Created
May 6, 2024 18:51
-
-
Save kladderadeng/96273239804a210adef578d144b829b7 to your computer and use it in GitHub Desktop.
Netbird Debugging #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| / # tcpdump -Ani wt0 | |
| tcpdump: verbose output suppressed, use -v[v]... for full protocol decode | |
| listening on wt0, link-type RAW (Raw IP), snapshot length 262144 bytes | |
| 18:33:19.965836 IP 100.104.32.248.49984 > 10.0.0.4.80: Flags [SEW], seq 3870434966, win 64480, options [mss 1240,nop,wscale 8,nop,nop,sackOK], length 0 | |
| E..4..@....Wdh . | |
| ....@.P..&......................... | |
| 18:33:19.965836 IP 100.104.32.248.49985 > 10.0.0.4.80: Flags [SEW], seq 2548844507, win 64480, options [mss 1240,nop,wscale 8,nop,nop,sackOK], length 0 | |
| E..4..@....Vdh . | |
| ....A.P..G.........@............... | |
| 18:33:19.966484 IP 10.0.0.4.80 > 100.104.32.248.49984: Flags [S.], seq 3645237573, ack 3870434967, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 3], length 0 | |
| E..4..@.?..` | |
| ...dh ..P.@.E.E..&...r..*.............. | |
| 18:33:19.966521 IP 10.0.0.4.80 > 100.104.32.248.49985: Flags [S.], seq 3900528976, ack 2548844508, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 3], length 0 | |
| E..4..@.?..` | |
| ...dh ..P.A.}YP..G...r..h.............. | |
| 18:33:19.992998 IP 100.104.32.248.49984 > 10.0.0.4.80: Flags [.], ack 1, win 6146, length 0 | |
| E..(..@....cdh . | |
| ....@.P..&..E.FP...u... | |
| 18:33:19.993061 IP 100.104.32.248.49984 > 10.0.0.4.80: Flags [P.], seq 1:438, ack 1, win 6146, length 437: HTTP: GET / HTTP/1.1 | |
| E.... @.....dh . | |
| ....@.P..&..E.FP....k..GET / HTTP/1.1 | |
| Host: 10.0.0.4 | |
| Connection: keep-alive | |
| Upgrade-Insecure-Requests: 1 | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0 | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 | |
| Accept-Encoding: gzip, deflate | |
| Accept-Language: en-US,en;q=0.9 | |
| 18:33:19.999821 IP 100.104.32.248.49985 > 10.0.0.4.80: Flags [.], ack 1, win 6146, length 0 | |
| E..(. | |
| @....adh . | |
| ....A.P..G..}YQP...#E.. | |
| 18:33:20.292875 IP 100.104.32.248.49984 > 10.0.0.4.80: Flags [P.], seq 1:438, ack 1, win 6146, length 437: HTTP: GET / HTTP/1.1 | |
| E.....@.....dh . | |
| ....@.P..&..E.FP....k..GET / HTTP/1.1 | |
| Host: 10.0.0.4 | |
| Connection: keep-alive | |
| Upgrade-Insecure-Requests: 1 | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0 | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 | |
| Accept-Encoding: gzip, deflate | |
| Accept-Language: en-US,en;q=0.9 | |
| 18:33:20.591798 IP 100.104.32.248.49984 > 10.0.0.4.80: Flags [P.], seq 1:438, ack 1, win 6146, length 437: HTTP: GET / HTTP/1.1 | |
| E.....@.....dh . | |
| ....@.P..&..E.FP....k..GET / HTTP/1.1 | |
| Host: 10.0.0.4 | |
| Connection: keep-alive | |
| Upgrade-Insecure-Requests: 1 | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0 | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 | |
| Accept-Encoding: gzip, deflate | |
| Accept-Language: en-US,en;q=0.9 | |
| 18:33:20.592355 IP 10.0.0.4.80 > 100.104.32.248.49984: Flags [R], seq 3645237574, win 0, length 0 | |
| E..(..@.?..l | |
| ...dh ..P.@.E.F....P...._.. | |
| 18:33:21.699061 IP 100.104.32.248.49987 > 10.0.0.4.80: Flags [SEW], seq 2677292346, win 64480, options [mss 1240,nop,wscale 8,nop,nop,sackOK], length 0 | |
| E..4..@....Pdh . | |
| ....C.P..=:........C............... | |
| 18:33:21.699132 IP 100.104.32.248.49985 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1 | |
| E.....@.....dh . | |
| ....A.P..G..}YQP....#..GET / HTTP/1.1 | |
| Host: 10.0.0.4 | |
| Connection: keep-alive | |
| Cache-Control: max-age=0 | |
| Upgrade-Insecure-Requests: 1 | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0 | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 | |
| Accept-Encoding: gzip, deflate | |
| Accept-Language: en-US,en;q=0.9 | |
| 18:33:21.699722 IP 10.0.0.4.80 > 100.104.32.248.49987: Flags [S.], seq 2277799414, ack 2677292347, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 3], length 0 | |
| E..4..@.?..` | |
| ...dh ..P.C..u...=;..r..r.............. | |
| 18:33:21.733570 IP 100.104.32.248.49987 > 10.0.0.4.80: Flags [.], ack 1, win 6146, length 0 | |
| E..(..@....\dh . | |
| ....C.P..=;..u.P...jO.. | |
| 18:33:21.975564 IP 100.104.32.248.49985 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1 | |
| E.....@.....dh . | |
| ....A.P..G..}YQP....#..GET / HTTP/1.1 | |
| Host: 10.0.0.4 | |
| Connection: keep-alive | |
| Cache-Control: max-age=0 | |
| Upgrade-Insecure-Requests: 1 | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0 | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 | |
| Accept-Encoding: gzip, deflate | |
| Accept-Language: en-US,en;q=0.9 | |
| 18:33:22.274174 IP 100.104.32.248.49985 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1 | |
| E.....@.....dh . | |
| ....A.P..G..}YQP....#..GET / HTTP/1.1 | |
| Host: 10.0.0.4 | |
| Connection: keep-alive | |
| Cache-Control: max-age=0 | |
| Upgrade-Insecure-Requests: 1 | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0 | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 | |
| Accept-Encoding: gzip, deflate | |
| Accept-Language: en-US,en;q=0.9 | |
| 18:33:22.274773 IP 10.0.0.4.80 > 100.104.32.248.49985: Flags [R], seq 3900528977, win 0, length 0 | |
| E..(..@.?..l | |
| ...dh ..P.A.}YQ....P....... | |
| 18:33:22.300638 IP 100.104.32.248.49987 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1 | |
| E.....@.....dh . | |
| ....C.P..=;..u.P... | |
| ...GET / HTTP/1.1 | |
| Host: 10.0.0.4 | |
| Connection: keep-alive | |
| Cache-Control: max-age=0 | |
| Upgrade-Insecure-Requests: 1 | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0 | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 | |
| Accept-Encoding: gzip, deflate | |
| Accept-Language: en-US,en;q=0.9 | |
| 18:33:22.579003 IP 100.104.32.248.49987 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1 | |
| E.....@.....dh . | |
| ....C.P..=;..u.P... | |
| ...GET / HTTP/1.1 | |
| Host: 10.0.0.4 | |
| Connection: keep-alive | |
| Cache-Control: max-age=0 | |
| Upgrade-Insecure-Requests: 1 | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0 | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 | |
| Accept-Encoding: gzip, deflate | |
| Accept-Language: en-US,en;q=0.9 | |
| 18:33:22.880226 IP 100.104.32.248.49987 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1 | |
| E.....@.....dh . | |
| ....C.P..=;..u.P... | |
| ...GET / HTTP/1.1 | |
| Host: 10.0.0.4 | |
| Connection: keep-alive | |
| Cache-Control: max-age=0 | |
| Upgrade-Insecure-Requests: 1 | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0 | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 | |
| Accept-Encoding: gzip, deflate | |
| Accept-Language: en-US,en;q=0.9 | |
| 18:33:22.880877 IP 10.0.0.4.80 > 100.104.32.248.49987: Flags [R], seq 2277799415, win 0, length 0 | |
| E..(..@.?..l | |
| ...dh ..P.C..u.....P..._-.. | |
| 18:33:22.905110 IP 100.104.32.248.49998 > 10.0.0.4.80: Flags [SEW], seq 3186137730, win 64480, options [mss 1240,nop,wscale 8,nop,nop,sackOK], length 0 | |
| E..4..@....Hdh . | |
| ....N.P............................ | |
| 18:33:22.905620 IP 10.0.0.4.80 > 100.104.32.248.49998: Flags [S.], seq 2340615, ack 3186137731, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 3], length 0 | |
| E..4..@.?..` | |
| ...dh ..P.N.#........r..[.............. | |
| 18:33:22.930558 IP 100.104.32.248.49998 > 10.0.0.4.80: Flags [.], ack 1, win 6146, length 0 | |
| E..(..@....Udh . | |
| ....N.P.....#..P...58.. | |
| 18:33:22.930600 IP 100.104.32.248.49998 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1 | |
| E.....@.....dh . | |
| ....N.P.....#..P.......GET / HTTP/1.1 | |
| Host: 10.0.0.4 | |
| Connection: keep-alive | |
| Cache-Control: max-age=0 | |
| Upgrade-Insecure-Requests: 1 | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0 | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 | |
| Accept-Encoding: gzip, deflate | |
| Accept-Language: en-US,en;q=0.9 | |
| 18:33:23.168613 IP 100.104.32.248.49998 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1 | |
| E.....@.....dh . | |
| ....N.P.....#..P.......GET / HTTP/1.1 | |
| Host: 10.0.0.4 | |
| Connection: keep-alive | |
| Cache-Control: max-age=0 | |
| Upgrade-Insecure-Requests: 1 | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0 | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 | |
| Accept-Encoding: gzip, deflate | |
| Accept-Language: en-US,en;q=0.9 | |
| 18:33:23.469304 IP 100.104.32.248.49998 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1 | |
| E.....@.....dh . | |
| ....N.P.....#..P.......GET / HTTP/1.1 | |
| Host: 10.0.0.4 | |
| Connection: keep-alive | |
| Cache-Control: max-age=0 | |
| Upgrade-Insecure-Requests: 1 | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0 | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 | |
| Accept-Encoding: gzip, deflate | |
| Accept-Language: en-US,en;q=0.9 | |
| 18:33:23.469887 IP 10.0.0.4.80 > 100.104.32.248.49998: Flags [R], seq 2340616, win 0, length 0 | |
| E..(..@.?..l | |
| ...dh ..P.N.#......P....... | |
| 18:33:24.734111 IP 100.104.32.248 > 10.0.0.4: ICMP echo request, id 1, seq 1, length 72 | |
| E..\......C#dh . | |
| ........................................................................... | |
| 18:33:24.734181 IP 100.104.225.154 > 100.104.32.248: ICMP time exceeded in-transit, length 100 | |
| E..xr...@.;zdh..dh .........E..\......C#dh . | |
| ........................................................................... | |
| 18:33:24.761972 IP 100.104.32.248 > 10.0.0.4: ICMP echo request, id 1, seq 2, length 72 | |
| E..\......C"dh . | |
| ........................................................................... | |
| 18:33:24.762050 IP 100.104.225.154 > 100.104.32.248: ICMP time exceeded in-transit, length 100 | |
| E..xr...@.;vdh..dh .........E..\......C"dh . | |
| ........................................................................... | |
| 18:33:24.791590 IP 100.104.32.248 > 10.0.0.4: ICMP echo request, id 1, seq 3, length 72 | |
| E..\......C!dh . | |
| ........................................................................... | |
| 18:33:24.791650 IP 100.104.225.154 > 100.104.32.248: ICMP time exceeded in-transit, length 100 | |
| E..xr...@.;odh..dh .........E..\......C!dh . | |
| ........................................................................... | |
| 18:33:24.820895 IP 100.104.32.248.137 > 100.104.225.154.137: UDP, length 50 | |
| E..N........dh .dh.......:G............. CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..!.. | |
| 18:33:24.820971 IP 100.104.225.154 > 100.104.32.248: ICMP 100.104.225.154 udp port 137 unreachable, length 86 | |
| E..jr...@.;|dh..dh .........E..N........dh .dh.......:G............. CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..!.. | |
| 18:33:26.347541 IP 100.104.32.248.137 > 100.104.225.154.137: UDP, length 50 | |
| E..N........dh .dh.......:G............. CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..!.. | |
| 18:33:26.347613 IP 100.104.225.154 > 100.104.32.248: ICMP 100.104.225.154 udp port 137 unreachable, length 86 | |
| E..jr...@.;ydh..dh .........E..N........dh .dh.......:G............. CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..!.. | |
| 18:33:27.858695 IP 100.104.32.248.137 > 100.104.225.154.137: UDP, length 50 | |
| E..N........dh .dh.......:G............. CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..!.. | |
| 18:33:27.858750 IP 100.104.225.154 > 100.104.32.248: ICMP 100.104.225.154 udp port 137 unreachable, length 86 | |
| E..jr...@.;sdh..dh .........E..N........dh .dh.......:G............. CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..!.. | |
| 18:33:28.511803 IP 100.104.32.248.49999 > 10.0.0.4.80: Flags [SEW], seq 3934874039, win 64480, options [mss 1240,nop,wscale 8,nop,nop,sackOK], length 0 | |
| E..4..@....@dh . | |
| ....O.P..i......................... | |
| 18:33:28.512440 IP 10.0.0.4.80 > 100.104.32.248.49999: Flags [S.], seq 1626195285, ack 3934874040, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 3], length 0 | |
| E..4..@.?..` | |
| ...dh ..P.O`..U..i...r./l.............. | |
| 18:33:28.539413 IP 100.104.32.248.50000 > 10.0.0.4.80: Flags [SEW], seq 1181941309, win 64480, options [mss 1240,nop,wscale 8,nop,nop,sackOK], length 0 | |
| E..4..@....?dh . | |
| ....P.PFr.=........................ | |
| 18:33:28.539907 IP 100.104.32.248.49999 > 10.0.0.4.80: Flags [.], ack 1, win 6146, length 0 | |
| E..(..@....Ldh . | |
| ....O.P..i.`..VP....H.. | |
| 18:33:28.539941 IP 100.104.32.248.49999 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1 | |
| E.... @....|dh . | |
| ....O.P..i.`..VP...j'..GET / HTTP/1.1 | |
| Host: 10.0.0.4 | |
| Connection: keep-alive | |
| Cache-Control: max-age=0 | |
| Upgrade-Insecure-Requests: 1 | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0 | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 | |
| Accept-Encoding: gzip, deflate | |
| Accept-Language: en-US,en;q=0.9 | |
| 18:33:28.540009 IP 10.0.0.4.80 > 100.104.32.248.50000: Flags [S.], seq 847636072, ack 1181941310, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 3], length 0 | |
| E..4..@.?..` | |
| ...dh ..P.P2..hFr.>..r.LQ.............. | |
| 18:33:28.562575 IP 100.104.32.248.50000 > 10.0.0.4.80: Flags [.], ack 1, win 6146, length 0 | |
| E..(.!@....Jdh . | |
| ....P.PFr.>2..iP....-.. | |
| 18:33:28.779495 IP 100.104.32.248.49999 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1 | |
| E...."@....zdh . | |
| ....O.P..i.`..VP...j'..GET / HTTP/1.1 | |
| Host: 10.0.0.4 | |
| Connection: keep-alive | |
| Cache-Control: max-age=0 | |
| Upgrade-Insecure-Requests: 1 | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0 | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 | |
| Accept-Encoding: gzip, deflate | |
| Accept-Language: en-US,en;q=0.9 | |
| 18:33:29.080277 IP 100.104.32.248.49999 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1 | |
| E....#@....ydh . | |
| ....O.P..i.`..VP...j'..GET / HTTP/1.1 | |
| Host: 10.0.0.4 | |
| Connection: keep-alive | |
| Cache-Control: max-age=0 | |
| Upgrade-Insecure-Requests: 1 | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0 | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 | |
| Accept-Encoding: gzip, deflate | |
| Accept-Language: en-US,en;q=0.9 | |
| 18:33:29.080840 IP 10.0.0.4.80 > 100.104.32.248.49999: Flags [R], seq 1626195286, win 0, length 0 | |
| E..(..@.?..l | |
| ...dh ..P.O`..V....P...6... | |
| 18:33:30.504728 IP 100.104.32.248 > 10.0.0.4: ICMP echo request, id 1, seq 4, length 72 | |
| E..\.$....B.dh . | |
| ........................................................................... | |
| 18:33:30.505402 IP 10.0.0.4 > 100.104.32.248: ICMP echo reply, id 1, seq 4, length 72 | |
| E..\....?.7. | |
| ...dh ......................................................................... | |
| 18:33:30.529789 IP 100.104.32.248 > 10.0.0.4: ICMP echo request, id 1, seq 5, length 72 | |
| E..\.%....B.dh . | |
| ........................................................................... | |
| 18:33:30.530334 IP 10.0.0.4 > 100.104.32.248: ICMP echo reply, id 1, seq 5, length 72 | |
| E..\....?.7. | |
| ...dh ......................................................................... | |
| 18:33:30.555466 IP 100.104.32.248 > 10.0.0.4: ICMP echo request, id 1, seq 6, length 72 | |
| E..\.&....B.dh . | |
| ........................................................................... | |
| 18:33:30.556026 IP 10.0.0.4 > 100.104.32.248: ICMP echo reply, id 1, seq 6, length 72 | |
| E..\....?.7. | |
| ...dh ......................................................................... | |
| 18:33:33.775156 IP 10.0.0.4.80 > 100.104.32.248.50000: Flags [F.], seq 1, ack 1, win 3650, length 0 | |
| E..(.Y@.?... | |
| ...dh ..P.P2..iFr.>P..B.... | |
| 18:33:33.801936 IP 100.104.32.248.50000 > 10.0.0.4.80: Flags [.], ack 2, win 6146, length 0 | |
| E..(.'@....Ddh . | |
| ....P.PFr.>2..jP....,.. | |
| 18:33:56.745091 IP 100.104.32.248.50000 > 10.0.0.4.80: Flags [F.], seq 1, ack 2, win 6146, length 0 | |
| E..(.(@....Cdh . | |
| ....P.PFr.>2..jP....+.. | |
| 18:33:56.745091 IP 100.104.32.248.50025 > 10.0.0.4.80: Flags [SEW], seq 2448778205, win 64480, options [mss 1240,nop,wscale 8,nop,nop,sackOK], length 0 | |
| E..4.)@....4dh . | |
| ....i.P..c.........*[.............. | |
| 18:33:56.745091 IP 100.104.32.248.50026 > 10.0.0.4.80: Flags [SEW], seq 2175071858, win 64480, options [mss 1240,nop,wscale 8,nop,nop,sackOK], length 0 | |
| E..4.*@....3dh . | |
| ....j.P...r........................ | |
| 18:33:56.745860 IP 10.0.0.4.80 > 100.104.32.248.50025: Flags [S.], seq 3326930963, ack 2448778206, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 3], length 0 | |
| E..4..@.?..` | |
| ...dh ..P.i.L....c...r................. | |
| 18:33:56.745904 IP 10.0.0.4.80 > 100.104.32.248.50026: Flags [S.], seq 10862452, ack 2175071859, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 3], length 0 | |
| E..4..@.?..` | |
| ...dh ..P.j...t...s..r.q............... | |
| 18:33:56.770542 IP 100.104.32.248.50025 > 10.0.0.4.80: Flags [.], ack 1, win 6146, length 0 | |
| E..(.+@....@dh . | |
| ....i.P..c..L..P....... | |
| 18:33:56.770607 IP 100.104.32.248.50025 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1 | |
| E....,@....pdh . | |
| ....i.P..c..L..P...8^..GET / HTTP/1.1 | |
| Host: 10.0.0.4 | |
| Connection: keep-alive | |
| Cache-Control: max-age=0 | |
| Upgrade-Insecure-Requests: 1 | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0 | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 | |
| Accept-Encoding: gzip, deflate | |
| Accept-Language: en-US,en;q=0.9 | |
| 18:33:56.775736 IP 100.104.32.248.50026 > 10.0.0.4.80: Flags [.], ack 1, win 6146, length 0 | |
| E..(.-@....>dh . | |
| ....j.P...s...uP....... | |
| 18:33:57.019472 IP 100.104.32.248.50000 > 10.0.0.4.80: Flags [F.], seq 1, ack 2, win 6146, length 0 | |
| E..(..@....=dh . | |
| ....P.PFr.>2..jP....+.. | |
| 18:33:57.044034 IP 100.104.32.248.50025 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1 | |
| E..../@....mdh . | |
| ....i.P..c..L..P...8^..GET / HTTP/1.1 | |
| Host: 10.0.0.4 | |
| Connection: keep-alive | |
| Cache-Control: max-age=0 | |
| Upgrade-Insecure-Requests: 1 | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0 | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 | |
| Accept-Encoding: gzip, deflate | |
| Accept-Language: en-US,en;q=0.9 | |
| 18:33:57.343271 IP 100.104.32.248.50025 > 10.0.0.4.80: Flags [P.], seq 1:464, ack 1, win 6146, length 463: HTTP: GET / HTTP/1.1 | |
| E....0@....ldh . | |
| ....i.P..c..L..P...8^..GET / HTTP/1.1 | |
| Host: 10.0.0.4 | |
| Connection: keep-alive | |
| Cache-Control: max-age=0 | |
| Upgrade-Insecure-Requests: 1 | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0 | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 | |
| Accept-Encoding: gzip, deflate | |
| Accept-Language: en-US,en;q=0.9 | |
| 18:33:57.343783 IP 10.0.0.4.80 > 100.104.32.248.50025: Flags [R], seq 3326930964, win 0, length 0 | |
| E..(..@.?..l | |
| ...dh ..P.i.L......P....a.. | |
| 18:33:57.620279 IP 100.104.32.248.50000 > 10.0.0.4.80: Flags [F.], seq 1, ack 2, win 6146, length 0 | |
| E..(.1@....:dh . | |
| ....P.PFr.>2..jP....+.. | |
| 18:33:58.826049 IP 100.104.32.248.50000 > 10.0.0.4.80: Flags [F.], seq 1, ack 2, win 6146, length 0 | |
| E..(.2@....9dh . | |
| ....P.PFr.>2..jP....+.. | |
| 18:34:01.227865 IP 100.104.32.248.50000 > 10.0.0.4.80: Flags [F.], seq 1, ack 2, win 6146, length 0 | |
| E..(.3@....8dh . | |
| ....P.PFr.>2..jP....+.. | |
| 18:34:01.986200 IP 10.0.0.4.80 > 100.104.32.248.50026: Flags [F.], seq 1, ack 1, win 3650, length 0 | |
| E..(OX@.?.]. | |
| ...dh ..P.j...u...sP..B.@.. | |
| 18:34:02.010575 IP 100.104.32.248.50026 > 10.0.0.4.80: Flags [.], ack 2, win 6146, length 0 | |
| E..(.4@....7dh . | |
| ....j.P...s...vP....... | |
| 18:34:06.029860 IP 100.104.32.248.50000 > 10.0.0.4.80: Flags [F.], seq 1, ack 2, win 6146, length 0 | |
| E..(.5@....6dh . | |
| ....P.PFr.>2..jP....+.. | |
| 18:34:15.298560 IP 100.104.32.248 > 10.0.0.4: ICMP echo request, id 1, seq 7, length 72 | |
| E..\.6....C.dh . | |
| ........................................................................... | |
| 18:34:15.298620 IP 100.104.225.154 > 100.104.32.248: ICMP time exceeded in-transit, length 100 | |
| E..xu,..@.96dh..dh .........E..\.6....C.dh . | |
| ........................................................................... | |
| 18:34:15.324067 IP 100.104.32.248 > 10.0.0.4: ICMP echo request, id 1, seq 8, length 72 | |
| E..\.7....C.dh . | |
| ........................................................................... | |
| 18:34:15.324128 IP 100.104.225.154 > 100.104.32.248: ICMP time exceeded in-transit, length 100 | |
| E..xu/..@.93dh..dh .........E..\.7....C.dh . | |
| ........................................................................... | |
| 18:34:15.357292 IP 100.104.32.248 > 10.0.0.4: ICMP echo request, id 1, seq 9, length 72 | |
| E..\.8....C.dh . | |
| .......... ................................................................ | |
| 18:34:15.357352 IP 100.104.225.154 > 100.104.32.248: ICMP time exceeded in-transit, length 100 | |
| E..xu0..@.92dh..dh .........E..\.8....C.dh . | |
| .......... ................................................................ | |
| 18:34:15.385010 IP 100.104.32.248.137 > 100.104.225.154.137: UDP, length 50 | |
| E..N........dh .dh.......:G............. CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..!.. | |
| 18:34:15.385084 IP 100.104.225.154 > 100.104.32.248: ICMP 100.104.225.154 udp port 137 unreachable, length 86 | |
| E..ju2..@.9>dh..dh .........E..N........dh .dh.......:G............. CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..!.. | |
| 18:34:15.629653 IP 100.104.32.248.50000 > 10.0.0.4.80: Flags [R.], seq 2, ack 2, win 0, length 0 | |
| E..(.9@....2dh . | |
| ....P.PFr.?2..jP....).. | |
| 18:34:16.909819 IP 100.104.32.248.137 > 100.104.225.154.137: UDP, length 50 | |
| E..N........dh .dh.......:G............. CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..!.. | |
| 18:34:16.909835 IP 100.104.225.154 > 100.104.32.248: ICMP 100.104.225.154 udp port 137 unreachable, length 86 | |
| E..ju...@.8.dh..dh .........E..N........dh .dh.......:G............. CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..!.. | |
| 18:34:18.422984 IP 100.104.32.248.137 > 100.104.225.154.137: UDP, length 50 | |
| E..N........dh .dh.......:G............. CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..!.. | |
| 18:34:18.423017 IP 100.104.225.154 > 100.104.32.248: ICMP 100.104.225.154 udp port 137 unreachable, length 86 | |
| E..jv...@.7.dh..dh .........E..N........dh .dh.......:G............. CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..!.. | |
| 18:34:21.267203 IP 100.104.32.248 > 10.0.0.4: ICMP echo request, id 1, seq 10, length 72 | |
| E..\.:....B.dh . | |
| .......... | |
| ................................................................ | |
| 18:34:21.267841 IP 10.0.0.4 > 100.104.32.248: ICMP echo reply, id 1, seq 10, length 72 | |
| E..\....?.-. | |
| ...dh ........ | |
| ................................................................ | |
| 18:34:21.293125 IP 100.104.32.248 > 10.0.0.4: ICMP echo request, id 1, seq 11, length 72 | |
| E..\.;....B.dh . | |
| ........................................................................... | |
| 18:34:21.293758 IP 10.0.0.4 > 100.104.32.248: ICMP echo reply, id 1, seq 11, length 72 | |
| E..\....?.-. | |
| ...dh ......................................................................... | |
| 18:34:21.319902 IP 100.104.32.248 > 10.0.0.4: ICMP echo request, id 1, seq 12, length 72 | |
| E..\.<....B.dh . | |
| ........................................................................... | |
| 18:34:21.320453 IP 10.0.0.4 > 100.104.32.248: ICMP echo reply, id 1, seq 12, length 72 | |
| E..\....?.-. | |
| ...dh ......................................................................... | |
| ^C | |
| 95 packets captured | |
| 95 packets received by filter | |
| 0 packets dropped by kernel | |
| / # exit |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment