Command MTR qui bug?

ZW3B · Février 8, 2024, 2:58am

Bonsoir,

J’ai l’impression que la commande linux « mtr » à un problème :
→ elle fait l’inverse de sa fonctionnalité.

MTR c’est comme un « traceroute » mais sur lequel on peut assigner un protocole et port, pour savoir le chemin le plus rapide/adapté pour ce protocole/port.

Par exemple - je souhaite tester si mon serveur « fc00:41d0:701:1100::1 » est ouvert sur le port UDP 53 (c’est un serveur DNS/BIND9")

L’adresse de la machine :

root@vps.ns3:/ $ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.133.0.1  netmask 255.255.255.0  broadcast 10.133.0.255
        inet6 fe80::216:3eff:fe78:442d  prefixlen 64  scopeid 0x20<link>
        inet6 fc00:41d0:701:1100::1  prefixlen 64  scopeid 0x0<global>
        ether 00:16:3e:78:44:2d  txqueuelen 1000  (Ethernet)
        RX packets 75022242  bytes 8432156703 (7.8 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 66381086  bytes 15695484878 (14.6 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Le serveur NAMED/BIND9 est lancé/actif :

root@vps.ns3:/ $ netstat -lantup
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 10.133.0.1:53           0.0.0.0:*               LISTEN      48170/named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      48170/named
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      56005/sshd: /usr/sb
tcp        0      0 10.133.0.1:42132        146.75.122.132:80       TIME_WAIT   -
tcp6       0      0 fc00:41d0:701:1100:::53 :::*                    LISTEN      48170/named
tcp6       0      0 ::1:53                  :::*                    LISTEN      48170/named
tcp6       0      0 :::22                   :::*                    LISTEN      56005/sshd: /usr/sb
tcp6       0      0 fc00:41d0:701:110:45405 2001:4860:4860::8844:53 TIME_WAIT   -
tcp6       0      0 fc00:41d0:701:110:49309 2001:4860:4860::8844:53 TIME_WAIT   -
udp        0      0 10.133.0.1:53           0.0.0.0:*                           48170/named
udp        0      0 127.0.0.1:53            0.0.0.0:*                           48170/named
udp6       0      0 ::1:53                  :::*                                48170/named
udp6       0      0 fc00:41d0:701:1100:::53 :::*                                48170/named

Le firewall est ouvert :

root@vps.ns3:/ $ ip6tables -L -vn
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Donc, je voulais en venir à la commande « MTR ».

D’une autre machine :

root@bw:/ $ mtr -6 -n -i1 -u -P 53  -c1 -w fc00:41d0:701:1100::1
Start: 2024-02-08T03:22:54+0100
HOST: bw      Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- fec0::1  0.0%     1   24.6  24.6  24.6  24.6   0.0
  2.|-- ???     100.0     1    0.0   0.0   0.0   0.0   0.0

Ici, « mtr » sur de l’IPv6 sans intéroger le DNS (en numeric) intervale 1 en UDP sur le Port 53 avec un cycle de 1 sur le report.

Donc au deuxième bond la commande me retourne 100% de Loss de perdu (ce qui n’est pas normal justement).

Si j’essaie un PORT quelconque le 11153 → MTR me retoune OK ???

root@bw:/ $ mtr -6 -n -i1 -u -P 11153  -c1 -w fc00:41d0:701:1100::1
Start: 2024-02-08T03:30:20+0100
HOST: bw                    Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- fec0::1                0.0%     1   25.1  25.1  25.1  25.1   0.0
  2.|-- fc00:41d0:701:1100::1  0.0%     1   25.1  25.1  25.1  25.1   0.0

Donc, il y un problème. N’est-ce pas ?

La version de « mtr » avec laquelle je lance la commande

root@bw:/ $ mtr --version
mtr 0.95

La version Linux :

root@bw:~ # cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

Si vous pouvez ou savez où, à qui remonter l’information c’est super sympa de transmettre l’info.

Merci.

À plus tard.

Romain.

Zargos · Février 8, 2024, 5:25am

ZW3B:

root@bw:/ $ mtr -6 -n -i1 -u -P 53  -c1 -w fc00:41d0:701:1100::1
Start: 2024-02-08T03:22:54+0100
HOST: bw      Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- fec0::1  0.0%     1   24.6  24.6  24.6  24.6   0.0
  2.|-- ???     100.0     1    0.0   0.0   0.0   0.0   0.0

-i 1 (il y a un espace entre l’option et sa valeur); ici ne sert à rien car 1 est la valeur par defaut.
-c 1 il y a un espace entre l’option et sa valeur
Tu n’as pas de paquet loss car le système renvoie une réponse pour dire qu’il ne trouve pas. Donc pas de paquets perdus.
Voici le sniff tcpdump d’(u ntest:
Commande:

# mtr -u -P 532 -w 192.168.1.153
Start: 2024-02-08T06:21:36+0100
HOST: dsrvtest03                   Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- dsrvscdd01.net.enedwaith.org  0.0%    10    0.2   0.3   0.2   0.4   0.0

tcpdump:

# tcpdump -n -i enp0s3 host 192.168.1.153
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on enp0s3, link-type EN10MB (Ethernet), snapshot length 262144 bytes
06:21:36.126026 IP 192.168.1.152.33000 > 192.168.1.153.532: UDP, length 36
06:21:36.126273 IP 192.168.1.153 > 192.168.1.152: ICMP 192.168.1.153 udp port 532 unreachable, length 72
06:21:36.226649 IP 192.168.1.152.33001 > 192.168.1.153.532: UDP, length 36
06:21:36.226809 IP 192.168.1.153 > 192.168.1.152: ICMP 192.168.1.153 udp port 532 unreachable, length 72
06:21:37.228090 IP 192.168.1.152.33002 > 192.168.1.153.532: UDP, length 36
06:21:37.228282 IP 192.168.1.153 > 192.168.1.152: ICMP 192.168.1.153 udp port 532 unreachable, length 72
06:21:38.228751 IP 192.168.1.152.33003 > 192.168.1.153.532: UDP, length 36
06:21:38.228980 IP 192.168.1.153 > 192.168.1.152: ICMP 192.168.1.153 udp port 532 unreachable, length 72
06:21:39.230919 IP 192.168.1.152.33004 > 192.168.1.153.532: UDP, length 36
06:21:39.231107 IP 192.168.1.153 > 192.168.1.152: ICMP 192.168.1.153 udp port 532 unreachable, length 72
06:21:40.231791 IP 192.168.1.152.33005 > 192.168.1.153.532: UDP, length 36
06:21:40.232035 IP 192.168.1.153 > 192.168.1.152: ICMP 192.168.1.153 udp port 532 unreachable, length 72
06:21:41.232849 IP 192.168.1.152.33006 > 192.168.1.153.532: UDP, length 36
06:21:41.233066 IP 192.168.1.153 > 192.168.1.152: ICMP 192.168.1.153 udp port 532 unreachable, length 72
06:21:42.233846 IP 192.168.1.152.33007 > 192.168.1.153.532: UDP, length 36
06:21:42.234037 IP 192.168.1.153 > 192.168.1.152: ICMP 192.168.1.153 udp port 532 unreachable, length 72
06:21:43.234966 IP 192.168.1.152.33008 > 192.168.1.153.532: UDP, length 36
06:21:43.235162 IP 192.168.1.153 > 192.168.1.152: ICMP 192.168.1.153 udp port 532 unreachable, length 72
06:21:44.235976 IP 192.168.1.152.33009 > 192.168.1.153.532: UDP, length 36
06:21:44.236168 IP 192.168.1.153 > 192.168.1.152: ICMP 192.168.1.153 udp port 532 unreachable, length 72
06:21:45.237008 IP 192.168.1.152.33010 > 192.168.1.153.532: UDP, length 36
06:21:45.237173 IP 192.168.1.153 > 192.168.1.152: ICMP 192.168.1.153 udp port 532 unreachable, length 72

Il y a une réponse donc pas de loss.
Tu n’utilise pas mtr à bon escient.
Si tu veux vérifier un port ouvert utilise plutôt tcptraceroute.

ZW3B · Février 8, 2024, 9:13pm

Bonjour merci pour la réponse @Zargos.

Ouais… OK.

mtr - Logiciel d’Analyse de Réseau - Documentation

Tcptraceroute | Croc-Informatique.fr

Je colle cette commande « traceroute » aussi :

How to Check If the Ports Are Open With Using Traceroute

root@bw:/ $ traceroute6 -n -q 1 -U -p 53 fc00:41d0:701:1100::1
traceroute to fc00:41d0:701:1100::1 (fc00:41d0:701:1100::1), 30 hops max, 80 byte packets
 1  fec0::1  24.888 ms
 2  fc00:41d0:701:1100::1  25.149 ms

root@bw:/ $ traceroute6 -n -q 1 -U -p 11153 fc00:41d0:701:1100::1
traceroute to fc00:41d0:701:1100::1 (fc00:41d0:701:1100::1), 30 hops max, 80 byte packets
 1  fec0::1  24.689 ms
 2  fc00:41d0:701:1100::1  24.728 ms

Bon sinon je n’arrive pas à faire ce que je veut.

Donc (je n’ai pas bien saisi ce que tu m’as expliqué) ;

root@bw:/ $ mtr -6 -n -u -P 53 -w fc00:41d0:701:1100::1
Start: 2024-02-08T09:19:55+0100
HOST: bw      Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- fec0::1  0.0%    10   24.9  24.9  24.4  25.1   0.2
  2.|-- ???     100.0    10    0.0   0.0   0.0   0.0   0.0

Me retourne dans TCPDUmp :

root@bw:/ $ tcpdump -s0 -t -n ip6 or proto ipv6 and port ! 22 -i vmbr0
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on vmbr0, link-type EN10MB (Ethernet), snapshot length 262144 bytes

IP6 fec0::1 > fec1::1: ICMP6, time exceeded in-transit for fc00:41d0:701:1100::1, length 72
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33001: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33002: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33003: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33004: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33005: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33006: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33007: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33008: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33009: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33010: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33011: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33012: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33013: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33014: 0 FormErr- [0q] 0/0/0 (12)
IP6 fec0::1 > fec1::1: ICMP6, time exceeded in-transit for fc00:41d0:701:1100::1, length 72
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33016: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33017: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33018: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33019: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33020: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33021: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33022: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33023: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33024: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33025: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33026: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33027: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33028: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33029: 0 FormErr- [0q] 0/0/0 (12)
IP6 fec0::1 > fec1::1: ICMP6, time exceeded in-transit for fc00:41d0:701:1100::1, length 72
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33031: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33032: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33033: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33034: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33035: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33036: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33037: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33038: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33039: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33040: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33041: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33042: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33043: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33044: 0 FormErr- [0q] 0/0/0 (12)
IP6 fec0::1 > fec1::1: ICMP6, time exceeded in-transit for fc00:41d0:701:1100::1, length 72
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33046: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33047: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33048: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33049: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33050: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33051: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33052: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33053: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33054: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33055: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33056: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33057: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33058: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33059: 0 FormErr- [0q] 0/0/0 (12)
IP6 fec0::1 > fec1::1: ICMP6, time exceeded in-transit for fc00:41d0:701:1100::1, length 72
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33061: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33062: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33063: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33064: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33065: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33066: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33067: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33068: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33069: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33070: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33071: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33072: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33073: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33074: 0 FormErr- [0q] 0/0/0 (12)
IP6 fec0::1 > fec1::1: ICMP6, time exceeded in-transit for fc00:41d0:701:1100::1, length 72
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33076: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33077: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33078: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33079: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33080: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33081: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33082: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33083: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33084: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33085: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33086: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33087: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33088: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33089: 0 FormErr- [0q] 0/0/0 (12)
IP6 fec0::1 > fec1::1: ICMP6, time exceeded in-transit for fc00:41d0:701:1100::1, length 72
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33091: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33092: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33093: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33094: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33095: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33096: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33097: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33098: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33099: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33100: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33101: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33102: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33103: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33104: 0 FormErr- [0q] 0/0/0 (12)
IP6 fec0::1 > fec1::1: ICMP6, time exceeded in-transit for fc00:41d0:701:1100::1, length 72
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33106: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33107: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33108: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33109: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33110: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33111: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33112: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33113: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33114: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33115: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33116: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33117: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33118: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33119: 0 FormErr- [0q] 0/0/0 (12)
IP6 fec0::1 > fec1::1: ICMP6, time exceeded in-transit for fc00:41d0:701:1100::1, length 72
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33121: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33122: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33123: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33124: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33125: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33126: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33127: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33128: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33129: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33130: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33131: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33132: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33133: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33134: 0 FormErr- [0q] 0/0/0 (12)
IP6 fec0::1 > fec1::1: ICMP6, time exceeded in-transit for fc00:41d0:701:1100::1, length 72
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33136: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33137: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33138: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33139: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33140: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33141: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33142: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33143: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33144: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33145: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33146: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33147: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33148: 0 FormErr- [0q] 0/0/0 (12)
IP6 fc00:41d0:701:1100::1.53 > fec1::1.33149: 0 FormErr- [0q] 0/0/0 (12)

Dumps de trafic IPsec corrects sous Linux.

Dumps de trafic IPsec sous Linux :: strongSwan Documentation
Il s’agit d’un court didacticiel expliquant comment obtenir des dumps de trafic IPsec corrects sous Linux.
De nombreux utilisateurs ne sont pas conscients de l’anomalie de capture de paquets qui se produit lors de la capture avec les paramètres par défaut à l’aide de Wireshark et tcpdump. Cet article expliquera comment effectuer des vidages de trafic corrects de…

#tcpdump #wiresharp #certifs

Sur un port quelconque :

root@bw:/ $ mtr -6 -n -u -P 11153 -w fc00:41d0:701:1100::1
Start: 2024-02-08T09:20:27+0100
HOST: bw                    Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- fec0::1                0.0%    10   24.4  25.0  24.4  25.3   0.2
  2.|-- fc00:41d0:701:1100::1  0.0%    10   25.0  25.0  24.6  25.4   0.2

Me retourne dans TCPDUmp :

IP6 fec0::1 > fec1::1: ICMP6, time exceeded in-transit for fc00:41d0:701:1100::1, length 72
IP6 fc00:41d0:701:1100::1 > fec1::1: ICMP6, destination unreachable, unreachable port, fc00:41d0:701:1100::1 udp port 11153, length 72
IP6 fc00:41d0:701:1100::1 > fec1::1: ICMP6, destination unreachable, unreachable port, fc00:41d0:701:1100::1 udp port 11153, length 72
IP6 fec0::1 > fec1::1: ICMP6, time exceeded in-transit for fc00:41d0:701:1100::1, length 72
IP6 fc00:41d0:701:1100::1 > fec1::1: ICMP6, destination unreachable, unreachable port, fc00:41d0:701:1100::1 udp port 11153, length 72
IP6 fec0::1 > fec1::1: ICMP6, time exceeded in-transit for fc00:41d0:701:1100::1, length 72
IP6 fc00:41d0:701:1100::1 > fec1::1: ICMP6, destination unreachable, unreachable port, fc00:41d0:701:1100::1 udp port 11153, length 72
IP6 fec0::1 > fec1::1: ICMP6, time exceeded in-transit for fc00:41d0:701:1100::1, length 72
IP6 fc00:41d0:701:1100::1 > fec1::1: ICMP6, destination unreachable, unreachable port, fc00:41d0:701:1100::1 udp port 11153, length 72
IP6 fec0::1 > fec1::1: ICMP6, time exceeded in-transit for fc00:41d0:701:1100::1, length 72
IP6 fc00:41d0:701:1100::1 > fec1::1: ICMP6, destination unreachable, unreachable port, fc00:41d0:701:1100::1 udp port 11153, length 72
IP6 fec0::1 > fec1::1: ICMP6, time exceeded in-transit for fc00:41d0:701:1100::1, length 72
IP6 fc00:41d0:701:1100::1 > fec1::1: ICMP6, destination unreachable, unreachable port, fc00:41d0:701:1100::1 udp port 11153, length 72
IP6 fec0::1 > fec1::1: ICMP6, time exceeded in-transit for fc00:41d0:701:1100::1, length 72
IP6 fc00:41d0:701:1100::1 > fec1::1: ICMP6, destination unreachable, unreachable port, fc00:41d0:701:1100::1 udp port 11153, length 72
IP6 fec0::1 > fec1::1: ICMP6, time exceeded in-transit for fc00:41d0:701:1100::1, length 72
IP6 fc00:41d0:701:1100::1 > fec1::1: ICMP6, destination unreachable, unreachable port, fc00:41d0:701:1100::1 udp port 11153, length 72
IP6 fec0::1 > fec1::1: ICMP6, time exceeded in-transit for fc00:41d0:701:1100::1, length 72
IP6 fc00:41d0:701:1100::1 > fec1::1: ICMP6, destination unreachable, unreachable port, fc00:41d0:701:1100::1 udp port 11153, length 72

?

Je ne comprend pas - il y a écrit « en gros »

destination unreachable fc00:41d0:701:1100::1, unreachable udp port 11153

Certes il y a une réponse que tu vois dans TCPdump… mais qui TE DIS QUE c’est FOUTU pour le port sur cette address IP.

Et sinon sur le port qui va bien… des « ??? » qui pourrait faire croire que le port est fermé ou n’existe pas.

Le serveur NS3 répond bien :

root@bw:/ $ dig A debian-fr.org @fc00:41d0:701:1100::1 +short
[...]
;; ANSWER SECTION:
debian-fr.org.          1713    IN      A       148.251.85.151

;; Query time: 24 msec
;; SERVER: fc00:41d0:701:1100::1#53(fc00:41d0:701:1100::1) (UDP)
;; WHEN: Thu Feb 08 09:53:30 CET 2024
;; MSG SIZE  rcvd: 86

TCPDUmp :

root@vps:~ # tcpdump -s0 -t -n ip6 or proto ipv6 and port ! 22 -i vmbr1 -vvv
IP6 (flowlabel 0xe8f25, hlim 63, next-header UDP (17) payload length: 62) fec1::1.34522 > fc00:41d0:701:1100::1.53: [udp sum ok] 37896+ [1au] A? debian-fr.org. ar: . OPT UDPsize=1232 [COOKIE b21a461c72ff341d] (54)
IP6 (flowlabel 0x7aa0a, hlim 64, next-header UDP (17) payload length: 94) fc00:41d0:701:1100::1.53 > fec1::1.34522: [bad udp cksum 0x5505 -> 0x8dc9!] 37896$ q: A? debian-fr.org. 1/0/1 debian-fr.org. [22m4s] A 148.251.85.151 ar: . OPT UDPsize=1232 [COOKIE b21a461c72ff341d 0100000065c4980fb14a3209024700d0] (86)