:29.381801 IP (tos 0x0, ttl 241, id 0, off0, 129.250.5.46 >
192.168.39.199: icmp 36:time
05:27:37.459890 IP (tos 0x0, ttl 241, id 62430, offset 0, flags [DF],
length: 168) 129.250.5.22 > 192.168.39.199: icmp 148:time
05:27:37.460299 IP (tos 0x0, ttl 241, id 62431, offset 0, flags [DF],
length: 168) 129.250.5.22 > 192.168.39.199: icmp 148:time
05:27:37.460499 IP (tos 0x0, ttl 241, id 62432, offset 0, flags [DF],
length: 168) 129.250.5.22 > 192.168.39.199: icmp 148:time
05:27:37.460701 IP (tos 0x0, ttl 240, id 4586, offset 0, flags [DF],
length: 168) 129.250.4.22 > 192.168.39.199: icmp 148:time
05:27:37.461107 IP (tos 0x0, ttl 240, id 4588, offset 0, flags [DF],
length: 168) 129.250.4.22 > 192.168.39.199: icmp 148:time
05:27:37.461310 IP (tos 0x0, ttl 240, id 4589, offset 0, flags [DF],
length: 168) 129.250.4.22 > 192.168.39.199: icmp 148:time
05:27:37.770597 IP (tos 0x0, ttl 239, id 34111, offset 0, flags [DF],
length: 168) 129.250.4.17 > 192.168.39.199: icmp 148:time
05:27:37.771017 IP (tos 0x0, ttl 239, id 34112, offset 0, flags [DF],
length: 168) 129.250.4.17 > 192.168.39.199: icmp 148:time
05:27:37.771221 IP (tos 0x0, ttl 239, id 34138, offset 0, flags [DF],
length: 168) 129.250.4.17 > 192.168.39.199: icmp 148:time
05:27:37.771383 IP (tos 0x0, ttl 237, id 0, off0, 129.250.10.174 >
192.168.39.199: icmp 36:time
05:27:37.771569 IP (tos 0x0, ttl 237, id 0, off0, 129.250.10.174 >
192.168.39.199: icmp 36:time
05:27:37.772063 IP (tos 0x0, ttl 237, id 0, off0, 129.250.5.17 >
192.168.39.199: icmp 36:time
05:27:37.772295 IP (tos 0x0, ttl 237, id 0, off0, 129.250.5.17 >
192.168.39.199: icmp 36:time
05:27:37.772495 IP (tos 0x0, ttl 237, id 0, off0, 129.250.5.17 >
192.168.39.199: icmp 36:time
05:27:37.772680 IP (tos 0x0, ttl 237, id 11092, off0, 129.250.2.221 >
192.168.39.199: icmp 36:time
05:27:37.772865 IP (tos 0x0, ttl 237, id 11094, off0, 129.250.2.221 >
192.168.39.199: icmp 36:time
05:27:37.773050 IP (tos 0x0, ttl 237, id 11093, off0, 129.250.2.221 >
192.168.39.199: icmp 36:time
05:27:37.773237 IP (tos 0x0, ttl 237, id 0, off0, 129.250.10.174 >
192.168.39.199: icmp 36:time
05:27:41.187995 IP (tos 0x0, ttl 238, id 0, off0, 66.59.191.173 >
192.168.39.199: icmp 36:time
05:27:46.158965 IP (tos 0x0, ttl 238, id 0, off0, 66.59.191.173 >
192.168.39.199: icmp 36:time
05:27:47.401746 IP (tos 0x0, ttl 238, id 0, off0, 66.59.191.173 >
192.168.39.199: icmp 36:time
05:27:47.402140 IP (tos 0x0, ttl 235, id 56690, off0, 66.201.197.6 >
192.168.39.199: icmp 36:time
05:27:47.402325 IP (tos 0x0, ttl 236, id 8916, off0, 216.18.114.18 >
192.168.39.199: icmp 36:time
05:27:47.402513 IP (tos 0x0, ttl 236, id 8918, off0, 216.18.114.18 >
192.168.39.199: icmp 36:time
05:27:47.402995 IP (tos 0x0, ttl 237, id 10068, off0, 216.18.72.146 >
192.168.39.199: icmp 36:time
05:27:47.403184 IP (tos 0x0, ttl 237, id 10067, off0, 216.18.72.146 >
192.168.39.199: icmp 36:time
05:27:47.403373 IP (tos 0x0, ttl 236, id 8917, off0, 216.18.114.18 >
192.168.39.199: icmp 36:time
05:27:47.404249 IP (tos 0x0, ttl 236, id 10066, off0, 216.18.72.146 >
192.168.39.199: icmp 36:time
05:27:47.712356 IP (tos 0x0, ttl 235, id 57896, off0, 66.201.197.6 >
192.168.39.199: icmp 36:time
05:27:47.712707 IP (tos 0x0, ttl 235, id 57897, off0, 66.201.197.6 >
192.168.39.199: icmp 36:time
72 packets captured
72 packets received by filter
0 packets dropped by kernel
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size
96 bytes
05:34:51.800847 IP (tos 0x0, ttl 52, id 41968, offset 0, flags [none],
length: 28) 192.168.39.199 > 64.6.196.207: icmp 8: echo request seq
36887
.
- Follow-Ups:
- Re: Is my home computer at risk knowing that nmap says...
- From: Moe Trin
- Re: Is my home computer at risk knowing that nmap says...
- References:
- Prev by Date: Re: Linux Firewall
- Next by Date: Re: Is my home computer at risk knowing that nmap says...
- Previous by thread: Re: Is my home computer at risk knowing that nmap says...
- Next by thread: Re: Is my home computer at risk knowing that nmap says...
- Index(es):
Relevant Pages
|
