Журнал лабораторных работ

Содержание

Журнал

Понедельник (06/01/09)

/dev/pts/0
16:47:23
#ssh 192.168.15.254
   untagged 11
   tagged 13
   exit
vlan 108
   name "VLAN108"
   untagged 21
   tagged 25
   exit
ip route 0.0.0.0 0.0.0.0 10.0.35.1
ip route 192.168.102.0 255.255.255.0 192.168.15.3
ip route 192.168.107.0 255.255.255.0 192.168.15.13
ip route 192.168.106.0 255.255.255.0 192.168.15.11
ip route 192.168.104.0 255.255.255.0 192.168.15.7
ip route 192.168.108.0 255.255.255.0 192.168.15.15
ip ssh
password manager
password operator
прошло 12 минут
/dev/pts/8
17:00:20
#screen -x
/dev/pts/20
17:05:59
#screen -x
/dev/pts/12
17:15:33
#ssh root@10.0.15.254
ssh: connect to host 10.0.15.254 port 22: No route to host
/dev/pts/26
17:15:43
#screen -x
/dev/pts/18
17:22:27
#screen -x
/dev/pts/30
17:22:50
#pkill ssh

/dev/tty1
17:23:44
#screen -ls
17:23:46
#screen -x
17:24:02
#ls -l
итого 3320
drwxr-xr-x 2 root root    4096 Май 25 16:40 17179869184
drwxr-xr-x 2 root root    4096 Май 25 16:40 345448
drwxr-xr-x 2 root root    4096 Май 25 16:40 345789358
-rw-r--r-- 1 root root       0 Май 29 14:52 ABCABCf
-rw-r--r-- 1 root root       0 Май 29 14:50 ABCABC:gff
-rw-r--r-- 1 root root       0 Май 29 14:50 ABCfff
-rw-r--r-- 1 root root 3024896 Июн  1 10:34 etc.iso
-rw-r--r-- 1 root root       0 Май 26 18:22 F
-rw-r--r-- 1 root root       0 Май 26 18:22 F.1
...
-rw-r--r-- 1 root root       0 Май 26 18:22 F.7
-rw-r--r-- 1 root root       0 Май 26 18:22 F.8
-rw-r--r-- 1 root root       0 Май 26 18:22 F.9
-rw-r--r-- 1 root root       0 Май 29 14:50 ffff
-rw-r--r-- 1 root root       0 Май 29 14:52 fffffff
-rw-r--r-- 1 root root      12 Май 25 14:47 file
-rw-r--r-- 1 root root   54606 Май 29 10:24 iceweasel.dot
-rw-r--r-- 1 root root      12 Май 25 14:47 last-ping
-rw-r--r-- 1 root root    4737 Май 29 10:19 screen.dot
-rw-r--r-- 1 root root  271894 Май 29 10:20 screen.png
17:24:12
#screen -ls
17:24:19
#kill 3755

17:24:27
#screen -ls
17:24:35
#screen -x
17:24:37
#screen
/dev/pts/0
17:24:38
#alias echo='echo no echo'

17:29:10
#/etc/init.d/ssh restart
Restarting OpenBSD Secure Shell server: sshd.
/dev/pts/7
17:29:19
#screen -x
/dev/pts/5
17:29:19
#screen -x
/dev/pts/3
17:29:20
#screen -x
/dev/pts/9
17:29:31
#screen -x
/dev/pts/0
17:33:03
#ыÑssh root@192.168.15.254
Connection to 192.168.15.254 closed by remote host.
/dev/pts/15
17:34:52
#screen -x
/dev/pts/17
17:37:53
#screen -x

Вторник (06/02/09)

/dev/pts/2
09:48:52
#screen -x
/dev/pts/6
09:51:11
#screen -ls
09:51:23
#screen -x
прошло 13 минут
/dev/pts/6
10:04:43
#screen -x
/dev/pts/8
10:05:01
#screen -x
прошло 10 минут
/dev/pts/10
10:15:44
#screen -x
/dev/pts/12
10:16:50
#screen -x
/dev/pts/14
10:17:56
#screen -x
/dev/pts/16
10:17:57
#screen -x
/dev/pts/18
10:17:58
#!scre
[root@linux0:~]# w
 10:18:13 up 19:09, 11 users,  load average: 0,11, 0,03, 0,01
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/2    linux9.unix.nt   09:48   24:49   0.00s  0.00s script -f -c ba
root     pts/6    192.168.106.2    10:04   13:29   0.01s  0.01s script -f -c ba
root     pts/8    linux11.unix.nt  10:05   13:05   0.00s  0.00s script -f -c ba
root     pts/10   linux13.unix.nt  10:15    5.00s  0.01s  0.01s script -f -c ba
root     pts/14   linux3.unix.nt   10:17   14.00s  0.00s  0.00s script -f -c ba
root     pts/16   192.168.103.2    10:17    9.00s  0.00s  0.00s script -f -c ba
root     pts/18   linux15.unix.nt  10:17    4.00s  0.01s  0.01s script -f -c ba
root     pts/20   192.168.105.2    10:18    0.00s  0.02s  0.02s script -f -c ba
root     pts/12   192.168.102.2    10:16   29.00s  0.00s  0.00s script -f -c ba
root     pts/0    :pts/2:S.0       Mon17    0.00s  0.01s  0.01s script -f -c /b-
root     pts/3    linux6.unix.nt   Mon17   22:57   0.00s  0.00s script -f -c ba
/dev/pts/20
10:18:00
#screen -x
/dev/pts/0
10:18:13
#w
 10:19:42 up 19:11, 13 users,  load average: 0,04, 0,03, 0,01
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/2    linux9.unix.nt   09:48   26:18   0.00s  0.00s script -f -c ba
root     pts/6    192.168.106.2    10:04   14:58   0.01s  0.01s script -f -c ba
root     pts/8    linux11.unix.nt  10:05   14:34   0.00s  0.00s script -f -c ba
root     pts/10   linux13.unix.nt  10:15    1:34   0.01s  0.01s script -f -c ba
root     pts/14   linux3.unix.nt   10:17    1:43   0.00s  0.00s script -f -c ba
root     pts/16   192.168.103.2    10:17    1:38   0.00s  0.00s script -f -c ba
root     pts/18   linux15.unix.nt  10:17    1:33   0.01s  0.01s script -f -c ba
root     pts/20   192.168.105.2    10:18    1:29   0.02s  0.02s script -f -c ba
root     pts/22   linux7.unix.nt   10:19   31.00s  0.00s  0.00s script -f -c ba
root     pts/24   192.168.107.2    10:19    0.00s  0.00s  0.00s script -f -c ba
root     pts/12   192.168.102.2    10:16    1:58   0.00s  0.00s script -f -c ba
root     pts/0    :pts/2:S.0       Mon17    0.00s  0.01s  0.01s script -f -c /b
root     pts/3    linux6.unix.nt   Mon17   24:26   0.00s  0.00s script -f -c ba
/dev/pts/22
10:19:11
#tcpdump -i eth0
10:22:56.747397 IP 10.0.35.100.ssh > linux7.unix.nt.53958: Flags [P.], seq 31008:31216, ack 1, win 857, options [nop,nop,TS val 17243909 ecr 199380], length 208
10:22:56.747443 IP 10.0.35.100.ssh > linux7.unix.nt.53958: Flags [P.], seq 31216:31408, ack 1, win 857, options [nop,nop,TS val 17243909 ecr 199380], length 192
10:22:56.747459 IP linux7.unix.nt.53958 > 10.0.35.100.ssh: Flags [.], ack 30592, win 1002, options [nop,nop,TS val 199380 ecr 17243909], length 0
10:22:56.747497 IP 10.0.35.100.ssh > linux7.unix.nt.53958: Flags [P.], seq 31408:31616, ack 1, win 857, options [nop,nop,TS val 17243909 ecr 199380], length 208
10:22:56.747549 IP 10.0.35.100.ssh > linux7.unix.nt.53958: Flags [P.], seq 31616:31824, ack 1, win 857, options [nop,nop,TS val 17243909 ecr 199380], length 208
10:22:56.747595 IP 10.0.35.100.ssh > linux7.unix.nt.53958: Flags [P.], seq 31824:32032, ack 1, win 857, options [nop,nop,TS val 17243909 ecr 199380], length 208
10:22:56.747641 IP 10.0.35.100.ssh > linux7.unix.nt.53958: Flags [P.], seq 32032:32240, ack 1, win 857, options [nop,nop,TS val 17243909 ecr 199380], length 208
10:22:56.747675 IP linux7.unix.nt.53958 > 10.0.35.100.ssh: Flags [.], ack 31616, win 1002, options [nop,nop,TS val 199380 ecr 17243909], length 0
10:22:56.747693 IP 10.0.35.100.ssh > linux7.unix.nt.53958: Flags [P.], seq 32240:32432, ack 1, win 857, options [nop,nop,TS val 17243909 ecr 199380], length 192
10:22:56.747740 IP 10.0.35.100.ssh > linux7.unix.nt.53958: Flags [P.], seq 32432:32640, ack 1, win 857, options [nop,nop,TS val 17243909 ecr 199380], length 208
...
10:22:56.777322 IP 10.0.35.100.ssh > linux7.unix.nt.53958: Flags [P.], seq 57472:57680, ack 1, win 857, options [nop,nop,TS val 17243916 ecr 199388], length 208
10:22:56.777368 IP 10.0.35.100.ssh > linux7.unix.nt.53958: Flags [P.], seq 57680:57888, ack 1, win 857, options [nop,nop,TS val 17243916 ecr 199388], length 208
10:22:56.777413 IP 10.0.35.100.ssh > linux7.unix.nt.53958: Flags [P.], seq 57888:58080, ack 1, win 857, options [nop,nop,TS val 17243916 ecr 199388], length 192
10:22:56.777454 IP linux7.unix.nt.53958 > 10.0.35.100.ssh: Flags [.], ack 57472, win 1002, options [nop,nop,TS val 199388 ecr 17243916], length 0
10:22:56.777472 IP 10.0.35.100.ssh > linux7.unix.nt.53958: Flags [P.], seq 58080:58288, ack 1, win 857, options [nop,nop,TS val 17243916 ecr 199388], length 208
10:22:56.777519 IP 10.0.35.100.ssh > linux7.unix.nt.53958: Flags [P.], seq 58288:58496, ack 1, win 857, options [nop,nop,TS val 17243916 ecr 199388], length 208
10:22:56.777565 IP 10.0.35.100.ssh > linux7.unix.nt.53958: Flags [P.], seq 58496:58704, ack 1, win 857, options [nop,nop,TS val 17243916 ecr 199388], length 208
10:22:56.777611 IP 10.0.35.100.ssh > linux7.unix.nt.53958: Flags [P.], seq 58704:58912, ack 1, win 857, options [nop,nop,TS val 17243916 ecr 199388], length 208
10:22:56.777650 IP linux7.unix.nt.53958 > 10.0.35.100.ssh: Flags [.], ack 58288, win 1002, options [nop,nop,TS val 199388 ecr 17243916], length 0
10:22:56.777664 IP 10.0.35.100.ssh > linux7.unix.nt.53958: Flags [P.], seq 58912:59120, ack 1, win 857, options [nop,nop,TS val 17243916 ecr 199388], length 208
/dev/pts/24
10:19:29
#screen -x
/dev/pts/0
10:19:42
#w
 10:26:07 up 19:17, 15 users,  load average: 0,02, 0,03, 0,00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/2    linux9.unix.nt   09:48   32:43   0.00s  0.00s script -f -c ba
root     pts/6    192.168.106.2    10:04   21:23   0.01s  0.01s script -f -c ba
root     pts/8    linux11.unix.nt  10:05   20:59   0.00s  0.00s script -f -c ba
root     pts/10   linux13.unix.nt  10:15    7:59   0.01s  0.01s script -f -c ba
root     pts/14   linux3.unix.nt   10:17    8:08   0.00s  0.00s script -f -c ba
root     pts/16   192.168.103.2    10:17    8:03   0.00s  0.00s script -f -c ba
root     pts/18   linux15.unix.nt  10:17    7:58   0.01s  0.01s script -f -c ba
root     pts/20   192.168.105.2    10:18    7:54   0.02s  0.02s script -f -c ba
root     pts/22   linux7.unix.nt   10:19    1.00s  0.17s  0.00s script -f -c ba
root     pts/24   192.168.107.2    10:19    6:25   0.00s  0.00s script -f -c ba
root     pts/26   192.168.104.8    10:19    6:16   0.01s  0.01s script -f -c ba
root     pts/28   192.168.108.2    10:24    0.00s  0.00s  0.00s script -f -c ba
root     pts/12   192.168.102.2    10:16   16.00s  0.00s  0.00s script -f -c ba
root     pts/0    :pts/2:S.0       Mon17    0.00s  0.01s  0.01s script -f -c /b
root     pts/3    linux6.unix.nt   Mon17   30:51   0.00s  0.00s script -f -c ba
/dev/pts/26
10:19:51
#screen -x
/dev/pts/28
10:23:15
#tcpdump -i eth0 -n
10:23:27.847180 IP 192.168.108.2.33194 > 10.0.35.100.22: Flags [.], ack 31136, win 1002, options [nop,nop,TS val 742186 ecr 17251683], length 0
10:23:27.847183 IP 192.168.108.2.33194 > 10.0.35.100.22: Flags [.], ack 31552, win 1002, options [nop,nop,TS val 742186 ecr 17251683], length 0
10:23:27.847224 IP 10.0.35.100.22 > 192.168.108.2.33194: Flags [P.], seq 34240:34448, ack 1, win 857, options [nop,nop,TS val 17251683 ecr 742186], length 208
10:23:27.847230 IP 192.168.108.2.33194 > 10.0.35.100.22: Flags [.], ack 31760, win 1002, options [nop,nop,TS val 742186 ecr 17251683], length 0
10:23:27.847234 IP 192.168.108.2.33194 > 10.0.35.100.22: Flags [.], ack 31968, win 1002, options [nop,nop,TS val 742186 ecr 17251683], length 0
10:23:27.847264 IP 192.168.108.2.33194 > 10.0.35.100.22: Flags [.], ack 32176, win 1002, options [nop,nop,TS val 742186 ecr 17251683], length 0
10:23:27.847299 IP 192.168.108.2.33194 > 10.0.35.100.22: Flags [.], ack 32384, win 1002, options [nop,nop,TS val 742186 ecr 17251683], length 0
10:23:27.847311 IP 192.168.108.2.33194 > 10.0.35.100.22: Flags [.], ack 32592, win 1002, options [nop,nop,TS val 742186 ecr 17251683], length 0
10:23:27.847321 IP 10.0.35.100.22 > 192.168.108.2.33194: Flags [P.], seq 34448:34656, ack 1, win 857, options [nop,nop,TS val 17251683 ecr 742186], length 208
10:23:27.847345 IP 192.168.108.2.33194 > 10.0.35.100.22: Flags [.], ack 32800, win 1002, options [nop,nop,TS val 742186 ecr 17251683], length 0
...
10:23:27.851571 IP 192.168.108.2.33194 > 10.0.35.100.22: Flags [.], ack 46368, win 1002, options [nop,nop,TS val 742187 ecr 17251683], length 0
10:23:27.851574 IP 10.0.35.100.22 > 192.168.108.2.33194: Flags [P.], seq 46976:47168, ack 1, win 857, options [nop,nop,TS val 17251683 ecr 742187], length 192
10:23:27.851635 IP 192.168.108.2.33194 > 10.0.35.100.22: Flags [.], ack 46576, win 1002, options [nop,nop,TS val 742187 ecr 17251683], length 0
10:23:27.851649 IP 10.0.35.100.22 > 192.168.108.2.33194: Flags [P.], seq 47168:47376, ack 1, win 857, options [nop,nop,TS val 17251683 ecr 742187], length 208
10:23:27.851667 IP 192.168.108.2.33194 > 10.0.35.100.22: Flags [.], ack 46768, win 1002, options [nop,nop,TS val 742187 ecr 17251683], length 0
10:23:27.851721 IP 10.0.35.100.22 > 192.168.108.2.33194: Flags [P.], seq 47376:47584, ack 1, win 857, options [nop,nop,TS val 17251683 ecr 742187], length 208
10:23:27.851739 IP 192.168.108.2.33194 > 10.0.35.100.22: Flags [.], ack 46976, win 1002, options [nop,nop,TS val 742187 ecr 17251683], length 0
10:23:27.851782 IP 10.0.35.100.22 > 192.168.108.2.33194: Flags [P.], seq 47584:47776, ack 1, win 857, options [nop,nop,TS val 17251683 ecr 742187], length 192
10:23:27.851827 IP 192.168.108.2.33194 > 10.0.35.100.22: Flags [.], ack 47168, win 1002, options [nop,nop,TS val 742187 ecr 17251683], length 0
10:23:27.851849 IP 10.0.35.100.22 > 192.168.108.2.33194: Flags [P.], seq 47776:47984, ack 1, win 857, options [nop,nop,TS val 17251683 ecr 742187], length 208
/dev/pts/22
10:23:24
#tcpdump -i eth0 host 192.168.15.6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
0 packets captured
0 packets received by filter
0 packets dropped by kernel
/dev/pts/28
10:24:11
#tcpdump -i eth0 -n not port 22
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
10:24:29.049657 IP 10.0.1.3.137 > 10.255.255.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:24:29.284010 IP 10.0.1.3.137 > 10.255.255.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:24:29.328065 IP 10.0.100.33.137 > 10.255.255.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:24:29.373002 02:01:00:00:00:00 > ff:ff:ff:ff:ff:ff, ethertype Unknown (0x886f), length 74:
        0x0000:  c001 dec0 0402 0000 0100 0000 0000 0000  ................
        0x0010:  0000 0000 0105 0000 0000 0000 7400 6f00  ............t.o.
        0x0020:  7000 6100 7a00 2e00 7400 6500 6300 6800  p.a.z...t.e.c.h.
        0x0030:  2e00 6900 6e00 6300 0000 0000            ..i.n.c.....
10:24:29.803296 ARP, Request who-has 10.0.1.5 (ff:ff:ff:ff:ff:ff) tell 10.0.1.5, length 46
...
10:24:41.065946 IP 10.0.1.3.137 > 10.255.255.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:24:41.315843 IP 10.0.52.1.137 > 10.255.255.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:24:41.331397 IP 10.0.100.33.137 > 10.255.255.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:24:41.652480 ARP, Request who-has 10.0.20.201 tell 10.0.1.7, length 46
10:24:41.802611 ARP, Request who-has 10.0.1.5 (ff:ff:ff:ff:ff:ff) tell 10.0.1.5, length 46
10:24:41.804069 ARP, Request who-has 10.0.13.2 (ff:ff:ff:ff:ff:ff) tell 10.0.13.2, length 46
10:24:41.997644 IP 10.0.67.1.138 > 10.255.255.255.138: NBT UDP PACKET(138)
134 packets captured
134 packets received by filter
0 packets dropped by kernel
/dev/pts/22
10:24:13
#tcpdump -i eth0 not host 192.168.15.7
10:24:31.598214 IP 10.0.1.3.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:24:31.599275 IP 10.0.35.100.ssh > 192.168.108.2.60432: Flags [P.], seq 4129:4385, ack 576, win 857, options [nop,nop,TS val 17267621 ecr 758111], length 256
10:24:31.599664 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 4385, win 704, options [nop,nop,TS val 758124 ecr 17267621], length 0
10:24:31.802549 ARP, Request who-has 10.0.1.5 (Broadcast) tell 10.0.1.5, length 46
10:24:31.802712 IP 10.0.35.100.ssh > 192.168.108.2.60432: Flags [P.], seq 4385:4513, ack 576, win 857, options [nop,nop,TS val 17267672 ecr 758124], length 128
10:24:31.803126 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 4513, win 729, options [nop,nop,TS val 758174 ecr 17267672], length 0
10:24:31.804566 ARP, Request who-has 10.0.13.2 (Broadcast) tell 10.0.13.2, length 46
10:24:31.804658 IP 10.0.35.100.ssh > 192.168.108.2.60432: Flags [P.], seq 4513:4641, ack 576, win 857, options [nop,nop,TS val 17267672 ecr 758174], length 128
10:24:31.805042 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 4641, win 753, options [nop,nop,TS val 758175 ecr 17267672], length 0
10:24:32.053593 IP 10.0.56.1.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
...
10:24:35.637909 ARP, Request who-has 10.0.20.201 tell 10.0.1.7, length 46
10:24:35.638012 IP 10.0.35.100.ssh > 192.168.108.2.60432: Flags [P.], seq 10337:10449, ack 576, win 857, options [nop,nop,TS val 17268630 ecr 759092], length 112
10:24:35.638373 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 10449, win 1002, options [nop,nop,TS val 759133 ecr 17268630], length 0
10:24:35.763172 IP 10.0.40.1.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:24:35.763289 IP 10.0.35.100.32769 > 10.0.35.1.domain: 11852+ PTR? 1.40.0.10.in-addr.arpa. (40)
10:24:35.763363 IP 10.0.35.100.ssh > 192.168.108.2.60432: Flags [P.], seq 10449:10593, ack 576, win 857, options [nop,nop,TS val 17268662 ecr 759133], length 144
10:24:35.763403 IP 10.0.35.100.ssh > 192.168.108.2.60432: Flags [P.], seq 10593:10737, ack 576, win 857, options [nop,nop,TS val 17268662 ecr 759133], length 144
10:24:35.763535 IP 10.0.35.1.domain > 10.0.35.100.32769: 11852 NXDomain 0/1/0 (117)
10:24:35.763661 IP 10.0.35.100.ssh > 192.168.108.2.60432: Flags [P.], seq 10737:10865, ack 576, win 857, options [nop,nop,TS val 17268662 ecr 759133], length 128
10:24:35.763792 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 10593, win 1002, options [nop,nop,TS val 759165 ecr 17268662], length 0
/dev/pts/28
10:24:42
#ыскÑscreen -x
root     pts/14   linux3.unix.nt   10:17    8:08   0.00s  0.00s script -f -c ba
root     pts/16   192.168.103.2    10:17    8:03   0.00s  0.00s script -f -c ba
root     pts/18   linux15.unix.nt  10:17    7:58   0.01s  0.01s script -f -c ba
root     pts/20   192.168.105.2    10:18    7:54   0.02s  0.02s script -f -c ba
root     pts/22   linux7.unix.nt   10:19    1.00s  0.17s  0.00s script -f -c ba
root     pts/24   192.168.107.2    10:19    6:25   0.00s  0.00s script -f -c ba
root     pts/26   192.168.104.8    10:19    6:16   0.01s  0.01s script -f -c ba
root     pts/28   192.168.108.2    10:24    0.00s  0.00s  0.00s script -f -c ba
root     pts/12   192.168.102.2    10:16   16.00s  0.00s  0.00s script -f -c ba
root     pts/0    :pts/2:S.0       Mon17    0.00s  0.01s  0.01s script -f -c /b
root     pts/3    linux6.unix.nt   Mon17   30:51   0.00s  0.00s script -f -c ba
/dev/pts/22
10:24:52
#tcpdump -i eth0 not host 192.168.15.7 not port 22
tcpdump: syntax error
10:25:02
#tcpdump -i eth0 not host 192.168.15.7 not port22
tcpdump: syntax error
10:25:05
#tcpdump -i eth0 not port22
tcpdump: syntax error
10:25:13
#tcpdump -i eth0 not port 22
        0x0000:  c001 dec0 0402 0000 0100 0000 0000 0000  ................
        0x0010:  0000 0000 0105 0000 0000 0000 7400 6f00  ............t.o.
        0x0020:  7000 6100 7a00 2e00 7400 6500 6300 6800  p.a.z...t.e.c.h.
        0x0030:  2e00 6900 6e00 6300 0000 0000            ..i.n.c.....
10:25:39.701068 IP 10.0.1.3.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:25:39.798743 ARP, Request who-has 10.0.1.5 (Broadcast) tell 10.0.1.5, length 46
10:25:39.802735 ARP, Request who-has 10.0.13.2 (Broadcast) tell 10.0.13.2, length 46
10:25:39.867027 IP 10.0.1.3.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:25:39.877649 IP 10.0.40.116.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:25:40.018981 IP 10.0.47.1.1165 > 255.255.255.255.1211: UDP, length 75
...
        0x0020:  7000 6100 7a00 2e00 7400 6500 6300 6800  p.a.z...t.e.c.h.
        0x0030:  2e00 6900 6e00 6300 0000 0000            ..i.n.c.....
10:25:49.798463 ARP, Request who-has 10.0.1.5 (Broadcast) tell 10.0.1.5, length 46
10:25:49.800836 ARP, Request who-has 10.0.13.2 (Broadcast) tell 10.0.13.2, length 46
10:25:51.031407 IP 10.0.100.28.netbios-dgm > 10.255.255.255.netbios-dgm: NBT UDP PACKET(138)
10:25:51.031524 IP 10.0.35.100.32769 > 10.0.35.1.domain: 7915+ PTR? 28.100.0.10.in-addr.arpa. (42)
10:25:51.031775 IP 10.0.35.1.domain > 10.0.35.100.32769: 7915 NXDomain 0/1/0 (119)
419 packets captured
419 packets received by filter
0 packets dropped by kernel
10:25:51
#tcpdump -i eth0 not host 192.168.15.7&not port 22
[1] 10497
bash: not: команда не найдена
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
10:26:18.078802 ARP, Request who-has 10.0.14.50 tell 10.0.1.120, length 46
10:26:18.079201 IP 10.0.35.100.32769 > 10.0.35.1.domain: 44512+ PTR? 50.14.0.10.in-addr.arpa. (41)
10:26:18.079383 IP 10.0.35.1.domain > 10.0.35.100.32769: 44512 NXDomain 0/1/0 (118)
10:26:18.079448 IP 10.0.35.100.32769 > 10.0.35.1.domain: 37467+ PTR? 120.1.0.10.in-addr.arpa. (41)
10:26:18.079624 IP 10.0.35.1.domain > 10.0.35.100.32769: 37467 NXDomain 0/1/0 (118)
10:26:18.079773 IP 10.0.35.100.32769 > 10.0.35.1.domain: 48324+ PTR? 1.35.0.10.in-addr.arpa. (40)
10:26:18.079902 IP 10.0.35.1.domain > 10.0.35.100.32769: 48324 NXDomain 0/1/0 (117)
10:26:18.079950 IP 10.0.35.100.32769 > 10.0.35.1.domain: 49322+ PTR? 100.35.0.10.in-addr.arpa. (42)
10:26:18.080100 IP 10.0.35.1.domain > 10.0.35.100.32769: 49322 NXDomain 0/1/0 (119)
10:26:18.088202 IP 10.0.35.100.32769 > 10.0.35.1.domain: 33827+ A? xgu.ru. (24)
10:26:18.088355 IP 10.0.35.1.domain > 10.0.35.100.32769: 33827 1/3/0 A 194.150.93.78 (106)
/dev/pts/0
10:26:07
#apt-cache search tcpdump
acidlab - Analysis Console for Intrusion Databases
argus-client - IP network transaction auditing tool
argus-server - IP network transaction auditing tool
bittwist - libpcap-based Ethernet packet generator
dhcpdump - Parse DHCP packets from tcpdump
ftp-ssl - The FTP client with SSL or TLS encryption support
ftpd-ssl - FTP server with SSL encryption support
ipgrab - Tcpdump-like utility that prints detailed header information
libnet-pcap-perl - Perl binding to the LBL pcap packet capture library
net-acct - User-mode IP accounting daemon
...
tcpreplay - Tool to replay saved tcpdump files at arbitrary speeds
tcpslice - extract pieces of and/or glue together tcpdump files
tcpspy - Incoming and Outgoing TCP/IP connections logger
tcpstat - network interface statistics reporting tool
tcptrace - Tool for analyzing tcpdump output
tcpxtract - extracts files from network traffic based on file signatures
telnet-ssl - The telnet client with SSL encryption support
telnetd-ssl - The telnet server with SSL encryption support
ulogd-pcap - pcap extension to ulogd
tcpdump - мощный инструмент для сетевого мониторинга и перехвата трафика
/dev/pts/22
10:26:17
#10:26:18.091744 IP 10.0.35.100.53449 > chub.in.18030: Flags [S], seq 1557901188, win 5840, options [mss 1460,sackOK,TS val 17294242 ecr 0,nop,wscale 4], length 0
10:26:44.795761 ARP, Request who-has 10.0.28.2 tell 10.0.2.1, length 46
10:26:44.795889 IP 10.0.35.100.32769 > 10.0.35.1.domain: 53913+ PTR? 1.2.0.10.in-addr.arpa. (39)
10:26:44.796058 IP 10.0.35.1.domain > 10.0.35.100.32769: 53913 NXDomain 0/1/0 (116)
10:26:44.831430 IP 10.0.40.116.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:26:44.995589 IP 10.0.52.1.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:26:45.057315 IP 10.0.1.3.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:26:45.353539 ARP, Request who-has 10.0.10.223 tell 10.0.10.222, length 46
10:26:45.384479 IP 10.0.67.1.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:26:45.581655 IP 10.0.40.116.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:26:45.746734 IP 10.0.52.1.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
...
10:26:54.963506 IP 10.0.35.100.ssh > 192.168.15.253.43536: Flags [P.], seq 3276:3324, ack 2897, win 956, options [nop,nop,TS val 17303459 ecr 23198807], length 48
10:26:54.963681 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [.], ack 3324, win 239, options [nop,nop,TS val 23198807 ecr 17303459], length 0
10:26:54.966964 ARP, Request who-has 192.168.14.1 tell 192.168.14.7, length 46
10:26:54.967082 IP 10.0.35.100.32769 > 10.0.35.1.domain: 59485+ PTR? 1.14.168.192.in-addr.arpa. (43)
10:26:54.967212 ARP, Request who-has 192.168.14.7 tell 192.168.14.1, length 46
10:26:54.967350 IP 10.0.35.1.domain > 10.0.35.100.32769: 59485 NXDomain 0/1/0 (120)
10:26:54.967403 IP 10.0.35.100.32769 > 10.0.35.1.domain: 50018+ PTR? 7.14.168.192.in-addr.arpa. (43)
10:26:54.994646 ARP, Request who-has 10.0.1.120 tell 10.0.1.123, length 46
10:26:55.009334 ARP, Request who-has 10.0.52.1 tell 10.0.1.25, length 46
10:26:55.026464 IP 10.0.35.1.domain > 10.0.35.100.32769: 50018 NXDomain 0/1/0 (120)
/dev/pts/30
10:26:53
#screen -x
/dev/pts/22
10:26:55
#10:26:55.165501 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [P.], seq 2897:2945, ack 3324, win 239, options [nop,nop,TS val 23198858 ecr 17303459], length 48
10:26:57.371914 IP 192.168.106.2.56161 > 10.0.35.100.ssh: Flags [.], ack 144, win 1002, options [nop,nop,TS val 513645 ecr 17304061], length 0
10:26:57.371989 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 144, win 1002, options [nop,nop,TS val 794565 ecr 17304061], length 0
10:26:57.372040 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [.], ack 6156, win 435, options [nop,nop,TS val 23199409 ecr 17304061], length 0
10:26:57.372166 IP 192.168.107.2.50456 > 10.0.35.100.ssh: Flags [.], ack 144, win 1002, options [nop,nop,TS val 22359071 ecr 17304061], length 0
10:26:57.372277 IP 192.168.103.2.55618 > 10.0.35.100.ssh: Flags [.], ack 144, win 1002, options [nop,nop,TS val 276914 ecr 17304061], length 0
10:26:57.372973 IP 192.168.105.2.39155 > 10.0.35.100.ssh: Flags [.], ack 144, win 1002, options [nop,nop,TS val 367703 ecr 17304061], length 0
10:26:57.434716 ARP, Request who-has 10.0.10.222 tell 10.0.10.26, length 46
10:26:57.434848 IP 10.0.35.100.32769 > 10.0.35.1.domain: 5828+ PTR? 26.10.0.10.in-addr.arpa. (41)
10:26:57.441397 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [P.], seq 3425:3473, ack 6156, win 435, options [nop,nop,TS val 23199427 ecr 17304061], length 48
10:26:57.441758 IP 10.0.35.100.ssh > linux6.unix.nt.48936: Flags [P.], seq 144:192, ack 1, win 857, options [nop,nop,TS val 17304079 ecr 22245058], length 48
...
10:26:57.883056 IP 10.0.35.100.ssh > 192.168.108.2.60432: Flags [P.], seq 336:384, ack 1, win 857, options [nop,nop,TS val 17304189 ecr 794662], length 48
10:26:57.883080 IP 10.0.35.100.ssh > 192.168.15.253.43536: Flags [P.], seq 6348:6396, ack 3665, win 956, options [nop,nop,TS val 17304189 ecr 23199537], length 48
10:26:57.883110 IP 192.168.102.2.50364 > 10.0.35.100.ssh: Flags [.], ack 384, win 1002, options [nop,nop,TS val 100634 ecr 17304189], length 0
10:26:57.883113 IP linux15.unix.nt.58191 > 10.0.35.100.ssh: Flags [.], ack 384, win 1002, options [nop,nop,TS val 796099 ecr 17304189], length 0
10:26:57.883134 IP 192.168.106.2.56161 > 10.0.35.100.ssh: Flags [.], ack 384, win 1002, options [nop,nop,TS val 513773 ecr 17304189], length 0
10:26:57.883214 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 384, win 1002, options [nop,nop,TS val 794692 ecr 17304189], length 0
10:26:57.883267 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [.], ack 6396, win 435, options [nop,nop,TS val 23199537 ecr 17304189], length 0
10:26:57.883388 IP 192.168.107.2.50456 > 10.0.35.100.ssh: Flags [.], ack 384, win 1002, options [nop,nop,TS val 22359199 ecr 17304189], length 0
10:26:57.883500 IP 192.168.103.2.55618 > 10.0.35.100.ssh: Flags [.], ack 384, win 1002, options [nop,nop,TS val 277041 ecr 17304189], length 0
10:26:57.884199 IP 192.168.105.2.39155 > 10.0.35.100.ssh: Flags [.], ack 384, win 1002, options [nop,nop,TS val 367831 ecr 17304189], length 0
10:26:57
#10:26:57.962595 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [P.], seq 3665:3713, ack 6396, win 435, options [nop,nop,TS val 23199557 ecr 17304189], length 48
10:26:58.799283 IP 10.0.40.116.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:26:58.831333 ARP, Request who-has 10.0.1.25 tell 10.0.20.1, length 46
10:26:58.875608 ARP, Request who-has 10.0.44.1 tell 10.0.1.7, length 46
10:26:58.889931 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [P.], seq 3905:3953, ack 6636, win 435, options [nop,nop,TS val 23199789 ecr 17304391], length 48
10:26:58.890431 IP 10.0.35.100.ssh > linux6.unix.nt.48936: Flags [P.], seq 624:672, ack 1, win 857, options [nop,nop,TS val 17304439 ecr 22245388], length 48
10:26:58.890462 IP 10.0.35.100.ssh > linux9.unix.nt.58891: Flags [P.], seq 624:672, ack 1, win 857, options [nop,nop,TS val 17304439 ecr 546815], length 48
10:26:58.890492 IP 10.0.35.100.ssh > 192.168.106.2.56161: Flags [P.], seq 624:672, ack 1, win 857, options [nop,nop,TS val 17304439 ecr 513975], length 48
10:26:58.890521 IP 10.0.35.100.ssh > linux11.unix.nt.51451: Flags [P.], seq 624:672, ack 1, win 857, options [nop,nop,TS val 17304439 ecr 17828106], length 48
10:26:58.890549 IP 10.0.35.100.ssh > linux13.unix.nt.51768: Flags [P.], seq 624:672, ack 1, win 956, options [nop,nop,TS val 17304439 ecr 16744886], length 48
10:26:58.890578 IP linux6.unix.nt.48936 > 10.0.35.100.ssh: Flags [.], ack 672, win 1002, options [nop,nop,TS val 22245438 ecr 17304439], length 0
...
10:26:59.437843 IP linux11.unix.nt.51451 > 10.0.35.100.ssh: Flags [.], ack 864, win 1002, options [nop,nop,TS val 17828293 ecr 17304576], length 0
10:26:59.437846 IP 192.168.106.2.56161 > 10.0.35.100.ssh: Flags [.], ack 864, win 1002, options [nop,nop,TS val 514162 ecr 17304576], length 0
10:26:59.437850 IP 192.168.102.2.50364 > 10.0.35.100.ssh: Flags [.], ack 864, win 1002, options [nop,nop,TS val 101023 ecr 17304576], length 0
10:26:59.437866 IP linux15.unix.nt.58191 > 10.0.35.100.ssh: Flags [.], ack 864, win 1002, options [nop,nop,TS val 796488 ecr 17304576], length 0
10:26:59.437871 IP 10.0.35.100.ssh > 192.168.15.253.43536: Flags [P.], seq 6828:6876, ack 4145, win 956, options [nop,nop,TS val 17304576 ecr 23199925], length 48
10:26:59.438023 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 864, win 1002, options [nop,nop,TS val 795081 ecr 17304576], length 0
10:26:59.438050 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [.], ack 6876, win 435, options [nop,nop,TS val 23199926 ecr 17304576], length 0
10:26:59.438159 IP 192.168.103.2.55618 > 10.0.35.100.ssh: Flags [.], ack 864, win 1002, options [nop,nop,TS val 277430 ecr 17304576], length 0
10:26:59.438312 IP 192.168.107.2.50456 > 10.0.35.100.ssh: Flags [.], ack 864, win 1002, options [nop,nop,TS val 22359588 ecr 17304576], length 0
10:26:59.439076 IP 192.168.105.2.39155 > 10.0.35.100.ssh: Flags [.], ack 864, win 1002, options [nop,nop,TS val 368220 ecr 17304576], length 0
10:26:59
#10:26:59.534143 ARP, Request who-has 10.0.20.201 tell 10.0.1.7, length 46
10:26:59.549551 IP 10.0.40.116.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:26:59.766323 IP 10.0.1.3.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:26:59.795669 ARP, Request who-has 10.0.1.5 (Broadcast) tell 10.0.1.5, length 46
10:26:59.797460 ARP, Request who-has 10.0.13.2 (Broadcast) tell 10.0.13.2, length 46
10:26:59.807674 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [P.], seq 4145:4193, ack 6876, win 435, options [nop,nop,TS val 23200018 ecr 17304576], length 48
10:26:59.808224 IP 10.0.35.100.ssh > linux6.unix.nt.48936: Flags [P.], seq 864:912, ack 1, win 857, options [nop,nop,TS val 17304669 ecr 22245574], length 48
10:26:59.808257 IP 10.0.35.100.ssh > linux9.unix.nt.58891: Flags [P.], seq 864:912, ack 1, win 857, options [nop,nop,TS val 17304669 ecr 547002], length 48
10:26:59.808288 IP 10.0.35.100.ssh > 192.168.106.2.56161: Flags [P.], seq 864:912, ack 1, win 857, options [nop,nop,TS val 17304669 ecr 514162], length 48
10:26:59.808318 IP 10.0.35.100.ssh > linux11.unix.nt.51451: Flags [P.], seq 864:912, ack 1, win 857, options [nop,nop,TS val 17304669 ecr 17828293], length 48
10:26:59.808348 IP 10.0.35.100.ssh > linux13.unix.nt.51768: Flags [P.], seq 864:912, ack 1, win 956, options [nop,nop,TS val 17304669 ecr 16745072], length 48
...
10:27:00.009366 IP 192.168.106.2.56161 > 10.0.35.100.ssh: Flags [.], ack 960, win 1002, options [nop,nop,TS val 514304 ecr 17304719], length 0
10:27:00.009380 IP 10.0.35.100.ssh > 192.168.15.253.43536: Flags [P.], seq 6924:6972, ack 4241, win 956, options [nop,nop,TS val 17304719 ecr 23200068], length 48
10:27:00.009389 IP 192.168.102.2.50364 > 10.0.35.100.ssh: Flags [.], ack 960, win 1002, options [nop,nop,TS val 101166 ecr 17304719], length 0
10:27:00.009391 IP linux15.unix.nt.58191 > 10.0.35.100.ssh: Flags [.], ack 960, win 1002, options [nop,nop,TS val 796631 ecr 17304719], length 0
10:27:00.009541 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 960, win 1002, options [nop,nop,TS val 795224 ecr 17304719], length 0
10:27:00.009554 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [.], ack 6972, win 435, options [nop,nop,TS val 23200069 ecr 17304719], length 0
10:27:00.009669 IP 192.168.103.2.55618 > 10.0.35.100.ssh: Flags [.], ack 960, win 1002, options [nop,nop,TS val 277573 ecr 17304719], length 0
10:27:00.009833 IP 192.168.107.2.50456 > 10.0.35.100.ssh: Flags [.], ack 960, win 1002, options [nop,nop,TS val 22359731 ecr 17304719], length 0
10:27:00.010584 IP 192.168.105.2.39155 > 10.0.35.100.ssh: Flags [.], ack 960, win 1002, options [nop,nop,TS val 368363 ecr 17304719], length 0
10:27:00.028339 IP 10.0.47.1.1165 > 255.255.255.255.1211: UDP, length 75
10:27:00
#10:27:00.161568 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [P.], seq 4241:4289, ack 6972, win 435, options [nop,nop,TS val 23200107 ecr 17304719], length 48
10:27:00.162127 IP 10.0.35.100.ssh > linux6.unix.nt.48936: Flags [P.], seq 960:1008, ack 1, win 857, options [nop,nop,TS val 17304759 ecr 22245717], length 48
10:27:00.162165 IP 10.0.35.100.ssh > linux9.unix.nt.58891: Flags [P.], seq 960:1008, ack 1, win 857, options [nop,nop,TS val 17304759 ecr 547145], length 48
10:27:00.162203 IP 10.0.35.100.ssh > 192.168.106.2.56161: Flags [P.], seq 960:1008, ack 1, win 857, options [nop,nop,TS val 17304759 ecr 514304], length 48
10:27:00.162235 IP 10.0.35.100.ssh > linux11.unix.nt.51451: Flags [P.], seq 960:1008, ack 1, win 857, options [nop,nop,TS val 17304759 ecr 17828435], length 48
10:27:00.162273 IP 10.0.35.100.ssh > linux13.unix.nt.51768: Flags [P.], seq 960:1008, ack 1, win 956, options [nop,nop,TS val 17304759 ecr 16745215], length 48
10:27:00.162282 IP linux6.unix.nt.48936 > 10.0.35.100.ssh: Flags [.], ack 1008, win 1002, options [nop,nop,TS val 22245756 ecr 17304759], length 0
10:27:00.162316 IP linux9.unix.nt.58891 > 10.0.35.100.ssh: Flags [.], ack 1008, win 1002, options [nop,nop,TS val 547183 ecr 17304759], length 0
10:27:00.162359 IP 10.0.35.100.ssh > 192.168.102.2.50364: Flags [P.], seq 960:1008, ack 1, win 857, options [nop,nop,TS val 17304759 ecr 101166], length 48
10:27:00.162397 IP 10.0.35.100.ssh > linux3.unix.nt.33397: Flags [P.], seq 960:1008, ack 1, win 857, options [nop,nop,TS val 17304759 ecr 263864], length 48
10:27:00.162410 IP linux13.unix.nt.51768 > 10.0.35.100.ssh: Flags [.], ack 1008, win 1002, options [nop,nop,TS val 16745254 ecr 17304759], length 0
...
10:27:00.535405 IP 192.168.102.2.50364 > 10.0.35.100.ssh: Flags [.], ack 1152, win 1002, options [nop,nop,TS val 101297 ecr 17304851], length 0
10:27:00.535418 IP 192.168.106.2.56161 > 10.0.35.100.ssh: Flags [.], ack 1152, win 1002, options [nop,nop,TS val 514436 ecr 17304851], length 0
10:27:00.535445 IP 10.0.35.100.ssh > 192.168.108.2.60432: Flags [P.], seq 1104:1152, ack 1, win 857, options [nop,nop,TS val 17304851 ecr 795340], length 48
10:27:00.535467 IP 10.0.35.100.ssh > 192.168.15.253.43536: Flags [P.], seq 7116:7164, ack 4433, win 956, options [nop,nop,TS val 17304851 ecr 23200200], length 48
10:27:00.535494 IP linux15.unix.nt.58191 > 10.0.35.100.ssh: Flags [.], ack 1152, win 1002, options [nop,nop,TS val 796762 ecr 17304851], length 0
10:27:00.535629 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 1152, win 1002, options [nop,nop,TS val 795356 ecr 17304851], length 0
10:27:00.535647 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [.], ack 7164, win 435, options [nop,nop,TS val 23200200 ecr 17304851], length 0
10:27:00.535764 IP 192.168.103.2.55618 > 10.0.35.100.ssh: Flags [.], ack 1152, win 1002, options [nop,nop,TS val 277705 ecr 17304851], length 0
10:27:00.535894 IP 192.168.107.2.50456 > 10.0.35.100.ssh: Flags [.], ack 1152, win 1002, options [nop,nop,TS val 22359862 ecr 17304851], length 0
10:27:00.536677 IP 192.168.105.2.39155 > 10.0.35.100.ssh: Flags [.], ack 1152, win 1002, options [nop,nop,TS val 368494 ecr 17304851], length 0
10:27:00
#10:27:00.591787 IP 10.0.40.1.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:27:00.815311 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [P.], seq 4433:4481, ack 7164, win 435, options [nop,nop,TS val 23200270 ecr 17304851], length 48
10:27:00.816344 IP 10.0.35.100.ssh > linux6.unix.nt.48936: Flags [P.], seq 1152:1200, ack 1, win 857, options [nop,nop,TS val 17304921 ecr 22245849], length 48
10:27:00.816383 IP 10.0.35.100.ssh > linux9.unix.nt.58891: Flags [P.], seq 1152:1200, ack 1, win 857, options [nop,nop,TS val 17304921 ecr 547276], length 48
10:27:00.816420 IP 10.0.35.100.ssh > 192.168.106.2.56161: Flags [P.], seq 1152:1200, ack 1, win 857, options [nop,nop,TS val 17304921 ecr 514436], length 48
10:27:00.816451 IP 10.0.35.100.ssh > linux11.unix.nt.51451: Flags [P.], seq 1152:1200, ack 1, win 857, options [nop,nop,TS val 17304921 ecr 17828567], length 48
10:27:00.816489 IP 10.0.35.100.ssh > linux13.unix.nt.51768: Flags [P.], seq 1152:1200, ack 1, win 956, options [nop,nop,TS val 17304921 ecr 16745347], length 48
10:27:00.816519 IP linux6.unix.nt.48936 > 10.0.35.100.ssh: Flags [.], ack 1200, win 1002, options [nop,nop,TS val 22245919 ecr 17304921], length 0
10:27:00.816529 IP 10.0.35.100.ssh > 192.168.102.2.50364: Flags [P.], seq 1152:1200, ack 1, win 857, options [nop,nop,TS val 17304921 ecr 101297], length 48
10:27:00.816542 IP linux9.unix.nt.58891 > 10.0.35.100.ssh: Flags [.], ack 1200, win 1002, options [nop,nop,TS val 547347 ecr 17304921], length 0
10:27:00.816565 IP 10.0.35.100.ssh > linux3.unix.nt.33397: Flags [P.], seq 1152:1200, ack 1, win 857, options [nop,nop,TS val 17304921 ecr 263996], length 48
...
10:27:00.816796 IP 192.168.106.2.56161 > 10.0.35.100.ssh: Flags [.], ack 1200, win 1002, options [nop,nop,TS val 514506 ecr 17304921], length 0
10:27:00.816799 IP 192.168.102.2.50364 > 10.0.35.100.ssh: Flags [.], ack 1200, win 1002, options [nop,nop,TS val 101368 ecr 17304921], length 0
10:27:00.816807 IP 10.0.35.100.ssh > 192.168.15.253.43536: Flags [P.], seq 7164:7228, ack 4481, win 956, options [nop,nop,TS val 17304921 ecr 23200270], length 64
10:27:00.816814 IP linux15.unix.nt.58191 > 10.0.35.100.ssh: Flags [.], ack 1200, win 1002, options [nop,nop,TS val 796833 ecr 17304921], length 0
10:27:00.816956 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 1200, win 1002, options [nop,nop,TS val 795426 ecr 17304921], length 0
10:27:00.816978 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [.], ack 7228, win 435, options [nop,nop,TS val 23200270 ecr 17304921], length 0
10:27:00.817110 IP 192.168.103.2.55618 > 10.0.35.100.ssh: Flags [.], ack 1200, win 1002, options [nop,nop,TS val 277775 ecr 17304921], length 0
10:27:00.817272 IP 192.168.107.2.50456 > 10.0.35.100.ssh: Flags [.], ack 1200, win 1002, options [nop,nop,TS val 22359933 ecr 17304921], length 0
10:27:00.818037 IP 192.168.105.2.39155 > 10.0.35.100.ssh: Flags [.], ack 1200, win 1002, options [nop,nop,TS val 368565 ecr 17304921], length 0
10:27:01.050241 IP 10.0.40.116.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:27:01
#10:27:01.261658 IP 10.0.1.3.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:27:01.342109 IP 10.0.40.1.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:27:01
#10:27:01.694283 IP 10.0.35.100.ssh > linux6.unix.nt.48936: Flags [P.], seq 1200:1296, ack 1, win 857, options [nop,nop,TS val 17305141 ecr 22245919], length 96
10:27:01.780120 IP 192.168.105.2.39155 > 10.0.35.100.ssh: Flags [.], ack 1856, win 1002, options [nop,nop,TS val 368805 ecr 17305161], length 0
10:27:01.795590 ARP, Request who-has 10.0.1.5 (Broadcast) tell 10.0.1.5, length 46
10:27:01.797512 ARP, Request who-has 10.0.13.2 (Broadcast) tell 10.0.13.2, length 46
10:27:01.801170 IP 10.0.40.116.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:27:01.832813 IP 10.0.35.100.ssh > linux6.unix.nt.48936: Flags [P.], seq 1856:1968, ack 1, win 857, options [nop,nop,TS val 17305176 ecr 22246160], length 112
10:27:01.832855 IP 10.0.35.100.ssh > linux9.unix.nt.58891: Flags [P.], seq 1856:1968, ack 1, win 857, options [nop,nop,TS val 17305176 ecr 547587], length 112
10:27:01.832892 IP 10.0.35.100.ssh > 192.168.106.2.56161: Flags [P.], seq 1856:1968, ack 1, win 857, options [nop,nop,TS val 17305176 ecr 514747], length 112
10:27:01.832923 IP 10.0.35.100.ssh > linux11.unix.nt.51451: Flags [P.], seq 1856:1968, ack 1, win 857, options [nop,nop,TS val 17305176 ecr 17828878], length 112
10:27:01.832958 IP 10.0.35.100.ssh > linux13.unix.nt.51768: Flags [P.], seq 1856:1968, ack 1, win 956, options [nop,nop,TS val 17305176 ecr 16745658], length 112
10:27:01.832987 IP linux6.unix.nt.48936 > 10.0.35.100.ssh: Flags [.], ack 1968, win 1002, options [nop,nop,TS val 22246173 ecr 17305176], length 0
...
10:27:02.113724 IP 192.168.103.2.55618 > 10.0.35.100.ssh: Flags [.], ack 2256, win 1002, options [nop,nop,TS val 278099 ecr 17305246], length 0
10:27:02.114257 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [.], ack 8284, win 435, options [nop,nop,TS val 23200595 ecr 17305246], length 0
10:27:02.114362 IP 192.168.107.2.50456 > 10.0.35.100.ssh: Flags [.], ack 2256, win 1002, options [nop,nop,TS val 22360257 ecr 17305246], length 0
10:27:02.114402 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 2256, win 1002, options [nop,nop,TS val 795750 ecr 17305246], length 0
10:27:02.114405 IP 192.168.105.2.39155 > 10.0.35.100.ssh: Flags [.], ack 2256, win 1002, options [nop,nop,TS val 368889 ecr 17305246], length 0
10:27:02.114527 IP chub.in.18030 > 10.0.35.100.53451: Flags [.], ack 23625, win 430, options [nop,nop,TS val 687690722 ecr 17305244], length 0
10:27:02.115178 IP 10.0.35.100.ssh > linux6.unix.nt.48936: Flags [P.], seq 2256:2336, ack 1, win 857, options [nop,nop,TS val 17305246 ecr 22246243], length 80
10:27:02.115206 IP 10.0.35.100.ssh > linux9.unix.nt.58891: Flags [P.], seq 2256:2336, ack 1, win 857, options [nop,nop,TS val 17305246 ecr 547671], length 80
10:27:02.115230 IP 10.0.35.100.ssh > 192.168.106.2.56161: Flags [P.], seq 2256:2336, ack 1, win 857, options [nop,nop,TS val 17305246 ecr 514830], length 80
10:27:02.115256 IP 10.0.35.100.ssh > linux11.unix.nt.51451: Flags [P.], seq 2256:2336, ack 1, win 857, options [nop,nop,TS val 17305246 ecr 17828961], length 80
/dev/pts/0
10:27:02
#apt-cache search tcpdump | less
/dev/pts/22
10:27:03
#10:27:03.305280 ARP, Request who-has 10.0.10.223 tell 10.0.10.222, length 46
10:27:03.411113 IP 10.0.40.116.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:27:03.490740 ARP, Request who-has 10.0.20.201 tell 10.0.1.7, length 46
10:27:03.607089 IP 10.0.40.1.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:27:03.795127 ARP, Request who-has 10.0.1.5 (Broadcast) tell 10.0.1.5, length 46
10:27:03.797305 ARP, Request who-has 10.0.13.2 (Broadcast) tell 10.0.13.2, length 46
10:27:04
#10:27:04.161516 IP 10.0.40.116.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:27:04.304905 ARP, Request who-has 10.0.10.223 tell 10.0.10.222, length 46
10:27:04.566797 ARP, Request who-has 10.0.20.201 tell 10.0.1.7, length 46
10:27:04.620367 IP 10.0.20.1.59331 > 255.255.255.255.1211: UDP, length 75
10:27:04.698895 ARP, Request who-has 10.0.83.1 tell 10.0.1.7, length 46
10:27:05.115535 IP 10.0.40.116.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:27:05.286526 ARP, Request who-has 10.0.3.4 tell 10.0.10.42, length 46
10:27:05.304967 ARP, Request who-has 10.0.10.223 tell 10.0.10.222, length 46
10:27:05
#10:27:05.795184 ARP, Request who-has 10.0.1.5 (Broadcast) tell 10.0.1.5, length 46
10:27:05.797192 ARP, Request who-has 10.0.13.2 (Broadcast) tell 10.0.13.2, length 46
10:27:05.850809 IP 10.0.40.116.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
c10:27:06.601395 IP 10.0.40.116.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:27:06.767730 IP 10.0.30.1.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:27:07
#10:27:07.514570 ARP, Request who-has 10.0.20.201 tell 10.0.1.7, length 46
10:27:07.517164 IP 10.0.30.1.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:27:07.758519 IP 10.0.40.116.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:27:07.790874 ARP, Request who-has 10.0.1.5 (Broadcast) tell 10.0.1.5, length 46
10:27:07.797109 ARP, Request who-has 10.0.13.2 (Broadcast) tell 10.0.13.2, length 46
10:27:07.959918 ARP, Request who-has 10.0.2.2 tell 10.0.18.1, length 46
10:27:07.960043 IP 10.0.35.100.32769 > 10.0.35.1.domain: 33936+ PTR? 2.2.0.10.in-addr.arpa. (39)
10:27:07.960365 IP 10.0.35.1.domain > 10.0.35.100.32769: 33936 NXDomain 0/1/0 (116)
10:27:08.024147 IP6 fe80::14ea:1c2e:316d:46bf.546 > ff02::1:2.547: dhcp6 solicit
c10:27:08.267255 IP 10.0.30.1.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:27:08.330246 ARP, Request who-has 10.0.1.4 tell 10.0.18.1, length 46
10:27:08.420863 ARP, Request who-has 10.0.20.201 tell 10.0.1.7, length 46
10:27:08.508311 IP 10.0.40.116.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
c
10:27:08
#10:27:08.851005 IP 10.0.4.5.49310 > 10.255.255.255.3052: UDP, length 569
10:27:08.853794 IP 10.0.1.121.netbios-dgm > 10.255.255.255.netbios-dgm: NBT UDP PACKET(138)
10:27:09.112391 ARP, Request who-has 10.0.1.7 tell 10.0.1.121, length 46
10:27:09.259152 IP 10.0.40.116.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:27:09.387756 02:01:00:00:00:00 (oui Unknown) > Broadcast, ethertype Unknown (0x886f), length 74:
        0x0000:  c001 dec0 0402 0000 0100 0000 0000 0000  ................
        0x0010:  0000 0000 0105 0000 0000 0000 7400 6f00  ............t.o.
        0x0020:  7000 6100 7a00 2e00 7400 6500 6300 6800  p.a.z...t.e.c.h.
        0x0030:  2e00 6900 6e00 6300 0000 0000            ..i.n.c.....
10:27:09.596586 ARP, Request who-has 10.0.20.201 tell 10.0.1.7, length 46
10:27:09.643284 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [P.], seq 4481:4529, ack 10092, win 484, options [nop,nop,TS val 23202477 ecr 17305357], length 48
...
10:27:09.644526 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [.], ack 10156, win 484, options [nop,nop,TS val 23202477 ecr 17307129], length 0
10:27:09.644553 IP linux15.unix.nt.58191 > 10.0.35.100.ssh: Flags [.], ack 4128, win 1002, options [nop,nop,TS val 799040 ecr 17307129], length 0
10:27:09.644654 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 4128, win 1002, options [nop,nop,TS val 797633 ecr 17307129], length 0
10:27:09.644686 IP 192.168.103.2.55618 > 10.0.35.100.ssh: Flags [.], ack 4128, win 1002, options [nop,nop,TS val 279982 ecr 17307129], length 0
10:27:09.644797 IP 192.168.107.2.50456 > 10.0.35.100.ssh: Flags [.], ack 4128, win 1002, options [nop,nop,TS val 22362140 ecr 17307129], length 0
10:27:09.645591 IP 192.168.105.2.39155 > 10.0.35.100.ssh: Flags [.], ack 4128, win 1002, options [nop,nop,TS val 370772 ecr 17307129], length 0
10:27:09.795365 ARP, Request who-has 10.0.1.5 (Broadcast) tell 10.0.1.5, length 46
10:27:09.799996 ARP, Request who-has 10.0.13.2 (Broadcast) tell 10.0.13.2, length 46
10:27:09.873269 ARP, Request who-has 10.0.19.1 tell 10.0.1.7, length 46
10:27:09.873302 ARP, Request who-has 10.0.19.1 tell 10.0.1.7, length 46
10:27:09
#10:27:10.427789 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [P.], seq 4529:4577, ack 10156, win 484, options [nop,nop,TS val 23202673 ecr 17307129], length 48
10:27:10.428388 IP 10.0.35.100.ssh > linux6.unix.nt.48936: Flags [P.], seq 4128:4176, ack 1, win 857, options [nop,nop,TS val 17307325 ecr 22248126], length 48
10:27:10.428428 IP 10.0.35.100.ssh > linux9.unix.nt.58891: Flags [P.], seq 4128:4176, ack 1, win 857, options [nop,nop,TS val 17307325 ecr 549554], length 48
10:27:10.428466 IP 10.0.35.100.ssh > 192.168.106.2.56161: Flags [P.], seq 4128:4176, ack 1, win 857, options [nop,nop,TS val 17307325 ecr 516713], length 48
10:27:10.428500 IP 10.0.35.100.ssh > linux11.unix.nt.51451: Flags [P.], seq 4128:4176, ack 1, win 857, options [nop,nop,TS val 17307325 ecr 17830844], length 48
10:27:10.428539 IP 10.0.35.100.ssh > linux13.unix.nt.51768: Flags [P.], seq 4128:4176, ack 1, win 956, options [nop,nop,TS val 17307325 ecr 16747624], length 48
10:27:10.428547 IP linux6.unix.nt.48936 > 10.0.35.100.ssh: Flags [.], ack 4176, win 1002, options [nop,nop,TS val 22248322 ecr 17307325], length 0
10:27:10.428590 IP linux9.unix.nt.58891 > 10.0.35.100.ssh: Flags [.], ack 4176, win 1002, options [nop,nop,TS val 549750 ecr 17307325], length 0
10:27:10.428595 IP 10.0.35.100.ssh > 192.168.102.2.50364: Flags [P.], seq 4128:4176, ack 1, win 857, options [nop,nop,TS val 17307325 ecr 103574], length 48
10:27:10.428628 IP 10.0.35.100.ssh > linux3.unix.nt.33397: Flags [P.], seq 4128:4176, ack 1, win 857, options [nop,nop,TS val 17307325 ecr 266273], length 48
10:27:10.428667 IP 10.0.35.100.ssh > 192.168.105.2.39155: Flags [P.], seq 4128:4176, ack 1, win 857, options [nop,nop,TS val 17307325 ecr 370772], length 48
...
10:27:11.020068 IP 10.0.35.100.ssh > 192.168.108.2.60432: Flags [P.], seq 4176:4224, ack 1, win 857, options [nop,nop,TS val 17307473 ecr 797829], length 48
10:27:11.020091 IP 10.0.35.100.ssh > 192.168.15.253.43536: Flags [P.], seq 10204:10252, ack 4625, win 956, options [nop,nop,TS val 17307473 ecr 23202821], length 48
10:27:11.020097 IP 192.168.106.2.56161 > 10.0.35.100.ssh: Flags [.], ack 4224, win 1002, options [nop,nop,TS val 517057 ecr 17307473], length 0
10:27:11.020111 IP 192.168.102.2.50364 > 10.0.35.100.ssh: Flags [.], ack 4224, win 1002, options [nop,nop,TS val 103918 ecr 17307473], length 0
10:27:11.020114 IP linux15.unix.nt.58191 > 10.0.35.100.ssh: Flags [.], ack 4224, win 1002, options [nop,nop,TS val 799384 ecr 17307473], length 0
10:27:11.020258 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 4224, win 1002, options [nop,nop,TS val 797976 ecr 17307473], length 0
10:27:11.020273 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [.], ack 10252, win 484, options [nop,nop,TS val 23202821 ecr 17307473], length 0
10:27:11.020444 IP 192.168.103.2.55618 > 10.0.35.100.ssh: Flags [.], ack 4224, win 1002, options [nop,nop,TS val 280326 ecr 17307473], length 0
10:27:11.020557 IP 192.168.107.2.50456 > 10.0.35.100.ssh: Flags [.], ack 4224, win 1002, options [nop,nop,TS val 22362483 ecr 17307473], length 0
10:27:11.021319 IP 192.168.105.2.39155 > 10.0.35.100.ssh: Flags [.], ack 4224, win 1002, options [nop,nop,TS val 371116 ecr 17307473], length 0
10:27:11
#10:27:11.162379 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [P.], seq 4625:4673, ack 10252, win 484, options [nop,nop,TS val 23202857 ecr 17307473], length 48
10:27:13.078896 IP linux13.unix.nt.51768 > 10.0.35.100.ssh: Flags [.], ack 4816, win 1002, options [nop,nop,TS val 16748483 ecr 17307987], length 0
10:27:13.078931 IP 10.0.35.100.ssh > linux15.unix.nt.58191: Flags [P.], seq 4512:4816, ack 1, win 857, options [nop,nop,TS val 17307987 ecr 799610], length 304
10:27:13.078968 IP 10.0.35.100.ssh > 192.168.107.2.50456: Flags [P.], seq 4512:4816, ack 1, win 857, options [nop,nop,TS val 17307987 ecr 22362710], length 304
10:27:13.078974 IP linux3.unix.nt.33397 > 10.0.35.100.ssh: Flags [.], ack 4816, win 1002, options [nop,nop,TS val 267131 ecr 17307987], length 0
10:27:13.079012 IP 10.0.35.100.ssh > 192.168.108.2.60432: Flags [P.], seq 4512:4816, ack 1, win 857, options [nop,nop,TS val 17307987 ecr 798203], length 304
10:27:13.079048 IP 10.0.35.100.ssh > 192.168.15.253.43536: Flags [P.], seq 10540:10844, ack 4913, win 956, options [nop,nop,TS val 17307987 ecr 23203048], length 304
10:27:13.079066 IP linux11.unix.nt.51451 > 10.0.35.100.ssh: Flags [.], ack 4816, win 1002, options [nop,nop,TS val 17831703 ecr 17307987], length 0
10:27:13.079070 IP 192.168.106.2.56161 > 10.0.35.100.ssh: Flags [.], ack 4816, win 1002, options [nop,nop,TS val 517572 ecr 17307987], length 0
10:27:13.079072 IP 192.168.102.2.50364 > 10.0.35.100.ssh: Flags [.], ack 4816, win 1002, options [nop,nop,TS val 104433 ecr 17307987], length 0
10:27:13.079280 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [.], ack 10844, win 508, options [nop,nop,TS val 23203336 ecr 17307987], length 0
...
10:27:13.084193 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [.], ack 12044, win 606, options [nop,nop,TS val 23203337 ecr 17307987], length 0
10:27:13.084254 IP linux15.unix.nt.58191 > 10.0.35.100.ssh: Flags [.], ack 6016, win 1002, options [nop,nop,TS val 799900 ecr 17307987], length 0
10:27:13.084369 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 6016, win 1002, options [nop,nop,TS val 798493 ecr 17307987], length 0
10:27:13.084371 IP 192.168.107.2.50456 > 10.0.35.100.ssh: Flags [.], ack 6016, win 1002, options [nop,nop,TS val 22362999 ecr 17307987], length 0
10:27:13.084456 IP 192.168.103.2.55618 > 10.0.35.100.ssh: Flags [.], ack 6016, win 1002, options [nop,nop,TS val 280842 ecr 17307987], length 0
10:27:13.084481 IP 192.168.105.2.39155 > 10.0.35.100.ssh: Flags [.], ack 6016, win 1002, options [nop,nop,TS val 371631 ecr 17307987], length 0
10:27:13.306059 ARP, Request who-has 10.0.10.223 tell 10.0.10.222, length 46
10:27:13.449652 ARP, Request who-has 10.0.20.201 tell 10.0.1.7, length 46
10:27:13.792813 ARP, Request who-has 10.0.1.5 (Broadcast) tell 10.0.1.5, length 46
10:27:13.796841 ARP, Request who-has 10.0.13.2 (Broadcast) tell 10.0.13.2, length 46
10:27:15
#10:27:15.305698 ARP, Request who-has 10.0.10.223 tell 10.0.10.222, length 46
10:27:15.337969 IP 10.0.101.1.netbios-dgm > 10.255.255.255.netbios-dgm: NBT UDP PACKET(138)
10:27:15.338082 IP 10.0.35.100.32769 > 10.0.35.1.domain: 20129+ PTR? 1.101.0.10.in-addr.arpa. (41)
10:27:15.338411 IP 10.0.35.1.domain > 10.0.35.100.32769: 20129 NXDomain 0/1/0 (118)
10:27:15.613551 ARP, Request who-has 10.0.28.2 tell 10.0.1.3, length 46
10:27:15.653144 IP 10.0.40.1.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:27:15.794865 ARP, Request who-has 10.0.1.5 (Broadcast) tell 10.0.1.5, length 46
10:27:15.796736 ARP, Request who-has 10.0.13.2 (Broadcast) tell 10.0.13.2, length 46
10:27:15.864054 ARP, Request who-has 10.0.1.7 tell 10.0.34.1, length 46
10:27:15.889104 ARP, Request who-has 10.0.27.250 tell 10.0.18.1, length 46
10:27:15.889193 IP 10.0.35.100.32769 > 10.0.35.1.domain: 21830+ PTR? 250.27.0.10.in-addr.arpa. (42)
...
10:27:16.102426 IP chub.in.18030 > 10.0.35.100.53452: Flags [.], ack 41745, win 501, options [nop,nop,TS val 687694220 ecr 17308739], length 0
10:27:16.103997 IP chub.in.18030 > 10.0.35.100.53452: Flags [.], ack 44641, win 501, options [nop,nop,TS val 687694220 ecr 17308739], length 0
10:27:16.104147 IP chub.in.18030 > 10.0.35.100.53452: Flags [.], ack 47537, win 501, options [nop,nop,TS val 687694220 ecr 17308739], length 0
10:27:16.105205 IP chub.in.18030 > 10.0.35.100.53452: Flags [.], ack 48985, win 501, options [nop,nop,TS val 687694220 ecr 17308739,nop,nop,sack 1 {51881:52203}], length 0
10:27:16.105353 IP chub.in.18030 > 10.0.35.100.53452: Flags [.], ack 50433, win 501, options [nop,nop,TS val 687694220 ecr 17308739,nop,nop,sack 1 {51881:52203}], length 0
10:27:16.105445 IP chub.in.18030 > 10.0.35.100.53452: Flags [.], ack 52203, win 501, options [nop,nop,TS val 687694220 ecr 17308739], length 0
10:27:16.107618 IP chub.in.18030 > 10.0.35.100.53452: Flags [F.], seq 1, ack 52203, win 501, options [nop,nop,TS val 687694221 ecr 17308739], length 0
10:27:16.107624 IP 10.0.35.100.53452 > chub.in.18030: Flags [.], ack 2, win 365, options [nop,nop,TS val 17308744 ecr 687694221], length 0
10:27:16.403450 IP 10.0.40.1.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
tcpdump -i eth0 not host 192.168.15.7&not port 2210:27:17.160038 IP 10.0.40.1.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:27:17
#10:27:17.515304 ARP, Request who-has 10.0.1.25 tell 10.0.31.1, length 46
10:27:17.517351 ARP, Request who-has 10.0.31.1 tell 10.0.1.25, length 46
10:27:17.558052 ARP, Request who-has 10.0.28.2 tell 10.0.1.25, length 46
10:27:17.559568 ARP, Request who-has 10.0.60.1 tell 10.0.1.25, length 46
10:27:17.559696 IP 10.0.35.100.32769 > 10.0.35.1.domain: 12993+ PTR? 1.60.0.10.in-addr.arpa. (40)
10:27:17.560273 ARP, Request who-has 10.0.46.1 tell 10.0.1.25, length 46
10:27:17.560460 ARP, Request who-has 10.0.18.1 tell 10.0.1.25, length 46
10:27:17.561157 ARP, Request who-has 10.0.100.33 tell 10.0.1.25, length 46
10:27:17.561465 ARP, Request who-has 10.0.27.250 tell 10.0.1.25, length 46
10:27:17.563281 ARP, Request who-has 10.0.1.25 tell 10.0.18.1, length 46
10:27:17.563314 ARP, Request who-has 10.0.1.25 tell 10.0.27.250, length 46
10:27:17.574062 ARP, Request who-has 10.0.20.201 tell 10.0.1.7, length 46
10:27:17.628200 IP 10.0.35.1.domain > 10.0.35.100.32769: 12993 NXDomain 0/1/0 (117)
10:27:17.628323 IP 10.0.35.100.32769 > 10.0.35.1.domain: 49993+ PTR? 33.100.0.10.in-addr.arpa. (42)
10:27:17.628552 IP 10.0.35.1.domain > 10.0.35.100.32769: 49993 NXDomain 0/1/0 (119)
10:27:17.635306 ARP, Request who-has 10.0.1.25 tell 10.0.100.33, length 46
10:27:17.793551 ARP, Request who-has 10.0.1.5 (Broadcast) tell 10.0.1.5, length 46
10:27:17.796681 ARP, Request who-has 10.0.13.2 (Broadcast) tell 10.0.13.2, length 46
10:27:17.910075 IP 10.0.40.1.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:27:18
#10:27:18.580023 ARP, Request who-has 10.0.20.201 tell 10.0.1.7, length 46
10:27:18.651144 IP 10.0.38.2.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:27:18.660382 IP 10.0.40.1.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:27:18.668726 ARP, Request who-has 10.0.46.1 tell 10.0.1.3, length 46
10:27:18.680994 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [P.], seq 4913:4961, ack 12044, win 606, options [nop,nop,TS val 23204736 ecr 17307987], length 48
10:27:18.681827 IP 10.0.35.100.ssh > linux6.unix.nt.48936: Flags [P.], seq 6016:6176, ack 1, win 857, options [nop,nop,TS val 17309389 ecr 22248986], length 160
10:27:18.681888 IP 10.0.35.100.ssh > linux9.unix.nt.58891: Flags [P.], seq 6016:6176, ack 1, win 857, options [nop,nop,TS val 17309389 ecr 550413], length 160
10:27:18.681946 IP 10.0.35.100.ssh > 192.168.106.2.56161: Flags [P.], seq 6016:6176, ack 1, win 857, options [nop,nop,TS val 17309389 ecr 517573], length 160
10:27:18.681999 IP 10.0.35.100.ssh > linux11.unix.nt.51451: Flags [P.], seq 6016:6176, ack 1, win 857, options [nop,nop,TS val 17309389 ecr 17831704], length 160
10:27:18.682009 IP linux6.unix.nt.48936 > 10.0.35.100.ssh: Flags [.], ack 6176, win 1002, options [nop,nop,TS val 22250386 ecr 17309389], length 0
10:27:18.682068 IP 10.0.35.100.ssh > linux13.unix.nt.51768: Flags [P.], seq 6016:6176, ack 1, win 956, options [nop,nop,TS val 17309389 ecr 16748484], length 160
...
10:27:18.682417 IP 192.168.102.2.50364 > 10.0.35.100.ssh: Flags [.], ack 6176, win 1002, options [nop,nop,TS val 105834 ecr 17309389], length 0
10:27:18.682469 IP 10.0.35.100.ssh > 192.168.107.2.50456: Flags [P.], seq 6016:6176, ack 1, win 857, options [nop,nop,TS val 17309389 ecr 22362999], length 160
10:27:18.682527 IP 10.0.35.100.ssh > 192.168.108.2.60432: Flags [P.], seq 6016:6176, ack 1, win 857, options [nop,nop,TS val 17309389 ecr 798493], length 160
10:27:18.682571 IP 10.0.35.100.ssh > 192.168.15.253.43536: Flags [P.], seq 12044:12204, ack 4961, win 956, options [nop,nop,TS val 17309389 ecr 23204736], length 160
10:27:18.682689 IP 192.168.103.2.55618 > 10.0.35.100.ssh: Flags [.], ack 6176, win 1002, options [nop,nop,TS val 282242 ecr 17309389], length 0
10:27:18.682723 IP linux15.unix.nt.58191 > 10.0.35.100.ssh: Flags [.], ack 6176, win 1002, options [nop,nop,TS val 801299 ecr 17309389], length 0
10:27:18.682764 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [.], ack 12204, win 631, options [nop,nop,TS val 23204736 ecr 17309389], length 0
10:27:18.682821 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 6176, win 1002, options [nop,nop,TS val 799892 ecr 17309389], length 0
10:27:18.682850 IP 192.168.107.2.50456 > 10.0.35.100.ssh: Flags [.], ack 6176, win 1002, options [nop,nop,TS val 22364399 ecr 17309389], length 0
10:27:18.683401 IP 192.168.105.2.39155 > 10.0.35.100.ssh: Flags [.], ack 6176, win 1002, options [nop,nop,TS val 373031 ecr 17309389], length 0
10:27:18
#10:27:19.184845 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [P.], seq 4961:5009, ack 12204, win 631, options [nop,nop,TS val 23204862 ecr 17309389], length 48
10:27:19.361546 IP linux11.unix.nt.51451 > 10.0.35.100.ssh: Flags [.], ack 7664, win 1002, options [nop,nop,TS val 17833274 ecr 17309558], length 0
10:27:19.361549 IP 192.168.106.2.56161 > 10.0.35.100.ssh: Flags [.], ack 7664, win 1002, options [nop,nop,TS val 519142 ecr 17309558], length 0
10:27:19.361617 IP 192.168.102.2.50364 > 10.0.35.100.ssh: Flags [.], ack 7664, win 1002, options [nop,nop,TS val 106004 ecr 17309558], length 0
10:27:19.361738 IP linux15.unix.nt.58191 > 10.0.35.100.ssh: Flags [.], ack 7664, win 1002, options [nop,nop,TS val 801469 ecr 17309558], length 0
10:27:19.361751 IP 192.168.103.2.55618 > 10.0.35.100.ssh: Flags [.], ack 7664, win 1002, options [nop,nop,TS val 282411 ecr 17309558], length 0
10:27:19.361840 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 7664, win 1002, options [nop,nop,TS val 800062 ecr 17309558], length 0
10:27:19.362029 IP 192.168.107.2.50456 > 10.0.35.100.ssh: Flags [.], ack 7664, win 1002, options [nop,nop,TS val 22364569 ecr 17309558], length 0
10:27:19.362139 IP 10.0.35.100.ssh > linux6.unix.nt.48936: Flags [P.], seq 7664:7936, ack 49, win 857, options [nop,nop,TS val 17309558 ecr 22250547], length 272
10:27:19.362170 IP 10.0.35.100.ssh > linux9.unix.nt.58891: Flags [P.], seq 7664:7936, ack 1, win 857, options [nop,nop,TS val 17309558 ecr 551983], length 272
10:27:19.362200 IP 10.0.35.100.ssh > 192.168.106.2.56161: Flags [P.], seq 7664:7936, ack 1, win 857, options [nop,nop,TS val 17309558 ecr 519142], length 272
...
10:27:19.434531 IP linux3.unix.nt.33397 > 10.0.35.100.ssh: Flags [.], ack 9088, win 1002, options [nop,nop,TS val 268720 ecr 17309575], length 0
10:27:19.434594 IP 192.168.106.2.56161 > 10.0.35.100.ssh: Flags [.], ack 9088, win 1002, options [nop,nop,TS val 519161 ecr 17309575], length 0
10:27:19.434596 IP linux13.unix.nt.51768 > 10.0.35.100.ssh: Flags [.], ack 10704, win 1002, options [nop,nop,TS val 16750072 ecr 17309575], length 0
10:27:19.434647 IP 192.168.102.2.50364 > 10.0.35.100.ssh: Flags [.], ack 9088, win 1002, options [nop,nop,TS val 106022 ecr 17309575], length 0
10:27:19.434781 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [.], ack 15116, win 900, options [nop,nop,TS val 23204924 ecr 17309575], length 0
10:27:19.434784 IP 192.168.105.2.39155 > 10.0.35.100.ssh: Flags [.], ack 8816, win 1002, options [nop,nop,TS val 373219 ecr 17309575], length 0
10:27:19.434786 IP linux15.unix.nt.58191 > 10.0.35.100.ssh: Flags [.], ack 9088, win 1002, options [nop,nop,TS val 801487 ecr 17309575], length 0
10:27:19.434787 IP 192.168.105.2.39155 > 10.0.35.100.ssh: Flags [.], ack 9088, win 998, options [nop,nop,TS val 373219 ecr 17309575], length 0
10:27:19.434867 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 9088, win 1002, options [nop,nop,TS val 800080 ecr 17309575], length 0
10:27:19.434938 IP 192.168.103.2.55618 > 10.0.35.100.ssh: Flags [.], ack 9088, win 1002, options [nop,nop,TS val 282430 ecr 17309575], length 0
10:27:19
#10:27:19.691244 IP 10.0.1.141 > 224.0.0.252: igmp v2 report 224.0.0.252
10:27:20.296273 IP 10.0.35.100.ssh > 192.168.107.2.50456: Flags [P.], seq 11008:11088, ack 1, win 857, options [nop,nop,TS val 17309792 ecr 22364773], length 80
10:27:20.296295 IP 10.0.35.100.ssh > 192.168.108.2.60432: Flags [P.], seq 11008:11088, ack 1, win 857, options [nop,nop,TS val 17309792 ecr 800266], length 80
10:27:20.296311 IP linux3.unix.nt.33397 > 10.0.35.100.ssh: Flags [.], ack 11088, win 1002, options [nop,nop,TS val 268935 ecr 17309792], length 0
10:27:20.296327 IP 10.0.35.100.ssh > 192.168.15.253.43536: Flags [P.], seq 17036:17116, ack 5585, win 956, options [nop,nop,TS val 17309792 ecr 23205140], length 80
10:27:20.296366 IP 192.168.102.2.50364 > 10.0.35.100.ssh: Flags [.], ack 11088, win 1002, options [nop,nop,TS val 106237 ecr 17309792], length 0
10:27:20.296392 IP 192.168.106.2.56161 > 10.0.35.100.ssh: Flags [.], ack 11088, win 1002, options [nop,nop,TS val 519376 ecr 17309792], length 0
10:27:20.296534 IP linux15.unix.nt.58191 > 10.0.35.100.ssh: Flags [.], ack 11088, win 1002, options [nop,nop,TS val 801703 ecr 17309792], length 0
10:27:20.296572 IP 192.168.103.2.55618 > 10.0.35.100.ssh: Flags [.], ack 11088, win 1002, options [nop,nop,TS val 282645 ecr 17309792], length 0
10:27:20.296608 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 11088, win 1002, options [nop,nop,TS val 800295 ecr 17309792], length 0
10:27:20.296656 IP 192.168.107.2.50456 > 10.0.35.100.ssh: Flags [.], ack 11088, win 1002, options [nop,nop,TS val 22364802 ecr 17309792], length 0
...
10:27:21.173005 IP linux13.unix.nt.51768 > 10.0.35.100.ssh: Flags [.], ack 15024, win 1002, options [nop,nop,TS val 16750506 ecr 17310011], length 0
10:27:21.173023 IP 10.0.35.100.ssh > 192.168.15.253.43536: Flags [P.], seq 17308:17356, ack 5825, win 956, options [nop,nop,TS val 17310011 ecr 23205359], length 48
10:27:21.173049 IP linux3.unix.nt.33397 > 10.0.35.100.ssh: Flags [.], ack 11328, win 1002, options [nop,nop,TS val 269155 ecr 17310011], length 0
10:27:21.173069 IP linux15.unix.nt.58191 > 10.0.35.100.ssh: Flags [.], ack 11328, win 1002, options [nop,nop,TS val 801922 ecr 17310011], length 0
10:27:21.173115 IP 192.168.102.2.50364 > 10.0.35.100.ssh: Flags [.], ack 11328, win 1002, options [nop,nop,TS val 106457 ecr 17310011], length 0
10:27:21.173134 IP 192.168.106.2.56161 > 10.0.35.100.ssh: Flags [.], ack 11328, win 1002, options [nop,nop,TS val 519595 ecr 17310011], length 0
10:27:21.173176 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 11328, win 1002, options [nop,nop,TS val 800515 ecr 17310011], length 0
10:27:21.173395 IP 192.168.107.2.50456 > 10.0.35.100.ssh: Flags [.], ack 11328, win 1002, options [nop,nop,TS val 22365022 ecr 17310011], length 0
10:27:21.173499 IP 192.168.103.2.55618 > 10.0.35.100.ssh: Flags [.], ack 11328, win 1002, options [nop,nop,TS val 282864 ecr 17310011], length 0
10:27:21.174204 IP 192.168.105.2.39155 > 10.0.35.100.ssh: Flags [.], ack 11328, win 1002, options [nop,nop,TS val 373654 ecr 17310011], length 0
/dev/pts/0
10:27:20
#apt-cache search libpcap | less
/dev/pts/22
10:27:21
#10:27:21.211069 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [.], ack 17356, win 1002, options [nop,nop,TS val 23205369 ecr 17310011], length 0
cc10:27:21.333394 IP 10.0.40.116.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:27:21.392611 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [P.], seq 5825:5873, ack 17356, win 1002, options [nop,nop,TS val 23205414 ecr 17310011], length 48
10:27:21.393187 IP 10.0.35.100.ssh > linux6.unix.nt.48936: Flags [P.], seq 11328:11376, ack 49, win 857, options [nop,nop,TS val 17310065 ecr 22251008], length 48
10:27:21.393237 IP 10.0.35.100.ssh > linux9.unix.nt.58891: Flags [P.], seq 11328:11376, ack 1, win 857, options [nop,nop,TS val 17310065 ecr 552436], length 48
10:27:21.393290 IP 10.0.35.100.ssh > 192.168.106.2.56161: Flags [P.], seq 11328:11376, ack 1, win 857, options [nop,nop,TS val 17310065 ecr 519595], length 48
10:27:21.393343 IP 10.0.35.100.ssh > linux11.unix.nt.51451: Flags [P.], seq 11328:11376, ack 1, win 857, options [nop,nop,TS val 17310065 ecr 17833727], length 48
10:27:21.393358 IP linux6.unix.nt.48936 > 10.0.35.100.ssh: Flags [.], ack 11376, win 1002, options [nop,nop,TS val 22251063 ecr 17310065], length 0
10:27:21.393394 IP 10.0.35.100.ssh > linux13.unix.nt.51768: Flags [P.], seq 15024:15072, ack 1, win 956, options [nop,nop,TS val 17310065 ecr 16750506], length 48
10:27:21.393407 IP linux9.unix.nt.58891 > 10.0.35.100.ssh: Flags [.], ack 11376, win 1002, options [nop,nop,TS val 552491 ecr 17310065], length 0
10:27:21.393459 IP 10.0.35.100.ssh > 192.168.102.2.50364: Flags [P.], seq 11328:11376, ack 1, win 857, options [nop,nop,TS val 17310065 ecr 106457], length 48
...
10:27:21.393707 IP 10.0.35.100.ssh > 192.168.107.2.50456: Flags [P.], seq 11328:11376, ack 1, win 857, options [nop,nop,TS val 17310065 ecr 22365022], length 48
10:27:21.393720 IP 192.168.102.2.50364 > 10.0.35.100.ssh: Flags [.], ack 11376, win 1002, options [nop,nop,TS val 106512 ecr 17310065], length 0
10:27:21.393761 IP 10.0.35.100.ssh > 192.168.108.2.60432: Flags [P.], seq 11328:11376, ack 1, win 857, options [nop,nop,TS val 17310065 ecr 800515], length 48
10:27:21.393786 IP linux15.unix.nt.58191 > 10.0.35.100.ssh: Flags [.], ack 11376, win 1002, options [nop,nop,TS val 801977 ecr 17310065], length 0
10:27:21.393805 IP 10.0.35.100.ssh > 192.168.15.253.43536: Flags [P.], seq 17356:17404, ack 5873, win 956, options [nop,nop,TS val 17310065 ecr 23205414], length 48
10:27:21.393965 IP 192.168.103.2.55618 > 10.0.35.100.ssh: Flags [.], ack 11376, win 1002, options [nop,nop,TS val 282919 ecr 17310065], length 0
10:27:21.393968 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 11376, win 1002, options [nop,nop,TS val 800570 ecr 17310065], length 0
10:27:21.393999 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [.], ack 17404, win 1002, options [nop,nop,TS val 23205414 ecr 17310065], length 0
10:27:21.394194 IP 192.168.107.2.50456 > 10.0.35.100.ssh: Flags [.], ack 11376, win 1002, options [nop,nop,TS val 22365077 ecr 17310065], length 0
10:27:21.394888 IP 192.168.105.2.39155 > 10.0.35.100.ssh: Flags [.], ack 11376, win 1002, options [nop,nop,TS val 373709 ecr 17310065], length 0
10:27:21
#10:27:21.563147 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [P.], seq 5873:5921, ack 17404, win 1002, options [nop,nop,TS val 23205456 ecr 17310065], length 48
10:27:21.564240 IP 10.0.35.100.ssh > 192.168.108.2.60432: Flags [P.], seq 11376:11424, ack 1, win 857, options [nop,nop,TS val 17310109 ecr 800570], length 48
10:27:21.564263 IP 10.0.35.100.ssh > 192.168.15.253.43536: Flags [P.], seq 17404:17452, ack 5921, win 956, options [nop,nop,TS val 17310109 ecr 23205456], length 48
10:27:21.564270 IP linux15.unix.nt.58191 > 10.0.35.100.ssh: Flags [.], ack 11424, win 1002, options [nop,nop,TS val 802020 ecr 17310109], length 0
10:27:21.564436 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 11424, win 1002, options [nop,nop,TS val 800612 ecr 17310109], length 0
10:27:21.564470 IP 192.168.103.2.55618 > 10.0.35.100.ssh: Flags [.], ack 11424, win 1002, options [nop,nop,TS val 282962 ecr 17310109], length 0
10:27:21.564480 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [.], ack 17452, win 1002, options [nop,nop,TS val 23205457 ecr 17310109], length 0
10:27:21.564666 IP 192.168.107.2.50456 > 10.0.35.100.ssh: Flags [.], ack 11424, win 1002, options [nop,nop,TS val 22365119 ecr 17310109], length 0
10:27:21.565395 IP 192.168.105.2.39155 > 10.0.35.100.ssh: Flags [.], ack 11424, win 1002, options [nop,nop,TS val 373751 ecr 17310109], length 0
10:27:21.741143 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [P.], seq 5921:5969, ack 17452, win 1002, options [nop,nop,TS val 23205501 ecr 17310109], length 48
10:27:21.743422 IP 10.0.35.100.ssh > linux6.unix.nt.48936: Flags [P.], seq 11424:11520, ack 49, win 857, options [nop,nop,TS val 17310153 ecr 22251106], length 96
...
10:27:22.670006 IP linux11.unix.nt.51451 > 10.0.35.100.ssh: Flags [.], ack 11904, win 1002, options [nop,nop,TS val 17834101 ecr 17310385], length 0
10:27:22.670009 IP 192.168.106.2.56161 > 10.0.35.100.ssh: Flags [.], ack 11664, win 1002, options [nop,nop,TS val 519969 ecr 17310385], length 0
10:27:22.670011 IP 192.168.102.2.50364 > 10.0.35.100.ssh: Flags [.], ack 11904, win 1002, options [nop,nop,TS val 106831 ecr 17310385], length 0
10:27:22.670116 IP linux15.unix.nt.58191 > 10.0.35.100.ssh: Flags [.], ack 11904, win 1002, options [nop,nop,TS val 802296 ecr 17310385], length 0
10:27:22.670199 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 11664, win 1002, options [nop,nop,TS val 800889 ecr 17310385], length 0
10:27:22.670201 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [.], ack 17932, win 1002, options [nop,nop,TS val 23205733 ecr 17310385], length 0
10:27:22.670330 IP 192.168.103.2.55618 > 10.0.35.100.ssh: Flags [.], ack 11904, win 1002, options [nop,nop,TS val 283238 ecr 17310385], length 0
10:27:22.670478 IP 192.168.107.2.50456 > 10.0.35.100.ssh: Flags [.], ack 11664, win 1002, options [nop,nop,TS val 22365396 ecr 17310385], length 0
10:27:22.671247 IP 192.168.105.2.39155 > 10.0.35.100.ssh: Flags [.], ack 11664, win 1002, options [nop,nop,TS val 374028 ecr 17310385], length 0
10:27:22.833218 IP 10.0.40.116.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:27:22
#10:27:23.038219 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [P.], seq 6161:6209, ack 17932, win 1002, options [nop,nop,TS val 23205825 ecr 17310385], length 48
10:27:23.040579 IP 10.0.35.100.ssh > linux6.unix.nt.48936: Flags [P.], seq 11904:12000, ack 49, win 857, options [nop,nop,TS val 17310478 ecr 22251383], length 96
10:27:23.040626 IP 10.0.35.100.ssh > linux9.unix.nt.58891: Flags [P.], seq 11664:11712, ack 1, win 857, options [nop,nop,TS val 17310478 ecr 552810], length 48
10:27:23.040677 IP 10.0.35.100.ssh > 192.168.106.2.56161: Flags [P.], seq 11664:11712, ack 1, win 857, options [nop,nop,TS val 17310478 ecr 519969], length 48
10:27:23.040718 IP 10.0.35.100.ssh > linux11.unix.nt.51451: Flags [P.], seq 11904:12000, ack 1, win 857, options [nop,nop,TS val 17310478 ecr 17834101], length 96
10:27:23.040761 IP linux6.unix.nt.48936 > 10.0.35.100.ssh: Flags [.], ack 12000, win 1002, options [nop,nop,TS val 22251475 ecr 17310478], length 0
10:27:23.040766 IP 10.0.35.100.ssh > linux13.unix.nt.51768: Flags [P.], seq 15360:15408, ack 1, win 956, options [nop,nop,TS val 17310478 ecr 16750880], length 48
10:27:23.040810 IP linux9.unix.nt.58891 > 10.0.35.100.ssh: Flags [.], ack 11712, win 1002, options [nop,nop,TS val 552902 ecr 17310478], length 0
10:27:23.040816 IP 10.0.35.100.ssh > 192.168.102.2.50364: Flags [P.], seq 11904:12000, ack 1, win 857, options [nop,nop,TS val 17310478 ecr 106831], length 96
10:27:23.040867 IP 10.0.35.100.ssh > linux3.unix.nt.33397: Flags [P.], seq 11664:11712, ack 1, win 857, options [nop,nop,TS val 17310478 ecr 269529], length 48
10:27:23.040916 IP 10.0.35.100.ssh > 192.168.105.2.39155: Flags [P.], seq 11664:11712, ack 1, win 857, options [nop,nop,TS val 17310478 ecr 374028], length 48
...
10:27:23.204581 IP 192.168.102.2.50364 > 10.0.35.100.ssh: Flags [.], ack 12176, win 1002, options [nop,nop,TS val 106964 ecr 17310519], length 0
10:27:23.204588 IP linux11.unix.nt.51451 > 10.0.35.100.ssh: Flags [.], ack 12176, win 1002, options [nop,nop,TS val 17834235 ecr 17310519], length 0
10:27:23.204589 IP 192.168.106.2.56161 > 10.0.35.100.ssh: Flags [.], ack 11808, win 1002, options [nop,nop,TS val 520103 ecr 17310519], length 0
10:27:23.204593 IP linux15.unix.nt.58191 > 10.0.35.100.ssh: Flags [.], ack 12176, win 1002, options [nop,nop,TS val 802430 ecr 17310519], length 0
10:27:23.204663 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 11808, win 1002, options [nop,nop,TS val 801022 ecr 17310519], length 0
10:27:23.204695 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [.], ack 18204, win 1002, options [nop,nop,TS val 23205867 ecr 17310519], length 0
10:27:23.204820 IP 192.168.107.2.50456 > 10.0.35.100.ssh: Flags [.], ack 11808, win 1002, options [nop,nop,TS val 22365529 ecr 17310519], length 0
10:27:23.204888 IP 192.168.103.2.55618 > 10.0.35.100.ssh: Flags [.], ack 12176, win 1002, options [nop,nop,TS val 283372 ecr 17310519], length 0
10:27:23.205591 IP 192.168.105.2.39155 > 10.0.35.100.ssh: Flags [.], ack 11808, win 1002, options [nop,nop,TS val 374162 ecr 17310519], length 0
10:27:23.306803 ARP, Request who-has 10.0.10.223 tell 10.0.10.222, length 46
10:27:23
#10:27:23.394432 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [P.], seq 6305:6353, ack 18204, win 1002, options [nop,nop,TS val 23205914 ecr 17310519], length 48
10:27:23.965779 IP linux13.unix.nt.51768 > 10.0.35.100.ssh: Flags [.], ack 16160, win 1002, options [nop,nop,TS val 16751204 ecr 17310710], length 0
10:27:23.965796 IP linux3.unix.nt.33397 > 10.0.35.100.ssh: Flags [.], ack 12464, win 1002, options [nop,nop,TS val 269853 ecr 17310710], length 0
10:27:23.965825 IP 192.168.105.2.39155 > 10.0.35.100.ssh: Flags [.], ack 12160, win 1002, options [nop,nop,TS val 374352 ecr 17310707], length 0
10:27:23.965853 IP 192.168.106.2.56161 > 10.0.35.100.ssh: Flags [.], ack 12464, win 1002, options [nop,nop,TS val 520293 ecr 17310710], length 0
10:27:23.965901 IP 192.168.102.2.50364 > 10.0.35.100.ssh: Flags [.], ack 12832, win 1002, options [nop,nop,TS val 107155 ecr 17310710], length 0
10:27:23.965983 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [.], ack 18860, win 1002, options [nop,nop,TS val 23206057 ecr 17310710], length 0
10:27:23.966008 IP linux15.unix.nt.58191 > 10.0.35.100.ssh: Flags [.], ack 12832, win 1002, options [nop,nop,TS val 802620 ecr 17310710], length 0
10:27:23.966099 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 12464, win 1002, options [nop,nop,TS val 801213 ecr 17310710], length 0
10:27:23.966200 IP 192.168.107.2.50456 > 10.0.35.100.ssh: Flags [.], ack 12464, win 1002, options [nop,nop,TS val 22365720 ecr 17310710], length 0
10:27:23.966202 IP 192.168.103.2.55618 > 10.0.35.100.ssh: Flags [.], ack 12832, win 1002, options [nop,nop,TS val 283562 ecr 17310710], length 0
...
10:27:23.971614 IP 192.168.103.2.55618 > 10.0.35.100.ssh: Flags [.], ack 13936, win 1002, options [nop,nop,TS val 283564 ecr 17310710], length 0
10:27:23.971752 IP 192.168.107.2.50456 > 10.0.35.100.ssh: Flags [.], ack 13568, win 1002, options [nop,nop,TS val 22365721 ecr 17310710], length 0
10:27:23.971918 IP 192.168.105.2.39155 > 10.0.35.100.ssh: Flags [.], ack 13568, win 1002, options [nop,nop,TS val 374353 ecr 17310710], length 0
c10:27:24.215713 IP 10.0.32.1 > ALL-ROUTERS.MCAST.NET: igmp v2 report ALL-ROUTERS.MCAST.NET
10:27:24.215829 IP 10.0.35.100.32769 > 10.0.35.1.domain: 28258+ PTR? 2.0.0.224.in-addr.arpa. (40)
10:27:24.216072 IP 10.0.35.1.domain > 10.0.35.100.32769: 28258 1/3/5 PTR[|domain]
10:27:24.216158 IP 10.0.35.100.32769 > 10.0.35.1.domain: 28633+ PTR? 1.32.0.10.in-addr.arpa. (40)
10:27:24.216323 IP 10.0.35.1.domain > 10.0.35.100.32769: 28633 NXDomain 0/1/0 (117)
10:27:24.306369 ARP, Request who-has 10.0.10.223 tell 10.0.10.222, length 46
10:27:24.443200 IP 10.0.40.116.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:27:24
#10:27:24.622401 IP 10.0.20.1.59331 > 255.255.255.255.1211: UDP, length 75
10:27:28.260090 IP 192.168.103.2.55618 > 10.0.35.100.ssh: Flags [.], ack 14320, win 1002, options [nop,nop,TS val 284636 ecr 17311781], length 0
10:27:28.260165 IP 10.0.35.100.ssh > 192.168.15.253.43536: Flags [P.], seq 20300:20348, ack 6449, win 956, options [nop,nop,TS val 17311783 ecr 23207130], length 48
10:27:28.260284 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 13952, win 1002, options [nop,nop,TS val 802286 ecr 17311783], length 0
10:27:28.260289 IP 192.168.107.2.50456 > 10.0.35.100.ssh: Flags [.], ack 13952, win 1002, options [nop,nop,TS val 22366793 ecr 17311781], length 0
10:27:28.260355 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [.], ack 20348, win 1002, options [nop,nop,TS val 23207131 ecr 17311783], length 0
10:27:28.260605 IP 10.0.35.100.ssh > linux6.unix.nt.48936: Flags [P.], seq 14320:14368, ack 49, win 857, options [nop,nop,TS val 17311783 ecr 22252780], length 48
10:27:28.260696 IP 10.0.35.100.ssh > linux9.unix.nt.58891: Flags [P.], seq 13952:14000, ack 1, win 857, options [nop,nop,TS val 17311783 ecr 554207], length 48
10:27:28.260756 IP linux6.unix.nt.48936 > 10.0.35.100.ssh: Flags [.], ack 14368, win 1002, options [nop,nop,TS val 22252780 ecr 17311783], length 0
10:27:28.260829 IP 10.0.35.100.ssh > 192.168.106.2.56161: Flags [P.], seq 13952:14000, ack 1, win 857, options [nop,nop,TS val 17311783 ecr 521367], length 48
10:27:28.260859 IP linux9.unix.nt.58891 > 10.0.35.100.ssh: Flags [.], ack 14000, win 1002, options [nop,nop,TS val 554207 ecr 17311783], length 0
...
10:27:28.296769 IP 10.0.35.100.ssh > linux3.unix.nt.33397: Flags [P.], seq 14256:14368, ack 1, win 857, options [nop,nop,TS val 17311791 ecr 270935], length 112
10:27:28.296792 IP 10.0.35.100.ssh > 192.168.105.2.39155: Flags [P.], seq 14256:14368, ack 1, win 857, options [nop,nop,TS val 17311791 ecr 375434], length 112
10:27:28.296820 IP 10.0.35.100.ssh > 192.168.103.2.55618: Flags [P.], seq 14624:14736, ack 1, win 857, options [nop,nop,TS val 17311791 ecr 284645], length 112
10:27:28.296843 IP linux9.unix.nt.58891 > 10.0.35.100.ssh: Flags [.], ack 14368, win 1002, options [nop,nop,TS val 554216 ecr 17311791], length 0
10:27:28.296846 IP linux11.unix.nt.51451 > 10.0.35.100.ssh: Flags [.], ack 14736, win 1002, options [nop,nop,TS val 17835508 ecr 17311791], length 0
10:27:28.296854 IP 10.0.35.100.ssh > linux15.unix.nt.58191: Flags [P.], seq 14624:14736, ack 1, win 857, options [nop,nop,TS val 17311791 ecr 803702], length 112
10:27:28.296875 IP 10.0.35.100.ssh > 192.168.107.2.50456: Flags [P.], seq 14256:14368, ack 1, win 857, options [nop,nop,TS val 17311791 ecr 22366802], length 112
10:27:28.296901 IP 10.0.35.100.ssh > 192.168.108.2.60432: Flags [P.], seq 14256:14368, ack 1, win 857, options [nop,nop,TS val 17311791 ecr 802295], length 112
10:27:28.296922 IP 10.0.35.100.ssh > 192.168.15.253.43536: Flags [P.], seq 20652:20764, ack 6497, win 956, options [nop,nop,TS val 17311791 ecr 23207139], length 112
10:27:28.296985 IP linux6.unix.nt.48936 > 10.0.35.100.ssh: Flags [.], ack 14736, win 1002, options [nop,nop,TS val 22252789 ecr 17311791], length 0
10:27:29
#10:27:29.726319 ARP, Request who-has 10.0.20.201 tell 10.0.1.7, length 46
10:27:29.743469 IP 10.0.35.100.ssh > linux11.unix.nt.51451: Flags [P.], seq 19504:19776, ack 1, win 857, options [nop,nop,TS val 17312153 ecr 17835869], length 272
10:27:29.743495 IP 10.0.35.100.ssh > linux13.unix.nt.51768: Flags [P.], seq 24960:25264, ack 1, win 956, options [nop,nop,TS val 17312153 ecr 16752648], length 304
10:27:29.743524 IP 10.0.35.100.ssh > 192.168.102.2.50364: Flags [P.], seq 19504:19776, ack 1, win 857, options [nop,nop,TS val 17312153 ecr 108599], length 272
10:27:29.743550 IP 10.0.35.100.ssh > linux3.unix.nt.33397: Flags [P.], seq 19152:19424, ack 1, win 857, options [nop,nop,TS val 17312153 ecr 271297], length 272
10:27:29.743573 IP 10.0.35.100.ssh > 192.168.105.2.39155: Flags [P.], seq 19152:19424, ack 1, win 857, options [nop,nop,TS val 17312153 ecr 375788], length 272
10:27:29.743596 IP 10.0.35.100.ssh > 192.168.103.2.55618: Flags [P.], seq 19504:19776, ack 1, win 857, options [nop,nop,TS val 17312153 ecr 285007], length 272
10:27:29.743612 IP linux9.unix.nt.58891 > 10.0.35.100.ssh: Flags [.], ack 19424, win 1002, options [nop,nop,TS val 554578 ecr 17312153], length 0
10:27:29.743657 IP linux11.unix.nt.51451 > 10.0.35.100.ssh: Flags [.], ack 19776, win 1002, options [nop,nop,TS val 17835869 ecr 17312153], length 0
10:27:29.743666 IP linux6.unix.nt.48936 > 10.0.35.100.ssh: Flags [.], ack 19776, win 1002, options [nop,nop,TS val 22253151 ecr 17312153], length 0
10:27:29.743681 IP 10.0.35.100.ssh > linux15.unix.nt.58191: Flags [P.], seq 19504:19776, ack 1, win 857, options [nop,nop,TS val 17312153 ecr 804064], length 272
...
10:27:29.879617 ARP, Request who-has 10.0.3.4 tell 10.0.10.17, length 46
10:27:29.879722 IP 10.0.35.100.32769 > 10.0.35.1.domain: 48851+ PTR? 17.10.0.10.in-addr.arpa. (41)
10:27:29.884126 IP 10.0.40.116.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:27:29.921750 IP 10.0.1.3.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:27:29.956378 ARP, Request who-has 10.0.1.124 tell 10.0.1.120, length 46
10:27:29.971983 ARP, Request who-has 10.0.1.120 tell 10.0.1.124, length 46
10:27:29.999866 IP 10.0.35.1.domain > 10.0.35.100.32769: 48851 NXDomain 0/1/0 (118)
10:27:30.080382 00:16:3e:04:00:12 (oui Unknown) > Broadcast, ethertype Unknown (0x88a2), length 32:
        0x0000:  1000 ffff ff01 0000 0000 0000 0000 0000  ................
        0x0010:  0000                                     ..
10:27:30
#10:27:30.559819 IP 10.0.35.100.32769 > 10.0.35.1.domain: 43253+ A? xgu.ru. (24)
10:27:30.560099 IP 10.0.35.1.domain > 10.0.35.100.32769: 43253 1/3/0 A 194.150.93.78 (106)
10:27:30.560293 IP 10.0.35.100.53453 > chub.in.18030: Flags [S], seq 1632754115, win 5840, options [mss 1460,sackOK,TS val 17312358 ecr 0,nop,wscale 4], length 0
10:27:30.567072 IP chub.in.18030 > 10.0.35.100.53453: Flags [S.], seq 841620857, ack 1632754116, win 5792, options [mss 1460,sackOK,TS val 687697836 ecr 17312358,nop,wscale 7], length 0
10:27:30.567082 IP 10.0.35.100.53453 > chub.in.18030: Flags [.], ack 1, win 365, options [nop,nop,TS val 17312360 ecr 687697836], length 0
10:27:30.567206 IP 10.0.35.100.53453 > chub.in.18030: Flags [.], seq 1:2897, ack 1, win 365, options [nop,nop,TS val 17312360 ecr 687697836], length 2896
10:27:30.567211 IP 10.0.35.100.53453 > chub.in.18030: Flags [P.], seq 2897:4097, ack 1, win 365, options [nop,nop,TS val 17312360 ecr 687697836], length 1200
10:27:30.575272 IP chub.in.18030 > 10.0.35.100.53453: Flags [.], ack 1449, win 68, options [nop,nop,TS val 687697838 ecr 17312360], length 0
10:27:30.575279 IP 10.0.35.100.53453 > chub.in.18030: Flags [.], seq 4097:6993, ack 1, win 365, options [nop,nop,TS val 17312362 ecr 687697838], length 2896
10:27:30.583671 IP chub.in.18030 > 10.0.35.100.53453: Flags [.], ack 2897, win 91, options [nop,nop,TS val 687697839 ecr 17312360], length 0
10:27:30.583677 IP 10.0.35.100.53453 > chub.in.18030: Flags [.], seq 6993:9889, ack 1, win 365, options [nop,nop,TS val 17312363 ecr 687697839], length 2896
...
10:27:30.716086 IP chub.in.18030 > 10.0.35.100.53453: Flags [.], ack 134417, win 614, options [nop,nop,TS val 687697872 ecr 17312376,nop,nop,sack 2 {131521:132969}{140209:155101}], length 0
10:27:30.716168 IP chub.in.18030 > 10.0.35.100.53453: Flags [.], ack 134417, win 614, options [nop,nop,TS val 687697872 ecr 17312391,nop,nop,sack 2 {132969:134417}{140209:155101}], length 0
10:27:30.716304 IP chub.in.18030 > 10.0.35.100.53453: Flags [.], ack 135865, win 637, options [nop,nop,TS val 687697872 ecr 17312391,nop,nop,sack 1 {140209:155101}], length 0
10:27:30.716310 IP 10.0.35.100.53453 > chub.in.18030: Flags [.], seq 138761:140209, ack 1, win 365, options [nop,nop,TS val 17312397 ecr 687697872], length 1448
10:27:30.716434 IP chub.in.18030 > 10.0.35.100.53453: Flags [.], ack 137313, win 660, options [nop,nop,TS val 687697872 ecr 17312391,nop,nop,sack 1 {140209:155101}], length 0
10:27:30.716541 IP chub.in.18030 > 10.0.35.100.53453: Flags [.], ack 138761, win 670, options [nop,nop,TS val 687697872 ecr 17312391,nop,nop,sack 1 {140209:155101}], length 0
10:27:30.724155 IP chub.in.18030 > 10.0.35.100.53453: Flags [.], ack 155101, win 670, options [nop,nop,TS val 687697875 ecr 17312397], length 0
10:27:30.729317 IP chub.in.18030 > 10.0.35.100.53453: Flags [F.], seq 1, ack 155101, win 682, options [nop,nop,TS val 687697877 ecr 17312397], length 0
10:27:30.729324 IP 10.0.35.100.53453 > chub.in.18030: Flags [.], ack 2, win 365, options [nop,nop,TS val 17312400 ecr 687697877], length 0
10:27:31.041230 IP 10.0.40.116.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:27:31
#10:27:31.347440 ARP, Request who-has 10.0.52.1 tell 10.0.1.7, length 46
10:27:34.745941 IP 192.168.103.2.55618 > 10.0.35.100.ssh: Flags [.], ack 21792, win 1002, options [nop,nop,TS val 286258 ecr 17313403], length 0
10:27:34.745944 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 21440, win 1002, options [nop,nop,TS val 803908 ecr 17313403], length 0
10:27:34.746093 IP 192.168.107.2.50456 > 10.0.35.100.ssh: Flags [.], ack 21440, win 1002, options [nop,nop,TS val 22368415 ecr 17313403], length 0
10:27:34.746823 IP 192.168.105.2.39155 > 10.0.35.100.ssh: Flags [.], ack 21440, win 1002, options [nop,nop,TS val 377047 ecr 17313403], length 0
10:27:34.756124 ARP, Request who-has 10.0.20.201 tell 10.0.1.7, length 46
10:27:34.780519 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [P.], seq 7697:7745, ack 27820, win 1002, options [nop,nop,TS val 23208761 ecr 17313403], length 48
10:27:34.781144 IP 10.0.35.100.ssh > linux6.unix.nt.48936: Flags [P.], seq 21792:21936, ack 49, win 857, options [nop,nop,TS val 17313413 ecr 22254402], length 144
10:27:34.781175 IP 10.0.35.100.ssh > linux9.unix.nt.58891: Flags [P.], seq 21440:21584, ack 1, win 857, options [nop,nop,TS val 17313413 ecr 555828], length 144
10:27:34.781201 IP 10.0.35.100.ssh > 192.168.106.2.56161: Flags [P.], seq 21440:21584, ack 1, win 857, options [nop,nop,TS val 17313413 ecr 522988], length 144
10:27:34.781232 IP 10.0.35.100.ssh > linux11.unix.nt.51451: Flags [P.], seq 21792:21936, ack 1, win 857, options [nop,nop,TS val 17313413 ecr 17837120], length 144
...
10:27:36.504923 IP linux11.unix.nt.51451 > 10.0.35.100.ssh: Flags [.], ack 22544, win 1002, options [nop,nop,TS val 17837560 ecr 17313844], length 0
10:27:36.504928 IP 192.168.106.2.56161 > 10.0.35.100.ssh: Flags [.], ack 22192, win 1002, options [nop,nop,TS val 523428 ecr 17313844], length 0
10:27:36.504929 IP 192.168.102.2.50364 > 10.0.35.100.ssh: Flags [.], ack 22544, win 1002, options [nop,nop,TS val 110290 ecr 17313844], length 0
10:27:36.504963 IP 10.0.35.100.ssh > 192.168.108.2.60432: Flags [P.], seq 22032:22192, ack 1, win 857, options [nop,nop,TS val 17313844 ecr 804284], length 160
10:27:36.505005 IP 10.0.35.100.ssh > 192.168.15.253.43536: Flags [P.], seq 28412:28572, ack 7937, win 956, options [nop,nop,TS val 17313844 ecr 23209191], length 160
10:27:36.505174 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [.], ack 28572, win 1002, options [nop,nop,TS val 23209192 ecr 17313844], length 0
10:27:36.505184 IP linux15.unix.nt.58191 > 10.0.35.100.ssh: Flags [.], ack 22544, win 1002, options [nop,nop,TS val 805755 ecr 17313844], length 0
10:27:36.505220 IP 192.168.103.2.55618 > 10.0.35.100.ssh: Flags [.], ack 22544, win 1002, options [nop,nop,TS val 286697 ecr 17313844], length 0
10:27:36.505278 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 22192, win 1002, options [nop,nop,TS val 804347 ecr 17313844], length 0
10:27:36.505426 IP 192.168.107.2.50456 > 10.0.35.100.ssh: Flags [.], ack 22192, win 1002, options [nop,nop,TS val 22368855 ecr 17313844], length 0
/dev/pts/0
10:27:43
#man -k cap
10:27:50
#man -k tcpdump
10:27:59
#man tcpdump
/dev/pts/22
10:28:25
#10:28:26.002939 ARP, Request who-has 192.168.14.10 tell 192.168.14.1, length 46
10:28:29.155668 IP 10.0.35.100.ssh > linux3.unix.nt.33397: Flags [P.], seq 94336:94640, ack 49, win 857, options [nop,nop,TS val 17327005 ecr 286149], length 304
10:28:29.155696 IP 10.0.35.100.ssh > 192.168.105.2.39155: Flags [P.], seq 94336:94640, ack 49, win 857, options [nop,nop,TS val 17327005 ecr 390649], length 304
10:28:29.155716 IP linux9.unix.nt.58891 > 10.0.35.100.ssh: Flags [.], ack 94640, win 1002, options [nop,nop,TS val 569430 ecr 17327005], length 0
10:28:29.155726 IP 10.0.35.100.ssh > 192.168.103.2.55618: Flags [P.], seq 93712:94016, ack 49, win 857, options [nop,nop,TS val 17327005 ecr 299861], length 304
10:28:29.155753 IP 10.0.35.100.ssh > linux15.unix.nt.58191: Flags [P.], seq 93712:94016, ack 49, win 857, options [nop,nop,TS val 17327005 ecr 818917], length 304
10:28:29.155781 IP 10.0.35.100.ssh > 192.168.107.2.50456: Flags [P.], seq 94336:94640, ack 49, win 857, options [nop,nop,TS val 17327005 ecr 22382017], length 304
10:28:29.155812 IP 10.0.35.100.ssh > 192.168.108.2.60432: Flags [P.], seq 94336:94640, ack 49, win 857, options [nop,nop,TS val 17327005 ecr 817509], length 304
10:28:29.155842 IP 10.0.35.100.ssh > 192.168.15.253.43536: Flags [P.], seq 99740:100044, ack 14321, win 956, options [nop,nop,TS val 17327005 ecr 23222353], length 304
10:28:29.155886 IP linux13.unix.nt.51768 > 10.0.35.100.ssh: Flags [.], ack 103184, win 998, options [nop,nop,TS val 16767501 ecr 17327005], length 0
10:28:29.155908 IP linux3.unix.nt.33397 > 10.0.35.100.ssh: Flags [.], ack 94640, win 998, options [nop,nop,TS val 286149 ecr 17327005], length 0
...
10:28:29.851280 IP 10.0.35.100.ssh > 192.168.105.2.39155: Flags [P.], seq 95616:95920, ack 49, win 857, options [nop,nop,TS val 17327179 ecr 390650], length 304
10:28:29.851294 IP linux9.unix.nt.58891 > 10.0.35.100.ssh: Flags [.], ack 95920, win 1002, options [nop,nop,TS val 569604 ecr 17327179], length 0
10:28:29.851311 IP 10.0.35.100.ssh > 192.168.103.2.55618: Flags [P.], seq 94992:95296, ack 49, win 857, options [nop,nop,TS val 17327179 ecr 300034], length 304
10:28:29.851325 IP linux11.unix.nt.51451 > 10.0.35.100.ssh: Flags [.], ack 95296, win 1002, options [nop,nop,TS val 17850897 ecr 17327179], length 0
10:28:29.851348 IP 10.0.35.100.ssh > linux15.unix.nt.58191: Flags [P.], seq 94992:95296, ack 49, win 857, options [nop,nop,TS val 17327179 ecr 819091], length 304
10:28:29.851383 IP 10.0.35.100.ssh > 192.168.107.2.50456: Flags [P.], seq 95616:95920, ack 49, win 857, options [nop,nop,TS val 17327179 ecr 22382190], length 304
10:28:29.851409 IP 10.0.35.100.ssh > 192.168.108.2.60432: Flags [P.], seq 95616:95920, ack 49, win 857, options [nop,nop,TS val 17327179 ecr 817683], length 304
10:28:29.851492 IP 10.0.35.100.ssh > 192.168.15.253.43536: Flags [P.], seq 101020:101324, ack 14369, win 956, options [nop,nop,TS val 17327179 ecr 23222527], length 304
10:28:29.851511 IP linux13.unix.nt.51768 > 10.0.35.100.ssh: Flags [.], ack 104464, win 1002, options [nop,nop,TS val 16767675 ecr 17327179], length 0
10:28:29.851513 IP linux3.unix.nt.33397 > 10.0.35.100.ssh: Flags [.], ack 95920, win 1002, options [nop,nop,TS val 286323 ecr 17327179], length 0
10:28:29
#10:28:30.081460 00:16:3e:04:00:12 (oui Unknown) > Broadcast, ethertype Unknown (0x88a2), length 32:
10:28:31.145901 IP linux13.unix.nt.51768 > 10.0.35.100.ssh: Flags [.], ack 107808, win 1002, options [nop,nop,TS val 16767999 ecr 17327501], length 0
10:28:31.145949 IP linux3.unix.nt.33397 > 10.0.35.100.ssh: Flags [.], ack 99264, win 982, options [nop,nop,TS val 286646 ecr 17327501], length 0
10:28:31.146019 IP 192.168.105.2.39155 > 10.0.35.100.ssh: Flags [.], ack 99008, win 1002, options [nop,nop,TS val 391146 ecr 17327501], length 0
10:28:31.146022 IP 192.168.102.2.50364 > 10.0.35.100.ssh: Flags [.], ack 98640, win 1002, options [nop,nop,TS val 123950 ecr 17327501], length 0
10:28:31.146031 IP 192.168.106.2.56161 > 10.0.35.100.ssh: Flags [.], ack 99264, win 1002, options [nop,nop,TS val 537088 ecr 17327501], length 0
10:28:31.146129 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [.], ack 104668, win 1002, options [nop,nop,TS val 23222851 ecr 17327501], length 0
10:28:31.146195 IP linux15.unix.nt.58191 > 10.0.35.100.ssh: Flags [.], ack 98640, win 1002, options [nop,nop,TS val 819415 ecr 17327501], length 0
10:28:31.146259 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 99264, win 1002, options [nop,nop,TS val 818007 ecr 17327501], length 0
10:28:31.146298 IP 192.168.103.2.55618 > 10.0.35.100.ssh: Flags [.], ack 98640, win 1002, options [nop,nop,TS val 300358 ecr 17327501], length 0
10:28:31.146300 IP 192.168.107.2.50456 > 10.0.35.100.ssh: Flags [.], ack 99264, win 1002, options [nop,nop,TS val 22382514 ecr 17327501], length 0
...
10:28:32.546432 IP linux13.unix.nt.51768 > 10.0.35.100.ssh: Flags [.], ack 109328, win 1002, options [nop,nop,TS val 16768349 ecr 17327853], length 0
10:28:32.546453 IP 192.168.102.2.50364 > 10.0.35.100.ssh: Flags [.], ack 100160, win 1002, options [nop,nop,TS val 124300 ecr 17327853], length 0
10:28:32.546494 IP 192.168.106.2.56161 > 10.0.35.100.ssh: Flags [.], ack 100784, win 1002, options [nop,nop,TS val 537438 ecr 17327853], length 0
10:28:32.546620 IP 192.168.15.253.43536 > 10.0.35.100.ssh: Flags [.], ack 106188, win 1002, options [nop,nop,TS val 23223201 ecr 17327853], length 0
10:28:32.546655 IP linux15.unix.nt.58191 > 10.0.35.100.ssh: Flags [.], ack 100160, win 1002, options [nop,nop,TS val 819765 ecr 17327853], length 0
10:28:32.546734 IP 192.168.108.2.60432 > 10.0.35.100.ssh: Flags [.], ack 100784, win 1002, options [nop,nop,TS val 818357 ecr 17327853], length 0
10:28:32.546818 IP 192.168.107.2.50456 > 10.0.35.100.ssh: Flags [.], ack 100784, win 1002, options [nop,nop,TS val 22382864 ecr 17327853], length 0
10:28:32.546844 IP 192.168.103.2.55618 > 10.0.35.100.ssh: Flags [.], ack 100160, win 1002, options [nop,nop,TS val 300709 ecr 17327853], length 0
10:28:32.546877 IP 192.168.105.2.39155 > 10.0.35.100.ssh: Flags [.], ack 100480, win 1002, options [nop,nop,TS val 391497 ecr 17327853], length 0
10:28:32.546881 IP 192.168.105.2.39155 > 10.0.35.100.ssh: Flags [.], ack 100784, win 998, options [nop,nop,TS val 391497 ecr 17327853], length 0
/dev/pts/0
10:28:47
#apt-cache search bpf
libpfm3-3.2 - Performance Monitor Unit (PMU) -- run-time libraries
libpfm3-3.2-dev - Performance Monitor Unit (PMU) -- development files
libpfqueue-dev - interactive console-based tool to control MTA queues (development)
libpfqueue0 - interactive console-based tool to control MTA queues (library)
libpfs-1.2-0 - C++ library to read and write pfs files
libpfs-dev - C++ library to read and write pfs files (development files)
ngrep - grep for network traffic
pktstat - top-like utility for network connections usage
10:28:54
#d. /etc/bash_cзлп
bash: /etc/bash_cзлп: Нет такого файла или каталога
10:29:19
#. /etc/bash_cзcompletion

10:29:23
#Ð

10:29:24
#dpkg -L libp
libpam0g            libpango1.0-common  libpixman-1-0
libpam-modules      libpcap0.8          libpng12-0
libpam-runtime      libpci2             libpod-readme-perl
libpango1.0-0       libpcre3            libpopt0
10:29:24
#dpkg -L libpcap0.8
/.
/usr
/usr/lib
/usr/lib/libpcap.so.1.0.0
/usr/share
/usr/share/doc
/usr/share/doc/libpcap0.8
/usr/share/doc/libpcap0.8/changelog.gz
/usr/share/doc/libpcap0.8/changelog.Debian.gz
/usr/share/doc/libpcap0.8/CREDITS.gz
/usr/share/doc/libpcap0.8/copyright
/usr/share/doc/libpcap0.8/README.gz
/usr/share/doc/libpcap0.8/README.Debian
/usr/lib/libpcap.so.0.8
/dev/pts/24
10:30:29
#lspci
00:00.0 Host bridge: Intel Corporation 82P965/G965 Memory Controller Hub (rev 02)
00:02.0 VGA compatible controller: Intel Corporation 82G965 Integrated Graphics Controller (rev 02)
00:1a.0 USB Controller: Intel Corporation 82801H (ICH8 Family) USB UHCI Controller #4 (rev 02)
00:1a.1 USB Controller: Intel Corporation 82801H (ICH8 Family) USB UHCI Controller #5 (rev 02)
00:1a.7 USB Controller: Intel Corporation 82801H (ICH8 Family) USB2 EHCI Controller #2 (rev 02)
00:1b.0 Audio device: Intel Corporation 82801H (ICH8 Family) HD Audio Controller (rev 02)
00:1c.0 PCI bridge: Intel Corporation 82801H (ICH8 Family) PCI Express Port 1 (rev 02)
00:1c.1 PCI bridge: Intel Corporation 82801H (ICH8 Family) PCI Express Port 2 (rev 02)
00:1d.0 USB Controller: Intel Corporation 82801H (ICH8 Family) USB UHCI Controller #1 (rev 02)
00:1d.1 USB Controller: Intel Corporation 82801H (ICH8 Family) USB UHCI Controller #2 (rev 02)
00:1d.2 USB Controller: Intel Corporation 82801H (ICH8 Family) USB UHCI Controller #3 (rev 02)
00:1d.7 USB Controller: Intel Corporation 82801H (ICH8 Family) USB2 EHCI Controller #1 (rev 02)
00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev f2)
00:1f.0 ISA bridge: Intel Corporation 82801HB/HR (ICH8/R) LPC Interface Controller (rev 02)
00:1f.2 IDE interface: Intel Corporation 82801H (ICH8 Family) 4 port SATA IDE Controller (rev 02)
00:1f.3 SMBus: Intel Corporation 82801H (ICH8 Family) SMBus Controller (rev 02)
00:1f.5 IDE interface: Intel Corporation 82801H (ICH8 Family) 2 port SATA IDE Controller (rev 02)
01:00.0 IDE interface: JMicron Technologies, Inc. JMB368 IDE controller
02:00.0 Ethernet controller: Attansic Technology Corp. L1 Gigabit Ethernet Adapter (rev b0)
10:30:31
#find /sys -name \*02:00.0\*
/sys/devices/pci0000:00/0000:00:1c.0/0000:02:00.0
/sys/bus/pci/devices/0000:02:00.0
/sys/bus/pci/drivers/atl1/0000:02:00.0
10:30:54
#find /sys -name \*02:00.0\* | grep driver
/sys/bus/pci/drivers/atl1/0000:02:00.0
10:31:55
#find /sys -name \*02:00.0\* | grep driver
/sys/bus/pci/drivers/atl1/0000:02:00.0
10:32:32
#modinfo atl1
filename:       /lib/modules/2.6.29-2-686/kernel/drivers/net/atlx/atl1.ko
description:    Atheros L1 Gigabit Ethernet Driver
version:        2.1.3
license:        GPL
author:         Xiong Huang <xiong.huang@atheros.com>,  Chris Snook <csnook@redhat.com>, Jay Cliburn <jcliburn@gmail.com>
srcversion:     D6016237A6BE3B49B78E322
alias:          pci:v00001969d00001048sv*sd*bc*sc*i*
depends:        mii
vermagic:       2.6.29-2-686 SMP mod_unload modversions 686
parm:           int_mod_timer:Interrupt moderator timer (array of int)
parm:           debug:Message level (0=none,...,16=all) (int)
10:32:43
#modinfo mii
filename:       /lib/modules/2.6.29-2-686/kernel/drivers/net/mii.ko
license:        GPL
description:    MII hardware support library
author:         Jeff Garzik <jgarzik@pobox.com>
depends:
vermagic:       2.6.29-2-686 SMP mod_unload modversions 686
10:33:01
#apt-cache search ethtool
ethtool - display or change Ethernet device settings
ifplugd - configuration daemon for ethernet devices
/dev/pts/22
10:33:22
#10:33:23.333479 ARP, Request who-has 10.0.10.223 tell 10.0.10.222, length 46
10:33:23.607176 IP 10.0.40.21.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:33:23.777068 ARP, Request who-has 10.0.1.5 (Broadcast) tell 10.0.1.5, length 46
10:33:23.779110 ARP, Request who-has 10.0.13.2 (Broadcast) tell 10.0.13.2, length 46

Статистика

Время первой команды журнала16:47:23 2009- 6- 1
Время последней команды журнала10:33:22 2009- 6- 2
Количество командных строк в журнале101
Процент команд с ненулевым кодом завершения, %41.58
Процент синтаксически неверно набранных команд, % 0.99
Суммарное время работы с терминалом *, час 1.58
Количество командных строк в единицу времени, команда/мин 1.06
Частота использования команд
screen29|=====================| 21.97%
10.0.35.100.ssh:10|=======| 7.58%
tcpdump10|=======| 7.58%
apt-cache5|===| 3.79%
REQUEST3|==| 2.27%
10.255.255.255.netbios-ns:3|==| 2.27%
man3|==| 2.27%
BROADCAST3|==| 2.27%
find3|==| 2.27%
dpkg2|=| 1.52%
grep2|=| 1.52%
ssh2|=| 1.52%
w2|=| 1.52%
modinfo2|=| 1.52%
less2|=| 1.52%
10:27:21.5631471|| 0.76%
10:28:26.0029391|| 0.76%
10:27:19.6912441|| 0.76%
10:27:15.3056981|| 0.76%
10:27:19.1848451|| 0.76%
pkill1|| 0.76%
10:28:30.0814601|| 0.76%
10.0.35.1.domain:1|| 0.76%
10:27:00.1615681|| 0.76%
linux6.unix.nt.48936:1|| 0.76%
10:27:04.1615161|| 0.76%
.1|| 0.76%
10:26:59.5341431|| 0.76%
10:27:23.3944321|| 0.76%
10:27:18.5800231|| 0.76%
/etc/init.d/ssh1|| 0.76%
10:27:01.2616581|| 0.76%
Broadcast,1|| 0.76%
10:26:18.0917441|| 0.76%
alias1|| 0.76%
Ð1|| 0.76%
!scre1|| 0.76%
10:27:31.3474401|| 0.76%
d.1|| 0.76%
10:27:05.7951841|| 0.76%
lspci1|| 0.76%
10:26:57.9625951|| 0.76%
ыскÑscreen1|| 0.76%
10:27:29.7263191|| 0.76%
kill1|| 0.76%
10:27:23.0382191|| 0.76%
10:26:55.1655011|| 0.76%
10.255.255.255.3052:1|| 0.76%
10:27:21.2110691|| 0.76%
224.0.0.252:1|| 0.76%
10:27:00.5917871|| 0.76%
10:27:24.6224011|| 0.76%
10:27:11.1623791|| 0.76%
10:27:01.6942831|| 0.76%
10:27:17.5153041|| 0.76%
10:27:30.5598191|| 0.76%
chub.in.18030:1|| 0.76%
ls1|| 0.76%
255.255.255.255.1211:1|| 0.76%
10:27:08.8510051|| 0.76%
10:27:03.3052801|| 0.76%
10:27:10.4277891|| 0.76%
ыÑssh1|| 0.76%
10:33:23.3334791|| 0.76%
10:27:07.5145701|| 0.76%
not1|| 0.76%
____
*) Интервалы неактивности длительностью 30 минут и более не учитываются

Справка

Для того чтобы использовать LiLaLo, не нужно знать ничего особенного: всё происходит само собой. Однако, чтобы ведение и последующее использование журналов было как можно более эффективным, желательно иметь в виду следующее:
  1. В журнал автоматически попадают все команды, данные в любом терминале системы.

  2. Для того чтобы убедиться, что журнал на текущем терминале ведётся, и команды записываются, дайте команду w. В поле WHAT, соответствующем текущему терминалу, должна быть указана программа script.

  3. Команды, при наборе которых были допущены синтаксические ошибки, выводятся перечёркнутым текстом:
    $ l s-l
    bash: l: command not found
    

  4. Если код завершения команды равен нулю, команда была выполнена без ошибок. Команды, код завершения которых отличен от нуля, выделяются цветом.
    $ test 5 -lt 4
    Обратите внимание на то, что код завершения команды может быть отличен от нуля не только в тех случаях, когда команда была выполнена с ошибкой. Многие команды используют код завершения, например, для того чтобы показать результаты проверки

  5. Команды, ход выполнения которых был прерван пользователем, выделяются цветом.
    $ find / -name abc
    find: /home/devi-orig/.gnome2: Keine Berechtigung
    find: /home/devi-orig/.gnome2_private: Keine Berechtigung
    find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung
    find: /home/devi-orig/.metacity: Keine Berechtigung
    find: /home/devi-orig/.inkscape: Keine Berechtigung
    ^C
    

  6. Команды, выполненные с привилегиями суперпользователя, выделяются слева красной чертой.
    # id
    uid=0(root) gid=0(root) Gruppen=0(root)
    

  7. Изменения, внесённые в текстовый файл с помощью редактора, запоминаются и показываются в журнале в формате ed. Строки, начинающиеся символом "<", удалены, а строки, начинающиеся символом ">" -- добавлены.
    $ vi ~/.bashrc
    2a3,5
    >    if [ -f /usr/local/etc/bash_completion ]; then
    >         . /usr/local/etc/bash_completion
    >        fi
    

  8. Для того чтобы изменить файл в соответствии с показанными в диффшоте изменениями, можно воспользоваться командой patch. Нужно скопировать изменения, запустить программу patch, указав в качестве её аргумента файл, к которому применяются изменения, и всавить скопированный текст:
    $ patch ~/.bashrc
    В данном случае изменения применяются к файлу ~/.bashrc

  9. Для того чтобы получить краткую справочную информацию о команде, нужно подвести к ней мышь. Во всплывающей подсказке появится краткое описание команды.

    Если справочная информация о команде есть, команда выделяется голубым фоном, например: vi. Если справочная информация отсутствует, команда выделяется розовым фоном, например: notepad.exe. Справочная информация может отсутствовать в том случае, если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно; (3) если информация о команде неизвестна LiLaLo. Последнее возможно для редких команд.

  10. Большие, в особенности многострочные, всплывающие подсказки лучше всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer. В браузерах Mozilla и Firefox они отображаются не полностью, а вместо перевода строки выводится специальный символ.

  11. Время ввода команды, показанное в журнале, соответствует времени начала ввода командной строки, которое равно тому моменту, когда на терминале появилось приглашение интерпретатора

  12. Имя терминала, на котором была введена команда, показано в специальном блоке. Этот блок показывается только в том случае, если терминал текущей команды отличается от терминала предыдущей.

  13. Вывод не интересующих вас в настоящий момент элементов журнала, таких как время, имя терминала и других, можно отключить. Для этого нужно воспользоваться формой управления журналом вверху страницы.

  14. Небольшие комментарии к командам можно вставлять прямо из командной строки. Комментарий вводится прямо в командную строку, после символов #^ или #v. Символы ^ и v показывают направление выбора команды, к которой относится комментарий: ^ - к предыдущей, v - к следующей. Например, если в командной строке было введено:

    $ whoami
    
    user
    
    $ #^ Интересно, кто я?
    
    в журнале это будет выглядеть так:
    $ whoami
    
    user
    
    Интересно, кто я?

  15. Если комментарий содержит несколько строк, его можно вставить в журнал следующим образом:

    $ whoami
    
    user
    
    $ cat > /dev/null #^ Интересно, кто я?
    
    Программа whoami выводит имя пользователя, под которым 
    мы зарегистрировались в системе.
    -
    Она не может ответить на вопрос о нашем назначении 
    в этом мире.
    
    В журнале это будет выглядеть так:
    $ whoami
    user
    
    Интересно, кто я?
    Программа whoami выводит имя пользователя, под которым
    мы зарегистрировались в системе.

    Она не может ответить на вопрос о нашем назначении
    в этом мире.
    Для разделения нескольких абзацев между собой используйте символ "-", один в строке.

  16. Комментарии, не относящиеся непосредственно ни к какой из команд, добавляются точно таким же способом, только вместо симолов #^ или #v нужно использовать символы #=

  17. Содержимое файла может быть показано в журнале. Для этого его нужно вывести с помощью программы cat. Если вывод команды отметить симоволами #!, содержимое файла будет показано в журнале в специально отведённой для этого секции.
  18. Для того чтобы вставить скриншот интересующего вас окна в журнал, нужно воспользоваться командой l3shot. После того как команда вызвана, нужно с помощью мыши выбрать окно, которое должно быть в журнале.
  19. Команды в журнале расположены в хронологическом порядке. Если две команды давались одна за другой, но на разных терминалах, в журнале они будут рядом, даже если они не имеют друг к другу никакого отношения.
    1
        2
    3   
        4
    
    Группы команд, выполненных на разных терминалах, разделяются специальной линией. Под этой линией в правом углу показано имя терминала, на котором выполнялись команды. Для того чтобы посмотреть команды только одного сенса, нужно щёкнуть по этому названию.

О программе

LiLaLo (L3) расшифровывается как Live Lab Log.
Программа разработана для повышения эффективности обучения Unix/Linux-системам.
(c) Игорь Чубин, 2004-2008

$Id$