Hi! I am exploring networking with Linux. i found that tcpdump is an interesting tool.
arp who-has 139.86.155.52 tell 139.86.155.50
arp reply 139.86.155.52 is-at 0:8:74:2f:a5:ac
the output above is extracted. I did not call the command arp, does it mean that someone else is using a computer in the network and using arp? Or does the system also uses the arp to look for a host?
----------------------------------
802.1d config 809b.00:05:dc:cc:98:c0.800f root 8000.00:02:7d:35:bd:28 pathcost 52 age 3 max 20 hello 2 fdelay 15
The output above is also extracted. what is 802.1d? Is the output above a tcp packet? How can u tell? Also, why is there a 'hello'? Sometimes I also see 'reply ok', 'write', etc. What are they?
--------------------------------
219.95.226.81.1025 > 139.86.155.51.telnet: . ack 2780 win 56800 <nop,nop,timestamp 59317 377037602>
In the output above, I wanna know what is ...<nop,nop,timestamp 59317 377037602>....means
---------------------------------
139.86.155.50.999 > 139.86.155.52.32872: R 0:0(0) ack 1979298613 win 0 (DF) [tos 0x10]
0:5:dc:cc:98:cf 0:5:dc:cc:98:cf loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
For the output above, can u explain why are there such an output and what does it mean?
------------------------------------
I am also curious whether if anyone logs in, probably using telnet or ftp, tcpdump can also sniff the packet? How do we identify the packet? If anyone has logged in using telnet, and types a few characters. Can we see the charaters typed? How to identify that a user has typed or is typing and pressed return key?
------------------------------------
139.86.155.51.1858029306 > 139.86.155.50.2049: 116 getattr [|nfs] (DF)
what does the output mean? isn't the figure 139.86.155.51.1858029306 at the last part too big?
Many questions...I m hoping I can be enlightened by u experts out there. Thanx!
