I) 1) ip a 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host noprefixroute valid_lft forever preferred_lft forever 2: eno1: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether e4:54:e8:a1:a5:1d brd ff:ff:ff:ff:ff:ff altname enp0s31f6 inet 172.16.2.93/16 metric 1024 brd 172.16.255.255 scope global dynamic eno1 valid_lft 3485sec preferred_lft 3485sec inet6 2a01:729:b9:1600:172:16:2:93/128 scope global dynamic noprefixroute valid_lft 3927sec preferred_lft 2927sec inet6 fe80::e654:e8ff:fea1:a51d/64 scope link proto kernel_ll valid_lft forever preferred_lft forever 3: docker0: mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:dd:43:58:0d brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever 2) ip a show lo 1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 3) ip link 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 lo MTU 65536 2: eno1: mtu 1500 qdisc fq_codel state UP group default qlen 1000 eno1 MTU 1500 4) ip link show eno1 2: eno1: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether e4:54:e8:a1:a5:1d brd ff:ff:ff:ff:ff:ff altname enp0s31f6 inet 172.16.2.93/16 metric 1024 brd 172.16.255.255 scope global dynamic eno1 valid_lft 3174sec preferred_lft 3174sec inet6 2a01:729:b9:1600:172:16:2:93/128 scope global dynamic noprefixroute valid_lft 3656sec preferred_lft 2656sec inet6 fe80::e654:e8ff:fea1:a51d/64 scope link proto kernel_ll valid_lft forever preferred_lft forever 5) arp (Address Resolution Protocol) ip neigh 172.16.1.21 dev eno1 lladdr bc:24:11:b9:46:17 STALE 172.16.3.214 dev eno1 lladdr 80:e8:2c:ef:5d:a0 STALE fe80::c474:2dff:fee1:4ba dev eno1 lladdr c6:74:2d:e1:04:ba router STALE fe80::82e8:2cff:feef:8859 dev eno1 lladdr 80:e8:2c:ef:88:59 STALE fe80::be24:11ff:feb9:4617 dev eno1 lladdr bc:24:11:b9:46:17 STALE fe80::82e8:2cff:feef:82cb dev eno1 lladdr 80:e8:2c:ef:82:cb STALE fe80::e654:e8ff:fea1:a47d dev eno1 lladdr e4:54:e8:a1:a4:7d STALE fe80::be24:11ff:fe24:8385 dev eno1 lladdr bc:24:11:24:83:85 STALE fe80::be24:11ff:febf:46cd dev eno1 lladdr bc:24:11:bf:46:cd STALE 6) ip -r neigh eldacar.ssh.iut-fbleau.fr dev eno1 lladdr bc:24:11:39:55:bc STALE gatekeeper.iut-fbleau.fr dev eno1 lladdr c6:74:2d:e1:04:ba REACHABLE maiar.iut-fbleau.fr dev eno1 lladdr bc:24:11:1b:bd:58 STALE ns3.iut-fbleau.fr dev eno1 lladdr bc:24:11:ee:64:1b STALE salle222-15.iut-fbleau.fr dev eno1 lladdr 80:e8:2c:ef:88:59 STALE eru.iut-fbleau.fr dev eno1 lladdr bc:24:11:ea:5d:e4 STALE salle225-11.iut-fbleau.fr dev eno1 lladdr 80:e8:2c:ef:61:fc STALE iluvatar.iut-fbleau.fr dev eno1 lladdr bc:24:11:24:83:85 REACHABLE machine6.iut-fbleau.fr dev eno1 lladdr 42:59:8a:98:c7:80 STALE salle231-10.iut-fbleau.fr dev eno1 lladdr e4:54:e8:a1:d6:c9 STALE ns3.iut-fbleau.fr dev eno1 lladdr bc:24:11:ee:64:1b STALE salle229-13.iut-fbleau.fr dev eno1 lladdr e4:54:e8:a1:a3:e2 STALE salle224-13.iut-fbleau.fr dev eno1 lladdr 80:e8:2c:ef:87:44 STALE iluvatar.iut-fbleau.fr dev eno1 lladdr bc:24:11:24:83:85 STALE salle225-12.iut-fbleau.fr dev eno1 lladdr 80:e8:2c:ef:89:cf STALE salle225-06.iut-fbleau.fr dev eno1 lladdr 80:e8:2c:ef:5d:98 STALE anor.iut-fbleau.fr dev eno1 lladdr bc:24:11:91:d0:59 STALE salle229-03.iut-fbleau.fr dev eno1 lladdr bc:24:11:b9:46:17 STALE salle223-12.iut-fbleau.fr dev eno1 lladdr 80:e8:2c:ef:5d:a0 STALE _gateway dev eno1 lladdr c6:74:2d:e1:04:ba router STALE salle222-15 dev eno1 lladdr 80:e8:2c:ef:88:59 STALE fe80::be24:11ff:feb9:4617 dev eno1 lladdr bc:24:11:b9:46:17 STALE salle229-13 dev eno1 lladdr e4:54:e8:a1:a3:e2 STALE salle224-06 dev eno1 lladdr 80:e8:2c:ef:82:cb STALE salle231-05 dev eno1 lladdr e4:54:e8:a1:a4:7d STALE fe80::be24:11ff:fe24:8385 dev eno1 lladdr bc:24:11:24:83:85 STALE fe80::be24:11ff:febf:46cd dev eno1 lladdr bc:24:11:bf:46:cd STALE gatekeeper: gatekeeper.iut-fbleau.fr dev eno1 lladdr c6:74:2d:e1:04:ba REACHABLE 7) ip r default via 172.16.1.254 dev eno1 proto dhcp src 172.16.2.93 metric 1024 II) 2) ip neigh get 172.16.2.94 dev [le nom de votre interface réseau](eno1) tcpdump -i [le nom de votre interface réseau] -n -t host [notre ip] and host [celle que je vais pinger] Dans notre exercice : on ouvre 2 terminal le 1er avec tcpdump et le 2ème pour ping tcpdump -i eno1 -n -t host 172.16.2.102 and host 172.16.2.94 ping -c1 172.16.294 tcpdump nous répond : ARP, Request who-has 172.16.2.94 tell 172.16.2.102, length 28 ARP, Reply 172.16.2.94 is-at e4:54:e8:a1:a2:7b, length 46 IP 172.16.2.102 > 172.16.2.94: ICMP echo request, id 1, seq 1, length 64 IP 172.16.2.94 > 172.16.2.102: ICMP echo reply, id 1, seq 1, length 64 ARP, Request who-has 172.16.2.102 tell 172.16.2.94, length 46 ARP, Reply 172.16.2.102 is-at e4:54:e8:a1:a3:d9, length 28 Il utilise ARP pour savoir qui est 172.16.2.94 puis après on ping on utlise après la commande tcpdump -i eno1 -nte host 172.16.2.102 a,d host 172.16.2.94 puis on reping 172.16.2.94 tcpdump nous réponds : e4:54:e8:a1:a3:d9 > e4:54:e8:a1:a2:7b, ethertype IPv4 (0x0800), length 98: 172.16.2.102 > 172.16.2.94: ICMP echo request, id 2, seq 1, length 64 e4:54:e8:a1:a2:7b > e4:54:e8:a1:a3:d9, ethertype IPv4 (0x0800), length 98: 172.16.2.94 > 172.16.2.102: ICMP echo reply, id 2, seq 1, length 64 e4:54:e8:a1:a2:7b > e4:54:e8:a1:a3:d9, ethertype ARP (0x0806), length 60: Request who-has 172.16.2.102 tell 172.16.2.94, length 46 e4:54:e8:a1:a3:d9 > e4:54:e8:a1:a2:7b, ethertype ARP (0x0806), length 42: Reply 172.16.2.102 is-at e4:54:e8:a1:a3:d9, length 28 e4:54:e8:a1:a3:d9 > e4:54:e8:a1:a2:7b, ethertype ARP (0x0806), length 42: Request who-has 172.16.2.94 tell 172.16.2.102, length 28 e4:54:e8:a1:a2:7b > e4:54:e8:a1:a3:d9, ethertype ARP (0x0806), length 60: Reply 172.16.2.94 is-at e4:54:e8:a1:a2:7b, length 46 Maintenant avec Tshark : tshark -i eno1 -f host 172.16.2.102 and host 172.16.2.98 ping -c1 172.16.2.98 1 0.000000000 Dell_a1:a3:d9 → Broadcast ARP 42 Who has 172.16.2.98? Tell 172.16.2.102 2 0.000553922 Dell_a1:a3:a4 → Dell_a1:a3:d9 ARP 60 172.16.2.98 is at e4:54:e8:a1:a3:a4 3 0.000558520 172.16.2.102 → 172.16.2.98 ICMP 98 Echo (ping) request id=0x0007, seq=1/256, ttl=64 4 0.001271871 172.16.2.98 → 172.16.2.102 ICMP 98 Echo (ping) reply id=0x0007, seq=1/256, ttl=64 (request in 3) 5 5.173610111 Dell_a1:a3:a4 → Dell_a1:a3:d9 ARP 60 Who has 172.16.2.102? Tell 172.16.2.98 6 5.173663401 Dell_a1:a3:d9 → Dell_a1:a3:a4 ARP 42 172.16.2.102 is at e4:54:e8:a1:a3:d9 III) 1. lo = 172.0.0.1 Sur 2 terminal on fait tcpdump -i lo -nyvl | tee tracepinglo.txt ping -c 1 -s 9216 127.0.0.1 IP (tos 0x0, ttl 64, id 29002, offset 0, flags [DF], proto ICMP (1), length 9244) 127.0.0.1 > 127.0.0.1: ICMP echo request, id 12, seq 1, length 9224 IP (tos 0x0, ttl 64, id 29003, offset 0, flags [none], proto ICMP (1), length 9244) 127.0.0.1 > 127.0.0.1: ICMP echo reply, id 12, seq 1, length 9224 2. On refait la même chose mais avec la carte raison tcpdump -i eno1 -ntvl host 172.16.2.102 and host 172.16.2.98 |tee tracepingeno1.txt [solar@salle231-04 TP13]$ tcpdump -i eno1 -ntvl host 172.16.2.102 and host 172.16.2.98 | tee tracepingeno1.txt tcpdump: listening on eno1, link-type EN10MB (Ethernet), snapshot length 262144 bytes IP (tos 0x0, ttl 64, id 29021, offset 0, flags [+], proto ICMP (1), length 1500) 172.16.2.102 > 172.16.2.98: ICMP echo request, id 13, seq 1, length 1480 IP (tos 0x0, ttl 64, id 29021, offset 1480, flags [+], proto ICMP (1), length 1500) 172.16.2.102 > 172.16.2.98: ip-proto-1 IP (tos 0x0, ttl 64, id 29021, offset 2960, flags [+], proto ICMP (1), length 1500) 172.16.2.102 > 172.16.2.98: ip-proto-1 IP (tos 0x0, ttl 64, id 29021, offset 4440, flags [+], proto ICMP (1), length 1500) 172.16.2.102 > 172.16.2.98: ip-proto-1 IP (tos 0x0, ttl 64, id 29021, offset 5920, flags [+], proto ICMP (1), length 1500) 172.16.2.102 > 172.16.2.98: ip-proto-1 IP (tos 0x0, ttl 64, id 29021, offset 7400, flags [+], proto ICMP (1), length 1500) 172.16.2.102 > 172.16.2.98: ip-proto-1 IP (tos 0x0, ttl 64, id 29021, offset 8880, flags [none], proto ICMP (1), length 364) 172.16.2.102 > 172.16.2.98: ip-proto-1 IP (tos 0x0, ttl 64, id 30448, offset 0, flags [+], proto ICMP (1), length 1500) 172.16.2.98 > 172.16.2.102: ICMP echo reply, id 13, seq 1, length 1480 IP (tos 0x0, ttl 64, id 30448, offset 1480, flags [+], proto ICMP (1), length 1500) 172.16.2.98 > 172.16.2.102: ip-proto-1 IP (tos 0x0, ttl 64, id 30448, offset 2960, flags [+], proto ICMP (1), length 1500) 172.16.2.98 > 172.16.2.102: ip-proto-1 IP (tos 0x0, ttl 64, id 30448, offset 4440, flags [+], proto ICMP (1), length 1500) 172.16.2.98 > 172.16.2.102: ip-proto-1 IP (tos 0x0, ttl 64, id 30448, offset 5920, flags [+], proto ICMP (1), length 1500) 172.16.2.98 > 172.16.2.102: ip-proto-1 IP (tos 0x0, ttl 64, id 30448, offset 7400, flags [+], proto ICMP (1), length 1500) 172.16.2.98 > 172.16.2.102: ip-proto-1 IP (tos 0x0, ttl 64, id 30448, offset 8880, flags [none], proto ICMP (1), length 364) 172.16.2.98 > 172.16.2.102: ip-proto-1 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.2.102 tell 172.16.2.98, length 46 ARP, Ethernet (len 6), IPv4 (len 4), Reply 172.16.2.102 is-at e4:54:e8:a1:a3:d9, length 28 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.2.98 tell 172.16.2.102, length 28 ARP, Ethernet (len 6), IPv4 (len 4), Reply 172.16.2.98 is-at e4:54:e8:a1:a3:a4, length 46