+ Responder ao Tópico



  1. #1

    Padrão Pingando Eth´s

    Galera bom dia!

    Está ocorrendo algo estranho no meu servidor proxy, nele tenho 2 placas de rede, eth0 e eth1.
    Estando em uma estação windows e pingando a eth0 e eth1 do proxy que estão neste momento com os ip 192.168.0.38 e 192.168.0.37 respectivamente os mesmos respondem, agora se eu baixo a eth1 que teoricamente está com o ip 192.168.37 e pingo este IP o proxy continua respondendo o ping, porque disto?

    Abraços

  2. #2

    Padrão

    apresente:
    ifconfig do proxy

    faça:

    tcpdump -v host maquina.rwindows.que.vai.pingar.no.proxy



  3. #3

    Padrão

    eth0 Link encap:Ethernet HWaddr 00:50A6:05:AA
    inet addr:192.168.0.38 Bcast:192.168.0.255 Mask:255.255.255.0
    inet6 addr: fe80::250:daff:fed6:5aa/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:12448 errors:0 dropped:0 overruns:1 frame:0
    TX packets:2800 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:2288206 (2.1 MiB) TX bytes:366928 (358.3 KiB)
    Interrupt:18 Base address:0xe800

    eth1 Link encap:Ethernet HWaddr 00:16:EC:30:F7:76
    inet addr:192.168.0.37 Bcast:192.168.0.255 Mask:255.255.255.0
    inet6 addr: fe80::216:ecff:fe30:f776/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:6748 errors:0 dropped:0 overruns:0 frame:0
    TX packets:184 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:1807318 (1.7 MiB) TX bytes:16488 (16.1 KiB)
    Interrupt:19 Base address:0xec00

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:6 errors:0 dropped:0 overruns:0 frame:0
    TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:952 (952.0 b) TX bytes:952 (952.0 b)



    Resulado do Tcpdump

    tcpdump -v host 192.168.0.2

    13:24:19.097481 IP (tos 0x0, ttl 64, id 63236, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.0.2.device2 > 192.168.0.37.ssh: ., cksum 0x20ce (correct), ack 19833048 win 63027
    13:24:19.097523 IP (tos 0x10, ttl 64, id 34376, offset 0, flags [DF], proto: TCP (6), length: 268) 192.168.0.37.ssh > 192.168.0.2.device2: P 19834572:19834800(228) ack 97449 win 283
    13:24:19.097557 IP (tos 0x0, ttl 64, id 63237, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.0.2.device2 > 192.168.0.37.ssh: ., cksum 0x20ce (correct), ack 19833888 win 62187
    13:24:19.097572 IP (tos 0x10, ttl 64, id 34377, offset 0, flags [DF], proto: TCP (6), length: 460) 192.168.0.37.ssh > 192.168.0.2.device2: P 19834800:19835220(420) ack 97449 win 283
    13:24:19.097602 IP (tos 0x0, ttl 64, id 63238, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.0.2.device2 > 192.168.0.37.ssh: ., cksum 0x20ce (correct), ack 19834344 win 61731

    [2]+ Stopped tcpdump -v host 192.168.0.2

    Obrigado.

  4. #4

    Padrão

    esta seria a condição normal, com ambas as placas em funcionamento; como vc diz que BAIXANDO a placa AINDA continua pingango,, isso é MUITO estranho; então, façamos assim:

    ifconfig eth1 down

    e repita os testes acima, pls.



  5. #5

    Padrão

    [email protected]:~# ifconfig eth0 down
    [email protected]:~# ifconfig
    eth1 Link encap:Ethernet HWaddr 00:16:EC:30:F7:76
    inet addr:192.168.0.37 Bcast:192.168.0.255 Mask:255.255.255.0
    inet6 addr: fe80::216:ecff:fe30:f776/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:12638 errors:0 dropped:0 overruns:0 frame:0
    TX packets:250 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:3440058 (3.2 MiB) TX bytes:20312 (19.8 KiB)
    Interrupt:19 Base address:0xec00

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:12 errors:0 dropped:0 overruns:0 frame:0
    TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:1660 (1.6 KiB) TX bytes:1660 (1.6 KiB)

    [email protected]:~#


    15:16:03.624876 IP (tos 0x10, ttl 64, id 3280, offset 0, flags [DF], proto: TCP (6), length: 268) 192.168.0.37.ssh > 192.168.0.2.3199: P 1392920:1393148(228) ack 6813 win 283
    15:16:03.624913 IP (tos 0x0, ttl 64, id 23095, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.0.2.3199 > 192.168.0.37.ssh: ., cksum 0x538a (correct), ack 1390448 win 63431
    15:16:03.624916 IP (tos 0x10, ttl 64, id 3281, offset 0, flags [DF], proto: TCP (6), length: 268) 192.168.0.37.ssh > 192.168.0.2.3199: P 1393148:1393376(228) ack 6813 win 283
    15:16:03.624970 IP (tos 0x10, ttl 64, id 3282, offset 0, flags [DF], proto: TCP (6), length: 268) 192.168.0.37.ssh > 192.168.0.2.3199: P 1393376:1393604(228) ack 6813 win 283
    15:16:03.625016 IP (tos 0x10, ttl 64, id 3283, offset 0, flags [DF], proto: TCP (6), length: 444) 192.168.0.37.ssh > 192.168.0.2.3199: P 1393604:1394008(404) ack 6813 win 283
    15:16:03.625062 IP (tos 0x10, ttl 64, id 3284, offset 0, flags [DF], proto: TCP (6), length: 444) 192.168.0.37.ssh > 192.168.0.2.3199: P 1394008:1394412(404) ack 6813 win 283
    15:16:03.625068 IP (tos 0x0, ttl 64, id 23096, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.0.2.3199 > 192.168.0.37.ssh: ., cksum 0x538a (correct), ack 1391780 win 62099
    15:16:03.625103 IP (tos 0x0, ttl 64, id 23097, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.0.2.3199 > 192.168.0.37.ssh: ., cksum 0x538a (correct), ack 1392236 win 61643
    15:16:03.625108 IP (tos 0x10, ttl 64, id 3285, offset 0, flags [DF], proto: TCP (6), length: 444) 192.168.0.37.ssh > 192.168.0.2.3199: P 1394412:1394816(404) ack 6813 win 283
    15:16:03.625149 IP (tos 0x0, ttl 64, id 23098, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.0.2.3199 > 192.168.0.37.ssh: ., cksum 0x538a (correct), ack 1392692 win 61187
    15:16:03.625164 IP (tos 0x10, ttl 64, id 3286, offset 0, flags [DF], proto: TCP (6), length: 268) 192.168.0.37.ssh > 192.168.0.2.3199: P 1394816:1395044(228) ack 6813 win 283
    15:16:03.625201 IP (tos 0x0, ttl 64, id 23099, offset 0, flags [DF], proto: TCP (6), length: 40) 192.168.0.2.3199 > 192.168.0.37.ssh: ., cksum 0x538a (correct), ack 1393148 win 60731

    [1]+ Stopped tcpdump -v host 192.168.0.2


    ---------

    Ping da estação na interface do proxy após baixar a mesma


    Microsoft Windows XP [versão 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    c:\>ping 192.168.0.38

    Disparando contra 192.168.0.38 com 32 bytes de dados:

    Resposta de 192.168.0.38: bytes=32 tempo<1ms TTL=64
    Resposta de 192.168.0.38: bytes=32 tempo<1ms TTL=64
    Resposta de 192.168.0.38: bytes=32 tempo<1ms TTL=64
    Resposta de 192.168.0.38: bytes=32 tempo<1ms TTL=64

    Estatísticas do Ping para 192.168.0.38:
    Pacotes: Enviados = 4, Recebidos = 4, Perdidos = 0 (0% de perda),
    Aproximar um número redondo de vezes em milissegundos:
    Mínimo = 0ms, Máximo = 0ms, Média = 0ms

    c:\>

  6. #6

    Padrão

    Olha que loucura, baixei a eth0 (192.168.0.38) e mesmo assim consegui conectar ao proxy através do Putty usando este IP, olha a imagem.....

    ImageShack - Image Hosting :: putty.jpg



  7. #7

    Padrão

    vc disparou o ping mas não deixou o tcpdump pra olhar. De qualquer forma, eu não sabia que vc estava remoto, então as informações foram apenas da porta 22. Tentemos, de novo:

    tcpdump -v host maquina.de.origem and port ! ssh

    dai vc pinga pro .38, que é o tal
    (imagino que AMBOS os end estejam na mesma máquina).

    aproveite faça um
    traceroute 192...38 só pra ver onde passa. (provavelmente é direto)

  8. #8

    Padrão

    [email protected]:~# tcpdump -v host 192.168.0.2 and port ! ssh
    tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

    13:23:14.362379 IP (tos 0x0, ttl 64, id 26366, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.2 > 192.168.0.38: ICMP echo request, id 768, seq 14082, length 40
    13:23:14.362385 IP (tos 0x0, ttl 64, id 12400, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.38 > 192.168.0.2: ICMP echo reply, id 768, seq 14082, length 40
    13:23:15.362608 IP (tos 0x0, ttl 64, id 26390, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.2 > 192.168.0.38: ICMP echo request, id 768, seq 14338, length 40
    13:23:15.362614 IP (tos 0x0, ttl 64, id 12401, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.38 > 192.168.0.2: ICMP echo reply, id 768, seq 14338, length 40
    13:23:16.362873 IP (tos 0x0, ttl 64, id 26417, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.2 > 192.168.0.38: ICMP echo request, id 768, seq 14594, length 40
    13:23:16.362879 IP (tos 0x0, ttl 64, id 12402, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.38 > 192.168.0.2: ICMP echo reply, id 768, seq 14594, length 40
    13:23:17.363097 IP (tos 0x0, ttl 64, id 26446, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.2 > 192.168.0.38: ICMP echo request, id 768, seq 14850, length 40
    13:23:17.363105 IP (tos 0x0, ttl 64, id 12403, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.38 > 192.168.0.2: ICMP echo reply, id 768, seq 14850, length 40
    13:23:18.363337 IP (tos 0x0, ttl 64, id 26472, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.2 > 192.168.0.38: ICMP echo request, id 768, seq 15106, length 40
    13:23:18.363343 IP (tos 0x0, ttl 64, id 12404, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.38 > 192.168.0.2: ICMP echo reply, id 768, seq 15106, length 40
    13:23:19.363572 IP (tos 0x0, ttl 64, id 26485, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.2 > 192.168.0.38: ICMP echo request, id 768, seq 15362, length 40
    13:23:19.363579 IP (tos 0x0, ttl 64, id 12405, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.38 > 192.168.0.2: ICMP echo reply, id 768, seq 15362, length 40
    13:23:20.363796 IP (tos 0x0, ttl 64, id 26509, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.2 > 192.168.0.38: ICMP echo request, id 768, seq 15618, length 40
    13:23:20.363802 IP (tos 0x0, ttl 64, id 12406, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.38 > 192.168.0.2: ICMP echo reply, id 768, seq 15618, length 40
    13:23:21.364094 IP (tos 0x0, ttl 64, id 26537, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.2 > 192.168.0.38: ICMP echo request, id 768, seq 15874, length 40
    13:23:21.364100 IP (tos 0x0, ttl 64, id 12407, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.38 > 192.168.0.2: ICMP echo reply, id 768, seq 15874, length 40
    13:23:22.364315 IP (tos 0x0, ttl 64, id 26554, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.2 > 192.168.0.38: ICMP echo request, id 768, seq 16130, length 40
    13:23:22.364321 IP (tos 0x0, ttl 64, id 12408, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.38 > 192.168.0.2: ICMP echo reply, id 768, seq 16130, length 40
    13:23:23.364509 IP (tos 0x0, ttl 64, id 26575, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.2 > 192.168.0.38: ICMP echo request, id 768, seq 16386, length 40
    13:23:23.364515 IP (tos 0x0, ttl 64, id 12409, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.38 > 192.168.0.2: ICMP echo reply, id 768, seq 16386, length 40
    13:23:24.364749 IP (tos 0x0, ttl 64, id 26593, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.2 > 192.168.0.38: ICMP echo request, id 768, seq 16642, length 40
    13:23:24.364755 IP (tos 0x0, ttl 64, id 12410, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.38 > 192.168.0.2: ICMP echo reply, id 768, seq 16642, length 40
    13:23:25.365002 IP (tos 0x0, ttl 64, id 26615, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.2 > 192.168.0.38: ICMP echo request, id 768, seq 16898, length 40
    13:23:25.365010 IP (tos 0x0, ttl 64, id 12411, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.38 > 192.168.0.2: ICMP echo reply, id 768, seq 16898, length 40
    13:23:26.365219 IP (tos 0x0, ttl 64, id 26647, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.2 > 192.168.0.38: ICMP echo request, id 768, seq 17154, length 40
    13:23:26.365226 IP (tos 0x0, ttl 64, id 12412, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.38 > 192.168.0.2: ICMP echo reply, id 768, seq 17154, length 40
    13:23:27.366347 IP (tos 0x0, ttl 64, id 26667, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.2 > 192.168.0.38: ICMP echo request, id 768, seq 17410, length 40
    13:23:27.366354 IP (tos 0x0, ttl 64, id 12413, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.38 > 192.168.0.2: ICMP echo reply, id 768, seq 17410, length 40
    13:23:28.365725 IP (tos 0x0, ttl 64, id 26685, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.2 > 192.168.0.38: ICMP echo request, id 768, seq 17666, length 40
    13:23:28.365732 IP (tos 0x0, ttl 64, id 12414, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.38 > 192.168.0.2: ICMP echo reply, id 768, seq 17666, length 40
    13:23:29.365937 IP (tos 0x0, ttl 64, id 26704, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.2 > 192.168.0.38: ICMP echo request, id 768, seq 17922, length 40
    13:23:29.365946 IP (tos 0x0, ttl 64, id 12415, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.38 > 192.168.0.2: ICMP echo reply, id 768, seq 17922, length 40
    13:23:30.366172 IP (tos 0x0, ttl 64, id 26722, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.2 > 192.168.0.38: ICMP echo request, id 768, seq 18178, length 40
    13:23:30.366181 IP (tos 0x0, ttl 64, id 12416, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.38 > 192.168.0.2: ICMP echo reply, id 768, seq 18178, length 40
    13:23:31.366419 IP (tos 0x0, ttl 64, id 26748, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.2 > 192.168.0.38: ICMP echo request, id 768, seq 18434, length 40
    13:23:31.366425 IP (tos 0x0, ttl 64, id 12417, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.38 > 192.168.0.2: ICMP echo reply, id 768, seq 18434, length 40
    13:23:32.366648 IP (tos 0x0, ttl 64, id 26764, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.2 > 192.168.0.38: ICMP echo request, id 768, seq 18690, length 40
    13:23:32.366656 IP (tos 0x0, ttl 64, id 12418, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.38 > 192.168.0.2: ICMP echo reply, id 768, seq 18690, length 40
    13:23:33.366876 IP (tos 0x0, ttl 64, id 26791, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.2 > 192.168.0.38: ICMP echo request, id 768, seq 18946, length 40
    13:23:33.366886 IP (tos 0x0, ttl 64, id 12419, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.38 > 192.168.0.2: ICMP echo reply, id 768, seq 18946, length 40

    [3]+ Stopped tcpdump -v host 192.168.0.2 and port ! ssh
    [email protected]:~#


    Tracert do win pro linux deu 1 hop e vice versa tbem.

    Abs.



  9. #9

    Padrão

    13:23:28.365725 IP (tos 0x0, ttl 64, id 26685, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.2 > 192.168.0.38: ICMP echo request, id 768, seq 17666, length 40
    13:23:28.365732 IP (tos 0x0, ttl 64, id 12414, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.38 > 192.168.0.2: ICMP echo reply, id 768, seq 17666, length 40
    13:23:29.365937 IP (tos 0x0, ttl 64, id 26704, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.2 > 192.168.0.38: ICMP echo request, id 768, seq 17922, length 40
    13:23:29.365946 IP (tos 0x0, ttl 64, id 12415, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.38 > 192.168.0.2: ICMP echo reply, id 768, seq 17922, length 40
    13:23:30.366172 IP (tos 0x0, ttl 64, id 26722, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.2 > 192.168.0.38: ICMP echo request, id 768, seq 18178, length 40
    13:23:30.366181 IP (tos 0x0, ttl 64, id 12416, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.38 > 192.168.0.2: ICMP echo reply, id 768, seq 18178, length 40
    13:23:31.366419 IP (tos 0x0, ttl 64, id 26748, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.2 > 192.168.0.38: ICMP echo request, id 768, seq 18434, length 40
    13:23:31.366425 IP (tos 0x0, ttl 64, id 12417, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.38 > 192.168.0.2: ICMP echo reply, id 768, seq 18434, length 40
    13:23:32.366648 IP (tos 0x0, ttl 64, id 26764, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.2 > 192.168.0.38: ICMP echo request, id 768, seq 18690, length 40
    13:23:32.366656 IP (tos 0x0, ttl 64, id 12418, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.38 > 192.168.0.2: ICMP echo reply, id 768, seq 18690, length 40
    13:23:33.366876 IP (tos 0x0, ttl 64, id 26791, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.2 > 192.168.0.38: ICMP echo request, id 768, seq 18946, length 40
    13:23:33.366886 IP (tos 0x0, ttl 64, id 12419, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.38 > 192.168.0.2: ICMP echo reply, id 768, seq 18946, length 40

    [3]+ Stopped tcpdump -v host 192.168.0.2 and port ! ssh


    ___________

    O tracert/traceroute entre win e linux deu 1 hop e vice versa....

    Abraço

  10. #10

    Padrão

    Esse é o dump pingando a outra interface através do windows, no caso a que está com o ip 192. . .37

    [email protected]:~# tcpdump -v host 192.168.0.2 and port ! ssh
    tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
    13:40:09.968596 IP (tos 0x0, ttl 64, id 46496, offset 0, flags [none], proto: UDP (17), length: 229) 192.168.0.2.netbios-dgm > 192.168.0.255.netbios-dgm: NBT UDP PACKET(138)
    13:40:14.437278 arp who-has 192.168.0.37 tell 192.168.0.2
    13:40:14.437293 arp reply 192.168.0.37 is-at 00:50:da:d6:05:aa (oui Unknown)
    13:40:14.437403 IP (tos 0x0, ttl 64, id 46618, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.2 > 192.168.0.37: ICMP echo request, id 768, seq 41730, length 40
    13:40:14.437426 IP (tos 0x0, ttl 64, id 12498, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.37 > 192.168.0.2: ICMP echo reply, id 768, seq 41730, length 40
    13:40:15.437636 IP (tos 0x0, ttl 64, id 12499, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.37 > 192.168.0.2: ICMP echo reply, id 768, seq 41986, length 40
    13:40:16.437847 IP (tos 0x0, ttl 64, id 12500, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.37 > 192.168.0.2: ICMP echo reply, id 768, seq 42242, length 40
    13:40:17.438094 IP (tos 0x0, ttl 64, id 12501, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.37 > 192.168.0.2: ICMP echo reply, id 768, seq 42498, length 40
    13:40:18.438324 IP (tos 0x0, ttl 64, id 12502, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.37 > 192.168.0.2: ICMP echo reply, id 768, seq 42754, length 40
    13:40:19.438600 IP (tos 0x0, ttl 64, id 12503, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.37 > 192.168.0.2: ICMP echo reply, id 768, seq 43010, length 40
    13:40:20.439008 IP (tos 0x0, ttl 64, id 12504, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.37 > 192.168.0.2: ICMP echo reply, id 768, seq 43266, length 40
    13:40:21.439048 IP (tos 0x0, ttl 64, id 12505, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.37 > 192.168.0.2: ICMP echo reply, id 768, seq 43522, length 40
    13:40:22.439276 IP (tos 0x0, ttl 64, id 12506, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.0.37 > 192.168.0.2: ICMP echo reply, id 768, seq 43778, length 40

    [4]+ Stopped tcpdump -v host 192.168.0.2 and port ! ssh
    [email protected]:~#



  11. #11

    Padrão

    O que notei foi que quando eu fico escutando o ping para a .38 demora para ele me mostrar os resultados, já quando pingo para a .37 a resposta do dump é imediata.
    Abs.

  12. #12

    Padrão

    bem.. vamos tentar com o que temos:

    13:40:14.437278 arp who-has 192.168.0.37 tell 192.168.0.2
    13:40:14.437293 arp reply 192.168.0.37 is-at 00:50:da:d6:05:aa

    tente achar QUAL máquina tem esse mac-addr 00:50:da:d6:05:aa; não será a primeira placa do mundo que encontro com endereço clonado. Ela está respondendo como fosse a .37, e isso ocasiona mesmo alguma demora, pode até ser que seja, mas enfim:

    no meu exemplo, a seguir, tenho uma placa só, no seu servidor deverão aparecer duas. Veja os endereços (Ethernet.. ) , NÃO SENDO nêle (placa ainda desligada) indica que alguma outra máquina está se fazendo passar por esta. Deveria haver problemas do arp estar incomodando, mas isso é outra história, fica pra outra vez.

    no servidor digite:

    [[email protected]:~$]: dmesg | grep eth
    eth0: Broadcom 4400 10/100BaseT Ethernet 00:15:c5:35:14:98

    no seu caso, virão DUAS placas (ou mais, se houverem mais).

    se a .37 (desligada) tiver o mesmo numero então podemos supor que OUTRA máquina está se fazendo passar por ela. Neste caso, vamos ter que ir atrás dela - um "mapeador de rede" poderia ajudar, neste caso (procurar no freshmeat).



  13. #13

    Padrão

    Olá amigo!


    Fiz o seguinte, reinstalei meu Slackware e refiz as configurações de squid, samba, http e etc, como havia anotado tudo foi rápido, infelizmente não posso ficar testando o que houve com essas NHACAS de placas de rede, tive que resolver desta forma.
    Espero que isso não volte a acontecer, rs, senão voltamos a nos falar.
    Mesmo assim agradeço a atenção do amigo e pode contar comigo no que for preciso.
    Abraço a todos.