Bill Xu bill at zeuux.org
Wed Jul 9 16:35:21 CST 2008

---

王喜，作为哲思自由软件图书的一部分，我们正在创作一批文档，其中之一是关于 
tcpdump的，
http://www.zeuux.org/science/learning-tcpdump.cn.html
现在是孔建军在负责这个文档的维护，希望你能多给一些指导和建议。
参考：http://www.zeuux.org/community/zeuux-press.cn.html

建军，王喜是东软NetEye防火墙架构师，精通Linux kernel和网络，你可以向他多 
学习。

徐继哲

xiwang 写道:
> 什么方面的建议。
>  
> 我觉得你们这个活动挺好，呵呵。
>  
>
>     ----- Original Message -----
>     *From:* Bill Xu bill at zeuux.org>
>     *To:* Kong Jianjun jianjun at z.billxu.com>
>     *Cc:* zeuux-cvs at zeuux.org zeuux-cvs at zeuux.org> ; xiwang
>     xiwang at neusoft.com> ; zeuux-cvs at zeuux.org
>     zeuux-cvs at zeuux.org> ; zeuux-www zeuux-www at zeuux.org>
>     *Sent:* Tuesday, July 08, 2008 6:42 PM
>     *Subject:* Re: [zeuux-cvs] cvs commit:
>     www/zeuux.org/sciencelearning-tcpdump.cn.html
>
>     很好，尽量多加一些案例，请夏武给一些具体的意见。
>
>     王喜同志，我们正在创作一些列的自由软件文档，其中的一个是tcpdump，
>     可否给一些专业建议？
>>        	
实例：

>>        	#tcpdump -i eth0 -X src host 10.1.2.1
>>        	
>>       +	
实践经验
>>       +	
诊断arp风暴
>>       +	
arp攻击包括arp扫描和arp欺骗两类。arp风暴属于前者，它是指由于病毒作用，导致主机向整个网络内广播大量arp请求，耗尽带宽资源，使网络瘫痪的现象，它往往是arp欺骗的前兆，用于破坏网络连接、盗取他人网络账号。

>>       +	tcpdump -e arp 可以用来监听网络内部广播的所有数据包，监听结果中包含数据发送方Mac地址、arp请求方法IP地址等其他信息，如果某个或多个固定MAC地址的主机连续发送大量请求广播，并得到回应，则其有可能为arp风暴源。可以对此主机进行物理隔离，进行再判断。
>>       +	

>>       +	

>>       +kongove at ubuntu:~$ +kongove at ubuntu:%7E$> sudo tcpdump -e arp
>>       +09:43:48.630521 00:15:c5:6d:0e:80 (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: arp who-has 192.168.2.1 tell 192.168.8.237
>>       +09:43:48.734420 00:e0:4d:1a:c9:24 (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: arp who-has 192.168.44.138 tell 192.168.44.156
>>       +09:43:48.842663 00:e0:e4:02:32:59 (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 60: arp who-has 192.168.21.1 tell 192.168.21.251
>>       +

>> + >>

总结

>>

参考资料

>>

>> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> zeuux-cvs mailing list >> zeuux-cvs at zeuux.org >> http://www.zeuux.org/mailman/listinfo/zeuux-cvs >> >> ZEUUX Project - Free Software, Free Society! >> http://www.zeuux.org > > > ------------------------------------------------------------------------ > *Confidentiality Notice:* The information contained in this e-mail and > any accompanying attachment(s) is intended only for the use of the > intended recipient and may be confidential and/or privileged of > Neusoft Group Ltd., its subsidiaries and/or its affiliates. If any > reader of this communication is not the intended recipient, > unauthorized use, forwarding, printing, storing, disclosure or copying > is strictly prohibited, and may be unlawful. If you have received this > communication in error, please immediately notify the sender by return > e-mail, and delete the original message and all copies from your > system. Thank you. > ------------------------------------------------------------------------ -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://www.zeuux.org/pipermail/zeuux-www/attachments/20080709/7da522b1/attachment.html>
[导入自Mailman归档：http://www.zeuux.org/pipermail/zeuux-www]