/l3/users/eb/2009/linux3/root :1 :2 :3 :4 :5 :6 :7 :8 :9 :10 :11 :12 :13 :14 :15 :16 :17 :18 :19 :20 :21 :22 :23 :24 :25 :26 :27 :28 :29 :30 :31 :32 :33 :34 :35 :36 :37 :38
[ править ]

Журнал лабораторных работ

Содержание

Журнал

Вторник (06/02/09)

/dev/pts/6
11:44:57
#tcpdump -i eth0 not port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
11:45:43.827291 LLDP, name ProCurve Switch 3400cl-48G, length 166
        [|LLDP]
^C
1 packets captured
1 packets received by filter
0 packets dropped by kernel
/dev/pts/5
11:45:47
#tcpdump -n -i eth0 not port 22 
11:45:54.124639 IP 192.168.102.2.38643 > 194.150.93.78.18030: Flags [.], ack 1, win 92, options [nop,nop,TS val 1495634 ecr 689084701], length 0
11:45:54.125226 IP 192.168.102.2.38643 > 194.150.93.78.18030: Flags [P.], seq 1:867, ack 1, win 92, options [nop,nop,TS val 1495634 ecr 689084701], length 866
11:45:54.125380 IP 192.168.102.2.38643 > 194.150.93.78.18030: Flags [F.], seq 867, ack 1, win 92, options [nop,nop,TS val 1495634 ecr 689084701], length 0
11:45:54.184220 IP 194.150.93.78.18030 > 192.168.102.2.38643: Flags [.], ack 1, win 46, options [nop,nop,TS val 689084716 ecr 1495634,nop,nop,sack 1 {867:868}], length 0
11:45:54.184342 IP 194.150.93.78.18030 > 192.168.102.2.38643: Flags [.], ack 868, win 59, options [nop,nop,TS val 689084716 ecr 1495634], length 0
11:45:54.186109 IP 194.150.93.78.18030 > 192.168.102.2.38643: Flags [F.], seq 1, ack 868, win 59, options [nop,nop,TS val 689084716 ecr 1495634], length 0
11:45:54.186118 IP 192.168.102.2.38643 > 194.150.93.78.18030: Flags [.], ack 2, win 92, options [nop,nop,TS val 1495649 ecr 689084716], length 0
11:46:13.978789 LLDP, name ProCurve Switch 3400cl-48G, length 166
        [|LLDP]
11:46:23.745512 IP 192.168.102.2.34915 > 10.0.35.1.53: 40456+ A? ya.ru. (23)
...
11:46:23.853780 IP 213.180.204.8 > 192.168.102.2: ICMP 213.180.204.8 udp port 33471 unreachable, length 68
11:46:23.853790 IP 213.180.204.8 > 192.168.102.2: ICMP 213.180.204.8 udp port 33475 unreachable, length 68
11:46:23.854583 IP 192.168.102.2.56358 > 10.0.35.1.53: 36284+ PTR? 8.204.180.213.in-addr.arpa. (44)
11:46:23.854978 IP 10.0.35.1.53 > 192.168.102.2.56358: 36284 1/2/2 (141)
11:46:33.678374 ARP, Request who-has 192.168.102.2 tell 192.168.102.1, length 46
11:46:33.678385 ARP, Reply 192.168.102.2 is-at 00:04:76:a0:a9:12, length 28
^C
148 packets captured
148 packets received by filter
0 packets dropped by kernel
/dev/pts/6
11:45:47
#tcpdump -n -i eth0 not port 22
11:45:54.124639 IP 192.168.102.2.38643 > 194.150.93.78.18030: Flags [.], ack 1, win 92, options [nop,nop,TS val 1495634 ecr 689084701], length 0
11:45:54.125226 IP 192.168.102.2.38643 > 194.150.93.78.18030: Flags [P.], seq 1:867, ack 1, win 92, options [nop,nop,TS val 1495634 ecr 689084701], length 866
11:45:54.125380 IP 192.168.102.2.38643 > 194.150.93.78.18030: Flags [F.], seq 867, ack 1, win 92, options [nop,nop,TS val 1495634 ecr 689084701], length 0
11:45:54.184220 IP 194.150.93.78.18030 > 192.168.102.2.38643: Flags [.], ack 1, win 46, options [nop,nop,TS val 689084716 ecr 1495634,nop,nop,sack 1 {867:868}], length 0
11:45:54.184342 IP 194.150.93.78.18030 > 192.168.102.2.38643: Flags [.], ack 868, win 59, options [nop,nop,TS val 689084716 ecr 1495634], length 0
11:45:54.186109 IP 194.150.93.78.18030 > 192.168.102.2.38643: Flags [F.], seq 1, ack 868, win 59, options [nop,nop,TS val 689084716 ecr 1495634], length 0
11:45:54.186118 IP 192.168.102.2.38643 > 194.150.93.78.18030: Flags [.], ack 2, win 92, options [nop,nop,TS val 1495649 ecr 689084716], length 0
11:46:13.978789 LLDP, name ProCurve Switch 3400cl-48G, length 166
        [|LLDP]
11:46:23.745512 IP 192.168.102.2.34915 > 10.0.35.1.53: 40456+ A? ya.ru. (23)
...
11:46:23.853780 IP 213.180.204.8 > 192.168.102.2: ICMP 213.180.204.8 udp port 33471 unreachable, length 68
11:46:23.853790 IP 213.180.204.8 > 192.168.102.2: ICMP 213.180.204.8 udp port 33475 unreachable, length 68
11:46:23.854583 IP 192.168.102.2.56358 > 10.0.35.1.53: 36284+ PTR? 8.204.180.213.in-addr.arpa. (44)
11:46:23.854978 IP 10.0.35.1.53 > 192.168.102.2.56358: 36284 1/2/2 (141)
11:46:33.678374 ARP, Request who-has 192.168.102.2 tell 192.168.102.1, length 46
11:46:33.678385 ARP, Reply 192.168.102.2 is-at 00:04:76:a0:a9:12, length 28
^C
148 packets captured
148 packets received by filter
0 packets dropped by kernel
/dev/pts/5
11:46:40
#tcpdump -i eth0 not port 22 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
11:46:44.155108 LLDP, name ProCurve Switch 3400cl-48G, length 166
        [|LLDP]
11:46:45.783966 IP 192.168.102.2.41500 > 10.0.35.1.domain: 53937+ A? xgu.ru. (24)
11:46:45.784327 IP 192.168.102.2.44225 > 10.0.35.1.domain: 1234+ PTR? 1.35.0.10.in-addr.arpa. (40)
11:46:45.784419 IP 10.0.35.1.domain > 192.168.102.2.41500: 53937 1/3/0 A 194.150.93.78 (106)
11:46:45.784522 IP 192.168.102.2.34207 > chub.in.18030: Flags [S], seq 3498674066, win 5840, options [mss 1460,sackOK,TS val 1508549 ecr 0,nop,wscale 6], length 0
11:46:45.784716 IP 10.0.35.1.domain > 192.168.102.2.44225: 1234 NXDomain 0/1/0 (117)
11:46:45.784775 IP 192.168.102.2.40212 > 10.0.35.1.domain: 24728+ PTR? 2.102.168.192.in-addr.arpa. (44)
...
11:46:45.836394 IP chub.in.18030 > 192.168.102.2.34207: Flags [F.], seq 1, ack 33018, win 501, options [nop,nop,TS val 689097631 ecr 1508558], length 0
11:46:45.836401 IP 192.168.102.2.34207 > chub.in.18030: Flags [.], ack 2, win 92, options [nop,nop,TS val 1508562 ecr 689097631], length 0
11:47:14.307053 LLDP, name ProCurve Switch 3400cl-48G, length 166
        [|LLDP]
11:47:44.483343 LLDP, name ProCurve Switch 3400cl-48G, length 166
        [|LLDP]
^C
49 packets captured
49 packets received by filter
0 packets dropped by kernel
/dev/pts/6
11:46:40
#tcpdump -i eth0 not port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
11:46:44.155108 LLDP, name ProCurve Switch 3400cl-48G, length 166
        [|LLDP]
11:46:45.783966 IP 192.168.102.2.41500 > 10.0.35.1.domain: 53937+ A? xgu.ru. (24)
11:46:45.784327 IP 192.168.102.2.44225 > 10.0.35.1.domain: 1234+ PTR? 1.35.0.10.in-addr.arpa. (40)
11:46:45.784419 IP 10.0.35.1.domain > 192.168.102.2.41500: 53937 1/3/0 A 194.150.93.78 (106)
11:46:45.784522 IP 192.168.102.2.34207 > chub.in.18030: Flags [S], seq 3498674066, win 5840, options [mss 1460,sackOK,TS val 1508549 ecr 0,nop,wscale 6], length 0
11:46:45.784716 IP 10.0.35.1.domain > 192.168.102.2.44225: 1234 NXDomain 0/1/0 (117)
11:46:45.784775 IP 192.168.102.2.40212 > 10.0.35.1.domain: 24728+ PTR? 2.102.168.192.in-addr.arpa. (44)
...
11:46:45.836394 IP chub.in.18030 > 192.168.102.2.34207: Flags [F.], seq 1, ack 33018, win 501, options [nop,nop,TS val 689097631 ecr 1508558], length 0
11:46:45.836401 IP 192.168.102.2.34207 > chub.in.18030: Flags [.], ack 2, win 92, options [nop,nop,TS val 1508562 ecr 689097631], length 0
11:47:14.307053 LLDP, name ProCurve Switch 3400cl-48G, length 166
        [|LLDP]
11:47:44.483343 LLDP, name ProCurve Switch 3400cl-48G, length 166
        [|LLDP]
^C
49 packets captured
49 packets received by filter
0 packets dropped by kernel
/dev/pts/5
11:47:49
#exit 
exit
Connection to 192.168.102.2 closed.
/dev/pts/6
11:47:49
#exit
exit
Connection to 192.168.102.2 closed.
/dev/pts/5
11:47:57
#vi /etc/hostname
/dev/pts/6
11:47:57
#vi /etc/hostname
--- /tmp/l3-saved-3393.23617.12118	2009-06-02 11:48:06.000000000 +0300
+++ /etc/hostname	2009-06-02 11:48:14.000000000 +0300
@@ -1 +1 @@
-linux4
+linux3
/dev/pts/5
11:48:14
#tcpdump -i eth0.102 -n not port 22 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.102, link-type EN10MB (Ethernet), capture size 96 bytes
11:49:02.575972 IP 192.168.102.2.44529 > 10.0.35.100.33434: UDP, length 32
11:49:02.576032 IP 192.168.102.1 > 192.168.102.2: ICMP time exceeded in-transit, length 68
11:49:02.576047 IP 192.168.102.2.37557 > 10.0.35.100.33435: UDP, length 32
11:49:02.576059 IP 192.168.102.1 > 192.168.102.2: ICMP time exceeded in-transit, length 68
11:49:02.576065 IP 192.168.102.2.41596 > 10.0.35.100.33436: UDP, length 32
11:49:02.576072 IP 192.168.102.1 > 192.168.102.2: ICMP time exceeded in-transit, length 68
11:49:02.576075 IP 192.168.102.2.47113 > 10.0.35.100.33437: UDP, length 32
11:49:02.576080 IP 192.168.102.2.45585 > 10.0.35.100.33438: UDP, length 32
...
11:49:05.752829 IP 192.168.102.2.34209 > 194.150.93.78.18030: Flags [F.], seq 837, ack 1, win 92, options [nop,nop,TS val 1543675 ecr 689132745], length 0
11:49:05.759371 IP 194.150.93.78.18030 > 192.168.102.2.34209: Flags [.], ack 837, win 59, options [nop,nop,TS val 689132746 ecr 1543675], length 0
11:49:05.763014 IP 194.150.93.78.18030 > 192.168.102.2.34209: Flags [F.], seq 1, ack 838, win 59, options [nop,nop,TS val 689132747 ecr 1543675], length 0
11:49:05.763100 IP 192.168.102.2.34209 > 194.150.93.78.18030: Flags [.], ack 2, win 92, options [nop,nop,TS val 1543678 ecr 689132747], length 0
11:49:07.574206 ARP, Request who-has 192.168.102.2 tell 192.168.102.1, length 28
11:49:07.574293 ARP, Reply 192.168.102.2 is-at 00:04:76:a0:a9:12, length 46
^C
49 packets captured
49 packets received by filter
0 packets dropped by kernel
/dev/pts/6
11:48:14
#tcpdump -i eth0.102 -n not port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.102, link-type EN10MB (Ethernet), capture size 96 bytes
11:49:02.575972 IP 192.168.102.2.44529 > 10.0.35.100.33434: UDP, length 32
11:49:02.576032 IP 192.168.102.1 > 192.168.102.2: ICMP time exceeded in-transit, length 68
11:49:02.576047 IP 192.168.102.2.37557 > 10.0.35.100.33435: UDP, length 32
11:49:02.576059 IP 192.168.102.1 > 192.168.102.2: ICMP time exceeded in-transit, length 68
11:49:02.576065 IP 192.168.102.2.41596 > 10.0.35.100.33436: UDP, length 32
11:49:02.576072 IP 192.168.102.1 > 192.168.102.2: ICMP time exceeded in-transit, length 68
11:49:02.576075 IP 192.168.102.2.47113 > 10.0.35.100.33437: UDP, length 32
11:49:02.576080 IP 192.168.102.2.45585 > 10.0.35.100.33438: UDP, length 32
...
11:49:05.752829 IP 192.168.102.2.34209 > 194.150.93.78.18030: Flags [F.], seq 837, ack 1, win 92, options [nop,nop,TS val 1543675 ecr 689132745], length 0
11:49:05.759371 IP 194.150.93.78.18030 > 192.168.102.2.34209: Flags [.], ack 837, win 59, options [nop,nop,TS val 689132746 ecr 1543675], length 0
11:49:05.763014 IP 194.150.93.78.18030 > 192.168.102.2.34209: Flags [F.], seq 1, ack 838, win 59, options [nop,nop,TS val 689132747 ecr 1543675], length 0
11:49:05.763100 IP 192.168.102.2.34209 > 194.150.93.78.18030: Flags [.], ack 2, win 92, options [nop,nop,TS val 1543678 ecr 689132747], length 0
11:49:07.574206 ARP, Request who-has 192.168.102.2 tell 192.168.102.1, length 28
11:49:07.574293 ARP, Reply 192.168.102.2 is-at 00:04:76:a0:a9:12, length 46
^C
49 packets captured
49 packets received by filter
0 packets dropped by kernel
/dev/pts/5
11:49:09
#tcpdump -i eth0.102 -n not port 22 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.102, link-type EN10MB (Ethernet), capture size 96 bytes
11:50:39.142326 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10909, seq 1, length 40
11:50:39.142365 IP 192.168.102.1 > 192.168.102.2: ICMP time exceeded in-transit, length 68
11:50:39.142379 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10909, seq 2, length 40
11:50:39.142390 IP 192.168.102.1 > 192.168.102.2: ICMP time exceeded in-transit, length 68
11:50:39.142396 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10909, seq 3, length 40
11:50:39.142403 IP 192.168.102.1 > 192.168.102.2: ICMP time exceeded in-transit, length 68
11:50:39.142408 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10909, seq 4, length 40
11:50:39.142412 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10909, seq 5, length 40
...
11:50:45.988541 IP 194.150.93.78.18030 > 192.168.102.2.34210: Flags [.], ack 1, win 46, options [nop,nop,TS val 689157806 ecr 1568734,nop,nop,sack 1 {840:841}], length 0
11:50:45.988628 IP 194.150.93.78.18030 > 192.168.102.2.34210: Flags [.], ack 841, win 59, options [nop,nop,TS val 689157806 ecr 1568734], length 0
11:50:45.990840 IP 194.150.93.78.18030 > 192.168.102.2.34210: Flags [F.], seq 1, ack 841, win 59, options [nop,nop,TS val 689157807 ecr 1568734], length 0
11:50:45.990918 IP 192.168.102.2.34210 > 194.150.93.78.18030: Flags [.], ack 2, win 92, options [nop,nop,TS val 1568737 ecr 689157807], length 0
11:50:50.970210 ARP, Request who-has 192.168.102.2 tell 192.168.102.1, length 28
11:50:50.970326 ARP, Reply 192.168.102.2 is-at 00:04:76:a0:a9:12, length 46
^C
65 packets captured
65 packets received by filter
0 packets dropped by kernel
/dev/pts/6
11:49:09
#tcpdump -i eth0.102 -n not port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.102, link-type EN10MB (Ethernet), capture size 96 bytes
11:50:39.142326 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10909, seq 1, length 40
11:50:39.142365 IP 192.168.102.1 > 192.168.102.2: ICMP time exceeded in-transit, length 68
11:50:39.142379 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10909, seq 2, length 40
11:50:39.142390 IP 192.168.102.1 > 192.168.102.2: ICMP time exceeded in-transit, length 68
11:50:39.142396 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10909, seq 3, length 40
11:50:39.142403 IP 192.168.102.1 > 192.168.102.2: ICMP time exceeded in-transit, length 68
11:50:39.142408 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10909, seq 4, length 40
11:50:39.142412 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10909, seq 5, length 40
...
11:50:45.988541 IP 194.150.93.78.18030 > 192.168.102.2.34210: Flags [.], ack 1, win 46, options [nop,nop,TS val 689157806 ecr 1568734,nop,nop,sack 1 {840:841}], length 0
11:50:45.988628 IP 194.150.93.78.18030 > 192.168.102.2.34210: Flags [.], ack 841, win 59, options [nop,nop,TS val 689157806 ecr 1568734], length 0
11:50:45.990840 IP 194.150.93.78.18030 > 192.168.102.2.34210: Flags [F.], seq 1, ack 841, win 59, options [nop,nop,TS val 689157807 ecr 1568734], length 0
11:50:45.990918 IP 192.168.102.2.34210 > 194.150.93.78.18030: Flags [.], ack 2, win 92, options [nop,nop,TS val 1568737 ecr 689157807], length 0
11:50:50.970210 ARP, Request who-has 192.168.102.2 tell 192.168.102.1, length 28
11:50:50.970326 ARP, Reply 192.168.102.2 is-at 00:04:76:a0:a9:12, length 46
^C
65 packets captured
65 packets received by filter
0 packets dropped by kernel
/dev/pts/5
11:51:09
#tcpdump -i eth0.102 -n not port 22 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.102, link-type EN10MB (Ethernet), capture size 96 bytes
11:51:14.785114 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10951, seq 1, length 40
11:51:14.785149 IP 192.168.102.1 > 192.168.102.2: ICMP time exceeded in-transit, length 68
11:51:14.785164 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10951, seq 2, length 40
11:51:14.785174 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10951, seq 3, length 40
11:51:14.785177 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10951, seq 4, length 40
11:51:14.785181 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10951, seq 5, length 40
11:51:14.785183 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10951, seq 6, length 40
11:51:14.785186 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10951, seq 7, length 40
...
11:51:16.098427 IP 194.150.93.78.18030 > 192.168.102.2.50576: Flags [.], ack 1, win 46, options [nop,nop,TS val 689165334 ecr 1576262,nop,nop,sack 1 {785:786}], length 0
11:51:16.098511 IP 194.150.93.78.18030 > 192.168.102.2.50576: Flags [.], ack 786, win 58, options [nop,nop,TS val 689165334 ecr 1576262], length 0
11:51:16.103168 IP 194.150.93.78.18030 > 192.168.102.2.50576: Flags [F.], seq 1, ack 786, win 58, options [nop,nop,TS val 689165336 ecr 1576262], length 0
11:51:16.103251 IP 192.168.102.2.50576 > 194.150.93.78.18030: Flags [.], ack 2, win 92, options [nop,nop,TS val 1576265 ecr 689165336], length 0
11:51:21.082209 ARP, Request who-has 192.168.102.2 tell 192.168.102.1, length 28
11:51:21.082306 ARP, Reply 192.168.102.2 is-at 00:04:76:a0:a9:12, length 46
^C
55 packets captured
55 packets received by filter
0 packets dropped by kernel
/dev/pts/6
11:51:09
#tcpdump -i eth0.102 -n not port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.102, link-type EN10MB (Ethernet), capture size 96 bytes
11:51:14.785114 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10951, seq 1, length 40
11:51:14.785149 IP 192.168.102.1 > 192.168.102.2: ICMP time exceeded in-transit, length 68
11:51:14.785164 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10951, seq 2, length 40
11:51:14.785174 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10951, seq 3, length 40
11:51:14.785177 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10951, seq 4, length 40
11:51:14.785181 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10951, seq 5, length 40
11:51:14.785183 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10951, seq 6, length 40
11:51:14.785186 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 10951, seq 7, length 40
...
11:51:16.098427 IP 194.150.93.78.18030 > 192.168.102.2.50576: Flags [.], ack 1, win 46, options [nop,nop,TS val 689165334 ecr 1576262,nop,nop,sack 1 {785:786}], length 0
11:51:16.098511 IP 194.150.93.78.18030 > 192.168.102.2.50576: Flags [.], ack 786, win 58, options [nop,nop,TS val 689165334 ecr 1576262], length 0
11:51:16.103168 IP 194.150.93.78.18030 > 192.168.102.2.50576: Flags [F.], seq 1, ack 786, win 58, options [nop,nop,TS val 689165336 ecr 1576262], length 0
11:51:16.103251 IP 192.168.102.2.50576 > 194.150.93.78.18030: Flags [.], ack 2, win 92, options [nop,nop,TS val 1576265 ecr 689165336], length 0
11:51:21.082209 ARP, Request who-has 192.168.102.2 tell 192.168.102.1, length 28
11:51:21.082306 ARP, Reply 192.168.102.2 is-at 00:04:76:a0:a9:12, length 46
^C
55 packets captured
55 packets received by filter
0 packets dropped by kernel
/dev/pts/5
11:51:24
#tcpdump -i eth0.102 -n not port 22 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.102, link-type EN10MB (Ethernet), capture size 96 bytes
11:52:22.054210 ARP, Request who-has 192.168.102.2 tell 192.168.102.1, length 28
11:52:22.054300 ARP, Reply 192.168.102.2 is-at 00:04:76:a0:a9:12, length 46
11:52:26.253438 IP 192.168.102.2.51202 > 10.0.35.1.53: 50315+ A? xgu.ru. (24)
11:52:26.253793 IP 10.0.35.1.53 > 192.168.102.2.51202: 50315 1/3/0 A 194.150.93.78 (106)
11:52:26.253981 IP 192.168.102.2.50577 > 194.150.93.78.18030: Flags [S], seq 247269307, win 5840, options [mss 1460,sackOK,TS val 1593804 ecr 0,nop,wscale 6], length 0
11:52:26.260042 IP 194.150.93.78.18030 > 192.168.102.2.50577: Flags [S.], seq 2815076957, ack 247269308, win 5792, options [mss 1460,sackOK,TS val 689182877 ecr 1593804,nop,wscale 7], length 0
11:52:26.260122 IP 192.168.102.2.50577 > 194.150.93.78.18030: Flags [.], ack 1, win 92, options [nop,nop,TS val 1593806 ecr 689182877], length 0
11:52:26.260269 IP 192.168.102.2.50577 > 194.150.93.78.18030: Flags [P.], seq 1:741, ack 1, win 92, options [nop,nop,TS val 1593806 ecr 689182877], length 740
...
11:52:36.366250 IP 192.168.102.2.50578 > 194.150.93.78.18030: Flags [P.], seq 1:741, ack 1, win 92, options [nop,nop,TS val 1596333 ecr 689185403], length 740
11:52:36.366266 IP 192.168.102.2.50578 > 194.150.93.78.18030: Flags [F.], seq 741, ack 1, win 92, options [nop,nop,TS val 1596333 ecr 689185403], length 0
11:52:36.375358 IP 194.150.93.78.18030 > 192.168.102.2.50578: Flags [.], ack 1, win 46, options [nop,nop,TS val 689185406 ecr 1596333,nop,nop,sack 1 {741:742}], length 0
11:52:36.375441 IP 194.150.93.78.18030 > 192.168.102.2.50578: Flags [.], ack 742, win 57, options [nop,nop,TS val 689185406 ecr 1596333], length 0
11:52:36.378233 IP 194.150.93.78.18030 > 192.168.102.2.50578: Flags [F.], seq 1, ack 742, win 57, options [nop,nop,TS val 689185407 ecr 1596333], length 0
11:52:36.378328 IP 192.168.102.2.50578 > 194.150.93.78.18030: Flags [.], ack 2, win 92, options [nop,nop,TS val 1596336 ecr 689185407], length 0
^C
57 packets captured
57 packets received by filter
0 packets dropped by kernel
/dev/pts/6
11:51:24
#tcpdump -i eth0.102 -n not port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.102, link-type EN10MB (Ethernet), capture size 96 bytes
11:52:22.054210 ARP, Request who-has 192.168.102.2 tell 192.168.102.1, length 28
11:52:22.054300 ARP, Reply 192.168.102.2 is-at 00:04:76:a0:a9:12, length 46
11:52:26.253438 IP 192.168.102.2.51202 > 10.0.35.1.53: 50315+ A? xgu.ru. (24)
11:52:26.253793 IP 10.0.35.1.53 > 192.168.102.2.51202: 50315 1/3/0 A 194.150.93.78 (106)
11:52:26.253981 IP 192.168.102.2.50577 > 194.150.93.78.18030: Flags [S], seq 247269307, win 5840, options [mss 1460,sackOK,TS val 1593804 ecr 0,nop,wscale 6], length 0
11:52:26.260042 IP 194.150.93.78.18030 > 192.168.102.2.50577: Flags [S.], seq 2815076957, ack 247269308, win 5792, options [mss 1460,sackOK,TS val 689182877 ecr 1593804,nop,wscale 7], length 0
11:52:26.260122 IP 192.168.102.2.50577 > 194.150.93.78.18030: Flags [.], ack 1, win 92, options [nop,nop,TS val 1593806 ecr 689182877], length 0
11:52:26.260269 IP 192.168.102.2.50577 > 194.150.93.78.18030: Flags [P.], seq 1:741, ack 1, win 92, options [nop,nop,TS val 1593806 ecr 689182877], length 740
...
11:52:36.366250 IP 192.168.102.2.50578 > 194.150.93.78.18030: Flags [P.], seq 1:741, ack 1, win 92, options [nop,nop,TS val 1596333 ecr 689185403], length 740
11:52:36.366266 IP 192.168.102.2.50578 > 194.150.93.78.18030: Flags [F.], seq 741, ack 1, win 92, options [nop,nop,TS val 1596333 ecr 689185403], length 0
11:52:36.375358 IP 194.150.93.78.18030 > 192.168.102.2.50578: Flags [.], ack 1, win 46, options [nop,nop,TS val 689185406 ecr 1596333,nop,nop,sack 1 {741:742}], length 0
11:52:36.375441 IP 194.150.93.78.18030 > 192.168.102.2.50578: Flags [.], ack 742, win 57, options [nop,nop,TS val 689185406 ecr 1596333], length 0
11:52:36.378233 IP 194.150.93.78.18030 > 192.168.102.2.50578: Flags [F.], seq 1, ack 742, win 57, options [nop,nop,TS val 689185407 ecr 1596333], length 0
11:52:36.378328 IP 192.168.102.2.50578 > 194.150.93.78.18030: Flags [.], ack 2, win 92, options [nop,nop,TS val 1596336 ecr 689185407], length 0
^C
57 packets captured
57 packets received by filter
0 packets dropped by kernel
/dev/pts/5
11:52:48
#tcpdump -i eth0.102 -n icmp 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.102, link-type EN10MB (Ethernet), capture size 96 bytes
11:53:00.814042 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 11060, seq 1, length 40
11:53:00.814078 IP 192.168.102.1 > 192.168.102.2: ICMP time exceeded in-transit, length 68
11:53:00.814091 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 11060, seq 2, length 40
11:53:00.814097 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 11060, seq 3, length 40
11:53:00.814101 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 11060, seq 4, length 40
11:53:00.814104 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 11060, seq 5, length 40
11:53:00.814107 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 11060, seq 6, length 40
11:53:00.814110 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 11060, seq 7, length 40
...
11:53:00.814626 IP 10.0.35.100 > 192.168.102.2: ICMP echo reply, id 11060, seq 14, length 40
11:53:00.814629 IP 10.0.35.100 > 192.168.102.2: ICMP echo reply, id 11060, seq 15, length 40
11:53:00.814690 IP 10.0.35.100 > 192.168.102.2: ICMP echo reply, id 11060, seq 16, length 40
11:53:00.814695 IP 10.0.35.100 > 192.168.102.2: ICMP echo reply, id 11060, seq 17, length 40
11:53:00.814699 IP 192.168.15.254 > 192.168.102.2: ICMP time exceeded in-transit, length 36
\
^C
34 packets captured
34 packets received by filter
0 packets dropped by kernel
/dev/pts/6
11:52:48
#tcpdump -i eth0.102 -n icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.102, link-type EN10MB (Ethernet), capture size 96 bytes
11:53:00.814042 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 11060, seq 1, length 40
11:53:00.814078 IP 192.168.102.1 > 192.168.102.2: ICMP time exceeded in-transit, length 68
11:53:00.814091 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 11060, seq 2, length 40
11:53:00.814097 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 11060, seq 3, length 40
11:53:00.814101 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 11060, seq 4, length 40
11:53:00.814104 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 11060, seq 5, length 40
11:53:00.814107 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 11060, seq 6, length 40
11:53:00.814110 IP 192.168.102.2 > 10.0.35.100: ICMP echo request, id 11060, seq 7, length 40
...
11:53:00.814626 IP 10.0.35.100 > 192.168.102.2: ICMP echo reply, id 11060, seq 14, length 40
11:53:00.814629 IP 10.0.35.100 > 192.168.102.2: ICMP echo reply, id 11060, seq 15, length 40
11:53:00.814690 IP 10.0.35.100 > 192.168.102.2: ICMP echo reply, id 11060, seq 16, length 40
11:53:00.814695 IP 10.0.35.100 > 192.168.102.2: ICMP echo reply, id 11060, seq 17, length 40
11:53:00.814699 IP 192.168.15.254 > 192.168.102.2: ICMP time exceeded in-transit, length 36
\
^C
34 packets captured
34 packets received by filter
0 packets dropped by kernel
/dev/pts/5
11:54:41
#tcpdump -i eth0 -n icmp 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
11:54:58.380643 IP 192.168.15.3 > 193.238.109.9: ICMP echo request, id 10834, seq 1, length 40
11:54:58.381263 IP 192.168.15.254 > 192.168.15.3: ICMP time exceeded in-transit, length 36
11:54:58.381840 IP 192.168.15.3 > 193.238.109.9: ICMP echo request, id 10834, seq 2, length 40
11:54:58.382115 IP 192.168.15.3 > 193.238.109.9: ICMP echo request, id 10834, seq 3, length 40
11:54:58.382515 IP 192.168.15.3 > 193.238.109.9: ICMP echo request, id 10834, seq 4, length 40
11:54:58.382783 IP 192.168.15.3 > 193.238.109.9: ICMP echo request, id 10834, seq 5, length 40
11:54:58.383041 IP 192.168.15.3 > 193.238.109.9: ICMP echo request, id 10834, seq 6, length 40
11:54:58.383301 IP 192.168.15.3 > 193.238.109.9: ICMP echo request, id 10834, seq 7, length 40
...
11:54:58.506733 IP 193.238.109.9 > 192.168.15.3: ICMP echo reply, id 10834, seq 21, length 40
11:54:58.506737 IP 193.238.109.9 > 192.168.15.3: ICMP echo reply, id 10834, seq 22, length 40
11:54:58.506739 IP 193.238.109.9 > 192.168.15.3: ICMP echo reply, id 10834, seq 23, length 40
11:54:58.506800 IP 193.238.109.9 > 192.168.15.3: ICMP echo reply, id 10834, seq 24, length 40
11:54:58.506807 IP 193.238.109.9 > 192.168.15.3: ICMP echo reply, id 10834, seq 25, length 40
11:54:58.506810 IP 193.238.109.9 > 192.168.15.3: ICMP echo reply, id 10834, seq 26, length 40
^C
52 packets captured
52 packets received by filter
0 packets dropped by kernel
/dev/pts/6
11:54:41
#tcpdump -i eth0 -n icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
11:54:58.380643 IP 192.168.15.3 > 193.238.109.9: ICMP echo request, id 10834, seq 1, length 40
11:54:58.381263 IP 192.168.15.254 > 192.168.15.3: ICMP time exceeded in-transit, length 36
11:54:58.381840 IP 192.168.15.3 > 193.238.109.9: ICMP echo request, id 10834, seq 2, length 40
11:54:58.382115 IP 192.168.15.3 > 193.238.109.9: ICMP echo request, id 10834, seq 3, length 40
11:54:58.382515 IP 192.168.15.3 > 193.238.109.9: ICMP echo request, id 10834, seq 4, length 40
11:54:58.382783 IP 192.168.15.3 > 193.238.109.9: ICMP echo request, id 10834, seq 5, length 40
11:54:58.383041 IP 192.168.15.3 > 193.238.109.9: ICMP echo request, id 10834, seq 6, length 40
11:54:58.383301 IP 192.168.15.3 > 193.238.109.9: ICMP echo request, id 10834, seq 7, length 40
...
11:54:58.506733 IP 193.238.109.9 > 192.168.15.3: ICMP echo reply, id 10834, seq 21, length 40
11:54:58.506737 IP 193.238.109.9 > 192.168.15.3: ICMP echo reply, id 10834, seq 22, length 40
11:54:58.506739 IP 193.238.109.9 > 192.168.15.3: ICMP echo reply, id 10834, seq 23, length 40
11:54:58.506800 IP 193.238.109.9 > 192.168.15.3: ICMP echo reply, id 10834, seq 24, length 40
11:54:58.506807 IP 193.238.109.9 > 192.168.15.3: ICMP echo reply, id 10834, seq 25, length 40
11:54:58.506810 IP 193.238.109.9 > 192.168.15.3: ICMP echo reply, id 10834, seq 26, length 40
^C
52 packets captured
52 packets received by filter
0 packets dropped by kernel
/dev/pts/5
11:56:00
#tcpdump -i eth0 -n icmp | grep excee 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
11:56:15.221903 IP 10.0.35.1 > 192.168.15.3: ICMP time exceeded in-transit, length 68
11:56:15.222105 IP 192.168.15.254 > 192.168.15.3: ICMP time exceeded in-transit, length 36
11:56:15.227901 IP 192.168.70.1 > 192.168.15.3: ICMP time exceeded in-transit, length 68
11:56:15.235685 IP 194.150.93.65 > 192.168.15.3: ICMP time exceeded in-transit, length 68
11:56:15.242988 IP 195.35.65.57 > 192.168.15.3: ICMP time exceeded in-transit, length 36
11:56:15.243034 IP 217.27.155.29 > 192.168.15.3: ICMP time exceeded in-transit, length 36
11:56:15.243041 IP 194.150.92.14 > 192.168.15.3: ICMP time exceeded in-transit, length 36
11:56:15.251312 IP 195.3.245.137 > 192.168.15.3: ICMP time exceeded in-transit, length 68
11:56:15.251345 IP 193.238.110.93 > 192.168.15.3: ICMP time exceeded in-transit, length 36
11:56:15.260853 IP 193.238.109.57 > 192.168.15.3: ICMP time exceeded in-transit, length 36
^C50 packets captured
50 packets received by filter
0 packets dropped by kernel
/dev/pts/6
11:56:00
#tcpdump -i eth0 -n icmp | grep excee 
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
11:56:15.221903 IP 10.0.35.1 > 192.168.15.3: ICMP time exceeded in-transit, length 68
11:56:15.222105 IP 192.168.15.254 > 192.168.15.3: ICMP time exceeded in-transit, length 36
11:56:15.227901 IP 192.168.70.1 > 192.168.15.3: ICMP time exceeded in-transit, length 68
11:56:15.235685 IP 194.150.93.65 > 192.168.15.3: ICMP time exceeded in-transit, length 68
11:56:15.242988 IP 195.35.65.57 > 192.168.15.3: ICMP time exceeded in-transit, length 36
11:56:15.243034 IP 217.27.155.29 > 192.168.15.3: ICMP time exceeded in-transit, length 36
11:56:15.243041 IP 194.150.92.14 > 192.168.15.3: ICMP time exceeded in-transit, length 36
11:56:15.251312 IP 195.3.245.137 > 192.168.15.3: ICMP time exceeded in-transit, length 68
11:56:15.251345 IP 193.238.110.93 > 192.168.15.3: ICMP time exceeded in-transit, length 36
11:56:15.260853 IP 193.238.109.57 > 192.168.15.3: ICMP time exceeded in-transit, length 36
^C50 packets captured
50 packets received by filter
0 packets dropped by kernel
/dev/pts/5
11:57:40
#сÑcat /etc/services 
hkp             11371/udp                       # OpenPGP HTTP Keyserver
bprd            13720/tcp                       # VERITAS NetBackup
bprd            13720/udp
bpdbm           13721/tcp                       # VERITAS NetBackup
bpdbm           13721/udp
bpjava-msvc     13722/tcp                       # BP Java MSVC Protocol
bpjava-msvc     13722/udp
vnetd           13724/tcp                       # Veritas Network Utility
vnetd           13724/udp
bpcd            13782/tcp                       # VERITAS NetBackup
...
vboxd           20012/tcp                       # voice box system
vboxd           20012/udp
binkp           24554/tcp                       # binkp fidonet protocol
asp             27374/tcp                       # Address Search Protocol
asp             27374/udp
csync2          30865/tcp                       # cluster synchronization tool
dircproxy       57000/tcp                       # Detachable IRC Proxy
tfido           60177/tcp                       # fidonet EMSI over telnet
fido            60179/tcp                       # fidonet EMSI over TCP
# Local services
/dev/pts/6
11:57:40
#сÑcat /etc/services
hkp             11371/udp                       # OpenPGP HTTP Keyserver
bprd            13720/tcp                       # VERITAS NetBackup
bprd            13720/udp
bpdbm           13721/tcp                       # VERITAS NetBackup
bpdbm           13721/udp
bpjava-msvc     13722/tcp                       # BP Java MSVC Protocol
bpjava-msvc     13722/udp
vnetd           13724/tcp                       # Veritas Network Utility
vnetd           13724/udp
bpcd            13782/tcp                       # VERITAS NetBackup
...
vboxd           20012/tcp                       # voice box system
vboxd           20012/udp
binkp           24554/tcp                       # binkp fidonet protocol
asp             27374/tcp                       # Address Search Protocol
asp             27374/udp
csync2          30865/tcp                       # cluster synchronization tool
dircproxy       57000/tcp                       # Detachable IRC Proxy
tfido           60177/tcp                       # fidonet EMSI over telnet
fido            60179/tcp                       # fidonet EMSI over TCP
# Local services
/dev/pts/5
12:00:01
#netstat -lnp 
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:9999            0.0.0.0:*               LISTEN      2642/inetd
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      2087/portmap
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2359/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2626/exim4
tcp6       0      0 :::22                   :::*                    LISTEN      2359/sshd
udp        0      0 0.0.0.0:111             0.0.0.0:*                           2087/portmap
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name    Path
...
unix  2      [ ACC ]     STREAM     LISTENING     7910     2907/ssh-agent      /tmp/ssh-ILQqgD2864/agent.2864
unix  2      [ ACC ]     STREAM     LISTENING     7960     2864/x-session-mana /tmp/.ICE-unix/2864
unix  2      [ ACC ]     STREAM     LISTENING     9251     3514/gconfd-2       /tmp/orbit-user/linc-dba-0-77498d5d5146b
unix  2      [ ACC ]     STREAM     LISTENING     9265     3511/notification-d /tmp/orbit-user/linc-db7-0-666bc305bec7
unix  2      [ ACC ]     STREAM     LISTENING     9362     3537/firefox-bin    /tmp/orbit-user/linc-dd1-0-1d74f3283a780
unix  2      [ ACC ]     STREAM     LISTENING     6581     2338/syslog-ng      /dev/log
unix  2      [ ACC ]     STREAM     LISTENING     6605     2348/dbus-daemon    /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     7959     2864/x-session-mana @/tmp/.ICE-unix/2864
unix  2      [ ACC ]     STREAM     LISTENING     7460     2758/gdm            /var/run/gdm_socket
unix  2      [ ACC ]     STREAM     LISTENING     6890     2636/lpd            /dev/printer
/dev/pts/6
12:00:01
#netstat -lnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:9999            0.0.0.0:*               LISTEN      2642/inetd
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      2087/portmap
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2359/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2626/exim4
tcp6       0      0 :::22                   :::*                    LISTEN      2359/sshd
udp        0      0 0.0.0.0:111             0.0.0.0:*                           2087/portmap
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name    Path
...
unix  2      [ ACC ]     STREAM     LISTENING     7910     2907/ssh-agent      /tmp/ssh-ILQqgD2864/agent.2864
unix  2      [ ACC ]     STREAM     LISTENING     7960     2864/x-session-mana /tmp/.ICE-unix/2864
unix  2      [ ACC ]     STREAM     LISTENING     9251     3514/gconfd-2       /tmp/orbit-user/linc-dba-0-77498d5d5146b
unix  2      [ ACC ]     STREAM     LISTENING     9265     3511/notification-d /tmp/orbit-user/linc-db7-0-666bc305bec7
unix  2      [ ACC ]     STREAM     LISTENING     9362     3537/firefox-bin    /tmp/orbit-user/linc-dd1-0-1d74f3283a780
unix  2      [ ACC ]     STREAM     LISTENING     6581     2338/syslog-ng      /dev/log
unix  2      [ ACC ]     STREAM     LISTENING     6605     2348/dbus-daemon    /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     7959     2864/x-session-mana @/tmp/.ICE-unix/2864
unix  2      [ ACC ]     STREAM     LISTENING     7460     2758/gdm            /var/run/gdm_socket
unix  2      [ ACC ]     STREAM     LISTENING     6890     2636/lpd            /dev/printer
/dev/pts/5
12:01:05
#netstat -lnp | grep [tu]cp 
tcp        0      0 0.0.0.0:9999            0.0.0.0:*               LISTEN      2642/inetd
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      2087/portmap
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2359/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2626/exim4
tcp6       0      0 :::22                   :::*                    LISTEN      2359/sshd
/dev/pts/6
12:01:05
#netstat -lnp | grep [tu]cp
tcp        0      0 0.0.0.0:9999            0.0.0.0:*               LISTEN      2642/inetd
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      2087/portmap
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2359/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2626/exim4
tcp6       0      0 :::22                   :::*                    LISTEN      2359/sshd
/dev/pts/5
12:01:27
#netstat -lnp | grep [tu][cd]p 
tcp        0      0 0.0.0.0:9999            0.0.0.0:*               LISTEN      2642/inetd
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      2087/portmap
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2359/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2626/exim4
tcp6       0      0 :::22                   :::*                    LISTEN      2359/sshd
udp        0      0 0.0.0.0:111             0.0.0.0:*                           2087/portmap
/dev/pts/6
12:01:27
#netstat -lnp | grep [tu][cd]p
tcp        0      0 0.0.0.0:9999            0.0.0.0:*               LISTEN      2642/inetd
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      2087/portmap
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2359/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2626/exim4
tcp6       0      0 :::22                   :::*                    LISTEN      2359/sshd
udp        0      0 0.0.0.0:111             0.0.0.0:*                           2087/portmap
/dev/pts/5
12:01:45
#netstat -lnp -A inet 
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:9999            0.0.0.0:*               LISTEN      2642/inetd
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      2087/portmap
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2359/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2626/exim4
udp        0      0 0.0.0.0:111             0.0.0.0:*                           2087/portmap
/dev/pts/6
12:01:45
#netstat -lnp -A inet
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:9999            0.0.0.0:*               LISTEN      2642/inetd
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      2087/portmap
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2359/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      2626/exim4
udp        0      0 0.0.0.0:111             0.0.0.0:*                           2087/portmap
/dev/pts/5
12:02:14
#пкgrep -v ^# /etc/inetd.conf 
9999            stream  tcp     nowait  approx  /usr/sbin/approx
/dev/pts/6
12:02:14
#пкgrep -v ^# /etc/inetd.conf
9999            stream  tcp     nowait  approx  /usr/sbin/approx
/dev/pts/5
12:10:52
#~ 
# Lines starting with "#:LABEL:" or "#<off>#" should not
# be changed unless you know what you are doing!
#
# If you want to disable an entry so it isn't touched during
# package updates just comment it out with a single '#' character.
#
# Packages should modify this file by using update-inetd(8)
#
# <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
#
...
~
~
~
~
~
~
~
~
~
"/etc/inetd.conf" 41L, 1198C written
/dev/pts/6
12:10:52
#~
# Lines starting with "#:LABEL:" or "#<off>#" should not
# be changed unless you know what you are doing!
#
# If you want to disable an entry so it isn't touched during
# package updates just comment it out with a single '#' character.
#
# Packages should modify this file by using update-inetd(8)
#
# <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
#
...
~
~
~
~
~
~
~
~
~
"/etc/inetd.conf" 41L, 1198C written
/dev/pts/5
12:13:19
#vi /etc/host
12:13:19
#vi /etc/host
/dev/pts/6
12:13:19
#vi /etc/host
12:13:19
#vi /etc/host
/dev/pts/5
12:13:19
#vi /etc/hosts.allow
/dev/pts/6
12:13:19
#vi /etc/hosts.allow
--- /tmp/l3-saved-3393.26144.20657	2009-06-02 12:13:44.000000000 +0300
+++ /etc/hosts.allow	2009-06-02 12:14:13.000000000 +0300
@@ -10,3 +10,4 @@
 # rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
 # for further information.
 #
+bc: 127.0.0.1
/dev/pts/5
12:14:13
#vi /etc/hosts.deny
/dev/pts/6
12:14:13
#vi /etc/hosts.deny
--- /tmp/l3-saved-3393.21590.1254	2009-06-02 12:14:24.000000000 +0300
+++ /etc/hosts.deny	2009-06-02 12:15:25.000000000 +0300
@@ -17,3 +17,4 @@
 # validate looked up hostnames still leave understandable logs. In past
 # versions of Debian this has been the default.
 # ALL: PARANOID
+bc: ALL
/dev/pts/5
12:15:25
#vi /etc/hosts.allow
/dev/pts/6
12:15:25
#vi /etc/hosts.allow
--- /tmp/l3-saved-3393.6310.13366	2009-06-02 12:15:38.000000000 +0300
+++ /etc/hosts.allow	2009-06-02 12:16:07.000000000 +0300
@@ -10,4 +10,4 @@
 # rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
 # for further information.
 #
-bc: 127.0.0.1
+bc: 127.0.0.1 192.168.102.2
/dev/pts/5
12:16:07
#pkill -HUP inetd 










/dev/pts/6
12:16:07




#pkill -HUP inetd












/dev/pts/5
12:16:21




#nc 127.0.0.1 55















/dev/pts/6
12:16:21




#nc 127.0.0.1 55












/dev/pts/5
12:16:36




#pkill -HUP inetd















/dev/pts/6
12:16:36




#pkill -HUP inetd












/dev/pts/5
12:16:45




#vi /etc/inetd.conf













/dev/pts/6
12:16:45




#vi /etc/inetd.conf










/dev/pts/5
12:17:42




#echo 2+2 | nc 127.0.0.1 55





bash: echo: write error: Broken pipe











/dev/pts/6
12:17:42




#echo 2+2 | nc 127.0.0.1 55


bash: echo: write error: Broken pipe











/dev/pts/5
12:18:02




#nc --help





nc: invalid option -- '-'
nc -h for help











/dev/pts/6
12:18:02




#nc --help





nc: invalid option -- '-'
nc -h for help











/dev/pts/5
12:18:13




#nc -h





[v1.10-38]
connect to somewhere:   nc [-options] hostname port[s] [ports] ...
listen for inbound:     nc -l -p port [-options] [hostname] [port]
options:
        -c shell commands       as `-e'; use /bin/sh to exec [dangerous!!]
        -e filename             program to exec after connect [dangerous!!]
        -b                      allow broadcasts
        -g gateway              source-routing hop point[s], up to 8
        -G num                  source-routing pointer: 4, 8, 12, ...
        -h                      this cruft
...
        -q secs                 quit after EOF on stdin and delay of secs
        -s addr                 local source address
        -T tos                  set Type Of Service
        -t                      answer TELNET negotiation
        -u                      UDP mode
        -v                      verbose [use twice to be more verbose]
        -w secs                 timeout for connects and final net reads
        -z                      zero-I/O mode [used for scanning]
port numbers can be individual or ranges: lo-hi [inclusive];
hyphens in port names must be backslash escaped (e.g. 'ftp\-data').











/dev/pts/6
12:18:13




#nc -h


[v1.10-38]
connect to somewhere:   nc [-options] hostname port[s] [ports] ...
listen for inbound:     nc -l -p port [-options] [hostname] [port]
options:
        -c shell commands       as `-e'; use /bin/sh to exec [dangerous!!]
        -e filename             program to exec after connect [dangerous!!]
        -b                      allow broadcasts
        -g gateway              source-routing hop point[s], up to 8
        -G num                  source-routing pointer: 4, 8, 12, ...
        -h                      this cruft
...
        -q secs                 quit after EOF on stdin and delay of secs
        -s addr                 local source address
        -T tos                  set Type Of Service
        -t                      answer TELNET negotiation
        -u                      UDP mode
        -v                      verbose [use twice to be more verbose]
        -w secs                 timeout for connects and final net reads
        -z                      zero-I/O mode [used for scanning]
port numbers can be individual or ranges: lo-hi [inclusive];
hyphens in port names must be backslash escaped (e.g. 'ftp\-data').











/dev/pts/5
12:23:46




#which bc





/usr/bin/bc











/dev/pts/6
12:23:46




#which bc


/usr/bin/bc











/dev/pts/5
12:25:46




#echo 2+2 | nc 127.0.0.1 55





4
^C











/dev/pts/6
12:25:46




#echo 2+2 | nc 127.0.0.1 55





4
^C











/dev/pts/5
12:25:58




#echo 2+2 | nc 127.0.0.1 56















/dev/pts/6
12:25:58




#echo 2+2 | nc 127.0.0.1 56












/dev/pts/5
12:26:05




#nmap





bash: nmap: command not found











/dev/pts/6
12:26:05




#nmap





bash: nmap: command not found











/dev/pts/5
12:26:24




#apt-get install nmap





Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  portmap
Use 'apt-get autoremove' to remove them.
The following NEW packages will be installed:
  nmap
0 upgraded, 1 newly installed, 0 to remove and 20 not upgraded.
Need to get 1072kB of archives.
After this operation, 3801kB of additional disk space will be used.
Get:1 http://127.0.0.1 sid/main nmap 4.68-1 [1072kB]
Fetched 1072kB in 0s (3765kB/s)
Selecting previously deselected package nmap.
(Reading database ... 55519 files and directories currently installed.)
Unpacking nmap (from .../archives/nmap_4.68-1_i386.deb) ...
Processing triggers for man-db ...
Setting up nmap (4.68-1) ...











/dev/pts/6
12:26:24




#apt-get install nmap


Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  portmap
Use 'apt-get autoremove' to remove them.
The following NEW packages will be installed:
  nmap
0 upgraded, 1 newly installed, 0 to remove and 20 not upgraded.
Need to get 1072kB of archives.
After this operation, 3801kB of additional disk space will be used.
Get:1 http://127.0.0.1 sid/main nmap 4.68-1 [1072kB]
Fetched 1072kB in 0s (3765kB/s)
Selecting previously deselected package nmap.
(Reading database ... 55519 files and directories currently installed.)
Unpacking nmap (from .../archives/nmap_4.68-1_i386.deb) ...
Processing triggers for man-db ...
Setting up nmap (4.68-1) ...











/dev/pts/5
12:26:52




#nmap -p 3000-3005 10.0.35.100





Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 12:27 EEST
Interesting ports on 10.0.35.100:
PORT     STATE  SERVICE
3000/tcp closed ppp
3001/tcp closed nessus
3002/tcp open   unknown
3003/tcp closed unknown
3004/tcp closed unknown
3005/tcp closed deslogin
Nmap done: 1 IP address (1 host up) scanned in 0.176 seconds











/dev/pts/6
12:26:52




#nmap -p 3000-3005 10.0.35.100


Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 12:27 EEST
Interesting ports on 10.0.35.100:
PORT     STATE  SERVICE
3000/tcp closed ppp
3001/tcp closed nessus
3002/tcp open   unknown
3003/tcp closed unknown
3004/tcp closed unknown
3005/tcp closed deslogin
Nmap done: 1 IP address (1 host up) scanned in 0.176 seconds











/dev/pts/5
12:27:27




#nmap -p 1-5000 10.0.35.100





Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 12:27 EEST
Interesting ports on 10.0.35.100:
Not shown: 4997 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
79/tcp   open  finger
3002/tcp open  unknown
Nmap done: 1 IP address (1 host up) scanned in 0.514 seconds











/dev/pts/6
12:27:27




#nmap -p 1-5000 10.0.35.100


Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 12:27 EEST
Interesting ports on 10.0.35.100:
Not shown: 4997 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
79/tcp   open  finger
3002/tcp open  unknown
Nmap done: 1 IP address (1 host up) scanned in 0.514 seconds











/dev/pts/5
12:27:43




#nmap -p 1-5005 10.0.35.100





Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 12:27 EEST
Interesting ports on 10.0.35.100:
Not shown: 5002 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
79/tcp   open  finger
3002/tcp open  unknown
Nmap done: 1 IP address (1 host up) scanned in 0.529 seconds











/dev/pts/6
12:27:43




#nmap -p 1-5005 10.0.35.100


Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 12:27 EEST
Interesting ports on 10.0.35.100:
Not shown: 5002 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
79/tcp   open  finger
3002/tcp open  unknown
Nmap done: 1 IP address (1 host up) scanned in 0.529 seconds











/dev/pts/5
12:27:54




#nmap -p 7-5005 10.0.35.100





Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 12:28 EEST
Interesting ports on 10.0.35.100:
Not shown: 4996 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
79/tcp   open  finger
3002/tcp open  unknown
Nmap done: 1 IP address (1 host up) scanned in 0.521 seconds











/dev/pts/6
12:27:54




#nmap -p 7-5005 10.0.35.100


Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 12:28 EEST
Interesting ports on 10.0.35.100:
Not shown: 4996 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
79/tcp   open  finger
3002/tcp open  unknown
Nmap done: 1 IP address (1 host up) scanned in 0.521 seconds











/dev/pts/5
12:28:25




#nmap --help





Nmap 4.68 ( http://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
  Can pass hostnames, IP addresses, networks, etc.
  Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
  -iL <inputfilename>: Input from list of hosts/networks
  -iR <num hosts>: Choose random targets
  --exclude <host1[,host2][,host3],...>: Exclude hosts/networks
  --excludefile <exclude_file>: Exclude list from file
HOST DISCOVERY:
...
  --send-eth/--send-ip: Send using raw ethernet frames or IP packets
  --privileged: Assume that the user is fully privileged
  --unprivileged: Assume the user lacks raw socket privileges
  -V: Print version number
  -h: Print this help summary page.
EXAMPLES:
  nmap -v -A scanme.nmap.org
  nmap -v -sP 192.168.0.0/16 10.0.0.0/8
  nmap -v -iR 10000 -PN -p 80
SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES











/dev/pts/6
12:28:25




#nmap --help


Nmap 4.68 ( http://nmap.org )
Usage: nmap [Scan Type(s)] [Options] {target specification}
TARGET SPECIFICATION:
  Can pass hostnames, IP addresses, networks, etc.
  Ex: scanme.nmap.org, microsoft.com/24, 192.168.0.1; 10.0.0-255.1-254
  -iL <inputfilename>: Input from list of hosts/networks
  -iR <num hosts>: Choose random targets
  --exclude <host1[,host2][,host3],...>: Exclude hosts/networks
  --excludefile <exclude_file>: Exclude list from file
HOST DISCOVERY:
...
  --send-eth/--send-ip: Send using raw ethernet frames or IP packets
  --privileged: Assume that the user is fully privileged
  --unprivileged: Assume the user lacks raw socket privileges
  -V: Print version number
  -h: Print this help summary page.
EXAMPLES:
  nmap -v -A scanme.nmap.org
  nmap -v -sP 192.168.0.0/16 10.0.0.0/8
  nmap -v -iR 10000 -PN -p 80
SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES











/dev/pts/5
12:31:02




#nmap -p1-10000 -sS 10.0.35.100





Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 12:31 EEST
Interesting ports on 10.0.35.100:
Not shown: 9996 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
79/tcp   open  finger
3002/tcp open  unknown
9999/tcp open  abyss
Nmap done: 1 IP address (1 host up) scanned in 1.930 seconds











/dev/pts/6
12:31:02




#nmap -p1-10000 -sS 10.0.35.100


Starting Nmap 4.68 ( http://nmap.org ) at 2009-06-02 12:31 EEST
Interesting ports on 10.0.35.100:
Not shown: 9996 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
79/tcp   open  finger
3002/tcp open  unknown
9999/tcp open  abyss
Nmap done: 1 IP address (1 host up) scanned in 1.930 seconds











/dev/pts/5
12:40:35




#!pki





pkill -HUP inetd











/dev/pts/6
12:40:35




#!pki


pkill -HUP inetd











/dev/pts/5
12:41:22




#vi /etc/inetd.conf













/dev/pts/6
12:41:22




#vi /etc/inetd.conf


--- /tmp/l3-saved-3393.9880.25441	2009-06-02 12:41:25.000000000 +0300
+++ /etc/inetd.conf	2009-06-02 12:41:56.000000000 +0300
@@ -36,6 +36,6 @@
 
 #:OTHER: Other services
 9999		stream	tcp	nowait	approx	/usr/sbin/approx
-55		stream	tcp	nowait	root	/bin/bash -i
-56		stream	tcp	nowait	root	/usr/sbin/tcd /usr/bin/bc
+#55		stream	tcp	nowait	root	/bin/bash -i
+#56		stream	tcp	nowait	root	/usr/sbin/tcd /usr/bin/bc
 









/dev/pts/5
12:41:58




#iptables --v -list





iptables v1.4.3.2: unknown option `--v'
Try `iptables -h' or 'iptables --help' for more information.











/dev/pts/6
12:41:58




#iptables --v -list





iptables v1.4.3.2: unknown option `--v'
Try `iptables -h' or 'iptables --help' for more information.











/dev/pts/5
12:48:45




#iptables -v --list





Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination











/dev/pts/6
12:48:45




#iptables -v --list


Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination











/dev/pts/5
12:48:56




#iptables -t filter -A tcp src 192.168.102.2 -J reject with tcp-reset





Bad argument `src'
Try `iptables -h' or 'iptables --help' for more information.











/dev/pts/6
12:48:56




#iptables -t filter -A tcp src 192.168.102.2 -J reject with tcp-reset





Bad argument `src'
Try `iptables -h' or 'iptables --help' for more information.











/dev/pts/5
12:52:31




#iptables -t filter -A tcp source 192.168.102.2 -j REJECT with tcp-reset





Bad argument `source'
Try `iptables -h' or 'iptables --help' for more information.











/dev/pts/6
12:52:31




#iptables -t filter -A tcp source 192.168.102.2 -j REJECT with tcp-reset





Bad argument `source'
Try `iptables -h' or 'iptables --help' for more information.











/dev/pts/5
12:53:24




#iptables -t filter -A -p tcp source 192.168.102.2 -j REJECT with tcp-reset





Bad argument `tcp'
Try `iptables -h' or 'iptables --help' for more information.











/dev/pts/6
12:53:24




#iptables -t filter -A -p tcp source 192.168.102.2 -j REJECT with tcp-reset





Bad argument `tcp'
Try `iptables -h' or 'iptables --help' for more information.











/dev/pts/5
12:54:52




#iptables -t filter -A -p tcp -s 192.168.102.2 -j REJECT with tcp-reset





Bad argument `tcp'
Try `iptables -h' or 'iptables --help' for more information.











/dev/pts/6
12:54:52




#iptables -t filter -A -p tcp -s 192.168.102.2 -j REJECT with tcp-reset





Bad argument `tcp'
Try `iptables -h' or 'iptables --help' for more information.











/dev/pts/5
12:55:59




#iptables -A -p tcp -s 192.168.102.2 -j REJECT with tcp-reset





Bad argument `tcp'
Try `iptables -h' or 'iptables --help' for more information.











/dev/pts/6
12:55:59




#iptables -A -p tcp -s 192.168.102.2 -j REJECT with tcp-reset





Bad argument `tcp'
Try `iptables -h' or 'iptables --help' for more information.









Статистика
Время первой команды журнала11:44:57 2009- 6- 2
Время последней команды журнала12:55:59 2009- 6- 2
Количество командных строк в журнале101
Процент команд с ненулевым кодом завершения, %15.84
Процент синтаксически неверно набранных команд, % 1.98
Суммарное время работы с терминалом *, час 1.18
Количество командных строк в единицу времени, команда/мин 1.42
Частота использования команд
tcpdump19|================| 16.81%
vi16|==============| 14.16%
iptables14|============| 12.39%
nmap14|============| 12.39%
nc12|==========| 10.62%
netstat8|=======|  7.08%
echo6|=====|  5.31%
grep6|=====|  5.31%
pkill4|===|  3.54%
сÑcat2|=|  1.77%
пкgrep2|=|  1.77%
!pki2|=|  1.77%
apt-get2|=|  1.77%
~2|=|  1.77%
exit2|=|  1.77%
which2|=|  1.77%
____
*) Интервалы неактивности длительностью 30 минут и более не учитываются
Справка
    Для того чтобы использовать LiLaLo, не нужно знать ничего особенного:
    всё происходит само собой.
    Однако, чтобы ведение и последующее использование журналов
    было как можно более эффективным, желательно иметь в виду следующее:
    
    
    
  1.  
    В журнал автоматически попадают все команды, данные в любом терминале системы.
    
    2. 
    
  2. 
    Для того чтобы убедиться, что журнал на текущем терминале ведётся, 
    и команды записываются, дайте команду w.
    В поле WHAT, соответствующем текущему терминалу, 
    должна быть указана программа script.
    
    3. 
    
  3. 
    Команды, при наборе которых были допущены синтаксические ошибки, 
    выводятся перечёркнутым текстом:

    

    


    $ l s-l
    

    bash: l: command not found

    
    		

    

    

    
    
    4. 
    
  4. 
    Если код завершения команды равен нулю, 
    команда была выполнена без ошибок.
    Команды, код завершения которых отличен от нуля, выделяются цветом.

    

    


    $ test 5 -lt 4
    

    		

    

    
    Обратите внимание на то, что код завершения команды может быть отличен от нуля
    не только в тех случаях, когда команда была выполнена с ошибкой.
    Многие команды используют код завершения, например, для того чтобы показать результаты проверки

    
    
    5. 
    
  5. 
    Команды, ход выполнения которых был прерван пользователем, выделяются цветом.

    

    


    $ find / -name abc
    

    find: /home/devi-orig/.gnome2: Keine Berechtigung
find: /home/devi-orig/.gnome2_private: Keine Berechtigung
find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung
find: /home/devi-orig/.metacity: Keine Berechtigung
find: /home/devi-orig/.inkscape: Keine Berechtigung
^C

    
    		

    

    

    
    
    6. 
    
  6. 
    Команды, выполненные с привилегиями суперпользователя,
    выделяются слева красной чертой.

    

    


    # id
    

    uid=0(root) gid=0(root) Gruppen=0(root)

    
    		

    

    
    
    
    
    7. 
    
  7. 
    Изменения, внесённые в текстовый файл с помощью редактора, 
    запоминаются и показываются в журнале в формате ed.
    Строки, начинающиеся символом "<", удалены, а строки,
    начинающиеся символом ">" -- добавлены.

    

    


    $ vi ~/.bashrc
    

    2a3,5
>    if [ -f /usr/local/etc/bash_completion ]; then
>         . /usr/local/etc/bash_completion
>        fi

    		

    

    
    
    
    
    8. 
    
  8. 
    Для того чтобы изменить файл в соответствии с показанными в диффшоте
    изменениями, можно воспользоваться командой patch.
    Нужно скопировать изменения, запустить программу patch, указав в
    качестве её аргумента файл, к которому применяются изменения,
    и всавить скопированный текст:

    

    


    $ patch ~/.bashrc
    
    		

    

    
    В данном случае изменения применяются к файлу ~/.bashrc
    
    9. 
    
  9. 
    Для того чтобы получить краткую справочную информацию о команде, 
    нужно подвести к ней мышь. Во всплывающей подсказке появится краткое
    описание команды.
    
    
    
    
    Если справочная информация о команде есть, 
    команда выделяется голубым фоном, например: vi.
    Если справочная информация отсутствует,
    команда выделяется розовым фоном, например: notepad.exe.
    Справочная информация может отсутствовать в том случае, 
    если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно;
    (3) если информация о команде неизвестна LiLaLo.
    Последнее возможно для редких команд.
    
    10. 
    
  10. 
    Большие, в особенности многострочные, всплывающие подсказки лучше 
    всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer.
    В браузерах Mozilla и Firefox они отображаются не полностью, 
    а вместо перевода строки выводится специальный символ.
    
    11. 
    
  11. 
    Время ввода команды, показанное в журнале, соответствует времени 
    начала ввода командной строки, которое равно тому моменту, 
    когда на терминале появилось приглашение интерпретатора
    
    12. 
    
  12. 
    Имя терминала, на котором была введена команда, показано в специальном блоке.
    Этот блок показывается только в том случае, если терминал
    текущей команды отличается от терминала предыдущей.
    
    13. 
    
  13. 
    Вывод не интересующих вас в настоящий момент элементов журнала,
    таких как время, имя терминала и других, можно отключить.
    Для этого нужно воспользоваться формой управления журналом
    вверху страницы.
    
    14. 
    
  14. 
    Небольшие комментарии к командам можно вставлять прямо из командной строки.
    Комментарий вводится прямо в командную строку, после символов #^ или #v.
    Символы ^ и v показывают направление выбора команды, к которой относится комментарий:
    ^ - к предыдущей, v - к следующей.
    Например, если в командной строке было введено:

    $ whoami

    

    user

    

    $ #^ Интересно, кто я?

    
    в журнале это будет выглядеть так:
    

    $ whoami

    

    user

    

    

      Интересно, кто я?
     
     
    
    15. 
    
  15. 
    Если комментарий содержит несколько строк,
    его можно вставить в журнал следующим образом:

    $ whoami

    

    user

    

    $ cat > /dev/null #^ Интересно, кто я?

    

    Программа whoami выводит имя пользователя, под которым 
мы зарегистрировались в системе.
-
Она не может ответить на вопрос о нашем назначении 
в этом мире.

    
    В журнале это будет выглядеть так:

    

    


    $ whoami
    

    user

    

    Интересно, кто я?
    
Программа whoami выводит имя пользователя, под которым
    
мы зарегистрировались в системе.
    

    
Она не может ответить на вопрос о нашем назначении
    
в этом мире.
    

    
    		

    

    
    Для разделения нескольких абзацев между собой
    используйте символ "-", один в строке.
    
    

    16. 
    
  16. 
    Комментарии, не относящиеся непосредственно ни к какой из команд, 
    добавляются точно таким же способом, только вместо симолов #^ или #v 
    нужно использовать символы #=
    
    17. 

    
  17. 
    Содержимое файла может быть показано в журнале.
    Для этого его нужно вывести с помощью программы cat.
    Если вывод команды отметить симоволами #!, 
    содержимое файла будет показано в журнале
    в специально отведённой для этого секции.
    
    18. 

    
    
    
  18. 
    Для того чтобы вставить скриншот интересующего вас окна в журнал,
    нужно воспользоваться командой l3shot.
    После того как команда вызвана, нужно с помощью мыши выбрать окно, которое
    должно быть в журнале.
    
    19. 
    
    

    
    
    
  19. 
    Команды в журнале расположены в хронологическом порядке.
    Если две команды давались одна за другой, но на разных терминалах,
    в журнале они будут рядом, даже если они не имеют друг к другу никакого отношения.

    1
    2
3   
    4

    
    Группы команд, выполненных на разных терминалах, разделяются специальной линией.
    Под этой линией в правом углу показано имя терминала, на котором выполнялись команды.
    Для того чтобы посмотреть команды только одного сенса, 
    нужно щёкнуть по этому названию.
    
    20. 
    
    



О программе
    

    LiLaLo (L3) расшифровывается как Live Lab Log.

    Программа разработана для повышения эффективности обучения Unix/Linux-системам.

    (c) Игорь Чубин, 2004-2008

    

$Id$