subject:"LOG IPTRAF \(\?\?\?\)"

LOG IPTRAF (???)

2013-09-05 Por tôpico Henrique Rosa

Bom dia , pessoal!

Estou iniciando o uso do linux e na empresa preciso aprender a usar o
iptraf.

Filtrei o trafico entre minha máquina (192.168.0.229) e o proxy
(192.168.0.4) e não consigo entender o resultado.

Tô achando que a rede está sendo hackeada, mas é mera desconfiança.

Segue uma parte do log gerado:

Thu Sep  5 09:24:07 2013;  IP traffic monitor started 
Thu Sep  5 09:24:07 2013; TCP; eth2; 2948 bytes; from 192.168.0.4:665 to
192.168.0.229:50778 (source MAC addr 000475812901); first packet
Thu Sep  5 09:24:07 2013; TCP; eth2; 52 bytes; from 192.168.0.229:50778 to
192.168.0.4:665 (source MAC addr 5cf9ddec32fc); first packet
Thu Sep  5 09:24:07 2013; ARP request for 192.168.0.107; eth2; 66 bytes;
from b0487add2b3d to 
Thu Sep  5 09:24:07 2013; ARP request for 192.168.0.59; eth2; 66 bytes;
from b0487add2b3d to 
Thu Sep  5 09:24:07 2013; Non-IP (0x4); eth2; 66 bytes; from a45630b83d36
to 0180c200
Thu Sep  5 09:24:07 2013; ARP request for 192.168.1.21; eth2; 40 bytes;
from 002722d4cf26 to 
Thu Sep  5 09:24:07 2013; ARP request for 192.168.0.232; eth2; 40 bytes;
from 000475812901 to 00306789dcc2
Thu Sep  5 09:24:07 2013; ARP reply from 192.168.0.232; eth2; 40 bytes;
from 00306789dcc2 to 000475812901
Thu Sep  5 09:24:07 2013; ARP request for 192.168.0.249; eth2; 40 bytes;
from b0487add3ba1 to 
Thu Sep  5 09:24:07 2013; UDP; eth2; 1448 bytes; source MAC address
bc5ff434ace5; from 192.168.0.154:889 to 192.168.0.255:889
Thu Sep  5 09:24:07 2013; UDP; eth2; 1448 bytes; source MAC address
bc5ff434ace5; from 192.168.0.154:889 to 192.168.0.255:889
Thu Sep  5 09:24:07 2013; ARP request for 192.168.0.100; eth2; 52 bytes;
from 5cf9ddec32dc to 
Thu Sep  5 09:24:07 2013; Non-IP (0x86dd); eth2; 52 bytes; from
5cf9ddec32b7 to 00010002
Thu Sep  5 09:24:07 2013; Non-IP (0x86dd); eth2; 40 bytes; from
002511f29501 to 00010003
Thu Sep  5 09:24:07 2013; Non-IP (0x86dd); eth2; 52 bytes; from
002511f29501 to 00010003
Thu Sep  5 09:24:07 2013; ARP request for 192.168.2.1; eth0; 930 bytes;
from 1078d2d327eb to d4ca6d64d4ea
Thu Sep  5 09:24:07 2013; ARP reply from 192.168.2.1; eth0; 930 bytes; from
d4ca6d64d4ea to 1078d2d327eb
Thu Sep  5 09:24:07 2013; ARP request for 192.168.0.249; eth2; 40 bytes;
from b0487add3ba1 to 
Thu Sep  5 09:24:07 2013; UDP; eth2; 78 bytes; source MAC address
002511f29501; from 192.168.0.238:137 to 192.168.0.255:137
Thu Sep  5 09:24:07 2013; UDP; eth2; 234 bytes; source MAC address
000475812901; from 192.168.0.4:138 to 192.168.0.255:138
Thu Sep  5 09:24:07 2013; ARP request for 192.168.0.107; eth2; 52 bytes;
from 5cf9ddec32b7 to 


QUEM PODE AJUDAR, sobre o log acima, e ONDE ACHAR Manual (de preferencia em
portugues) do IPtraf ?


Obrigado por qualquer ajuda!

@bs pinguiniano !

Re: LOG IPTRAF (???)

2013-09-05 Por tôpico Allan Carvalho


Em 05-09-2013 09:32, Henrique Rosa escreveu:

Bom dia , pessoal!

Estou iniciando o uso do linux e na empresa preciso aprender a usar o 
iptraf.


Filtrei o trafico entre minha máquina (192.168.0.229) e o proxy 
(192.168.0.4) e não consigo entender o resultado.


Tô achando que a rede está sendo hackeada, mas é mera desconfiança.

Segue uma parte do log gerado:

Thu Sep  5 09:24:07 2013;  IP traffic monitor started 
Thu Sep  5 09:24:07 2013; TCP; eth2; 2948 bytes; from 192.168.0.4:665 
http://192.168.0.4:665 to 192.168.0.229:50778 
http://192.168.0.229:50778 (source MAC addr 000475812901); first packet
Thu Sep  5 09:24:07 2013; TCP; eth2; 52 bytes; from 
192.168.0.229:50778 http://192.168.0.229:50778 to 192.168.0.4:665 
http://192.168.0.4:665 (source MAC addr 5cf9ddec32fc); first packet
Thu Sep  5 09:24:07 2013; ARP request for 192.168.0.107; eth2; 66 
bytes; from b0487add2b3d to 
Thu Sep  5 09:24:07 2013; ARP request for 192.168.0.59; eth2; 66 
bytes; from b0487add2b3d to 
Thu Sep  5 09:24:07 2013; Non-IP (0x4); eth2; 66 bytes; from 
a45630b83d36 to 0180c200
Thu Sep  5 09:24:07 2013; ARP request for 192.168.1.21; eth2; 40 
bytes; from 002722d4cf26 to 
Thu Sep  5 09:24:07 2013; ARP request for 192.168.0.232; eth2; 40 
bytes; from 000475812901 to 00306789dcc2
Thu Sep  5 09:24:07 2013; ARP reply from 192.168.0.232; eth2; 40 
bytes; from 00306789dcc2 to 000475812901
Thu Sep  5 09:24:07 2013; ARP request for 192.168.0.249; eth2; 40 
bytes; from b0487add3ba1 to 
Thu Sep  5 09:24:07 2013; UDP; eth2; 1448 bytes; source MAC address 
bc5ff434ace5; from 192.168.0.154:889 http://192.168.0.154:889 to 
192.168.0.255:889 http://192.168.0.255:889
Thu Sep  5 09:24:07 2013; UDP; eth2; 1448 bytes; source MAC address 
bc5ff434ace5; from 192.168.0.154:889 http://192.168.0.154:889 to 
192.168.0.255:889 http://192.168.0.255:889
Thu Sep  5 09:24:07 2013; ARP request for 192.168.0.100; eth2; 52 
bytes; from 5cf9ddec32dc to 
Thu Sep  5 09:24:07 2013; Non-IP (0x86dd); eth2; 52 bytes; from 
5cf9ddec32b7 to 00010002
Thu Sep  5 09:24:07 2013; Non-IP (0x86dd); eth2; 40 bytes; from 
002511f29501 to 00010003
Thu Sep  5 09:24:07 2013; Non-IP (0x86dd); eth2; 52 bytes; from 
002511f29501 to 00010003
Thu Sep  5 09:24:07 2013; ARP request for 192.168.2.1; eth0; 930 
bytes; from 1078d2d327eb to d4ca6d64d4ea
Thu Sep  5 09:24:07 2013; ARP reply from 192.168.2.1; eth0; 930 bytes; 
from d4ca6d64d4ea to 1078d2d327eb
Thu Sep  5 09:24:07 2013; ARP request for 192.168.0.249; eth2; 40 
bytes; from b0487add3ba1 to 
Thu Sep  5 09:24:07 2013; UDP; eth2; 78 bytes; source MAC address 
002511f29501; from 192.168.0.238:137 http://192.168.0.238:137 to 
192.168.0.255:137 http://192.168.0.255:137
Thu Sep  5 09:24:07 2013; UDP; eth2; 234 bytes; source MAC address 
000475812901; from 192.168.0.4:138 http://192.168.0.4:138 to 
192.168.0.255:138 http://192.168.0.255:138
Thu Sep  5 09:24:07 2013; ARP request for 192.168.0.107; eth2; 52 
bytes; from 5cf9ddec32b7 to 



QUEM PODE AJUDAR, sobre o log acima, e ONDE ACHAR Manual (de 
preferencia em portugues) do IPtraf ?



Obrigado por qualquer ajuda!

@bs pinguiniano !

Bom dia Henrique.

Antes de mais nada, você tem conhecimentos do protocolo IP? O log acima 
está de fácil entendimento se você sabe o que significa UDP, ARP, TCP, 
MAC Address.


--
Atenciosamente,
Allan Carvalho

Re: LOG IPTRAF (???)

2013-09-05 Por tôpico Leandro de Lima Camargo

Henrique,Por esse log, fica claro que seu servidor não está sendo atacado.Há algumas requisições em netbios, e a grande maioria que é ARP, solicitando o endereço MAC de alguns IPs (192.168.0.59, 192.168.0.107, etc).Mas como o Allan falou, dê uma pesquisada sobre o assunto pra você analisar seu tráfego com mais certeza..Não sei te referenciar um agora, mas vai achar vários no Google, por exemplo.Boa sorte aí.Grande abraço...


On 05/09/2013, at 09:32, Henrique Rosa henrique.li...@gmail.com wrote:Bom dia , pessoal!Estou iniciando o uso do linux e na empresa preciso aprender a usar o iptraf.Filtrei o trafico entre minha máquina (192.168.0.229) e o proxy (192.168.0.4) e não consigo entender o resultado.

Tô achando que a rede está sendo hackeada, mas é mera desconfiança.Segue uma parte do log gerado:Thu Sep 5 09:24:07 2013;  IP traffic monitor started Thu Sep 5 09:24:07 2013; TCP; eth2; 2948 bytes; from 192.168.0.4:665 to 192.168.0.229:50778 (source MAC addr 000475812901); first packet

Thu Sep 5 09:24:07 2013; TCP; eth2; 52 bytes; from 192.168.0.229:50778 to 192.168.0.4:665 (source MAC addr 5cf9ddec32fc); first packetThu Sep 5 09:24:07 2013; ARP request for 192.168.0.107; eth2; 66 bytes; from b0487add2b3d to 

Thu Sep 5 09:24:07 2013; ARP request for 192.168.0.59; eth2; 66 bytes; from b0487add2b3d to Thu Sep 5 09:24:07 2013; Non-IP (0x4); eth2; 66 bytes; from a45630b83d36 to 0180c200Thu Sep 5 09:24:07 2013; ARP request for 192.168.1.21; eth2; 40 bytes; from 002722d4cf26 to 

Thu Sep 5 09:24:07 2013; ARP request for 192.168.0.232; eth2; 40 bytes; from 000475812901 to 00306789dcc2Thu Sep 5 09:24:07 2013; ARP reply from 192.168.0.232; eth2; 40 bytes; from 00306789dcc2 to 000475812901Thu Sep 5 09:24:07 2013; ARP request for 192.168.0.249; eth2; 40 bytes; from b0487add3ba1 to 

Thu Sep 5 09:24:07 2013; UDP; eth2; 1448 bytes; source MAC address bc5ff434ace5; from 192.168.0.154:889 to 192.168.0.255:889Thu Sep 5 09:24:07 2013; UDP; eth2; 1448 bytes; source MAC address bc5ff434ace5; from 192.168.0.154:889 to 192.168.0.255:889

Thu Sep 5 09:24:07 2013; ARP request for 192.168.0.100; eth2; 52 bytes; from 5cf9ddec32dc to Thu Sep 5 09:24:07 2013; Non-IP (0x86dd); eth2; 52 bytes; from 5cf9ddec32b7 to 00010002Thu Sep 5 09:24:07 2013; Non-IP (0x86dd); eth2; 40 bytes; from 002511f29501 to 00010003

Thu Sep 5 09:24:07 2013; Non-IP (0x86dd); eth2; 52 bytes; from 002511f29501 to 00010003Thu Sep 5 09:24:07 2013; ARP request for 192.168.2.1; eth0; 930 bytes; from 1078d2d327eb to d4ca6d64d4eaThu Sep 5 09:24:07 2013; ARP reply from 192.168.2.1; eth0; 930 bytes; from d4ca6d64d4ea to 1078d2d327eb

Thu Sep 5 09:24:07 2013; ARP request for 192.168.0.249; eth2; 40 bytes; from b0487add3ba1 to Thu Sep 5 09:24:07 2013; UDP; eth2; 78 bytes; source MAC address 002511f29501; from 192.168.0.238:137 to 192.168.0.255:137

Thu Sep 5 09:24:07 2013; UDP; eth2; 234 bytes; source MAC address 000475812901; from 192.168.0.4:138 to 192.168.0.255:138Thu Sep 5 09:24:07 2013; ARP request for 192.168.0.107; eth2; 52 bytes; from 5cf9ddec32b7 to 

QUEM PODE AJUDAR, sobre o log acima, e ONDE ACHAR Manual (de preferencia em portugues) do IPtraf ?Obrigado por qualquer ajuda!@bs pinguiniano !

LOG IPTRAF (???)

Re: LOG IPTRAF (???)

Re: LOG IPTRAF (???)

3 matches

Site Navigation

Mail list logo

Footer information