Skip to content

Instantly share code, notes, and snippets.

@gyliu513

gyliu513/tcpdump

Created December 19, 2017 05:49
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save gyliu513/35c178b06d499c82245471cccc7bf0b8 to your computer and use it in GitHub Desktop.
Save gyliu513/35c178b06d499c82245471cccc7bf0b8 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
tcpdump
root@jupiter-vm1254:/# tcpdump -nn host 10.1.103.192
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tunl0, link-type RAW (Raw IP), capture size 262144 bytes
05:35:39.908731 IP 10.1.103.192.33148 > 10.1.228.196.80: Flags [S], seq 1406795194, win 27800, options [mss 1390,sackOK,TS val 299880142 ecr 0,nop,wscale 7], length 0
05:35:39.909613 IP 10.1.228.196.80 > 10.1.103.192.33148: Flags [S.], seq 565181304, ack 1406795195, win 28960, options [mss 1460,sackOK,TS val 119945795 ecr 299880142,nop,wscale 7], length 0
05:35:39.909638 IP 10.1.103.192.33148 > 10.1.228.196.80: Flags [.], ack 1, win 218, options [nop,nop,TS val 299880142 ecr 119945795], length 0
05:35:39.909683 IP 10.1.103.192.33148 > 10.1.228.196.80: Flags [P.], seq 1:257, ack 1, win 218, options [nop,nop,TS val 299880142 ecr 119945795], length 256: HTTP: GET / HTTP/1.1
05:35:39.910424 IP 10.1.228.196.80 > 10.1.103.192.33148: Flags [.], ack 257, win 235, options [nop,nop,TS val 119945795 ecr 299880142], length 0
05:35:39.910573 IP 10.1.228.196.80 > 10.1.103.192.33148: Flags [P.], seq 1:230, ack 257, win 235, options [nop,nop,TS val 119945795 ecr 299880142], length 229: HTTP: HTTP/1.1 200 OK
05:35:39.910589 IP 10.1.103.192.33148 > 10.1.228.196.80: Flags [.], ack 230, win 226, options [nop,nop,TS val 299880142 ecr 119945795], length 0
05:35:39.910641 IP 10.1.228.196.80 > 10.1.103.192.33148: Flags [P.], seq 230:308, ack 257, win 235, options [nop,nop,TS val 119945795 ecr 299880142], length 78: HTTP
05:35:39.910659 IP 10.1.103.192.33148 > 10.1.228.196.80: Flags [.], ack 308, win 226, options [nop,nop,TS val 299880142 ecr 119945795], length 0
05:35:44.966011 IP 10.1.120.154.80 > 10.1.103.192.42290: Flags [F.], seq 3042389558, ack 42881353, win 235, options [nop,nop,TS val 299884853 ecr 299865141], length 0
05:35:44.966097 IP 10.1.103.192.42290 > 10.1.120.154.80: Flags [F.], seq 1, ack 1, win 226, options [nop,nop,TS val 299881406 ecr 299884853], length 0
05:35:44.966268 IP 10.1.120.154.80 > 10.1.103.192.42290: Flags [.], ack 2, win 235, options [nop,nop,TS val 299884853 ecr 299881406], length 0
05:35:56.304970 IP 10.1.103.192.33170 > 10.1.228.196.80: Flags [S], seq 2295170160, win 27800, options [mss 1390,sackOK,TS val 299884241 ecr 0,nop,wscale 7], length 0
05:35:56.305761 IP 10.1.228.196.80 > 10.1.103.192.33170: Flags [S.], seq 3896763722, ack 2295170161, win 28960, options [mss 1460,sackOK,TS val 119947434 ecr 299884241,nop,wscale 7], length 0
05:35:56.305785 IP 10.1.103.192.33170 > 10.1.228.196.80: Flags [.], ack 1, win 218, options [nop,nop,TS val 299884241 ecr 119947434], length 0
05:35:56.305830 IP 10.1.103.192.33170 > 10.1.228.196.80: Flags [P.], seq 1:549, ack 1, win 218, options [nop,nop,TS val 299884241 ecr 119947434], length 548: HTTP: GET /favicon.ico HTTP/1.1
05:35:56.503475 IP 10.1.103.192.33170 > 10.1.228.196.80: Flags [P.], seq 1:549, ack 1, win 218, options [nop,nop,TS val 299884291 ecr 119947434], length 548: HTTP: GET /favicon.ico HTTP/1.1
05:35:56.703484 IP 10.1.103.192.33170 > 10.1.228.196.80: Flags [P.], seq 1:549, ack 1, win 218, options [nop,nop,TS val 299884341 ecr 119947434], length 548: HTTP: GET /favicon.ico HTTP/1.1
05:35:57.103471 IP 10.1.103.192.33170 > 10.1.228.196.80: Flags [P.], seq 1:549, ack 1, win 218, options [nop,nop,TS val 299884441 ecr 119947434], length 548: HTTP: GET /favicon.ico HTTP/1.1
05:35:57.903481 IP 10.1.103.192.33170 > 10.1.228.196.80: Flags [P.], seq 1:549, ack 1, win 218, options [nop,nop,TS val 299884641 ecr 119947434], length 548: HTTP: GET /favicon.ico HTTP/1.1
05:35:59.507490 IP 10.1.103.192.33170 > 10.1.228.196.80: Flags [P.], seq 1:549, ack 1, win 218, options [nop,nop,TS val 299885042 ecr 119947434], length 548: HTTP: GET /favicon.ico HTTP/1.1
05:36:02.715490 IP 10.1.103.192.33170 > 10.1.228.196.80: Flags [P.], seq 1:549, ack 1, win 218, options [nop,nop,TS val 299885844 ecr 119947434], length 548: HTTP: GET /favicon.ico HTTP/1.1
05:36:06.472968 IP 10.1.103.192.33148 > 10.1.228.196.80: Flags [P.], seq 257:930, ack 308, win 226, options [nop,nop,TS val 299886783 ecr 119945795], length 673: HTTP: GET / HTTP/1.1
05:36:06.675484 IP 10.1.103.192.33148 > 10.1.228.196.80: Flags [P.], seq 257:930, ack 308, win 226, options [nop,nop,TS val 299886834 ecr 119945795], length 673: HTTP: GET / HTTP/1.1
05:36:06.879492 IP 10.1.103.192.33148 > 10.1.228.196.80: Flags [P.], seq 257:930, ack 308, win 226, options [nop,nop,TS val 299886885 ecr 119945795], length 673: HTTP: GET / HTTP/1.1
05:36:07.287485 IP 10.1.103.192.33148 > 10.1.228.196.80: Flags [P.], seq 257:930, ack 308, win 226, options [nop,nop,TS val 299886987 ecr 119945795], length 673: HTTP: GET / HTTP/1.1
05:36:08.103483 IP 10.1.103.192.33148 > 10.1.228.196.80: Flags [P.], seq 257:930, ack 308, win 226, options [nop,nop,TS val 299887191 ecr 119945795], length 673: HTTP: GET / HTTP/1.1
05:36:09.131509 IP 10.1.103.192.33170 > 10.1.228.196.80: Flags [P.], seq 1:549, ack 1, win 218, options [nop,nop,TS val 299887448 ecr 119947434], length 548: HTTP: GET /favicon.ico HTTP/1.1
05:36:09.739480 IP 10.1.103.192.33148 > 10.1.228.196.80: Flags [P.], seq 257:930, ack 308, win 226, options [nop,nop,TS val 299887600 ecr 119945795], length 673: HTTP: GET / HTTP/1.1
05:36:13.011500 IP 10.1.103.192.33148 > 10.1.228.196.80: Flags [P.], seq 257:930, ack 308, win 226, options [nop,nop,TS val 299888418 ecr 119945795], length 673: HTTP: GET / HTTP/1.1
05:36:19.567488 IP 10.1.103.192.33148 > 10.1.228.196.80: Flags [P.], seq 257:930, ack 308, win 226, options [nop,nop,TS val 299890057 ecr 119945795], length 673: HTTP: GET / HTTP/1.1
05:36:21.963510 IP 10.1.103.192.33170 > 10.1.228.196.80: Flags [P.], seq 1:549, ack 1, win 218, options [nop,nop,TS val 299890656 ecr 119947434], length 548: HTTP: GET /favicon.ico HTTP/1.1
05:36:32.651502 IP 10.1.103.192.33148 > 10.1.228.196.80: Flags [P.], seq 257:930, ack 308, win 226, options [nop,nop,TS val 299893328 ecr 119945795], length 673: HTTP: GET / HTTP/1.1
05:36:44.913108 IP 10.1.228.196.80 > 10.1.103.192.33148: Flags [F.], seq 308, ack 257, win 235, options [nop,nop,TS val 119952295 ecr 299880142], length 0
05:36:44.913324 IP 10.1.103.192.33148 > 10.1.228.196.80: Flags [F.], seq 930, ack 309, win 226, options [nop,nop,TS val 299896393 ecr 119952295], length 0
05:36:44.913448 IP 10.1.103.192.33220 > 10.1.228.196.80: Flags [S], seq 4192571043, win 27800, options [mss 1390,sackOK,TS val 299896393 ecr 0,nop,wscale 7], length 0
05:36:44.914057 IP 10.1.228.196.80 > 10.1.103.192.33148: Flags [R], seq 565181613, win 0, length 0
05:36:44.914113 IP 10.1.228.196.80 > 10.1.103.192.33220: Flags [S.], seq 3921087581, ack 4192571044, win 28960, options [mss 1460,sackOK,TS val 119952295 ecr 299896393,nop,wscale 7], length 0
05:36:44.914141 IP 10.1.103.192.33220 > 10.1.228.196.80: Flags [.], ack 1, win 218, options [nop,nop,TS val 299896393 ecr 119952295], length 0
05:36:44.914233 IP 10.1.103.192.33220 > 10.1.228.196.80: Flags [P.], seq 1:674, ack 1, win 218, options [nop,nop,TS val 299896393 ecr 119952295], length 673: HTTP: GET / HTTP/1.1
05:36:45.111501 IP 10.1.103.192.33220 > 10.1.228.196.80: Flags [P.], seq 1:674, ack 1, win 218, options [nop,nop,TS val 299896443 ecr 119952295], length 673: HTTP: GET / HTTP/1.1
05:36:45.311507 IP 10.1.103.192.33220 > 10.1.228.196.80: Flags [P.], seq 1:674, ack 1, win 218, options [nop,nop,TS val 299896493 ecr 119952295], length 673: HTTP: GET / HTTP/1.1
05:36:45.711481 IP 10.1.103.192.33220 > 10.1.228.196.80: Flags [P.], seq 1:674, ack 1, win 218, options [nop,nop,TS val 299896593 ecr 119952295], length 673: HTTP: GET / HTTP/1.1
05:36:46.511500 IP 10.1.103.192.33220 > 10.1.228.196.80: Flags [P.], seq 1:674, ack 1, win 218, options [nop,nop,TS val 299896793 ecr 119952295], length 673: HTTP: GET / HTTP/1.1
05:36:47.627502 IP 10.1.103.192.33170 > 10.1.228.196.80: Flags [P.], seq 1:549, ack 1, win 218, options [nop,nop,TS val 299897072 ecr 119947434], length 548: HTTP: GET /favicon.ico HTTP/1.1
05:36:48.115482 IP 10.1.103.192.33220 > 10.1.228.196.80: Flags [P.], seq 1:674, ack 1, win 218, options [nop,nop,TS val 299897194 ecr 119952295], length 673: HTTP: GET / HTTP/1.1
05:36:51.323481 IP 10.1.103.192.33220 > 10.1.228.196.80: Flags [P.], seq 1:674, ack 1, win 218, options [nop,nop,TS val 299897996 ecr 119952295], length 673: HTTP: GET / HTTP/1.1
05:36:56.306017 IP 10.1.103.192.33170 > 10.1.228.196.80: Flags [F.], seq 549, ack 1, win 218, options [nop,nop,TS val 299899241 ecr 119947434], length 0
05:36:56.307585 IP 10.1.228.196.80 > 10.1.103.192.33170: Flags [.], ack 1, win 227, options [nop,nop,TS val 119953434 ecr 299884241,nop,nop,sack 1 {549:550}], length 0
05:36:56.307612 IP 10.1.103.192.33170 > 10.1.228.196.80: Flags [P.], seq 1:549, ack 1, win 218, options [nop,nop,TS val 299899242 ecr 119953434], length 548: HTTP: GET /favicon.ico HTTP/1.1
05:36:56.313527 IP 10.1.228.196.80 > 10.1.103.192.33170: Flags [F.], seq 1, ack 1, win 227, options [nop,nop,TS val 119953435 ecr 299884241,nop,nop,sack 1 {549:550}], length 0
05:36:56.313563 IP 10.1.103.192.33170 > 10.1.228.196.80: Flags [.], ack 2, win 218, options [nop,nop,TS val 299899243 ecr 119953435], length 0
05:36:56.511488 IP 10.1.103.192.33170 > 10.1.228.196.80: Flags [P.], seq 1:549, ack 2, win 218, options [nop,nop,TS val 299899293 ecr 119953435], length 548: HTTP: GET /favicon.ico HTTP/1.1
05:36:56.919491 IP 10.1.103.192.33170 > 10.1.228.196.80: Flags [P.], seq 1:549, ack 2, win 218, options [nop,nop,TS val 299899395 ecr 119953435], length 548: HTTP: GET /favicon.ico HTTP/1.1
05:36:57.735515 IP 10.1.103.192.33170 > 10.1.228.196.80: Flags [P.], seq 1:549, ack 2, win 218, options [nop,nop,TS val 299899599 ecr 119953435], length 548: HTTP: GET /favicon.ico HTTP/1.1
05:36:57.739478 IP 10.1.103.192.33220 > 10.1.228.196.80: Flags [P.], seq 1:674, ack 1, win 218, options [nop,nop,TS val 299899600 ecr 119952295], length 673: HTTP: GET / HTTP/1.1
05:36:59.371517 IP 10.1.103.192.33170 > 10.1.228.196.80: Flags [P.], seq 1:549, ack 2, win 218, options [nop,nop,TS val 299900008 ecr 119953435], length 548: HTTP: GET /favicon.ico HTTP/1.1
05:37:02.643503 IP 10.1.103.192.33170 > 10.1.228.196.80: Flags [P.], seq 1:549, ack 2, win 218, options [nop,nop,TS val 299900826 ecr 119953435], length 548: HTTP: GET /favicon.ico HTTP/1.1
05:37:09.195488 IP 10.1.103.192.33170 > 10.1.228.196.80: Flags [P.], seq 1:549, ack 2, win 218, options [nop,nop,TS val 299902464 ecr 119953435], length 548: HTTP: GET /favicon.ico HTTP/1.1
05:37:10.571502 IP 10.1.103.192.33220 > 10.1.228.196.80: Flags [P.], seq 1:674, ack 1, win 218, options [nop,nop,TS val 299902808 ecr 119952295], length 673: HTTP: GET / HTTP/1.1
05:37:22.283494 IP 10.1.103.192.33170 > 10.1.228.196.80: Flags [P.], seq 1:549, ack 2, win 218, options [nop,nop,TS val 299905736 ecr 119953435], length 548: HTTP: GET /favicon.ico HTTP/1.1
05:37:36.203496 IP 10.1.103.192.33220 > 10.1.228.196.80: Flags [P.], seq 1:674, ack 1, win 218, options [nop,nop,TS val 299909216 ecr 119952295], length 673: HTTP: GET / HTTP/1.1
05:37:44.915528 IP 10.1.103.192.33220 > 10.1.228.196.80: Flags [F.], seq 674, ack 1, win 218, options [nop,nop,TS val 299911394 ecr 119952295], length 0
05:37:44.916385 IP 10.1.228.196.80 > 10.1.103.192.33220: Flags [.], ack 1, win 227, options [nop,nop,TS val 119958295 ecr 299896393,nop,nop,sack 1 {674:675}], length 0
05:37:44.916412 IP 10.1.103.192.33220 > 10.1.228.196.80: Flags [P.], seq 1:674, ack 1, win 218, options [nop,nop,TS val 299911394 ecr 119958295], length 673: HTTP: GET / HTTP/1.1
05:37:44.922990 IP 10.1.228.196.80 > 10.1.103.192.33220: Flags [F.], seq 1, ack 1, win 227, options [nop,nop,TS val 119958296 ecr 299896393,nop,nop,sack 1 {674:675}], length 0
05:37:44.923012 IP 10.1.103.192.33220 > 10.1.228.196.80: Flags [.], ack 2, win 218, options [nop,nop,TS val 299911395 ecr 119958296], length 0
05:37:45.119480 IP 10.1.103.192.33220 > 10.1.228.196.80: Flags [P.], seq 1:674, ack 2, win 218, options [nop,nop,TS val 299911445 ecr 119958296], length 673: HTTP: GET / HTTP/1.1
05:37:45.301919 IP 10.1.103.192.33282 > 10.1.228.196.80: Flags [S], seq 3025011802, win 27800, options [mss 1390,sackOK,TS val 299911490 ecr 0,nop,wscale 7], length 0
05:37:45.302723 IP 10.1.228.196.80 > 10.1.103.192.33282: Flags [S.], seq 19495508, ack 3025011803, win 28960, options [mss 1460,sackOK,TS val 119958334 ecr 299911490,nop,wscale 7], length 0
05:37:45.302743 IP 10.1.103.192.33282 > 10.1.228.196.80: Flags [.], ack 1, win 218, options [nop,nop,TS val 299911490 ecr 119958334], length 0
05:37:45.302816 IP 10.1.103.192.33282 > 10.1.228.196.80: Flags [P.], seq 1:592, ack 1, win 218, options [nop,nop,TS val 299911490 ecr 119958334], length 591: HTTP: GET /favicon.ico HTTP/1.1
05:37:45.499487 IP 10.1.103.192.33282 > 10.1.228.196.80: Flags [P.], seq 1:592, ack 1, win 218, options [nop,nop,TS val 299911540 ecr 119958334], length 591: HTTP: GET /favicon.ico HTTP/1.1
05:37:45.527527 IP 10.1.103.192.33220 > 10.1.228.196.80: Flags [P.], seq 1:674, ack 2, win 218, options [nop,nop,TS val 299911547 ecr 119958296], length 673: HTTP: GET / HTTP/1.1
05:37:45.699470 IP 10.1.103.192.33282 > 10.1.228.196.80: Flags [P.], seq 1:592, ack 1, win 218, options [nop,nop,TS val 299911590 ecr 119958334], length 591: HTTP: GET /favicon.ico HTTP/1.1
05:37:46.099474 IP 10.1.103.192.33282 > 10.1.228.196.80: Flags [P.], seq 1:592, ack 1, win 218, options [nop,nop,TS val 299911690 ecr 119958334], length 591: HTTP: GET /favicon.ico HTTP/1.1
05:37:46.343504 IP 10.1.103.192.33220 > 10.1.228.196.80: Flags [P.], seq 1:674, ack 2, win 218, options [nop,nop,TS val 299911751 ecr 119958296], length 673: HTTP: GET / HTTP/1.1
05:37:46.899474 IP 10.1.103.192.33282 > 10.1.228.196.80: Flags [P.], seq 1:592, ack 1, win 218, options [nop,nop,TS val 299911890 ecr 119958334], length 591: HTTP: GET /favicon.ico HTTP/1.1
05:37:47.979491 IP 10.1.103.192.33220 > 10.1.228.196.80: Flags [P.], seq 1:674, ack 2, win 218, options [nop,nop,TS val 299912160 ecr 119958296], length 673: HTTP: GET / HTTP/1.1
05:37:48.503478 IP 10.1.103.192.33282 > 10.1.228.196.80: Flags [P.], seq 1:592, ack 1, win 218, options [nop,nop,TS val 299912291 ecr 119958334], length 591: HTTP: GET /favicon.ico HTTP/1.1
05:37:51.251495 IP 10.1.103.192.33220 > 10.1.228.196.80: Flags [P.], seq 1:674, ack 2, win 218, options [nop,nop,TS val 299912978 ecr 119958296], length 673: HTTP: GET / HTTP/1.1
05:37:51.707484 IP 10.1.103.192.33282 > 10.1.228.196.80: Flags [P.], seq 1:592, ack 1, win 218, options [nop,nop,TS val 299913092 ecr 119958334], length 591: HTTP: GET /favicon.ico HTTP/1.1
05:37:57.803502 IP 10.1.103.192.33220 > 10.1.228.196.80: Flags [P.], seq 1:674, ack 2, win 218, options [nop,nop,TS val 299914616 ecr 119958296], length 673: HTTP: GET / HTTP/1.1
05:37:58.123508 IP 10.1.103.192.33282 > 10.1.228.196.80: Flags [P.], seq 1:592, ack 1, win 218, options [nop,nop,TS val 299914696 ecr 119958334], length 591: HTTP: GET /favicon.ico HTTP/1.1
05:38:10.891516 IP 10.1.103.192.33220 > 10.1.228.196.80: Flags [P.], seq 1:674, ack 2, win 218, options [nop,nop,TS val 299917888 ecr 119958296], length 673: HTTP: GET / HTTP/1.1
05:38:10.955508 IP 10.1.103.192.33282 > 10.1.228.196.80: Flags [P.], seq 1:592, ack 1, win 218, options [nop,nop,TS val 299917904 ecr 119958334], length 591: HTTP: GET /favicon.ico HTTP/1.1
05:38:36.619480 IP 10.1.103.192.33282 > 10.1.228.196.80: Flags [P.], seq 1:592, ack 1, win 218, options [nop,nop,TS val 299924320 ecr 119958334], length 591: HTTP: GET /favicon.ico HTTP/1.1
05:38:45.303609 IP 10.1.103.192.33282 > 10.1.228.196.80: Flags [F.], seq 592, ack 1, win 218, options [nop,nop,TS val 299926491 ecr 119958334], length 0
05:38:45.304434 IP 10.1.228.196.80 > 10.1.103.192.33282: Flags [.], ack 1, win 227, options [nop,nop,TS val 119964334 ecr 299911490,nop,nop,sack 1 {592:593}], length 0
05:38:45.304457 IP 10.1.103.192.33282 > 10.1.228.196.80: Flags [P.], seq 1:592, ack 1, win 218, options [nop,nop,TS val 299926491 ecr 119964334], length 591: HTTP: GET /favicon.ico HTTP/1.1
05:38:45.348947 IP 10.1.228.196.80 > 10.1.103.192.33282: Flags [F.], seq 1, ack 1, win 227, options [nop,nop,TS val 119964339 ecr 299911490,nop,nop,sack 1 {592:593}], length 0
05:38:45.348996 IP 10.1.103.192.33282 > 10.1.228.196.80: Flags [.], ack 2, win 218, options [nop,nop,TS val 299926502 ecr 119964339], length 0
05:38:45.507493 IP 10.1.103.192.33282 > 10.1.228.196.80: Flags [P.], seq 1:592, ack 2, win 218, options [nop,nop,TS val 299926542 ecr 119964339], length 591: HTTP: GET /favicon.ico HTTP/1.1
05:38:45.915478 IP 10.1.103.192.33282 > 10.1.228.196.80: Flags [P.], seq 1:592, ack 2, win 218, options [nop,nop,TS val 299926644 ecr 119964339], length 591: HTTP: GET /favicon.ico HTTP/1.1
05:38:46.731487 IP 10.1.103.192.33282 > 10.1.228.196.80: Flags [P.], seq 1:592, ack 2, win 218, options [nop,nop,TS val 299926848 ecr 119964339], length 591: HTTP: GET /favicon.ico HTTP/1.1
05:38:48.367491 IP 10.1.103.192.33282 > 10.1.228.196.80: Flags [P.], seq 1:592, ack 2, win 218, options [nop,nop,TS val 299927257 ecr 119964339], length 591: HTTP: GET /favicon.ico HTTP/1.1
05:38:51.643525 IP 10.1.103.192.33282 > 10.1.228.196.80: Flags [P.], seq 1:592, ack 2, win 218, options [nop,nop,TS val 299928076 ecr 119964339], length 591: HTTP: GET /favicon.ico HTTP/1.1
05:38:58.187488 IP 10.1.103.192.33282 > 10.1.228.196.80: Flags [P.], seq 1:592, ack 2, win 218, options [nop,nop,TS val 299929712 ecr 119964339], length 591: HTTP: GET /favicon.ico HTTP/1.1
05:39:11.275512 IP 10.1.103.192.33282 > 10.1.228.196.80: Flags [P.], seq 1:592, ack 2, win 218, options [nop,nop,TS val 299932984 ecr 119964339], length 591: HTTP: GET /favicon.ico HTTP/1.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment