Ok, alors voilà deux logs.
Le premier
tcpdump -i etho, avec le pare-feu désactivé (/etc/init.d/iptables stop):
192.168.1.2 est le serveur. 192.168.1.5 le client:
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
13:57:07.216548 IP 192.168.1.5.netbios-dgm > 192.168.1.255.netbios-dgm: NBT UDP PACKET(138)
13:57:07.217210 IP 192.168.1.2.47869 > www.routerlogin.com.domain: 57137+ PTR? 255.1.168.192.in-addr.arpa. (44)
13:57:07.218099 IP www.routerlogin.com.domain > 192.168.1.2.47869: 57137*- 0/0/0 (44)
13:57:07.218296 IP 192.168.1.2.36845 > www.routerlogin.com.domain: 59846+ PTR? 5.1.168.192.in-addr.arpa. (42)
13:57:07.219179 IP www.routerlogin.com.domain > 192.168.1.2.36845: 59846*- 0/0/0 (42)
13:57:07.219517 IP 192.168.1.2.58262 > www.routerlogin.com.domain: 35697+ PTR? 1.1.168.192.in-addr.arpa. (42)
13:57:07.220606 IP www.routerlogin.com.domain > 192.168.1.2.58262: 35697- 1/0/0 PTR[|domain]
13:57:07.220801 IP 192.168.1.2.53598 > www.routerlogin.com.domain: 41344+ PTR? 2.1.168.192.in-addr.arpa. (42)
13:57:07.221700 IP www.routerlogin.com.domain > 192.168.1.2.53598: 41344*- 0/0/0 (42)
13:57:09.671275 IP 192.168.1.5.ecsqdmn > 192.168.1.2.xmpp-client: P 805006974:805007075(101) ack 1066096114 win 17520
13:57:09.671356 IP 192.168.1.2.xmpp-client > 192.168.1.5.ecsqdmn: . ack 101 win 29200
13:57:09.672547 IP 192.168.1.2.xmpp-client > 192.168.1.5.ecsqdmn: P 1:102(101) ack 101 win 29200
13:57:09.818445 IP 192.168.1.5.ecsqdmn > 192.168.1.2.xmpp-client: . ack 102 win 17419
13:57:17.675727 IP 192.168.1.2.xmpp-client > 192.168.1.5.ecsqdmn: P 102:715(613) ack 101 win 29200
13:57:17.830009 IP 192.168.1.5.ecsqdmn > 192.168.1.2.xmpp-client: . ack 715 win 16806
13:57:26.292082 IP 192.168.1.2.ntp > a5.iliad.fr.ntp: NTPv4, Client, length 48
13:57:26.292243 IP 192.168.1.2.46590 > www.routerlogin.com.domain: 41874+ PTR? 5.33.27.212.in-addr.arpa. (42)
13:57:26.334067 IP a5.iliad.fr.ntp > 192.168.1.2.ntp: NTPv4, Server, length 48
13:57:26.340935 IP www.routerlogin.com.domain > 192.168.1.2.46590: 41874 1/0/0 PTR[|domain]
13:57:27.920905 IP 192.168.1.5.ecsqdmn > 192.168.1.2.xmpp-client: P 101:458(357) ack 715 win 16806
13:57:27.953919 IP 192.168.1.2.60961 > www.routerlogin.com.49152: S 2764559297:2764559297(0) win 5840 <mss 1460,sackOK,timestamp 11087629 0,nop,wscale 7>
13:57:27.954590 IP www.routerlogin.com.49152 > 192.168.1.2.60961: S 2300116881:2300116881(0) ack 2764559298 win 5792 <mss 1460,sackOK,timestamp 41068684 11087629,nop,wscale 0>
13:57:27.954653 IP 192.168.1.2.60961 > www.routerlogin.com.49152: . ack 1 win 46 <nop,nop,timestamp 11087629 41068684>
13:57:27.954785 IP 192.168.1.2.60961 > www.routerlogin.com.49152: P 1:861(860) ack 1 win 46 <nop,nop,timestamp 11087629 41068684>
13:57:27.955543 IP www.routerlogin.com.49152 > 192.168.1.2.60961: . ack 861 win 6880 <nop,nop,timestamp 41068684 11087629>
13:57:27.961023 IP 192.168.1.2.xmpp-client > 192.168.1.5.ecsqdmn: . ack 458 win 32120
13:57:28.066654 IP www.routerlogin.com.49152 > 192.168.1.2.60961: P 1:213(212) ack 861 win 6880 <nop,nop,timestamp 41068695 11087629>
13:57:28.066713 IP 192.168.1.2.60961 > www.routerlogin.com.49152: . ack 213 win 54 <nop,nop,timestamp 11087741 41068695>
13:57:28.067255 IP www.routerlogin.com.49152 > 192.168.1.2.60961: P 213:346(133) ack 861 win 6880 <nop,nop,timestamp 41068695 11087741>
13:57:28.067303 IP 192.168.1.2.60961 > www.routerlogin.com.49152: . ack 346 win 63 <nop,nop,timestamp 11087742 41068695>
13:57:28.067803 IP www.routerlogin.com.49152 > 192.168.1.2.60961: P 346:449(103) ack 861 win 6880 <nop,nop,timestamp 41068695 11087742>
13:57:28.067832 IP 192.168.1.2.60961 > www.routerlogin.com.49152: . ack 449 win 63 <nop,nop,timestamp 11087742 41068695>
13:57:28.068319 IP www.routerlogin.com.49152 > 192.168.1.2.60961: P 449:472(23) ack 861 win 6880 <nop,nop,timestamp 41068695 11087742>
13:57:28.068365 IP 192.168.1.2.60961 > www.routerlogin.com.49152: . ack 472 win 63 <nop,nop,timestamp 11087743 41068695>
13:57:28.069414 IP www.routerlogin.com.49152 > 192.168.1.2.60961: F 472:472(0) ack 861 win 6880 <nop,nop,timestamp 41068696 11087743>
13:57:28.071798 IP 192.168.1.2.60961 > www.routerlogin.com.49152: F 861:861(0) ack 473 win 63 <nop,nop,timestamp 11087746 41068696>
13:57:28.072333 IP www.routerlogin.com.49152 > 192.168.1.2.60961: . ack 862 win 6880 <nop,nop,timestamp 41068696 11087746>
13:57:28.073571 IP 192.168.1.2.xmpp-client > 192.168.1.5.ecsqdmn: P 715:1152(437) ack 458 win 32120
13:57:28.079389 IP 192.168.1.5.tapestry > 192.168.1.2.50850: S 972642068:972642068(0) win 16384 <mss 1460,nop,nop,sackOK>
13:57:28.079478 IP 192.168.1.2.50850 > 192.168.1.5.tapestry: S 2754337299:2754337299(0) ack 972642069 win 5840 <mss 1460,nop,nop,sackOK>
13:57:28.082338 IP 192.168.1.5.tapestry > 192.168.1.2.50850: . ack 1 win 17520
13:57:28.088328 IP 192.168.1.5.tapestry > 192.168.1.2.50850: P 1:4(3) ack 1 win 17520
13:57:28.088396 IP 192.168.1.2.50850 > 192.168.1.5.tapestry: . ack 4 win 5840
13:57:28.088746 IP 192.168.1.2.50850 > 192.168.1.5.tapestry: P 1:3(2) ack 4 win 5840
13:57:28.097518 IP 192.168.1.5.tapestry > 192.168.1.2.50850: P 4:51(47) ack 3 win 17518
13:57:28.097855 IP 192.168.1.2.50850 > 192.168.1.5.tapestry: P 3:23(20) ack 51 win 5840
13:57:28.103438 IP 192.168.1.5.ecsqdmn > 192.168.1.2.xmpp-client: P 458:671(213) ack 1152 win 16369
13:57:28.103510 IP 192.168.1.2.xmpp-client > 192.168.1.5.ecsqdmn: . ack 671 win 35040
13:57:28.107329 IP 192.168.1.2.50850 > 192.168.1.5.tapestry: . 23:2943(2920) ack 51 win 5840
13:57:28.113659 IP 192.168.1.5.tapestry > 192.168.1.2.50850: . ack 1483 win 17520
13:57:28.113747 IP 192.168.1.2.50850 > 192.168.1.5.tapestry: . 2943:7323(4380) ack 51 win 5840
13:57:28.118462 IP 192.168.1.5.tapestry > 192.168.1.2.50850: . ack 4403 win 17520
13:57:28.118552 IP 192.168.1.2.50850 > 192.168.1.5.tapestry: . 7323:8783(1460) ack 51 win 5840
13:57:28.118560 IP 192.168.1.2.50850 > 192.168.1.5.tapestry: P 8783:9727(944) ack 51 win 5840
13:57:28.122588 IP 192.168.1.5.tapestry > 192.168.1.2.50850: . ack 7323 win 17520
13:57:28.126410 IP 192.168.1.5.tapestry > 192.168.1.2.50850: . ack 9727 win 17520
13:57:28.138507 IP 192.168.1.5.tapestry > 192.168.1.2.50850: F 51:51(0) ack 9727 win 17520
13:57:28.168527 IP 192.168.1.2.50850 > 192.168.1.5.tapestry: F 9727:9727(0) ack 52 win 5840
13:57:28.171400 IP 192.168.1.5.tapestry > 192.168.1.2.50850: . ack 9728 win 17520
^C
59 packets captured
59 packets received by filter
0 packets dropped by kernel
Le second
tcpdump -i etho, avec le pare-feu activé et les règle d'en haut:
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
13:59:00.089595 IP 192.168.1.2.xmpp-client > 192.168.1.5.ecsqdmn: P 1066097659:1066098272(613) ack 805007746 win 35040
13:59:00.090270 IP 192.168.1.2.49988 > www.routerlogin.com.domain: 8157+ PTR? 5.1.168.192.in-addr.arpa. (42)
13:59:00.091301 IP www.routerlogin.com.domain > 192.168.1.2.49988: 8157*- 0/0/0 (42)
13:59:00.091623 IP 192.168.1.2.58378 > www.routerlogin.com.domain: 6585+ PTR? 2.1.168.192.in-addr.arpa. (42)
13:59:00.092519 IP www.routerlogin.com.domain > 192.168.1.2.58378: 6585*- 0/0/0 (42)
13:59:00.092930 IP 192.168.1.2.36224 > www.routerlogin.com.domain: 47508+ PTR? 1.1.168.192.in-addr.arpa. (42)
13:59:00.093917 IP www.routerlogin.com.domain > 192.168.1.2.36224: 47508- 1/0/0 PTR[|domain]
13:59:00.278397 IP 192.168.1.5.ecsqdmn > 192.168.1.2.xmpp-client: . ack 613 win 16907
13:59:05.089668 arp who-has 192.168.1.2 tell www.routerlogin.com
13:59:05.089698 arp reply 192.168.1.2 is-at 00:1f:c6:41:d0:75 (oui Unknown)
13:59:09.845022 IP 192.168.1.5.ecsqdmn > 192.168.1.2.xmpp-client: P 1:358(357) ack 613 win 16907
13:59:09.878093 IP 192.168.1.2.53666 > www.routerlogin.com.49152: S 72772787:72772787(0) win 5840 <mss 1460,sackOK,timestamp 11189553 0,nop,wscale 7>
13:59:09.878804 IP www.routerlogin.com.49152 > 192.168.1.2.53666: S 2405260461:2405260461(0) ack 72772788 win 5792 <mss 1460,sackOK,timestamp 41078876 11189553,nop,wscale 0>
13:59:09.878858 IP 192.168.1.2.53666 > www.routerlogin.com.49152: . ack 1 win 46 <nop,nop,timestamp 11189553 41078876>
13:59:09.879049 IP 192.168.1.2.53666 > www.routerlogin.com.49152: P 1:861(860) ack 1 win 46 <nop,nop,timestamp 11189554 41078876>
13:59:09.880433 IP www.routerlogin.com.49152 > 192.168.1.2.53666: . ack 861 win 6880 <nop,nop,timestamp 41078877 11189554>
13:59:09.885019 IP 192.168.1.2.xmpp-client > 192.168.1.5.ecsqdmn: . ack 358 win 37960
13:59:09.990517 IP www.routerlogin.com.49152 > 192.168.1.2.53666: P 1:213(212) ack 861 win 6880 <nop,nop,timestamp 41078888 11189554>
13:59:09.990570 IP 192.168.1.2.53666 > www.routerlogin.com.49152: . ack 213 win 54 <nop,nop,timestamp 11189665 41078888>
13:59:09.991096 IP www.routerlogin.com.49152 > 192.168.1.2.53666: P 213:346(133) ack 861 win 6880 <nop,nop,timestamp 41078888 11189665>
13:59:09.991139 IP 192.168.1.2.53666 > www.routerlogin.com.49152: . ack 346 win 63 <nop,nop,timestamp 11189666 41078888>
13:59:09.991645 IP www.routerlogin.com.49152 > 192.168.1.2.53666: P 346:449(103) ack 861 win 6880 <nop,nop,timestamp 41078888 11189666>
13:59:09.991675 IP 192.168.1.2.53666 > www.routerlogin.com.49152: . ack 449 win 63 <nop,nop,timestamp 11189666 41078888>
13:59:09.992208 IP www.routerlogin.com.49152 > 192.168.1.2.53666: P 449:472(23) ack 861 win 6880 <nop,nop,timestamp 41078888 11189666>
13:59:09.992246 IP 192.168.1.2.53666 > www.routerlogin.com.49152: . ack 472 win 63 <nop,nop,timestamp 11189667 41078888>
13:59:09.993207 IP www.routerlogin.com.49152 > 192.168.1.2.53666: F 472:472(0) ack 861 win 6880 <nop,nop,timestamp 41078888 11189667>
13:59:09.996165 IP 192.168.1.2.53666 > www.routerlogin.com.49152: F 861:861(0) ack 473 win 63 <nop,nop,timestamp 11189671 41078888>
13:59:09.996691 IP www.routerlogin.com.49152 > 192.168.1.2.53666: . ack 862 win 6880 <nop,nop,timestamp 41078888 11189671>
13:59:09.996876 IP 192.168.1.2.xmpp-client > 192.168.1.5.ecsqdmn: P 613:1050(437) ack 358 win 37960
13:59:10.003565 IP 192.168.1.5.macromedia-fcs > 192.168.1.2.53865: S 465841713:465841713(0) win 16384 <mss 1460,nop,nop,sackOK>
13:59:10.193508 IP 192.168.1.5.ecsqdmn > 192.168.1.2.xmpp-client: . ack 1050 win 16470
13:59:12.996783 IP 192.168.1.5.macromedia-fcs > 192.168.1.2.53865: S 465841713:465841713(0) win 16384 <mss 1460,nop,nop,sackOK>
13:59:19.005752 IP 192.168.1.5.macromedia-fcs > 192.168.1.2.53865: S 465841713:465841713(0) win 16384 <mss 1460,nop,nop,sackOK>
13:59:24.995980 IP www.routerlogin.com.jwclient > 192.168.1.2.53865: S 3406553626:3406553626(0) win 16384 <mss 1460,nop,nop,sackOK>
13:59:27.919046 IP www.routerlogin.com.jwclient > 192.168.1.2.53865: S 3406553626:3406553626(0) win 16384 <mss 1460,nop,nop,sackOK>
13:59:33.927389 IP www.routerlogin.com.jwclient > 192.168.1.2.53865: S 3406553626:3406553626(0) win 16384 <mss 1460,nop,nop,sackOK>
13:59:39.687859 IP 192.168.1.5.ecsqdmn > 192.168.1.2.xmpp-client: P 358:459(101) ack 1050 win 16470
13:59:39.687933 IP 192.168.1.2.xmpp-client > 192.168.1.5.ecsqdmn: . ack 459 win 37960
13:59:39.689057 IP 192.168.1.2.xmpp-client > 192.168.1.5.ecsqdmn: P 1050:1151(101) ack 459 win 37960
13:59:39.835702 IP 192.168.1.5.ecsqdmn > 192.168.1.2.xmpp-client: . ack 1151 win 16369
13:59:40.949384 IP 192.168.1.5.ecsqdmn > 192.168.1.2.xmpp-client: P 459:672(213) ack 1151 win 16369
13:59:40.989026 IP 192.168.1.2.xmpp-client > 192.168.1.5.ecsqdmn: . ack 672 win 40880
^C
42 packets captured
42 packets received by filter
Je précise qu'un
tcpdump -i -p 28690 etho, ne donne rien dans le deux cas.
Donc un autre port est utilisé.
J'essaye de déchiffrer le rapport 🙂
proxy wrote:nmap par défaut prend les ports courants !!
nmap localhost -p 28690
Ca pour être ouvert, il est ouvert 🙁
nmap localhost -p 28690
Starting Nmap 4.68 ( http://nmap.org ) at 2009-02-07 14:16 CET
Interesting ports on localhost.localdomain (127.0.0.1):
PORT STATE SERVICE
28690/tcp open unknown