From a6dbeceebabecfec721759b65ebd132f4d28bacf Mon Sep 17 00:00:00 2001 From: David Westgate Date: Sat, 27 Apr 2024 14:50:19 -0700 Subject: [PATCH] hw2 --- hw2/README.md | 30 ++++++- hw2/script.sh | 8 -- hw2/t1.md | 93 +++++++++++++++++++++ hw2/t2.md | 140 ++++++++++++++++++++++++++++++++ hw2/t3.md | 220 ++++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 482 insertions(+), 9 deletions(-) delete mode 100644 hw2/script.sh create mode 100644 hw2/t1.md create mode 100644 hw2/t2.md create mode 100644 hw2/t3.md diff --git a/hw2/README.md b/hw2/README.md index d39c07d..c1251c2 100644 --- a/hw2/README.md +++ b/hw2/README.md @@ -1 +1,29 @@ -Todo \ No newline at end of file +# Homework 2 - tcpdump + +For each TCP dump below, I will show the command used, and the output of 10 packets + +## tcpdump to capture only DNS packets + +### Command +```bash +sudo tcpdump -c 10 -tt -XX -v -i any 'tcp port 53 or udp port 53' +``` +### Result +[t1.md](t1.md) +## tcpdump to capture TCP packets destined for either port 443 or 8080, originating from my computer + +### Command +```bash +sudo tcpdump -c 10 -tt -XX -v -i any 'tcp and src host 10.0.2.15 and (dst port 443 or dst port 8080)' +``` +### Result +[t2.md](t2.md) + +## tcpdump capture where traffic is either UDP or TCP, inbound to my computer, and destined to a port in range 20000 to 35000 + +### Command +```bash +sudo tcpdump -c 10 -tt -XX -v -i any 'dst host 10.0.2.15 and (tcp or udp) and dst portrange 20000-35000' +``` +### Result +[t3.md](t3.md) \ No newline at end of file diff --git a/hw2/script.sh b/hw2/script.sh deleted file mode 100644 index 0d27d8b..0000000 --- a/hw2/script.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh - -#Perform a tcpdump capture where you only capture DNS packets. -sudo tcpdump -c 10 -ttt 'tcp port 53 or udp port 53' -#Perform a tcpdump capture where you capture TCP packets that are destined for either port 443 or 8080, and originate from your computer. - - -#Perform a tcpdump capture where traffic is either UDP or TCP, is inbound to your computer, and destined for a port between 20000 and 35000. diff --git a/hw2/t1.md b/hw2/t1.md new file mode 100644 index 0000000..bfb4275 --- /dev/null +++ b/hw2/t1.md @@ -0,0 +1,93 @@ +``` +1714254134.555529 eth0 Out IP (tos 0x0, ttl 64, id 16968, offset 0, flags [DF], proto UDP (17), length 66) + 10.0.2.15.38419 > 10.0.2.3.domain: 25484+ A? fonts.googleapis.com. (38) + 0x0000: 0800 0000 0000 0002 0001 0406 0800 271e ..............'. + 0x0010: 364a 0000 4500 0042 4248 4000 4011 e051 6J..E..BBH@.@..Q + 0x0020: 0a00 020f 0a00 0203 9613 0035 002e 1851 ...........5...Q + 0x0030: 638c 0100 0001 0000 0000 0000 0566 6f6e c............fon + 0x0040: 7473 0a67 6f6f 676c 6561 7069 7303 636f ts.googleapis.co + 0x0050: 6d00 0001 0001 m..... +1714254134.555549 eth0 Out IP (tos 0x0, ttl 64, id 16969, offset 0, flags [DF], proto UDP (17), length 66) + 10.0.2.15.38419 > 10.0.2.3.domain: 31117+ AAAA? fonts.googleapis.com. (38) + 0x0000: 0800 0000 0000 0002 0001 0406 0800 271e ..............'. + 0x0010: 364a 0000 4500 0042 4249 4000 4011 e050 6J..E..BBI@.@..P + 0x0020: 0a00 020f 0a00 0203 9613 0035 002e 1851 ...........5...Q + 0x0030: 798d 0100 0001 0000 0000 0000 0566 6f6e y............fon + 0x0040: 7473 0a67 6f6f 676c 6561 7069 7303 636f ts.googleapis.co + 0x0050: 6d00 001c 0001 m..... +1714254134.555875 eth0 In IP (tos 0x0, ttl 64, id 3880, offset 0, flags [none], proto UDP (17), length 94) + 10.0.2.3.domain > 10.0.2.15.38419: 31117 1/0/0 fonts.googleapis.com. AAAA 2607:f8b0:400a:801::200a (66) + 0x0000: 0800 0000 0000 0002 0001 0006 5254 0012 ............RT.. + 0x0010: 3502 0000 4500 005e 0f28 0000 4011 5356 5...E..^.(..@.SV + 0x0020: 0a00 0203 0a00 020f 0035 9613 004a 2ad1 .........5...J*. + 0x0030: 798d 8180 0001 0001 0000 0000 0566 6f6e y............fon + 0x0040: 7473 0a67 6f6f 676c 6561 7069 7303 636f ts.googleapis.co + 0x0050: 6d00 001c 0001 c00c 001c 0001 0000 0032 m..............2 + 0x0060: 0010 2607 f8b0 400a 0801 0000 0000 0000 ..&...@......... + 0x0070: 200a .. +1714254134.555875 eth0 In IP (tos 0x0, ttl 64, id 3881, offset 0, flags [none], proto UDP (17), length 82) + 10.0.2.3.domain > 10.0.2.15.38419: 25484 1/0/0 fonts.googleapis.com. A 172.217.14.202 (54) + 0x0000: 0800 0000 0000 0002 0001 0006 5254 0012 ............RT.. + 0x0010: 3502 0000 4500 0052 0f29 0000 4011 5361 5...E..R.)..@.Sa + 0x0020: 0a00 0203 0a00 020f 0035 9613 003e 0c6a .........5...>.j + 0x0030: 638c 8180 0001 0001 0000 0000 0566 6f6e c............fon + 0x0040: 7473 0a67 6f6f 676c 6561 7069 7303 636f ts.googleapis.co + 0x0050: 6d00 0001 0001 c00c 0001 0001 0000 001e m............... + 0x0060: 0004 acd9 0eca ...... +1714254135.031463 eth0 Out IP (tos 0x0, ttl 64, id 63960, offset 0, flags [DF], proto UDP (17), length 67) + 10.0.2.15.54837 > 10.0.2.3.domain: 19639+ PTR? 3.2.0.10.in-addr.arpa. (39) + 0x0000: 0800 0000 0000 0002 0001 0406 0800 271e ..............'. + 0x0010: 364a 0000 4500 0043 f9d8 4000 4011 28c0 6J..E..C..@.@.(. + 0x0020: 0a00 020f 0a00 0203 d635 0035 002f 1852 .........5.5./.R + 0x0030: 4cb7 0100 0001 0000 0000 0000 0133 0132 L............3.2 + 0x0040: 0130 0231 3007 696e 2d61 6464 7204 6172 .0.10.in-addr.ar + 0x0050: 7061 0000 0c00 01 pa..... +1714254135.038848 eth0 In IP (tos 0x0, ttl 64, id 3888, offset 0, flags [none], proto UDP (17), length 139) + 10.0.2.3.domain > 10.0.2.15.54837: 19639 NXDomain 0/1/0 (111) + 0x0000: 0800 0000 0000 0002 0001 0006 5254 0012 ............RT.. + 0x0010: 3502 0000 4500 008b 0f30 0000 4011 5321 5...E....0..@.S! + 0x0020: 0a00 0203 0a00 020f 0035 d635 0077 0d96 .........5.5.w.. + 0x0030: 4cb7 8183 0001 0000 0001 0000 0133 0132 L............3.2 + 0x0040: 0130 0231 3007 696e 2d61 6464 7204 6172 .0.10.in-addr.ar + 0x0050: 7061 0000 0c00 01c0 1200 0600 0100 002a pa.............* + 0x0060: 3000 3c08 7265 736f 6c76 6572 0571 7765 0.<.resolver.qwe + 0x0070: 7374 036e 6574 0009 646e 732d 6164 6d69 st.net..dns-admi + 0x0080: 6e07 7177 6573 7469 70c0 4277 ce7b c100 n.qwestip.Bw.{.. + 0x0090: 000e 1000 0004 b000 093a 8000 002a 30 .........:...*0 +1714254135.039070 eth0 Out IP (tos 0x0, ttl 64, id 12433, offset 0, flags [DF], proto UDP (17), length 68) + 10.0.2.15.50909 > 10.0.2.3.domain: 48255+ PTR? 15.2.0.10.in-addr.arpa. (40) + 0x0000: 0800 0000 0000 0002 0001 0406 0800 271e ..............'. + 0x0010: 364a 0000 4500 0044 3091 4000 4011 f206 6J..E..D0.@.@... + 0x0020: 0a00 020f 0a00 0203 c6dd 0035 0030 1853 ...........5.0.S + 0x0030: bc7f 0100 0001 0000 0000 0000 0231 3501 .............15. + 0x0040: 3201 3002 3130 0769 6e2d 6164 6472 0461 2.0.10.in-addr.a + 0x0050: 7270 6100 000c 0001 rpa..... +1714254135.046173 eth0 In IP (tos 0x0, ttl 64, id 3889, offset 0, flags [none], proto UDP (17), length 140) + 10.0.2.3.domain > 10.0.2.15.50909: 48255 NXDomain 0/1/0 (112) + 0x0000: 0800 0000 0000 0002 0001 0006 5254 0012 ............RT.. + 0x0010: 3502 0000 4500 008c 0f31 0000 4011 531f 5...E....1..@.S. + 0x0020: 0a00 0203 0a00 020f 0035 c6dd 0078 2c6e .........5...x,n + 0x0030: bc7f 8183 0001 0000 0001 0000 0231 3501 .............15. + 0x0040: 3201 3002 3130 0769 6e2d 6164 6472 0461 2.0.10.in-addr.a + 0x0050: 7270 6100 000c 0001 c013 0006 0001 0000 rpa............. + 0x0060: 2a30 003c 0872 6573 6f6c 7665 7205 7177 *0.<.resolver.qw + 0x0070: 6573 7403 6e65 7400 0964 6e73 2d61 646d est.net..dns-adm + 0x0080: 696e 0771 7765 7374 6970 c043 77ce 7bc1 in.qwestip.Cw.{. + 0x0090: 0000 0e10 0000 04b0 0009 3a80 0000 2a30 ..........:...*0 +1714254136.037374 eth0 Out IP (tos 0x0, ttl 64, id 11193, offset 0, flags [DF], proto UDP (17), length 66) + 10.0.2.15.50558 > 10.0.2.3.domain: 13058+ A? imgsct.cookiebot.com. (38) + 0x0000: 0800 0000 0000 0002 0001 0406 0800 271e ..............'. + 0x0010: 364a 0000 4500 0042 2bb9 4000 4011 f6e0 6J..E..B+.@.@... + 0x0020: 0a00 020f 0a00 0203 c57e 0035 002e 1851 .........~.5...Q + 0x0030: 3302 0100 0001 0000 0000 0000 0669 6d67 3............img + 0x0040: 7363 7409 636f 6f6b 6965 626f 7403 636f sct.cookiebot.co + 0x0050: 6d00 0001 0001 m..... +1714254136.037388 eth0 Out IP (tos 0x0, ttl 64, id 11194, offset 0, flags [DF], proto UDP (17), length 66) + 10.0.2.15.50558 > 10.0.2.3.domain: 28420+ AAAA? imgsct.cookiebot.com. (38) + 0x0000: 0800 0000 0000 0002 0001 0406 0800 271e ..............'. + 0x0010: 364a 0000 4500 0042 2bba 4000 4011 f6df 6J..E..B+.@.@... + 0x0020: 0a00 020f 0a00 0203 c57e 0035 002e 1851 .........~.5...Q + 0x0030: 6f04 0100 0001 0000 0000 0000 0669 6d67 o............img + 0x0040: 7363 7409 636f 6f6b 6965 626f 7403 636f sct.cookiebot.co + 0x0050: 6d00 001c 0001 m..... +``` \ No newline at end of file diff --git a/hw2/t2.md b/hw2/t2.md new file mode 100644 index 0000000..be04c58 --- /dev/null +++ b/hw2/t2.md @@ -0,0 +1,140 @@ +``` +1714254281.586163 eth0 Out IP (tos 0x0, ttl 64, id 35615, offset 0, flags [DF], proto TCP (6), length 122) + 10.0.2.15.43676 > 104.18.4.159.https: Flags [P.], cksum 0x792c (incorrect -> 0x37fd), seq 3715821991:3715822073, ack 148907904, win 56940, length 82 + 0x0000: 0800 0000 0000 0002 0001 0406 0800 271e ..............'. + 0x0010: 364a 0000 4500 007a 8b1f 4000 4006 369f 6J..E..z..@.@.6. + 0x0020: 0a00 020f 6812 049f aa9c 01bb dd7a f1a7 ....h........z.. + 0x0030: 08e0 2780 5018 de6c 792c 0000 1703 0300 ..'.P..ly,...... + 0x0040: 4db5 9255 fc41 b626 1eef 9481 df22 5e00 M..U.A.&....."^. + 0x0050: 481e 443c fb27 e5a0 5aa7 043a a507 bd15 H.D<.'..Z..:.... + 0x0060: 19d0 b147 7173 24fb 13a9 b087 9310 ef70 ...Gqs$........p + 0x0070: 5258 cea4 9fdb fb8e edc0 0c58 4d89 3af2 RX.........XM.:. + 0x0080: 35fe 8732 89bd 064f f0eb 11ee 71fd 5..2...O....q. +1714254281.966538 eth0 Out IP (tos 0x0, ttl 64, id 35616, offset 0, flags [DF], proto TCP (6), length 40) + 10.0.2.15.43676 > 104.18.4.159.https: Flags [.], cksum 0x78da (incorrect -> 0x64a5), ack 9796, win 65535, length 0 + 0x0000: 0800 0000 0000 0002 0001 0406 0800 271e ..............'. + 0x0010: 364a 0000 4500 0028 8b20 4000 4006 36f0 6J..E..(..@.@.6. + 0x0020: 0a00 020f 6812 049f aa9c 01bb dd7a f1f9 ....h........z.. + 0x0030: 08e0 4dc3 5010 ffff 78da 0000 ..M.P...x... +1714254281.999313 eth0 Out IP (tos 0x0, ttl 64, id 35617, offset 0, flags [DF], proto TCP (6), length 263) + 10.0.2.15.43676 > 104.18.4.159.https: Flags [P.], cksum 0x79b9 (incorrect -> 0xef5a), seq 82:305, ack 9796, win 65535, length 223 + 0x0000: 0800 0000 0000 0002 0001 0406 0800 271e ..............'. + 0x0010: 364a 0000 4500 0107 8b21 4000 4006 3610 6J..E....!@.@.6. + 0x0020: 0a00 020f 6812 049f aa9c 01bb dd7a f1f9 ....h........z.. + 0x0030: 08e0 4dc3 5018 ffff 79b9 0000 1703 0300 ..M.P...y....... + 0x0040: da1f b729 c748 ca0f a8d0 7161 7344 e0f4 ...).H....qasD.. + 0x0050: 2100 a952 c0d9 d145 cce8 26a4 6c46 9cd5 !..R...E..&.lF.. + 0x0060: 1533 932a 7ea9 bb94 1d02 40e1 96db 48e9 .3.*~.....@...H. + 0x0070: 1485 4f08 7623 640e 82be 0a04 f5be 41b3 ..O.v#d.......A. + 0x0080: ba3b 77c2 d33b 65cf 6d72 5f4e 8d2b d713 .;w..;e.mr_N.+.. + 0x0090: f27d 89e0 091d c154 0e88 5521 3065 3944 .}.....T..U!0e9D + 0x00a0: a0db 2d11 bf43 2fc9 9ce0 815e 46fc 6ca3 ..-..C/....^F.l. + 0x00b0: bb34 0f2a c0e1 7fda fd96 7d75 35c0 68c4 .4.*......}u5.h. + 0x00c0: 65d2 1ee0 2378 f9ec ebec 9194 75e9 258a e...#x......u.%. + 0x00d0: dabb 2873 791c b5a1 58ae f7de eaf1 4693 ..(sy...X.....F. + 0x00e0: abb8 1c70 b87d e725 3ffe bb90 01d3 9657 ...p.}.%?......W + 0x00f0: 22f6 898d a69a cb65 ff82 18e0 9a5c 4fda "......e.....\O. + 0x0100: ba8d 1c01 e843 00f3 f3e2 697c 759b 5857 .....C....i|u.XW + 0x0110: 92b9 e78f e175 c7dd 78e7 d7 .....u..x.. +1714254281.999822 eth0 Out IP (tos 0x0, ttl 64, id 35618, offset 0, flags [DF], proto TCP (6), length 75) + 10.0.2.15.43676 > 104.18.4.159.https: Flags [P.], cksum 0x78fd (incorrect -> 0x99ff), seq 305:340, ack 9796, win 65535, length 35 + 0x0000: 0800 0000 0000 0002 0001 0406 0800 271e ..............'. + 0x0010: 364a 0000 4500 004b 8b22 4000 4006 36cb 6J..E..K."@.@.6. + 0x0020: 0a00 020f 6812 049f aa9c 01bb dd7a f2d8 ....h........z.. + 0x0030: 08e0 4dc3 5018 ffff 78fd 0000 1703 0300 ..M.P...x....... + 0x0040: 1e2d 0837 daa4 6875 18f9 3347 a959 0f2f .-.7..hu..3G.Y./ + 0x0050: cccd 40b3 4587 2c65 286e 0ae3 e091 ae ..@.E.,e(n..... +1714254282.537813 eth0 Out IP (tos 0x0, ttl 64, id 35619, offset 0, flags [DF], proto TCP (6), length 141) + 10.0.2.15.43676 > 104.18.4.159.https: Flags [P.], cksum 0x793f (incorrect -> 0x0202), seq 340:441, ack 9796, win 65535, length 101 + 0x0000: 0800 0000 0000 0002 0001 0406 0800 271e ..............'. + 0x0010: 364a 0000 4500 008d 8b23 4000 4006 3688 6J..E....#@.@.6. + 0x0020: 0a00 020f 6812 049f aa9c 01bb dd7a f2fb ....h........z.. + 0x0030: 08e0 4dc3 5018 ffff 793f 0000 1703 0300 ..M.P...y?...... + 0x0040: 6081 f9a3 d9c0 29de 5f42 5f8a a658 d3af `.....)._B_..X.. + 0x0050: 975c afec 748a 65e0 72b3 6a75 fac1 a88c .\..t.e.r.ju.... + 0x0060: b187 59b2 713c 7731 e28a becb 83ba d9a3 ..Y.q 104.18.4.159.https: Flags [P.], cksum 0x793b (incorrect -> 0x461d), seq 441:538, ack 9901, win 65535, length 97 + 0x0000: 0800 0000 0000 0002 0001 0406 0800 271e ..............'. + 0x0010: 364a 0000 4500 0089 8b24 4000 4006 368b 6J..E....$@.@.6. + 0x0020: 0a00 020f 6812 049f aa9c 01bb dd7a f360 ....h........z.` + 0x0030: 08e0 4e2c 5018 ffff 793b 0000 1703 0300 ..N,P...y;...... + 0x0040: 5cb0 cd20 2d53 e0ab 8b63 3a7e 3cb7 69ae \...-S...c:~<.i. + 0x0050: 5b54 5929 4f8a 609b 8f22 4c94 f028 1002 [TY)O.`.."L..(.. + 0x0060: a241 ede3 a819 97f3 a254 d610 d3be 4a53 .A.......T....JS + 0x0070: 0536 ec32 2e72 1f4e b9ec d12c b8a9 7ff6 .6.2.r.N...,.... + 0x0080: ed63 64eb 0fb3 82f2 8ef9 a583 c026 1dc8 .cd..........&.. + 0x0090: c648 08e7 8d08 5c07 95bf b1c0 bd .H....\...... +1714254282.962675 eth0 Out IP (tos 0x0, ttl 64, id 35621, offset 0, flags [DF], proto TCP (6), length 40) + 10.0.2.15.43676 > 104.18.4.159.https: Flags [.], cksum 0x78da (incorrect -> 0x6239), ack 9960, win 65535, length 0 + 0x0000: 0800 0000 0000 0002 0001 0406 0800 271e ..............'. + 0x0010: 364a 0000 4500 0028 8b25 4000 4006 36eb 6J..E..(.%@.@.6. + 0x0020: 0a00 020f 6812 049f aa9c 01bb dd7a f3c1 ....h........z.. + 0x0030: 08e0 4e67 5010 ffff 78da 0000 ..NgP...x... +1714254283.266608 eth0 Out IP (tos 0x0, ttl 64, id 51895, offset 0, flags [DF], proto TCP (6), length 60) + 10.0.2.15.54604 > cloudproxy10013.sucuri.net.https: Flags [S], cksum 0xc5c7 (incorrect -> 0x90c0), seq 2831405068, win 32120, options [mss 1460,sackOK,TS val 3900914639 ecr 0,nop,wscale 10], length 0 + 0x0000: 0800 0000 0000 0002 0001 0406 0800 271e ..............'. + 0x0010: 364a 0000 4500 003c cab7 4000 4006 aa6b 6J..E..<..@.@..k + 0x0020: 0a00 020f c07c f90d d54c 01bb a8c3 d00c .....|...L...... + 0x0030: 0000 0000 a002 7d78 c5c7 0000 0204 05b4 ......}x........ + 0x0040: 0402 080a e883 3bcf 0000 0000 0103 030a ......;......... +1714254283.288387 eth0 Out IP (tos 0x0, ttl 64, id 51896, offset 0, flags [DF], proto TCP (6), length 40) + 10.0.2.15.54604 > cloudproxy10013.sucuri.net.https: Flags [.], cksum 0xc5b3 (incorrect -> 0x21d4), ack 185856002, win 32120, length 0 + 0x0000: 0800 0000 0000 0002 0001 0406 0800 271e ..............'. + 0x0010: 364a 0000 4500 0028 cab8 4000 4006 aa7e 6J..E..(..@.@..~ + 0x0020: 0a00 020f c07c f90d d54c 01bb a8c3 d00d .....|...L...... + 0x0030: 0b13 f002 5010 7d78 c5b3 0000 ....P.}x.... +1714254283.294936 eth0 Out IP (tos 0x0, ttl 64, id 51897, offset 0, flags [DF], proto TCP (6), length 720) + 10.0.2.15.54604 > cloudproxy10013.sucuri.net.https: Flags [P.], cksum 0xc85b (incorrect -> 0xeb29), seq 0:680, ack 1, win 32120, length 680 + 0x0000: 0800 0000 0000 0002 0001 0406 0800 271e ..............'. + 0x0010: 364a 0000 4500 02d0 cab9 4000 4006 a7d5 6J..E.....@.@... + 0x0020: 0a00 020f c07c f90d d54c 01bb a8c3 d00d .....|...L...... + 0x0030: 0b13 f002 5018 7d78 c85b 0000 1603 0102 ....P.}x.[...... + 0x0040: a301 0002 9f03 0375 036c 0067 3d60 1347 .......u.l.g=`.G + 0x0050: a1ac a757 e60e b984 ba79 3de9 49a2 7186 ...W.....y=.I.q. + 0x0060: 44a6 6dd6 4fd8 7420 cfd2 3e3e a5e2 4255 D.m.O.t...>>..BU + 0x0070: 9c3d e990 e7cd db94 18d2 4b88 71ba 5ccd .=........K.q.\. + 0x0080: 5397 3daa 80cf a71b 0022 1301 1303 1302 S.=......"...... + 0x0090: c02b c02f cca9 cca8 c02c c030 c00a c009 .+./.....,.0.... + 0x00a0: c013 c014 009c 009d 002f 0035 0100 0234 ........./.5...4 + 0x00b0: 0000 0017 0015 0000 1277 7777 2e65 7870 .........www.exp + 0x00c0: 6c6f 6974 2d64 622e 636f 6d00 1700 00ff loit-db.com..... + 0x00d0: 0100 0100 000a 000e 000c 001d 0017 0018 ................ + 0x00e0: 0019 0100 0101 000b 0002 0100 0010 000e ................ + 0x00f0: 000c 0268 3208 6874 7470 2f31 2e31 0005 ...h2.http/1.1.. + 0x0100: 0005 0100 0000 0000 2200 0a00 0804 0305 ........"....... + 0x0110: 0306 0302 0300 3300 6b00 6900 1d00 20ea ......3.k.i..... + 0x0120: c87c 82da f088 0c0c aadc 4155 078b b80c .|........AU.... + 0x0130: 0f90 fd4c a426 d49f eeac 0a14 545b 2700 ...L.&......T['. + 0x0140: 1700 4104 70b8 f315 70a3 1646 383e 0267 ..A.p...p..F8>.g + 0x0150: a19c c600 d350 b82c b14f aba3 1b3a 8f78 .....P.,.O...:.x + 0x0160: 9666 7d0e 5402 4409 1833 a77e 7e73 50a0 .f}.T.D..3.~~sP. + 0x0170: bf53 333b 805c b610 6c5e a20b f06c 8498 .S3;.\..l^...l.. + 0x0180: 39fa b60f 002b 0005 0403 0403 0300 0d00 9....+.......... + 0x0190: 1800 1604 0305 0306 0308 0408 0508 0604 ................ + 0x01a0: 0105 0106 0102 0302 0100 2d00 0201 0100 ..........-..... + 0x01b0: 1c00 0240 0100 2901 2b00 f600 f0f4 0c8b ...@..).+....... + 0x01c0: 5112 991d 83a6 c0ea 7598 add7 132c 9e10 Q.......u....,.. + 0x01d0: 36d0 b637 2cff 8174 f477 73a1 a2c9 31e4 6..7,..t.ws...1. + 0x01e0: 0468 69d0 bb72 0273 82b0 5425 920b 0831 .hi..r.s..T%...1 + 0x01f0: ec69 51f0 166a defa 9dc4 36ee 688e 1055 .iQ..j....6.h..U + 0x0200: d384 0f61 3265 5873 8cf6 5aa4 5859 7d7e ...a2eXs..Z.XY}~ + 0x0210: 0ac1 d28e bd3b a4fa 2914 bf60 eec9 f11a .....;..)..`.... + 0x0220: 9920 9541 7e5d 874b 0d98 b142 91fc 6255 ...A~].K...B..bU + 0x0230: ac49 07ea 891c e4bf 8348 38fe d556 f6fa .I.......H8..V.. + 0x0240: 20c0 5024 eb07 aa5c a50d 96ec c8f0 6986 ..P$...\......i. + 0x0250: 5d5e db93 7f35 cdda 3cec fc59 3322 b2a1 ]^...5..<..Y3".. + 0x0260: 21af 1fd7 3f40 c56e 1eec 35c2 8fd6 a3ab !...?@.n..5..... + 0x0270: 23a9 63df fa89 21ba 2e7e 40bd bc2a 10dd #.c...!..~@..*.. + 0x0280: ee6c 6484 6011 680f 7ba4 b253 e30f 6eb1 .ld.`.h.{..S..n. + 0x0290: fc3a f8b4 28f0 576a 795f b6fe 8d9a 7867 .:..(.Wjy_....xg + 0x02a0: 3a7f dc7c 6635 47e2 3abe 01f5 764a 815c :..|f5G.:...vJ.\ + 0x02b0: 3900 3130 ef7d 112b 0c56 ea3c 4640 a251 9.10.}.+.V...3. + 0x02e0: 3a4a f2bd :J.. +``` \ No newline at end of file diff --git a/hw2/t3.md b/hw2/t3.md new file mode 100644 index 0000000..879a9c5 --- /dev/null +++ b/hw2/t3.md @@ -0,0 +1,220 @@ +``` +1714254316.558048 eth0 In IP (tos 0x0, ttl 64, id 4247, offset 0, flags [none], proto UDP (17), length 1385) + sea30s01-in-f3.1e100.net.https > 10.0.2.15.34445: UDP, length 1357 + 0x0000: 0800 0000 0000 0002 0001 0006 5254 0012 ............RT.. + 0x0010: 3502 0000 4500 0569 1097 0000 4011 9d42 5...E..i....@..B + 0x0020: acd9 0ec3 0a00 020f 01bb 868d 0555 e4ac .............U.. + 0x0030: ce00 0000 0103 f2a6 0d08 f31e ab68 d326 .............h.& + 0x0040: 84ab 0044 02f2 7175 4bab 6b76 cf99 8811 ...D..quK.kv.... + 0x0050: 067c 5e40 72ef b138 8470 5659 87de f08a .|^@r..8.pVY.... + 0x0060: 01bb bb92 198b 4b51 1d0e 2336 3750 2292 ......KQ..#67P". + 0x0070: 6e01 6a1f 9b8f 7550 5b94 de81 65d7 6517 n.j...uP[...e.e. + 0x0080: ff73 c171 119b 2fd7 2f43 3c2e e4c7 6480 .s.q.././C<...d. + 0x0090: a2ff af8b ed42 b215 f57f f5f2 72af 9992 .....B......r... + 0x00a0: 8fb2 ea97 0127 3b2b 02b2 aae6 83c4 e9a8 .....';+........ + 0x00b0: f095 643a f301 b9b8 e493 6489 c38e e446 ..d:......d....F + 0x00c0: 0da4 25fc bce3 0f9c a25f 8749 fa5b a06d ..%......_.I.[.m + 0x00d0: ce01 973e 114b acbb 8fe2 ecea 595f 6399 ...>.K......Y_c. + 0x00e0: 0fec 7da2 66cc 38ed 8205 53d6 9937 9b0b ..}.f.8...S..7.. + 0x00f0: 53d9 5773 f7eb d433 0290 da80 fc8b 4376 S.Ws...3......Cv + 0x0100: 801b 2bed e4d8 1bc1 ff4d e7f4 0048 b7d1 ..+......M...H.. + 0x0110: ed47 5240 69f0 81e9 3e08 4908 f544 021f .GR@i...>.I..D.. + 0x0120: e5ad e281 72d5 6b4e aee1 a4c4 cf53 bce2 ....r.kN.....S.. + 0x0130: db59 2c23 f450 e4a3 d3ac e848 fc12 203e .Y,#.P.....H...> + 0x0140: f9bd ace7 e7bf d0b0 b468 842f 4162 cc57 .........h./Ab.W + 0x0150: 222f 7854 40f5 fe7d c9a4 0100 1d31 b066 "/xT@..}.....1.f + 0x0160: ede2 0e29 3406 385a b91a def1 c991 46e2 ...)4.8Z......F. + 0x0170: f92a 61e3 0afa 3a8a 56a7 5417 64a8 104f .*a...:.V.T.d..O + 0x0180: 7b30 d22c 1489 f82b 52a7 837a 4c26 a08d {0.,...+R..zL&.. + 0x0190: e5be 5886 69ca 38f7 cda3 498a e69d 6404 ..X.i.8...I...d. + 0x01a0: 7817 0a64 0ff1 7d92 3412 6de9 04ef 7c6e x..d..}.4.m...|n + 0x01b0: 0fde 5c41 de73 8b0d 3d90 5e0d d492 7cb1 ..\A.s..=.^...|. + 0x01c0: 4f0c f63c 73e4 238f ed7b a833 47c5 8355 O...9&.q.U.... + 0x03a0: 9014 ce57 8432 45cf 4ae9 a049 739b 7313 ...W.2E.J..Is.s. + 0x03b0: ba12 0cb4 22c4 c966 f6f9 6cd4 06fa 3b91 ...."..f..l...;. + 0x03c0: 8911 1acc 9dc1 f253 820c 222e af6e 1487 .......S.."..n.. + 0x03d0: 7ad3 3dd5 9c0b 2d77 c1de 1801 f7b9 5729 z.=...-w......W) + 0x03e0: 6c75 5d45 cf1f ebc8 57a8 0cb9 6562 66ce lu]E....W...ebf. + 0x03f0: 5caa 4047 97c6 3678 d423 b329 d873 016c \.@G..6x.#.).s.l + 0x0400: 00a7 758c 2414 ea61 dd7e e96b f994 8707 ..u.$..a.~.k.... + 0x0410: 05a1 6979 3212 c989 206e 49d9 8942 789c ..iy2....nI..Bx. + 0x0420: 4bb5 7b34 f359 c439 d511 f6c4 1afe aa31 K.{4.Y.9.......1 + 0x0430: bbca d56e b0b8 e065 377e 1779 1f79 dc8c ...n...e7~.y.y.. + 0x0440: 56df 0ee5 f483 ecea 0000 0001 03f2 a60d V............... + 0x0450: 08f3 1eab 68d3 2684 ab40 dd08 6c36 6c5a ....h.&..@..l6lZ + 0x0460: 7f64 e00a 53a4 3bb7 1f4a ea72 6011 f830 .d..S.;..J.r`..0 + 0x0470: 8601 9ed8 9afc c60b 8adc 0622 e347 c967 ...........".G.g + 0x0480: cbe0 67d8 fdaa 2975 692b f930 ff5e 431a ..g...)ui+.0.^C. + 0x0490: c897 f26e ffc2 48dd 773a 18f2 24da 3368 ...n..H.w:..$.3h + 0x04a0: 6bc3 93bd 2367 b101 6a14 bd97 27ae 27c0 k...#g..j...'.'. + 0x04b0: e5a2 ef4a 3308 aa78 af83 0666 d69d 4cf2 ...J3..x...f..L. + 0x04c0: 7113 2e91 e7c9 3d4c 096f 4bc6 6b08 c71b q.....=L.oK.k... + 0x04d0: 1ec3 a3c0 f41c 1369 c003 806c cb39 d250 .......i...l.9.P + 0x04e0: df68 9e08 b3aa 6518 b285 e137 9d44 006a .h....e....7.D.j + 0x04f0: 5d38 6582 5717 4641 6214 65e1 9f32 2889 ]8e.W.FAb.e..2(. + 0x0500: d1fc 469a b875 0be6 a96f e88b fed3 3717 ..F..u...o....7. + 0x0510: 8219 a65f 7880 7a9d 5b4d 5bea 380a 02d0 ..._x.z.[M[.8... + 0x0520: bce2 27ba 9f1c 0feb a26f a205 9e99 0b2a ..'......o.....* + 0x0530: bbb8 d7c0 b294 5782 5af2 a60d 918a 6cfc ......W.Z.....l. + 0x0540: ff82 2b9a 5848 7388 f625 1c3a da6c 968d ..+.XHs..%.:.l.. + 0x0550: 970c b1b1 7f1c bcff 68a6 8334 7fbb 809d ........h..4.... + 0x0560: 15fa 581a 0176 281c 740c aa0e ab44 717e ..X..v(.t....Dq~ + 0x0570: 1221 9487 b404 41b2 2b29 3b8a c6 .!....A.+);.. +1714254316.558108 eth0 In IP (tos 0x0, ttl 64, id 4248, offset 0, flags [none], proto UDP (17), length 643) + sea30s01-in-f3.1e100.net.https > 10.0.2.15.34445: UDP, length 615 + 0x0000: 0800 0000 0000 0002 0001 0006 5254 0012 ............RT.. + 0x0010: 3502 0000 4500 0283 1098 0000 4011 a027 5...E.......@..' + 0x0020: acd9 0ec3 0a00 020f 01bb 868d 026f 1655 .............o.U + 0x0030: 41f2 a60d 2871 a44f db08 f3e0 2860 fcff A...(q.O....(`.. + 0x0040: 03bf 6ac6 5c78 9a8f 6222 318b 6a7c f41b ..j.\x..b"1.j|.. + 0x0050: 0ec0 1aeb 441e 6f39 91ab 0120 cd6f 8f43 ....D.o9.....o.C + 0x0060: f0a5 a8c5 77b5 0144 afa3 a4f5 82b7 d5d4 ....w..D........ + 0x0070: 9bb7 c357 76f0 6ce6 d2c3 1b3e 547b 6b6f ...Wv.l....>T{ko + 0x0080: aae0 0bb4 1cc3 2f9e 2749 c69a 6d73 1b5f ....../.'I..ms._ + 0x0090: ed26 87e9 f7e8 bbca e007 a3d0 a862 9fbd .&...........b.. + 0x00a0: 5409 fa68 07c2 57e2 60e5 e5c5 de2c d33f T..h..W.`....,.? + 0x00b0: 64d0 7b3f 99af 0e07 13ad 43db d048 fcce d.{?......C..H.. + 0x00c0: a4d0 c2c2 4284 e280 cc44 c29d 3314 3945 ....B....D..3.9E + 0x00d0: 1a70 040b 96fc 9122 9497 f054 5300 552c .p....."...TS.U, + 0x00e0: 15c4 e5a1 3b5c 61cd 7157 9d09 1d2e 19ae ....;\a.qW...... + 0x00f0: c009 1d61 be19 1ac9 5736 2239 cbbb ca5f ...a....W6"9..._ + 0x0100: b61b 581d d399 a637 52bc 31cc 76ab 6f10 ..X....7R.1.v.o. + 0x0110: 4df6 1af2 5ecf cb79 4d71 4a07 f733 2a87 M...^..yMqJ..3*. + 0x0120: 2243 b8a8 d803 b2bc d249 0bd1 9ca3 4305 "C.......I....C. + 0x0130: f463 580a 4d0c 61d8 2078 4d6d ae09 ad24 .cX.M.a..xMm...$ + 0x0140: 7342 985b a634 1d01 106f 230a cbf3 ee3c sB.[.4...o#....< + 0x0150: 93e2 410a b3fc 68c4 60ce 467a 7ad2 92eb ..A...h.`.Fzz... + 0x0160: 9448 cbcf b722 feb6 5692 177f e622 4f4b .H..."..V...."OK + 0x0170: 69c3 fb73 c918 8a03 8824 eb0b c603 884c i..s.....$.....L + 0x0180: 650f c9c1 0715 e3a0 4465 f379 7e0b bd2d e.......De.y~..- + 0x0190: de30 3fb3 c21b 2ef3 261d 2d5e 4bcc 58c4 .0?.....&.-^K.X. + 0x01a0: fa32 892b 84a2 f248 07a7 7a62 39e8 cc65 .2.+...H..zb9..e + 0x01b0: aeab 84a4 cbf5 8aa0 b9e5 19b3 ac8c 57a2 ..............W. + 0x01c0: bed5 bb77 dd2a 03a8 b903 6ea1 9545 506e ...w.*....n..EPn + 0x01d0: 9601 07a7 a9ef f8ff ffe0 6753 6cf6 9078 ..........gSl..x + 0x01e0: 4e4f 9338 53a1 e061 9ac3 b60c 3789 7f45 NO.8S..a....7..E + 0x01f0: 3459 0f7a dcdd bf28 7e6d 6234 6a8f 9329 4Y.z...(~mb4j..) + 0x0200: e734 75f6 93df 5c21 a3c2 02b4 18d0 ce5b .4u...\!.......[ + 0x0210: 318d 9829 c576 8c16 7d08 857e 217a 0571 1..).v..}..~!z.q + 0x0220: 722f 567a 15f9 4961 4e60 36b1 be19 ff20 r/Vz..IaN`6..... + 0x0230: ebe7 24de 79a8 3d73 cb09 162b eaa7 cb0b ..$.y.=s...+.... + 0x0240: 364e 4667 cc8e 0984 2932 97f7 7ae1 cd6e 6NFg....)2..z..n + 0x0250: 4bd3 c286 13a6 dd0d 0093 5556 05cc 976e K.........UV...n + 0x0260: cca2 dff2 8bd8 c881 85b2 b2a3 4f06 e8bd ............O... + 0x0270: ef3d 81d7 dab4 5114 0ca4 b481 490c 5676 .=....Q.....I.Vv + 0x0280: 6e7f b88b fdf6 f0d9 77f8 02e0 1d5d c7cd n.......w....].. + 0x0290: 1e30 4a8d 8f94 85 .0J.... +1714254316.564957 eth0 In IP (tos 0x0, ttl 64, id 4249, offset 0, flags [none], proto UDP (17), length 157) + sea30s01-in-f3.1e100.net.https > 10.0.2.15.34445: UDP, length 129 + 0x0000: 0800 0000 0000 0002 0001 0006 5254 0012 ............RT.. + 0x0010: 3502 0000 4500 009d 1099 0000 4011 a20c 5...E.......@... + 0x0020: acd9 0ec3 0a00 020f 01bb 868d 0089 bd88 ................ + 0x0030: 5ff2 a60d e917 0419 2aeb ae64 e88f 2ebd _.......*..d.... + 0x0040: 27e1 0011 ab82 e5b2 8f78 fb95 0ca0 8b09 '........x...... + 0x0050: 1834 0872 ea3b 7a80 e14f 54f5 8daf 5aa4 .4.r.;z..OT...Z. + 0x0060: 9294 92ac 6a59 2cbe f702 597c 7f76 de51 ....jY,...Y|.v.Q + 0x0070: a401 d9bf fd8f 7b36 9a8a 6c32 e526 4810 ......{6..l2.&H. + 0x0080: d54b a65f e328 3fe1 37c0 7d6c ecee a7ae .K._.(?.7.}l.... + 0x0090: 38a7 0013 5dde 320c b220 7851 21eb b051 8...].2...xQ!..Q + 0x00a0: ad12 35c1 2047 cbe2 b6f8 2826 27cd 04dc ..5..G....(&'... + 0x00b0: 70 p +1714254317.554248 eth0 In IP (tos 0x0, ttl 64, id 4294, offset 0, flags [none], proto UDP (17), length 86) + 10.0.2.3.domain > 10.0.2.15.33426: 13745 1/0/0 www.googletagmanager.com. A 142.251.33.72 (58) + 0x0000: 0800 0000 0000 0002 0001 0006 5254 0012 ............RT.. + 0x0010: 3502 0000 4500 0056 10c6 0000 4011 51c0 5...E..V....@.Q. + 0x0020: 0a00 0203 0a00 020f 0035 8292 0042 8dcb .........5...B.. + 0x0030: 35b1 8180 0001 0001 0000 0000 0377 7777 5............www + 0x0040: 1067 6f6f 676c 6574 6167 6d61 6e61 6765 .googletagmanage + 0x0050: 7203 636f 6d00 0001 0001 c00c 0001 0001 r.com........... + 0x0060: 0000 0091 0004 8efb 2148 ........!H +1714254317.554276 eth0 In IP (tos 0x0, ttl 64, id 4295, offset 0, flags [none], proto UDP (17), length 98) + 10.0.2.3.domain > 10.0.2.15.33426: 51377 1/0/0 www.googletagmanager.com. AAAA 2607:f8b0:400a:806::2008 (70) + 0x0000: 0800 0000 0000 0002 0001 0006 5254 0012 ............RT.. + 0x0010: 3502 0000 4500 0062 10c7 0000 4011 51b3 5...E..b....@.Q. + 0x0020: 0a00 0203 0a00 020f 0035 8292 004e 23d6 .........5...N#. + 0x0030: c8b1 8180 0001 0001 0000 0000 0377 7777 .............www + 0x0040: 1067 6f6f 676c 6574 6167 6d61 6e61 6765 .googletagmanage + 0x0050: 7203 636f 6d00 001c 0001 c00c 001c 0001 r.com........... + 0x0060: 0000 009f 0010 2607 f8b0 400a 0806 0000 ......&...@..... + 0x0070: 0000 0000 2008 ...... +1714254318.343893 eth0 In IP (tos 0x0, ttl 64, id 4658, offset 0, flags [none], proto TCP (6), length 44) + a104-70-127-13.deploy.static.akamaitechnologies.com.https > 10.0.2.15.34136: Flags [S.], cksum 0x37e4 (correct), seq 190976001, ack 4000635876, win 65535, options [mss 1460], length 0 + 0x0000: 0800 0000 0000 0002 0001 0006 5254 0012 ............RT.. + 0x0010: 3502 0000 4500 002c 1232 0000 4006 7538 5...E..,.2..@.u8 + 0x0020: 6846 7f0d 0a00 020f 01bb 8558 0b62 1001 hF.........X.b.. + 0x0030: ee74 dbe4 6012 ffff 37e4 0000 0204 05b4 .t..`...7....... + 0x0040: 0000 .. +1714254318.344841 eth0 In IP (tos 0x0, ttl 64, id 4659, offset 0, flags [none], proto TCP (6), length 40) + a104-70-127-13.deploy.static.akamaitechnologies.com.https > 10.0.2.15.34136: Flags [.], cksum 0x4cf6 (correct), ack 684, win 65535, length 0 + 0x0000: 0800 0000 0000 0002 0001 0006 5254 0012 ............RT.. + 0x0010: 3502 0000 4500 0028 1233 0000 4006 753b 5...E..(.3..@.u; + 0x0020: 6846 7f0d 0a00 020f 01bb 8558 0b62 1002 hF.........X.b.. + 0x0030: ee74 de8f 5010 ffff 4cf6 0000 0000 0000 .t..P...L....... + 0x0040: 0000 .. +1714254318.351551 eth0 In IP (tos 0x0, ttl 64, id 4660, offset 0, flags [none], proto TCP (6), length 304) + a104-70-127-13.deploy.static.akamaitechnologies.com.https > 10.0.2.15.34136: Flags [P.], cksum 0xa8b1 (correct), seq 1:265, ack 684, win 65535, length 264 + 0x0000: 0800 0000 0000 0002 0001 0006 5254 0012 ............RT.. + 0x0010: 3502 0000 4500 0130 1234 0000 4006 7432 5...E..0.4..@.t2 + 0x0020: 6846 7f0d 0a00 020f 01bb 8558 0b62 1002 hF.........X.b.. + 0x0030: ee74 de8f 5018 ffff a8b1 0000 1603 0300 .t..P........... + 0x0040: 8002 0000 7c03 0312 bfa2 bf23 d972 256f ....|......#.r%o + 0x0050: fe18 a1be 4b0e f895 89be ac10 e7a8 5dfa ....K.........]. + 0x0060: 95a0 f782 9742 8020 dc8f 4f02 c646 249e .....B....O..F$. + 0x0070: 4d68 d3a4 663d dff0 f2fb bab2 a79c 296d Mh..f=........)m + 0x0080: f954 f5bf f503 414c 1302 0000 3400 2b00 .T....AL....4.+. + 0x0090: 0203 0400 3300 2400 1d00 20d1 e36c 57c7 ....3.$......lW. + 0x00a0: 8781 356c d2e6 55e8 ba83 fd4d 1196 e88b ..5l..U....M.... + 0x00b0: 0e97 49da 5223 bb84 3846 6d00 2900 0200 ..I.R#..8Fm.)... + 0x00c0: 0014 0303 0001 0117 0303 002e 9b5a 5a26 .............ZZ& + 0x00d0: 87ae 2093 6f99 beea bc25 7091 78bf e262 ....o....%p.x..b + 0x00e0: 56cb c257 9ec2 0207 8bfc 3063 5fe9 ff9e V..W......0c_... + 0x00f0: fa4d 3723 d2ba 85cf 6f7b 1703 0300 455f .M7#....o{....E_ + 0x0100: 6101 2a9b 0062 831c afbf 097b b431 ad7b a.*..b.....{.1.{ + 0x0110: 3968 ab9c 007d 7b1f a690 bfc8 af31 752f 9h...}{......1u/ + 0x0120: 3d54 0d58 76ae 736c f81b 45f5 4702 668c =T.Xv.sl..E.G.f. + 0x0130: 9209 b73c c159 c9ea 457a 14dc 1fdb 56d9 ...<.Y..Ez....V. + 0x0140: 7da0 eee4 }... +1714254318.352141 eth0 In IP (tos 0x0, ttl 64, id 4661, offset 0, flags [none], proto TCP (6), length 40) + a104-70-127-13.deploy.static.akamaitechnologies.com.https > 10.0.2.15.34136: Flags [.], cksum 0x4b9e (correct), ack 764, win 65535, length 0 + 0x0000: 0800 0000 0000 0002 0001 0006 5254 0012 ............RT.. + 0x0010: 3502 0000 4500 0028 1235 0000 4006 7539 5...E..(.5..@.u9 + 0x0020: 6846 7f0d 0a00 020f 01bb 8558 0b62 110a hF.........X.b.. + 0x0030: ee74 dedf 5010 ffff 4b9e 0000 0000 0000 .t..P...K....... + 0x0040: 0000 .. +1714254318.352216 eth0 In IP (tos 0x0, ttl 64, id 4662, offset 0, flags [none], proto TCP (6), length 40) + a104-70-127-13.deploy.static.akamaitechnologies.com.https > 10.0.2.15.34136: Flags [.], cksum 0x4af4 (correct), ack 934, win 65535, length 0 + 0x0000: 0800 0000 0000 0002 0001 0006 5254 0012 ............RT.. + 0x0010: 3502 0000 4500 0028 1236 0000 4006 7538 5...E..(.6..@.u8 + 0x0020: 6846 7f0d 0a00 020f 01bb 8558 0b62 110a hF.........X.b.. + 0x0030: ee74 df89 5010 ffff 4af4 0000 0000 0000 .t..P...J....... + 0x0040: 0000 .. +``` \ No newline at end of file