Журнал лабораторных работ

10:20:15

#dig @192.168.16.4 -x host1

;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jun  1 10:24:42 2007
;; MSG SIZE  rcvd: 94
; <<>> DiG 9.3.4 <<>> @192.168.16.4 -x host1
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 38723
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;host1.in-addr.arpa.            IN      PTR
;; AUTHORITY SECTION:
in-addr.arpa.           10800   IN      SOA     A.ROOT-SERVERS.NET. dns-ops.ARIN.NET. 2007053116 1800 900 691200 10800
;; Query time: 247 msec
;; SERVER: 192.168.16.4#53(192.168.16.4)
;; WHEN: Fri Jun  1 10:22:19 2007
;; MSG SIZE  rcvd: 103

/dev/pts/5

10:20:40

#man dig

10:20:59

#dig @192.168.16.4 test.net.nt axfr

host84.test.net.nt.     10800000 IN     A       192.168.16.84
host85.test.net.nt.     10800000 IN     A       192.168.16.85
host86.test.net.nt.     10800000 IN     A       192.168.16.86
host87.test.net.nt.     10800000 IN     A       192.168.16.87
host88.test.net.nt.     10800000 IN     A       192.168.16.88
host89.test.net.nt.     10800000 IN     A       192.168.16.89
host9.test.net.nt.      10800000 IN     A       192.168.16.9
host90.test.net.nt.     10800000 IN     A       192.168.16.90
host91.test.net.nt.     10800000 IN     A       192.168.16.91
host92.test.net.nt.     10800000 IN     A       192.168.16.92
...
test.net.nt.            10800000 IN     SOA     test.net.nt. user.test.net.nt. 2007053102 36000 3600 604800 3600
;; Query time: 486 msec
;; SERVER: 192.168.16.4#53(192.168.16.4)
;; WHEN: Fri Jun  1 10:21:21 2007
;; XFR size: 257 records (messages 1)
If you press Ctrl-C for a second time before John had a chance to
                                                                                                             46,9
handle your first Ctrl-C, John will abort immediately without saving.
By default, the state is also saved every 10 minutes to permit for
                                                                                                             1,2-9

10:21:21

#vim /etc/bind/named.conf

10:22:00

#vim /etc/bind/named.conf.options

/dev/pts/12

10:22:19

#dig @192.168.16.4 -x host1,test.net.nt

;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jun  1 10:24:42 2007
;; MSG SIZE  rcvd: 94
; <<>> DiG 9.3.4 <<>> @192.168.16.4 -x host1,test.net.nt
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32567
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;nt.net.host1,test.in-addr.arpa.        IN      PTR
;; AUTHORITY SECTION:
in-addr.arpa.           10800   IN      SOA     A.ROOT-SERVERS.NET. dns-ops.ARIN.NET. 2007053116 1800 900 691200 10800
;; Query time: 1281 msec
;; SERVER: 192.168.16.4#53(192.168.16.4)
;; WHEN: Fri Jun  1 10:22:28 2007
;; MSG SIZE  rcvd: 115

10:22:28

#dig @192.168.16.4 -x 192.168.16.4

; <<>> DiG 9.3.4 <<>> @192.168.16.4 -x 192.168.16.4
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17213
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;4.16.168.192.in-addr.arpa.     IN      PTR
;; ANSWER SECTION:
4.16.168.192.in-addr.arpa. 1080000 IN   PTR     host4.test.net.nt.
;; AUTHORITY SECTION:
16.168.192.in-addr.arpa. 1080000 IN     NS      host4.16.168.192.in-addr.arpa.
;; Query time: 96 msec
;; SERVER: 192.168.16.4#53(192.168.16.4)
;; WHEN: Fri Jun  1 10:22:42 2007
;; MSG SIZE  rcvd: 94

10:22:42

#dig @192.168.16.4 -x 192.168.16.3

; <<>> DiG 9.3.4 <<>> @192.168.16.4 -x 192.168.16.3
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13078
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;3.16.168.192.in-addr.arpa.     IN      PTR
;; ANSWER SECTION:
3.16.168.192.in-addr.arpa. 1080000 IN   PTR     host3.test.net.nt.
;; AUTHORITY SECTION:
16.168.192.in-addr.arpa. 1080000 IN     NS      host4.16.168.192.in-addr.arpa.
;; Query time: 96 msec
;; SERVER: 192.168.16.4#53(192.168.16.4)
;; WHEN: Fri Jun  1 10:22:45 2007
;; MSG SIZE  rcvd: 94

10:22:45

#export $DISPLAY=192.168.16.2:0 xclock

bash: export: `=192.168.16.2:0': not a valid identifier

/dev/pts/5

10:22:51

#/etc/init.d/bind9 restart

solaris-x86-any          Solaris, x86, gcc
sco-x86-any-gcc          SCO, x86, gcc
sco-x86-any-cc           SCO, x86, cc
tru64-alpha              Tru64 (Digital UNIX, OSF/1), Alpha
aix-ppc32                AIX, PowerPC 32-bit
macosx-ppc32-altivec     Mac OS X, PowerPC w/AltiVec (best)
macosx-ppc32             Mac OS X, PowerPC 32-bit
macosx-ppc64             Mac OS X 10.4+, PowerPC 64-bit
macosx-x86-mmx           Mac OS X, x86 with MMX
hpux-pa-risc-gcc         HP-UX, PA-RISC, gcc
...
beos-x86-mmx             BeOS, x86 with MMX
beos-x86-any             BeOS, x86
generic                  Any other Unix-like system with gcc
Stopping domain name service...: bind.
Starting domain name service...: bind.
If you press Ctrl-C for a second time before John had a chance to
                                                                                                             46,9
handle your first Ctrl-C, John will abort immediately without saving.
By default, the state is also saved every 10 minutes to permit for
                                                                                                             1,2-9

10:23:01

#dig @192.168.16.4 test.net.nt axfr

; <<>> DiG 9.3.4 <<>> @192.168.16.4 test.net.nt axfr
; (1 server found)
;; global options:  printcmd
; Transfer failed.

10:23:04

#ssh 192.168.16.2 dig @192.168.16.4 test.net.nt axfr

irix-mips64-r10k         IRIX, MIPS 64-bit (R10K) (best)
irix-mips64              IRIX, MIPS 64-bit
irix-mips32              IRIX, MIPS 32-bit
dos-djgpp-x86-mmx        DOS, DJGPP 2.x, x86 with MMX (best)
dos-djgpp-x86-any        DOS, DJGPP 2.x, x86
win32-cygwin-x86-mmx     Win32, Cygwin, x86 with MMX (best)
win32-cygwin-x86-any     Win32, Cygwin, x86
beos-x86-mmx             BeOS, x86 with MMX
beos-x86-any             BeOS, x86
generic                  Any other Unix-like system with gcc
...
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending key in /root/.ssh/known_hosts:3
RSA host key for 192.168.16.2 has changed and you have requested strict checking.
Host key verification failed.
If you press Ctrl-C for a second time before John had a chance to
                                                                                                             46,9
handle your first Ctrl-C, John will abort immediately without saving.
By default, the state is also saved every 10 minutes to permit for
                                                                                                             1,2-9

10:23:53

#ssh-keygen -R 192.168.16.2

/root/.ssh/known_hosts updated.
Original contents retained as /root/.ssh/known_hosts.old

10:24:03

#ssh 192.168.16.2 dig @192.168.16.4 test.net.nt axfr

The authenticity of host '192.168.16.2 (192.168.16.2)' can't be established.
RSA key fingerprint is 9e:2d:a9:2d:1c:93:bd:a9:4e:1a:2b:31:c8:fa:a4:3c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.16.2' (RSA) to the list of known hosts.
root@192.168.16.2's password:
; <<>> DiG 9.3.4 <<>> @192.168.16.4 test.net.nt axfr
; (1 server found)
;; global options:  printcmd
; Transfer failed.

10:24:09

#vim /etc/bind/named.conf.options

10:24:32

#dig -x 192.168.16.4

; <<>> DiG 9.3.4 <<>> -x 192.168.16.4
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27311
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;4.16.168.192.in-addr.arpa.     IN      PTR
;; ANSWER SECTION:
4.16.168.192.in-addr.arpa. 1080000 IN   PTR     host4.test.net.nt.
;; AUTHORITY SECTION:
16.168.192.in-addr.arpa. 1080000 IN     NS      host4.16.168.192.in-addr.arpa.
;; Query time: 64 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jun  1 10:24:42 2007
;; MSG SIZE  rcvd: 94

10:24:42

#vim /etc/bind/named.conf.options

10:25:11

#ls

solaris-x86-any          Solaris, x86, gcc
sco-x86-any-gcc          SCO, x86, gcc
sco-x86-any-cc           SCO, x86, cc
tru64-alpha              Tru64 (Digital UNIX, OSF/1), Alpha
aix-ppc32                AIX, PowerPC 32-bit
macosx-ppc32-altivec     Mac OS X, PowerPC w/AltiVec (best)
macosx-ppc32             Mac OS X, PowerPC 32-bit
macosx-ppc64             Mac OS X 10.4+, PowerPC 64-bit
macosx-x86-mmx           Mac OS X, x86 with MMX
hpux-pa-risc-gcc         HP-UX, PA-RISC, gcc
...
beos-x86-mmx             BeOS, x86 with MMX
beos-x86-any             BeOS, x86
generic                  Any other Unix-like system with gcc
db.0    db.16.168.192  db.empty  db.root         named.conf        named.conf.options  zones.rfc1918
db.127  db.255         db.local  db.test.net.nt  named.conf.local  rndc.key
If you press Ctrl-C for a second time before John had a chance to
                                                                                                             46,9
handle your first Ctrl-C, John will abort immediately without saving.
By default, the state is also saved every 10 minutes to permit for
                                                                                                             1,2-9

10:25:37

#vim db.root

10:25:53

#exit

Connection to 192.168.16.4 closed.

/dev/pts/14

10:26:01

#sceen -x

[root@linux1:~]#
[root@linux1:~]#
[root@linux1:~]#
[root@linux1:~]#
[root@linux1:~]# ssh 192.168.16.4
root@192.168.16.4's password:
Last login: Fri Jun  1 09:49:33 2007 from host1.test.net.nt
[root@linux4:~]# cd /etc/bind/
[root@linux4:bind]# vim db.
[root@linux4:bind]#        bash: sceen: command not found
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
l3-agent is already running: pid=3224; pidfile=/root/.lilalo/l3-agent.pid
[root@linux4:~]#

/dev/pts/3

10:26:01

#screen

/dev/pts/7

10:26:01

#screen -x

/dev/pts/1

10:26:01

#screen -x

/dev/pts/5

10:26:16

#ssh 192.168.16.4

[root@linux1:~]# ssh 192.168.16.4
root@192.168.16.4's password:
Last login: Fri Jun  1 09:49:33 2007 from host1.test.net.nt
Linux linux4 2.6.18-4-686 #1 SMP Mon Mar 26 17:17:36 UTC 2007 i686
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
l3-agent is already running: pid=3224; pidfile=/root/.lilalo/l3-agent.pid
[root@linux4:~]#
                 root@192.168.16.4's password:
Last login: Fri Jun  1 09:49:33 2007 from host1.test.net.nt
Linux linux4 2.6.18-4-686 #1 SMP Mon Mar 26 17:17:36 UTC 2007 i686
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
l3-agent is already running: pid=3224; pidfile=/root/.lilalo/l3-agent.pid

/dev/pts/14

10:26:59

#screen -x

/dev/pts/9

10:27:09

#screen -x

/dev/pts/5

10:30:10

#cd /etc/bind/

10:30:18

#vim db.16.168.192

10:30:32

#vim db.root

10:30:35

#tcpdump -n port 53 and host 192.168.16.4

10:32:12.697122 IP 192.168.16.4.32792 > 207.126.96.162.53:  41369% [1au] AAAA? ns.kolo.net. (40)
10:32:12.698489 IP 192.168.16.4.32792 > 198.41.0.4.53:  54399% [1au] A? ns.genesyslab.com. (46)
10:32:12.698987 IP 192.54.112.30.53 > 192.168.16.4.32792:  34749- 0/6/7 (281)
10:32:12.699322 IP 192.168.16.4.32792 > 198.41.0.4.53:  11089% [1au] AAAA? ns.genesyslab.com. (46)
10:32:12.700868 IP 192.168.16.4.32792 > 207.126.96.162.53:  55983% [1au] AAAA? ns-he.kolo.net. (43)
10:32:12.783975 IP 88.81.249.200.53 > 192.168.16.4.32792:  34318*- 1/3/4 A 194.150.93.78 (165)
10:32:12.988515 IP 198.41.0.4.53 > 192.168.16.4.32792:  54399- 0/13/16 (534)
10:32:12.990743 IP 198.41.0.4.53 > 192.168.16.4.32792:  11089- 0/13/16 (534)
10:32:12.990801 IP 192.168.16.4.32792 > 192.26.92.30.53:  65168% [1au] A? ns.genesyslab.com. (46)
10:32:12.993068 IP 192.168.16.4.32792 > 192.26.92.30.53:  32584% [1au] AAAA? ns.genesyslab.com. (46)
10:32:13.052561 IP 207.126.96.162.53 > 192.168.16.4.32792:  41369* 0/1/1 (87)
10:32:13.052696 IP 207.126.96.162.53 > 192.168.16.4.32792:  55983* 0/1/1 (93)
10:32:13.267048 IP 192.26.92.30.53 > 192.168.16.4.32792:  65168- 1/5/6 A 198.49.180.3 (240)
10:32:13.268043 IP 192.26.92.30.53 > 192.168.16.4.32792:  32584- 0/5/6 (224)
10:32:13.269834 IP 192.168.16.4.32792 > 199.165.223.3.53:  40874% [1au] AAAA? ns.genesyslab.com. (46)
10:32:13.629444 IP 199.165.223.3.53 > 192.168.16.4.32792:  40874*- 0/1/1 (108)
86 packets captured
86 packets received by filter
0 packets dropped by kernel

10:32:27

#vim db.16.168.192

10:32:36

#tcpdump -n port 53 and host 192.168.16.4 1>/tmp/tcpdump

44 PTR host44.test.net.nt.
45 PTR host45.test.net.nt.
46 PTR host46.test.net.nt.
44 PTR host44.test.net.nt.
45 PTR host45.test.net.nt.
46 PTR host46.test.net.nt.
47 PTR host47.test.net.nt.
48 PTR host48.test.net.nt.
49 PTR host49.test.net.nt.
50 PTR host50.test.net.nt.
...
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
50 packets captured
50 packets received by filter
0 packets dropped by kernel
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
50 packets captured
50 packets received by filter
0 packets dropped by kernel

10:32:59

#less /tmp/tcpdump

10:34:17

#tcpdump -n port 53 and host 192.168.16.255 1>/tmp/tcpdump

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
0 packets captured
0 packets received by filter
0 packets dropped by kernel

10:34:26

#vim db.16.168.192

10:34:38

#tcpdump -n port 53 and host 192.168.16.255 1>/tmp/tcpdump

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
0 packets captured
0 packets received by filter
0 packets dropped by kernel

10:34:49

#less /tmp/tcpdump

10:36:50

#vim db.16.168.192

10:37:05

#tcpdump -n port 53 1>/tmp/tcpdump

44 PTR host44.test.net.nt.
45 PTR host45.test.net.nt.
46 PTR host46.test.net.nt.
44 PTR host44.test.net.nt.
45 PTR host45.test.net.nt.
46 PTR host46.test.net.nt.
47 PTR host47.test.net.nt.
48 PTR host48.test.net.nt.
49 PTR host49.test.net.nt.
50 PTR host50.test.net.nt.
...
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
50 packets captured
50 packets received by filter
0 packets dropped by kernel
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
0 packets captured
0 packets received by filter
0 packets dropped by kernel

10:37:28

#ps aux | grep named

bind      4804  0.4  0.3  30536  3144 ?        Ssl  10:37   0:00 /usr/sbin/named -u bind
root      4823  0.0  0.0   3740   760 pts/9    R+   10:37   0:00 grep named

10:37:46

#tcpdump -n port 53

45 PTR host45.test.net.nt.
46 PTR host46.test.net.nt.
44 PTR host44.test.net.nt.
45 PTR host45.test.net.nt.
46 PTR host46.test.net.nt.
47 PTR host47.test.net.nt.
48 PTR host48.test.net.nt.
49 PTR host49.test.net.nt.
50 PTR host50.test.net.nt.
51 PTR host51.test.net.nt.
...
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
50 packets captured
50 packets received by filter
0 packets dropped by kernel
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
0 packets captured
0 packets received by filter
0 packets dropped by kernel

10:37:56

#tcpdump -n port 53

10:37:58

#vim db.16.168.192

10:38:18

#tcpdump -n port 53

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
0 packets captured
0 packets received by filter
0 packets dropped by kernel

10:38:32

#/etc/init.d/bind9 restart

41 PTR host41.test.net.nt.
42 PTR host42.test.net.nt.
43 PTR host43.test.net.nt.
44 PTR host44.test.net.nt.
45 PTR host45.test.net.nt.
46 PTR host46.test.net.nt.
44 PTR host44.test.net.nt.
45 PTR host45.test.net.nt.
46 PTR host46.test.net.nt.
47 PTR host47.test.net.nt.
...
51 PTR host51.test.net.nt.
"db.16.168.192" 259L, 7259C записано
[root@linux4:bind]# tcpdump -n port 53 and host 192.168.16.4 1>/tmp/tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
50 packets captured
50 packets received by filter
0 packets dropped by kernel
Stopping domain name service...: bind.
Starting domain name service...: bind.

10:38:41

#vim db.16.168.192

10:38:48

#tail /var/log/daemon.log

Jun  1 10:38:41 linux4 named[4919]: zone 0.in-addr.arpa/IN: loaded serial 1
Jun  1 10:38:41 linux4 named[4919]: zone 127.in-addr.arpa/IN: loaded serial 1
Jun  1 10:38:41 linux4 named[4919]: zone 16.168.192.in-addr.arpa/IN: loaded serial 2007053306
Jun  1 10:38:41 linux4 named[4919]: zone 255.in-addr.arpa/IN: loaded serial 1
Jun  1 10:38:41 linux4 named[4919]: zone localhost/IN: loaded serial 1
Jun  1 10:38:41 linux4 named[4919]: zone test.net.nt/IN: loaded serial 2007053102
Jun  1 10:38:41 linux4 named[4919]: running
Jun  1 10:38:41 linux4 named[4919]: zone 16.168.192.in-addr.arpa/IN: sending notifies (serial 2007053306)
Jun  1 10:38:41 linux4 named[4919]: zone test.net.nt/IN: sending notifies (serial 2007053102)
Jun  1 10:38:41 linux4 named[4919]: client 192.168.16.4#32823: received notify for zone 'test.net.nt'

10:38:53

#vim named.conf.options

10:39:27

#tcpdump -n port 53

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
0 packets captured
0 packets received by filter
0 packets dropped by kernel

10:39:42

#tcpdump -n port 22

10:39:46.549779 IP 192.168.16.4.22 > 192.168.16.1.37710: P 57008:57296(288) ack 1 win 101 <nop,nop,timestamp 823425 928973>
10:39:46.550075 IP 192.168.16.1.22 > 192.168.16.4.57592: P 51856:52160(304) ack 97 win 101 <nop,nop,timestamp 928975 823424>
10:39:46.550116 IP 192.168.16.4.57592 > 192.168.16.1.22: . ack 52160 win 501 <nop,nop,timestamp 823425 928974>
10:39:46.550901 IP 192.168.16.4.22 > 192.168.16.1.37710: P 57296:57824(528) ack 1 win 101 <nop,nop,timestamp 823425 928973>
10:39:46.550941 IP 192.168.16.1.22 > 192.168.16.4.57592: P 52160:52464(304) ack 97 win 101 <nop,nop,timestamp 928975 823425>
10:39:46.551755 IP 192.168.16.4.22 > 192.168.16.1.37710: P 57824:58352(528) ack 1 win 101 <nop,nop,timestamp 823425 928973>
10:39:46.551774 IP 192.168.16.1.22 > 192.168.16.4.57592: P 52464:52768(304) ack 97 win 101 <nop,nop,timestamp 928975 823425>
10:39:46.552506 IP 192.168.16.1.22 > 192.168.16.4.57592: P 52768:53072(304) ack 97 win 101 <nop,nop,timestamp 928975 823425>
10:39:46.552554 IP 192.168.16.4.57592 > 192.168.16.1.22: . ack 53072 win 501 <nop,nop,timestamp 823426 928975>
10:39:46.552595 IP 192.168.16.4.22 > 192.168.16.1.37710: P 58352:58640(288) ack 1 win 101 <nop,nop,timestamp 823426 928973>
...
10:39:46.555104 IP 192.168.16.1.22 > 192.168.16.4.57592: P 53680:53984(304) ack 97 win 101 <nop,nop,timestamp 928976 823426>
10:39:46.555155 IP 192.168.16.4.57592 > 192.168.16.1.22: . ack 53984 win 501 <nop,nop,timestamp 823426 928976>
10:39:46.555936 IP 192.168.16.1.22 > 192.168.16.4.57592: P 53984:54288(304) ack 97 win 101 <nop,nop,timestamp 928976 823426>
10:39:46.556741 IP 192.168.16.1.22 > 192.168.16.4.57592: P 54288:54592(304) ack 97 win 101 <nop,nop,timestamp 928976 823426>
10:39:46.557663 IP 192.168.16.1.22 > 192.168.16.4.57592: P 54592:54896(304) ack 97 win 101 <nop,nop,timestamp 928977 823426>
10:39:46.558518 IP 192.168.16.1.22 > 192.168.16.4.57592: P 54896:55200(304) ack 97 win 101 <nop,nop,timestamp 928977 823426>
10:39:46.558793 IP 192.168.16.4.57592 > 192.168.16.1.22: . ack 55200 win 501 <nop,nop,timestamp 823427 928976>
10:39:46.559616 IP 192.168.16.1.22 > 192.168.16.4.57592: P 55200:55504(304) ack 97 win 101 <nop,nop,timestamp 928977 823427>
10:39:46.559675 IP 192.168.16.1.22 > 192.168.16.4.57592: P 55504:55808(304) ack 97 win 101 <nop,nop,timestamp 928977 823427>
10:39:46.560910 IP 192.168.16.1.22 > 192.168.16.4.57592: P 55808:56112(304) ack 97 win 101 <nop,nop,timestamp 928977 823427>

10:40:07

#tcpdump -n port 53

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
0 packets captured
0 packets received by filter
0 packets dropped by kernel

10:40:21

#vim named.conf.options

10:40:28

#vim db.test.net.nt

10:40:45

#tcpdump -n port 53

10:41:06.695001 IP 192.168.16.4.32825 > 128.63.2.53.53:  38614% [1au] A? ns.genesyslab.com. (46)
10:41:06.695679 IP 192.168.16.4.32825 > 128.63.2.53.53:  19307% [1au] AAAA? ns.genesyslab.com. (46)
10:41:06.699400 IP 192.41.162.30.53 > 192.168.16.4.32825:  28037- 1/6/7 A 216.218.215.2 (297)
10:41:06.700323 IP 192.41.162.30.53 > 192.168.16.4.32825:  52190- 0/6/7 (281)
10:41:06.710179 IP 192.168.16.4.32825 > 207.126.96.162.53:  11125% [1au] AAAA? ns-he.kolo.net. (43)
10:41:06.844108 IP 128.63.2.53.53 > 192.168.16.4.32825:  38614- 0/13/16 (534)
10:41:06.846334 IP 128.63.2.53.53 > 192.168.16.4.32825:  19307- 0/13/16 (534)
10:41:06.846393 IP 192.168.16.4.32825 > 192.42.93.30.53:  10522% [1au] A? ns.genesyslab.com. (46)
10:41:06.848451 IP 192.168.16.4.32825 > 192.42.93.30.53:  38029% [1au] AAAA? ns.genesyslab.com. (46)
10:41:06.905634 IP 207.126.96.162.53 > 192.168.16.4.32825:  45805* 0/1/1 (87)
...
10:41:07.059380 IP 192.42.93.30.53 > 192.168.16.4.32825:  38029- 0/5/6 (224)
10:41:07.061505 IP 192.168.16.4.32825 > 216.218.215.20.53:  17038% [1au] AAAA? ns.genesyslab.com. (46)
10:41:07.280068 IP 216.218.215.20.53 > 192.168.16.4.32825:  17038*- 0/1/1 (108)
10:41:07.585005 IP 192.168.16.4.32825 > 88.81.249.200.53:  41287 [1au] A? xgu.ru. (35)
10:41:07.585219 IP 192.168.16.4.32825 > 128.63.2.53.53:  39224% [1au] A? ns3.imena.com.ua. (45)
10:41:07.733101 IP 128.63.2.53.53 > 192.168.16.4.32825:  39224- 0/10/11 (433)
10:41:07.734430 IP 192.168.16.4.32825 > 88.81.249.200.53:  9782% [1au] A? ns3.imena.com.ua. (45)
68 packets captured
68 packets received by filter
0 packets dropped by kernel

10:41:07

#vim named.conf.options

10:42:32

#vim named.conf

10:43:05

#dig @192.168.16.15 polygon.net.nt ns

listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
50 packets captured
50 packets received by filter
0 packets dropped by kernel
; <<>> DiG 9.3.4 <<>> @192.168.16.15 polygon.net.nt ns
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46327
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;polygon.net.nt.                        IN      NS
;; AUTHORITY SECTION:
net.nt.                 3600    IN      SOA     net.nt. clint.net.nt. 2007010933 36000 3600 604800 3600
;; Query time: 62 msec
;; SERVER: 192.168.16.15#53(192.168.16.15)
;; WHEN: Fri Jun  1 10:43:23 2007
;; MSG SIZE  rcvd: 74

10:43:23

#dig @192.168.16.15 net.nt ns

; <<>> DiG 9.3.4 <<>> @192.168.16.15 net.nt ns
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60329
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;net.nt.                                IN      NS
;; ANSWER SECTION:
net.nt.                 10800000 IN     NS      net.nt.
;; ADDITIONAL SECTION:
net.nt.                 10800000 IN     A       192.168.16.15
;; Query time: 62 msec
;; SERVER: 192.168.16.15#53(192.168.16.15)
;; WHEN: Fri Jun  1 10:43:32 2007
;; MSG SIZE  rcvd: 54

10:43:32

#vim named.conf

10:44:31

#vim named.conf.options

10:44:46

#ls -l /var/cache/bind/

40 PTR host40.test.net.nt.
41 PTR host41.test.net.nt.
42 PTR host42.test.net.nt.
43 PTR host43.test.net.nt.
44 PTR host44.test.net.nt.
45 PTR host45.test.net.nt.
46 PTR host46.test.net.nt.
44 PTR host44.test.net.nt.
45 PTR host45.test.net.nt.
46 PTR host46.test.net.nt.
...
50 PTR host50.test.net.nt.
51 PTR host51.test.net.nt.
"db.16.168.192" 259L, 7259C записано
[root@linux4:bind]# tcpdump -n port 53 and host 192.168.16.4 1>/tmp/tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
50 packets captured
50 packets received by filter
0 packets dropped by kernel
итого 0

10:44:51

#ls -ld /var/cache/bind/

drwxrwxr-x 2 root bind 4096 2007-01-29 15:35 /var/cache/bind/

10:44:56

#id bind

uid=108(bind) gid=109(bind) группы=109(bind)

10:45:09

#ps aux |

40 PTR host40.test.net.nt.
41 PTR host41.test.net.nt.
42 PTR host42.test.net.nt.
43 PTR host43.test.net.nt.
44 PTR host44.test.net.nt.
45 PTR host45.test.net.nt.
46 PTR host46.test.net.nt.
44 PTR host44.test.net.nt.
45 PTR host45.test.net.nt.
46 PTR host46.test.net.nt.
...
50 PTR host50.test.net.nt.
51 PTR host51.test.net.nt.
"db.16.168.192" 259L, 7259C записано
[root@linux4:bind]# tcpdump -n port 53 and host 192.168.16.4 1>/tmp/tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
50 packets captured
50 packets received by filter
0 packets dropped by kernel
>

10:45:23

#ps aux | grep named

bind      5077  0.1  0.3  30640  3252 ?        Ssl  10:40   0:00 /usr/sbin/named -u bind
root      5214  0.0  0.0   3744   764 pts/9    R+   10:45   0:00 grep named

10:45:38

#dig @192.168.16.15 net.nt axfr

host206.net.nt.         10800000 IN     A       192.168.16.206
host207.net.nt.         10800000 IN     A       192.168.16.207
host208.net.nt.         10800000 IN     A       192.168.16.208
host209.net.nt.         10800000 IN     A       192.168.16.209
host210.net.nt.         10800000 IN     A       192.168.16.210
host211.net.nt.         10800000 IN     A       192.168.16.211
host212.net.nt.         10800000 IN     A       192.168.16.212
host213.net.nt.         10800000 IN     A       192.168.16.213
host214.net.nt.         10800000 IN     A       192.168.16.214
host215.net.nt.         10800000 IN     A       192.168.16.215
...
m02.net.nt.             10800000 IN     CNAME   fbsd2.net.nt.
m03.net.nt.             10800000 IN     CNAME   fbsd3.net.nt.
xlotus.net.net.nt.      10800000 IN     A       10.0.69.1
serzh.net.nt.           10800000 IN     CNAME   net.nt.
sled.net.nt.            10800000 IN     A       192.168.16.31
net.nt.                 10800000 IN     SOA     net.nt. clint.net.nt. 2007010933 36000 3600 604800 3600
;; Query time: 567 msec
;; SERVER: 192.168.16.15#53(192.168.16.15)
;; WHEN: Fri Jun  1 10:45:54 2007
;; XFR size: 264 records (messages 1)

10:46:05

#ls -l /var/cache/bind/

итого 0

10:46:10

#/etc/init.d/bind9 restart

41 PTR host41.test.net.nt.
42 PTR host42.test.net.nt.
43 PTR host43.test.net.nt.
44 PTR host44.test.net.nt.
45 PTR host45.test.net.nt.
46 PTR host46.test.net.nt.
44 PTR host44.test.net.nt.
45 PTR host45.test.net.nt.
46 PTR host46.test.net.nt.
47 PTR host47.test.net.nt.
...
51 PTR host51.test.net.nt.
"db.16.168.192" 259L, 7259C записано
[root@linux4:bind]# tcpdump -n port 53 and host 192.168.16.4 1>/tmp/tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
50 packets captured
50 packets received by filter
0 packets dropped by kernel
Stopping domain name service...: bind.
Starting domain name service...: bind.

10:46:19

#ls -l /var/cache/bind/

итого 8
-rw-r--r-- 1 bind bind 7062 2007-06-01 10:46 db.net.nt

10:46:20

#vim /var/cache/bind/db.net.nt

10:47:25

#ssh clint@net.nt hostname

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
50 packets captured
50 packets received by filter
0 packets dropped by kernel
The authenticity of host 'net.nt (192.168.16.15)' can't be established.
RSA key fingerprint is 33:88:39:f0:bd:1f:5e:b0:f6:d8:d3:90:0a:b9:e9:de.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'net.nt,192.168.16.15' (RSA) to the list of known hosts.
************************************************************
This is a private system!!! All connection attempts are
 logged and monitored. All unauthorized connection
 attempts will be investigated and
handed over to the proper authorities.
Это частная система! Все соединения записываются и отслеживаются.
Все несанкционированные попытки доступа будут расследованы и
переданы куда следует.
*************************************************************
clint@net.nt's password:
serzh

10:47:39

#host net.nt

41 PTR host41.test.net.nt.
42 PTR host42.test.net.nt.
43 PTR host43.test.net.nt.
44 PTR host44.test.net.nt.
45 PTR host45.test.net.nt.
46 PTR host46.test.net.nt.
44 PTR host44.test.net.nt.
45 PTR host45.test.net.nt.
46 PTR host46.test.net.nt.
47 PTR host47.test.net.nt.
...
51 PTR host51.test.net.nt.
"db.16.168.192" 259L, 7259C записано
[root@linux4:bind]# tcpdump -n port 53 and host 192.168.16.4 1>/tmp/tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
50 packets captured
50 packets received by filter
0 packets dropped by kernel
net.nt has address 192.168.16.15
net.nt mail is handled by 10 serzh.net.nt.

10:48:14

#dig @127.0.0.1 txt chaos version.bind

0 packets dropped by kernel
; <<>> DiG 9.3.4 <<>> @127.0.0.1 txt chaos version.bind
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23641
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;version.bind.                  CH      TXT
;; ANSWER SECTION:
version.bind.           0       CH      TXT     "9.3.4"
;; AUTHORITY SECTION:
version.bind.           0       CH      NS      version.bind.
;; Query time: 5 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jun  1 10:51:06 2007
;; MSG SIZE  rcvd: 62

10:51:06

#dig @net.nt txt chaos version.bind

0 packets dropped by kernel
; <<>> DiG 9.3.4 <<>> @net.nt txt chaos version.bind
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63987
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;version.bind.                  CH      TXT
;; ANSWER SECTION:
version.bind.           0       CH      TXT     "I am dont know"
;; AUTHORITY SECTION:
version.bind.           0       CH      NS      version.bind.
;; Query time: 5 msec
;; SERVER: 192.168.16.15#53(192.168.16.15)
;; WHEN: Fri Jun  1 10:51:20 2007
;; MSG SIZE  rcvd: 71

10:51:20

#vim named.conf

10:51:56

#vim named.conf.options

10:52:28

#dig @127.0.0.1 txt chaos version.bind

; <<>> DiG 9.3.4 <<>> @127.0.0.1 txt chaos version.bind
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18532
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;version.bind.                  CH      TXT
;; ANSWER SECTION:
version.bind.           0       CH      TXT     "9.3.4"
;; AUTHORITY SECTION:
version.bind.           0       CH      NS      version.bind.
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jun  1 10:52:31 2007
;; MSG SIZE  rcvd: 62

10:52:31

#/etc/init.d/bind9 restart

41 PTR host41.test.net.nt.
42 PTR host42.test.net.nt.
43 PTR host43.test.net.nt.
44 PTR host44.test.net.nt.
45 PTR host45.test.net.nt.
46 PTR host46.test.net.nt.
44 PTR host44.test.net.nt.
45 PTR host45.test.net.nt.
46 PTR host46.test.net.nt.
47 PTR host47.test.net.nt.
...
51 PTR host51.test.net.nt.
"db.16.168.192" 259L, 7259C записано
[root@linux4:bind]# tcpdump -n port 53 and host 192.168.16.4 1>/tmp/tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
50 packets captured
50 packets received by filter
0 packets dropped by kernel
Stopping domain name service...: bind.
Starting domain name service...: bind.

10:52:41

#dig @127.0.0.1 txt chaos version.bind

; <<>> DiG 9.3.4 <<>> @127.0.0.1 txt chaos version.bind
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3681
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;version.bind.                  CH      TXT
;; ANSWER SECTION:
version.bind.           0       CH      TXT     "NE ZNAJU"
;; AUTHORITY SECTION:
version.bind.           0       CH      NS      version.bind.
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Jun  1 10:52:42 2007
;; MSG SIZE  rcvd: 65

10:52:42

#vim named.conf.options

10:55:44

#host mail.ru

mail.ru has address 194.67.57.26
mail.ru has address 194.67.57.126
mail.ru mail is handled by 10 mxs.mail.ru.

10:58:54

#vim named.conf

10:59:25

#vim named.conf.options

10:59:47

#tcpdump -n port 53

45 PTR host45.test.net.nt.
46 PTR host46.test.net.nt.
44 PTR host44.test.net.nt.
45 PTR host45.test.net.nt.
46 PTR host46.test.net.nt.
47 PTR host47.test.net.nt.
48 PTR host48.test.net.nt.
49 PTR host49.test.net.nt.
50 PTR host50.test.net.nt.
51 PTR host51.test.net.nt.
...
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
50 packets captured
50 packets received by filter
0 packets dropped by kernel
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
0 packets captured
0 packets received by filter
0 packets dropped by kernel

11:00:09

#tcpdump -n port 53

50 PTR host50.test.net.nt.
51 PTR host51.test.net.nt.
"db.16.168.192" 259L, 7259C записано
[root@linux4:bind]# tcpdump -n port 53 and host 192.168.16.4 1>/tmp/tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
50 packets captured
50 packets received by filter
0 packets dropped by kernel
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
...
11:00:17.339545 IP 192.168.16.4.32992 > 192.168.16.15.53:  9850+ [1au] NS? . (28)
11:00:17.341148 IP 192.168.16.15.53 > 192.168.16.4.32992:  9850 13/0/14 NS e.root-servers.net.,[|domain]
11:00:17.381713 IP 192.168.16.15.53 > 192.168.16.4.32992:  45607 2/13/14 A 194.67.57.26, A[|domain]
11:00:17.445998 IP 192.168.16.4.32992 > 192.168.16.15.53:  18820+ [1au] AAAA? mail.ru. (36)
11:00:17.585866 IP 192.168.16.15.53 > 192.168.16.4.32992:  18820 0/1/1 (86)
11:00:17.590102 IP 192.168.16.4.32992 > 192.168.16.15.53:  21017+ [1au] MX? mail.ru. (36)
11:00:17.610598 IP 192.168.16.15.53 > 192.168.16.4.32992:  21017 1/13/15 MX mxs.mail.ru. 10 (491)
8 packets captured
8 packets received by filter
0 packets dropped by kernel

11:00:20

#vim named.conf.options

11:00:51

#vim named.conf

11:01:15

#rndc flush

11:01:23

#tcpdump -n port 53

"db.16.168.192" 259L, 7259C записано
[root@linux4:bind]# tcpdump -n port 53 and host 192.168.16.4 1>/tmp/tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
50 packets captured
50 packets received by filter
0 packets dropped by kernel
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
11:01:36.101894 IP 192.168.16.4.33001 > 192.168.16.15.53:  57384+ [1au] A? mail.ru. (36)
...
11:01:36.103717 IP 192.168.16.15.53 > 192.168.16.4.33001:  61460 13/0/14 NS k.root-servers.net.,[|domain]
11:01:36.218023 IP 192.168.16.4.33001 > 192.168.16.15.53:  63498+ [1au] AAAA? mail.ru. (36)
11:01:36.218573 IP 192.168.16.15.53 > 192.168.16.4.33001:  63498 0/1/1 (86)
11:01:36.221635 IP 192.168.16.4.33001 > 192.168.16.15.53:  64517+ [1au] MX? mail.ru. (36)
11:01:36.222659 IP 192.168.16.15.53 > 192.168.16.4.33001:  64517 1/13/15 MX mxs.mail.ru. 10 (491)
11:01:37.992377 IP 192.168.16.4.33001 > 192.168.16.15.53:  20580+ [1au] A? xgu.ru. (35)
11:01:37.993359 IP 192.168.16.15.53 > 192.168.16.4.33001:  20580 1/13/14 A 194.150.93.78 (470)
10 packets captured
10 packets received by filter
0 packets dropped by kernel

11:01:40

#tcpdump -n port 53

11:02:16.099223 IP 192.168.16.15.53 > 192.168.16.4.33001:  43378 0/1/1 (90)
11:02:16.102280 IP 192.168.16.4.33001 > 192.168.16.15.53:  54457+ [1au] MX? ya.ru. (34)
11:02:16.145948 IP 192.168.16.15.53 > 192.168.16.4.33001:  54457 2/13/14 MX mx1.yandex.ru. 0, (500)
11:02:33.209981 IP 192.168.16.4.33001 > 192.168.16.15.53:  43881+ [1au] A? test.com. (37)
11:02:33.621862 IP 192.168.16.15.53 > 192.168.16.4.33001:  43881 1/2/1 A 208.48.34.132 (100)
11:02:33.626777 IP 192.168.16.4.33001 > 192.168.16.15.53:  1448+ [1au] AAAA? test.com. (37)
11:02:33.627469 IP 192.168.16.4.33001 > 192.168.16.15.53:  724+% [1au] A? NS65.WORLDNIC.com. (46)
11:02:33.628191 IP 192.168.16.4.33001 > 192.168.16.15.53:  248+% [1au] AAAA? NS65.WORLDNIC.com. (46)
11:02:33.628959 IP 192.168.16.4.33001 > 192.168.16.15.53:  16499+% [1au] A? NS66.WORLDNIC.com. (46)
11:02:33.629713 IP 192.168.16.4.33001 > 192.168.16.15.53:  45189+% [1au] AAAA? NS66.WORLDNIC.com. (46)
...
11:02:33.871243 IP 192.168.16.15.53 > 192.168.16.4.33001:  248 0/1/1 (119)
11:02:33.871486 IP 192.168.16.15.53 > 192.168.16.4.33001:  1448 0/1/1 (96)
11:02:33.874724 IP 192.168.16.4.33001 > 192.168.16.15.53:  34824+ [1au] MX? test.com. (37)
11:02:34.095615 IP 192.168.16.15.53 > 192.168.16.4.33001:  34824 0/1/1 (96)
11:02:35.638003 IP 192.168.16.4.33001 > 192.228.79.201.53:  17412% [1au] AAAA? NS66.WORLDNIC.com. (46)
11:02:35.885139 IP 192.168.16.15.53 > 192.168.16.4.33001:  45189 0/1/1 (119)
11:02:35.890286 IP 192.228.79.201.53 > 192.168.16.4.33001:  17412- 0/13/16 (534)
22 packets captured
22 packets received by filter
0 packets dropped by kernel

11:03:23

#ssh clint@net.nt

Connection to net.nt closed.

11:04:13

#tcpdump -n port 53

11:04:34.592038 IP 192.168.16.4.33001 > 192.168.16.15.53:  65157+ [1au] AAAA? zlo.com. (36)
11:04:34.592773 IP 192.168.16.4.33001 > 192.168.16.15.53:  25041+% [1au] A? dx0.qtk.com. (40)
11:04:34.593493 IP 192.168.16.4.33001 > 192.168.16.15.53:  46862+% [1au] AAAA? dx0.qtk.com. (40)
11:04:34.738190 IP 192.168.16.15.53 > 192.168.16.4.33001:  25041 1/2/1 A 70.84.193.203 (88)
11:04:34.768713 IP 192.168.16.15.53 > 192.168.16.4.33001:  65157 0/1/1 (90)
11:04:34.771277 IP 192.168.16.4.33001 > 192.168.16.15.53:  28140+ [1au] MX? zlo.com. (36)
11:04:34.784317 IP 192.168.16.15.53 > 192.168.16.4.33001:  20654 0/1/1 (114)
11:04:34.784562 IP 192.168.16.15.53 > 192.168.16.4.33001:  4241 0/1/1 (114)
11:04:34.784750 IP 192.168.16.15.53 > 192.168.16.4.33001:  6001 0/1/1 (114)
11:04:34.784937 IP 192.168.16.15.53 > 192.168.16.4.33001:  42764 0/1/1 (114)
...
11:04:34.786532 IP 192.168.16.15.53 > 192.168.16.4.33001:  38139 0/1/1 (114)
11:04:34.797664 IP 192.168.16.15.53 > 192.168.16.4.33001:  64778 0/1/1 (114)
11:04:34.797923 IP 192.168.16.15.53 > 192.168.16.4.33001:  65007 0/1/1 (114)
11:04:34.798110 IP 192.168.16.15.53 > 192.168.16.4.33001:  16285 0/1/1 (114)
11:04:34.798295 IP 192.168.16.15.53 > 192.168.16.4.33001:  59709 0/1/1 (114)
11:04:34.920588 IP 192.168.16.15.53 > 192.168.16.4.33001:  46862 0/1/1 (86)
11:04:34.943666 IP 192.168.16.15.53 > 192.168.16.4.33001:  28140 1/1/3 MX x9.zlo.com. 5 (109)
62 packets captured
62 packets received by filter
0 packets dropped by kernel

11:04:36

#tcpdump -n port 53 1>/tmp/tcp

44 PTR host44.test.net.nt.
45 PTR host45.test.net.nt.
46 PTR host46.test.net.nt.
44 PTR host44.test.net.nt.
45 PTR host45.test.net.nt.
46 PTR host46.test.net.nt.
47 PTR host47.test.net.nt.
48 PTR host48.test.net.nt.
49 PTR host49.test.net.nt.
50 PTR host50.test.net.nt.
...
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
50 packets captured
50 packets received by filter
0 packets dropped by kernel
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
18 packets captured
18 packets received by filter
0 packets dropped by kernel

/dev/pts/12

11:04:47

#export $DISPLAY=192.168.16.3:0 xclock

bash: export: `=192.168.16.3:0': not a valid identifier

11:05:03

#apt-get install bind9

Чтение списков пакетов... Готово
Построение дерева зависимостей... Готово
Предлагаемые пакеты:
  bind9-doc
НОВЫЕ пакеты, которые будут установлены:
  bind9
обновлено 0, установлено 1 новых пакетов, для удаления отмечено 0 пакетов, и 0 пакетов не обновлено.
Необходимо скачать 294kБ архивов.
После распаковки объем занятого дискового пространства возрастёт на 782kB.
Получено:1 http://debian.org.ua etch/main bind9 1:9.3.4-2 [294kB]
...
(Чтение базы данных... на данный момент установлено 89013 файлов и каталогов.)
Распаковывается пакет bind9 (из файла .../bind9_1%3a9.3.4-2_i386.deb)...
Настраивается пакет bind9 (9.3.4-2) ...
Добавляется группа `bind' (GID 113) ...
Готово.
Добавляется системный пользователь `bind' (UID 110) ...
Добавляется новый пользователь `bind' (UID 110) в группу `bind' ...
Не создаётся домашний каталог `/var/cache/bind'.
wrote key file "/etc/bind/rndc.key"
Starting domain name service...: bind.

/dev/pts/5

11:05:16

#less /tmp/tcp

11:05:53

#host 65.210.134.138

Host 138.134.210.65.in-addr.arpa not found: 3(NXDOMAIN)

11:05:59

#ping 65.210.134.138

45 PTR host45.test.net.nt.
46 PTR host46.test.net.nt.
44 PTR host44.test.net.nt.
45 PTR host45.test.net.nt.
46 PTR host46.test.net.nt.
47 PTR host47.test.net.nt.
48 PTR host48.test.net.nt.
49 PTR host49.test.net.nt.
50 PTR host50.test.net.nt.
51 PTR host51.test.net.nt.
...
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
50 packets captured
50 packets received by filter
0 packets dropped by kernel
PING 65.210.134.138 (65.210.134.138) 56(84) bytes of data.
64 bytes from 65.210.134.138: icmp_seq=1 ttl=103 time=158 ms
--- 65.210.134.138 ping statistics ---
2 packets transmitted, 1 received, 50% packet loss, time 1003ms
rtt min/avg/max/mdev = 158.328/158.328/158.328/0.000 ms

11:06:07

#ping 65.210.134.138

Статистика

Справка

О программе

LiLaLo (L3) расшифровывается как Live Lab Log.
Программа разработана для повышения эффективности обучения Unix/Linux-системам.
(c) Игорь Чубин, 2004-2008

Журнал лабораторных работ

Журнал

Пятница (06/01/07)

Статистика

Справка

О программе