DaemonForums - View Single Post

mayuka · #46 **(View Single Post)** 2nd January 2010

Ok. I am allowing the traffic as you said.

router:

Code:

# tcpdump -eni rum0
tcpdump: listening on rum0, link-type EN10MB
16:16:04.818278 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 888e 113: 
                         0103 005f 0200 8a00 1000 0000 0000 0000
                         007b c293 a1a9 0e55 ac19 4bc3 3578 cf33
                         5923 99b0 8aa9 24f0 51cb 1d1c c72e d9a6
                         3200 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 00
16:16:04.822727 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 888e 135: 
                         0103 0075 0201 0a00 1000 0000 0000 0000
                         008b 1bae a891 9873 4d3e 262d 7c85 4397
                         b737 4246 1860 619f b161 1f8a 6dcf 92bb
                         9900 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         00cb 3b26 cb91 7220 e1f5 a872 38ea 3097
                         6f00 1630 1401
16:16:04.822830 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 888e 193: 
                         0103 00af 0213 ca00 1000 0000 0000 0000
                         017b c293 a1a9 0e55 ac19 4bc3 3578 cf33
                         5923 99b0 8aa9 24f0 51cb 1d1c c72e d9a6
                         3200 0000 0000 0000 0000 0000 0000 0000
                         0001 0000 0000 0000 0000 0000 0000 0000
                         00e3 c435 eb3c 4e44 a62a 9f6a 9b45 3e76
                         c600 50ff 2eb4
16:16:04.826968 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 888e 113: 
                         0103 005f 0203 0a00 1000 0000 0000 0000
                         018b 1bae a891 9873 4d3e 262d 7c85 4397
                         b737 4246 1860 619f b161 1f8a 6dcf 92bb
                         9900 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0046 f35d d255 2d7c 9c17 cd49 42b7 9a9a
                         0b00 00
16:16:04.830017 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 192.168.2.101 tell 0.0.0.0
16:16:05.225046 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 192.168.2.101 tell 0.0.0.0
16:16:05.624050 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 192.168.2.101 tell 0.0.0.0
16:16:06.024032 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 192.168.2.101 tell 192.168.2.101
16:16:06.432541 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 192.168.2.101 tell 192.168.2.101
16:16:06.432688 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 192.168.2.254 tell 192.168.2.101
16:16:06.432779 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 169.254.255.255 tell 192.168.2.101
16:16:06.432791 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0806 42: arp reply 192.168.2.254 is-at yy:yy:yy:yy:yy:yy
16:16:06.841232 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 169.254.255.255 tell 192.168.2.101
16:16:07.222771 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 169.254.255.255 tell 192.168.2.101
16:16:07.623250 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 169.254.255.255 tell 192.168.2.101
16:16:08.451736 xx:xx:xx:xx:xx:xx 01:00:5e:00:00:02 0800 46: 192.168.2.101 > 224.0.0.2: igmp leave 224.0.0.251 [ttl 1]
16:16:08.451859 xx:xx:xx:xx:xx:xx 01:00:5e:00:00:fb 0800 46: 192.168.2.101 > 224.0.0.251: igmp nreport 224.0.0.251 [ttl 1]
16:16:08.729106 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0800 92: 192.168.2.101.55026 > 192.168.2.255.137: udp 50
16:16:08.998872 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0800 92: 192.168.2.101.55026 > 192.168.2.255.137: udp 50
16:16:09.268674 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0800 92: 192.168.2.101.55026 > 192.168.2.255.137: udp 50
16:16:11.825206 xx:xx:xx:xx:xx:xx 01:00:5e:00:00:fb 0800 46: 192.168.2.101 > 224.0.0.251: igmp nreport 224.0.0.251 [ttl 1]
16:16:11.997100 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0800 92: 192.168.2.101.64321 > 192.168.2.255.137: udp 50
16:16:12.267852 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0800 92: 192.168.2.101.64321 > 192.168.2.255.137: udp 50
16:16:12.536456 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0800 92: 192.168.2.101.64321 > 192.168.2.255.137: udp 50
16:16:13.672245 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 888e 113: 
                         0103 005f 0200 8a00 1000 0000 0000 0000
                         0011 76e4 d9fe 5038 7b65 a1aa 3e32 040c
                         4fb5 56ab 1179 381a 3d59 4d18 8706 25bc
                         ae00 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 00
16:16:13.676962 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 888e 135: 
                         0103 0075 0201 0a00 1000 0000 0000 0000
                         0068 5414 5c97 dec4 a3d7 e13e 001c 2cac
                         b669 b5b1 6ea1 c047 c2fc d009 7d6f 73d3
                         4600 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         006e 7ee2 88cc c251 7286 073f 8121 a4c9
                         a500 1630 1401
16:16:13.677065 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 888e 193: 
                         0103 00af 0213 ca00 1000 0000 0000 0000
                         0111 76e4 d9fe 5038 7b65 a1aa 3e32 040c
                         4fb5 56ab 1179 381a 3d59 4d18 8706 25bc
                         ae00 0000 0000 0000 0000 0000 0000 0000
                         0014 0000 0000 0000 0000 0000 0000 0000
                         00e2 ff6e 1b64 0821 8e29 8243 6d50 d253
                         6700 5019 5fed
16:16:13.680966 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 888e 113: 
                         0103 005f 0203 0a00 1000 0000 0000 0000
                         0168 5414 5c97 dec4 a3d7 e13e 001c 2cac
                         b669 b5b1 6ea1 c047 c2fc d009 7d6f 73d3
                         4600 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         00ae 61cf 6f10 4362 6d52 7467 7922 f004
                         3a00 00
16:16:13.682790 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 192.168.2.101 tell 0.0.0.0
16:16:14.095521 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 192.168.2.101 tell 0.0.0.0
16:16:14.481261 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 192.168.2.101 tell 0.0.0.0
16:16:14.880498 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 192.168.2.101 tell 192.168.2.101
16:16:15.279779 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 192.168.2.101 tell 192.168.2.101
16:16:15.279936 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 192.168.2.254 tell 192.168.2.101
16:16:15.279987 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 0806 42: arp reply 192.168.2.254 is-at yy:yy:yy:yy:yy:yy
16:16:15.678772 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 169.254.255.255 tell 192.168.2.101
16:16:16.077749 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 169.254.255.255 tell 192.168.2.101
16:16:16.477014 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 169.254.255.255 tell 192.168.2.101
16:16:16.876293 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 169.254.255.255 tell 192.168.2.101
16:16:25.870315 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 888e 113: 
                         0103 005f 0200 8a00 1000 0000 0000 0000
                         0086 131b f042 d636 11b2 dafd 37d0 4f07
                         56f0 35e1 89d0 5d74 2a93 4ece b270 f902
                         4f00 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         0000 00
16:16:25.874781 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 888e 135: 
                         0103 0075 0201 0a00 1000 0000 0000 0000
                         0053 6240 9743 afb0 b2b3 ea4c 3f6f cec2
                         3e65 80de a789 6afc ce63 2b4a 5f67 591d
                         3500 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         008c 7714 30fe af68 890e f63b 9165 8618
                         d000 1630 1401
16:16:25.874881 yy:yy:yy:yy:yy:yy xx:xx:xx:xx:xx:xx 888e 193: 
                         0103 00af 0213 ca00 1000 0000 0000 0000
                         0186 131b f042 d636 11b2 dafd 37d0 4f07
                         56f0 35e1 89d0 5d74 2a93 4ece b270 f902
                         4f00 0000 0000 0000 0000 0000 0000 0000
                         001e 0000 0000 0000 0000 0000 0000 0000
                         005a ff46 45ea 5560 4d39 1fe4 3a90 bb93
                         2d00 5054 4137
16:16:25.878781 xx:xx:xx:xx:xx:xx yy:yy:yy:yy:yy:yy 888e 113: 
                         0103 005f 0203 0a00 1000 0000 0000 0000
                         0153 6240 9743 afb0 b2b3 ea4c 3f6f cec2
                         3e65 80de a789 6afc ce63 2b4a 5f67 591d
                         3500 0000 0000 0000 0000 0000 0000 0000
                         0000 0000 0000 0000 0000 0000 0000 0000
                         00e5 7e21 1369 14a9 b24b 0023 e748 3a58
                         e400 00
16:16:25.880610 xx:xx:xx:xx:xx:xx ff:ff:ff:ff:ff:ff 0806 42: arp who-has 192.168.2.101 tell 0.0.0.0
^C
44 packets received by filter
0 packets dropped by kernel

client:

Code:

:# tcpdump -eni en1
tcpdump: WARNING: en1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 65535 bytes
16:19:18.623926 xx:xx:xx:xx:xx:xx > yy:yy:yy:yy:yy:yy, ethertype EAPOL (0x888e), length 135: EAPOL key (3) v1, len 117
16:19:18.623944 yy:yy:yy:yy:yy:yy > xx:xx:xx:xx:xx:xx, ethertype EAPOL (0x888e), length 113: EAPOL key (3) v1, len 95
16:19:18.628216 xx:xx:xx:xx:xx:xx > yy:yy:yy:yy:yy:yy, ethertype EAPOL (0x888e), length 113: EAPOL key (3) v1, len 95
16:19:18.628238 yy:yy:yy:yy:yy:yy > xx:xx:xx:xx:xx:xx, ethertype EAPOL (0x888e), length 193: EAPOL key (3) v1, len 175
16:19:18.628467 xx:xx:xx:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.2.101 tell 0.0.0.0, length 28
16:19:19.028548 xx:xx:xx:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.2.101 tell 0.0.0.0, length 28
16:19:19.428753 xx:xx:xx:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.2.101 tell 0.0.0.0, length 28
16:19:19.828854 xx:xx:xx:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.2.101 tell 192.168.2.101, length 28
16:19:20.229426 xx:xx:xx:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.2.101 tell 192.168.2.101, length 28
16:19:20.229883 xx:xx:xx:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.2.254 tell 192.168.2.101, length 28
16:19:20.230773 xx:xx:xx:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 169.254.255.255 tell 192.168.2.101, length 28
16:19:20.249442 yy:yy:yy:yy:yy:yy > xx:xx:xx:xx:xx:xx, ethertype ARP (0x0806), length 42: Reply 192.168.2.254 is-at yy:yy:yy:yy:yy:yy, length 28
16:19:20.630836 xx:xx:xx:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 169.254.255.255 tell 192.168.2.101, length 28
16:19:21.030975 xx:xx:xx:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 169.254.255.255 tell 192.168.2.101, length 28
16:19:21.431104 xx:xx:xx:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 169.254.255.255 tell 192.168.2.101, length 28
16:19:22.263078 xx:xx:xx:xx:xx:xx > 01:00:5e:00:00:02, ethertype IPv4 (0x0800), length 46: 192.168.2.101 > 224.0.0.2: igmp leave 224.0.0.251
16:19:22.263150 xx:xx:xx:xx:xx:xx > 01:00:5e:00:00:fb, ethertype IPv4 (0x0800), length 46: 192.168.2.101 > 224.0.0.251: igmp v2 report 224.0.0.251
16:19:22.541029 xx:xx:xx:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 92: 192.168.2.101.55026 > 192.168.2.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:22.811397 xx:xx:xx:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 92: 192.168.2.101.55026 > 192.168.2.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:23.081914 xx:xx:xx:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 92: 192.168.2.101.55026 > 192.168.2.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:25.644632 xx:xx:xx:xx:xx:xx > 01:00:5e:00:00:fb, ethertype IPv4 (0x0800), length 46: 192.168.2.101 > 224.0.0.251: igmp v2 report 224.0.0.251
16:19:25.816740 xx:xx:xx:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 92: 192.168.2.101.64321 > 192.168.2.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:26.087102 xx:xx:xx:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 92: 192.168.2.101.64321 > 192.168.2.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:26.357518 xx:xx:xx:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 92: 192.168.2.101.64321 > 192.168.2.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
16:19:27.499409 xx:xx:xx:xx:xx:xx > yy:yy:yy:yy:yy:yy, ethertype EAPOL (0x888e), length 135: EAPOL key (3) v1, len 117
16:19:27.499426 yy:yy:yy:yy:yy:yy > xx:xx:xx:xx:xx:xx, ethertype EAPOL (0x888e), length 113: EAPOL key (3) v1, len 95
16:19:27.503625 xx:xx:xx:xx:xx:xx > yy:yy:yy:yy:yy:yy, ethertype EAPOL (0x888e), length 113: EAPOL key (3) v1, len 95
16:19:27.503648 yy:yy:yy:yy:yy:yy > xx:xx:xx:xx:xx:xx, ethertype EAPOL (0x888e), length 193: EAPOL key (3) v1, len 175
16:19:27.506847 xx:xx:xx:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.2.101 tell 0.0.0.0, length 28
16:19:27.907069 xx:xx:xx:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.2.101 tell 0.0.0.0, length 28
16:19:28.307199 xx:xx:xx:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.2.101 tell 0.0.0.0, length 28
16:19:28.707342 xx:xx:xx:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.2.101 tell 192.168.2.101, length 28
16:19:29.107630 xx:xx:xx:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.2.101 tell 192.168.2.101, length 28
16:19:29.108080 xx:xx:xx:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.2.254 tell 192.168.2.101, length 28
16:19:29.111133 yy:yy:yy:yy:yy:yy > xx:xx:xx:xx:xx:xx, ethertype ARP (0x0806), length 42: Reply 192.168.2.254 is-at yy:yy:yy:yy:yy:yy, length 28
16:19:29.507371 xx:xx:xx:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 169.254.255.255 tell 192.168.2.101, length 28
16:19:29.907484 xx:xx:xx:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 169.254.255.255 tell 192.168.2.101, length 28
16:19:30.307619 xx:xx:xx:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 169.254.255.255 tell 192.168.2.101, length 28
16:19:30.707738 xx:xx:xx:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 169.254.255.255 tell 192.168.2.101, length 28
16:19:39.726657 xx:xx:xx:xx:xx:xx > yy:yy:yy:yy:yy:yy, ethertype EAPOL (0x888e), length 135: EAPOL key (3) v1, len 117
16:19:39.726675 yy:yy:yy:yy:yy:yy > xx:xx:xx:xx:xx:xx, ethertype EAPOL (0x888e), length 113: EAPOL key (3) v1, len 95
16:19:39.728760 xx:xx:xx:xx:xx:xx > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 192.168.2.101 tell 0.0.0.0, length 28
16:19:39.730851 xx:xx:xx:xx:xx:xx > yy:yy:yy:yy:yy:yy, ethertype EAPOL (0x888e), length 113: EAPOL key (3) v1, len 95
16:19:39.730874 yy:yy:yy:yy:yy:yy > xx:xx:xx:xx:xx:xx, ethertype EAPOL (0x888e), length 193: EAPOL key (3) v1, len 175
^C
44 packets captured
44 packets received by filter
0 packets dropped by kernel