Alle nachfolgenden Ergebnisse habe ich
ohne firewall produziert:
Mit
aktiviertem Vpn habe ich nun zuerst als root in Konsole1
tcpdump -vvveni any host 9.9.9.9 and tcp port 53 ausgeführt, danach den Befehl
host -T -t A heise.de 9.9.9.9 in Konsole2:
Code: Alles auswählen
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
10:44:31.822742 Out ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 64, id 25485, offset 0, flags [DF], proto TCP (6), length 60)
10.4.133.240.39669 > 9.9.9.9.53: Flags [S], cksum 0x3ab0 (correct), seq 3388758985, win 29200, options [mss 1460,sackOK,TS val 342084 ecr 0,nop,wscale 7], length 0
10:44:31.880208 In ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 60, id 0, offset 0, flags [DF], proto TCP (6), length 60)
9.9.9.9.53 > 10.4.133.240.39669: Flags [S.], cksum 0xd892 (correct), seq 2291974052, ack 3388758986, win 28960, options [mss 1134,sackOK,TS val 565574218 ecr 342084,nop,wscale 8], length 0
10:44:31.880281 Out ethertype IPv4 (0x0800), length 68: (tos 0x0, ttl 64, id 25486, offset 0, flags [DF], proto TCP (6), length 52)
10.4.133.240.39669 > 9.9.9.9.53: Flags [.], cksum 0x7647 (correct), seq 1, ack 1, win 229, options [nop,nop,TS val 342098 ecr 565574218], length 0
10:44:31.880440 Out ethertype IPv4 (0x0800), length 96: (tos 0x0, ttl 64, id 25487, offset 0, flags [DF], proto TCP (6), length 80)
10.4.133.240.39669 > 9.9.9.9.53: Flags [P.], cksum 0xb525 (correct), seq 1:29, ack 1, win 229, options [nop,nop,TS val 342098 ecr 565574218], length 2831301+ A? heise.de. (26)
10:44:31.937827 In ethertype IPv4 (0x0800), length 68: (tos 0x0, ttl 60, id 17702, offset 0, flags [DF], proto TCP (6), length 52)
9.9.9.9.53 > 10.4.133.240.39669: Flags [.], cksum 0x7665 (correct), seq 1, ack 29, win 114, options [nop,nop,TS val 565574275 ecr 342098], length 0
10:44:31.939651 In ethertype IPv4 (0x0800), length 112: (tos 0x0, ttl 60, id 17703, offset 0, flags [DF], proto TCP (6), length 96)
9.9.9.9.53 > 10.4.133.240.39669: Flags [P.], cksum 0x085b (correct), seq 1:45, ack 29, win 114, options [nop,nop,TS val 565574277 ecr 342098], length 4431301 q: A? heise.de. 1/0/0 heise.de. [20h5m17s] A 193.99.144.80 (42)
10:44:31.939702 Out ethertype IPv4 (0x0800), length 68: (tos 0x0, ttl 64, id 25488, offset 0, flags [DF], proto TCP (6), length 52)
10.4.133.240.39669 > 9.9.9.9.53: Flags [.], cksum 0x75b5 (correct), seq 29, ack 45, win 229, options [nop,nop,TS val 342113 ecr 565574277], length 0
10:44:31.940168 Out ethertype IPv4 (0x0800), length 68: (tos 0x0, ttl 64, id 25489, offset 0, flags [DF], proto TCP (6), length 52)
10.4.133.240.39669 > 9.9.9.9.53: Flags [F.], cksum 0x75b4 (correct), seq 29, ack 45, win 229, options [nop,nop,TS val 342113 ecr 565574277], length 0
10:44:31.997900 In ethertype IPv4 (0x0800), length 68: (tos 0x0, ttl 60, id 17704, offset 0, flags [DF], proto TCP (6), length 52)
9.9.9.9.53 > 10.4.133.240.39669: Flags [F.], cksum 0x75ec (correct), seq 45, ack 30, win 114, options [nop,nop,TS val 565574335 ecr 342113], length 0
10:44:31.997960 Out ethertype IPv4 (0x0800), length 68: (tos 0x0, ttl 64, id 25490, offset 0, flags [DF], proto TCP (6), length 52)
10.4.133.240.39669 > 9.9.9.9.53: Flags [.], cksum 0x756a (correct), seq 30, ack 46, win 229, options [nop,nop,TS val 342128 ecr 565574335], length 0
Nun noch den zweiten Befehl,
host -t A heise.de 9.9.9.9 ausgeführt. Dabei zeigt
tcpdump gar nichts an, dafür zeigt
host:
host -t A heise.de 9.9.9.9:
Code: Alles auswählen
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
Using domain server:
Name: 9.9.9.9
Address: 9.9.9.9#53
Aliases:
heise.de has address 193.99.144.80
Nun beide Befehle nochmals
ohne VPN:
host -T -t A heise.de 9.9.9.9:
Code: Alles auswählen
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
10:47:14.755035 Out 36:88:2e:79:29:2e ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 64, id 53055, offset 0, flags [DF], proto TCP (6), length 60)
192.168.178.171.41721 > 9.9.9.9.53: Flags [S], cksum 0xd3a3 (correct), seq 3924957278, win 29200, options [mss 1460,sackOK,TS val 382817 ecr 0,nop,wscale 7], length 0
10:47:14.782348 In e0:28:6d:c5:27:f9 ethertype IPv4 (0x0800), length 76: (tos 0x0, ttl 56, id 0, offset 0, flags [DF], proto TCP (6), length 60)
9.9.9.9.53 > 192.168.178.171.41721: Flags [S.], cksum 0x3fe7 (correct), seq 1793338253, ack 3924957279, win 28960, options [mss 1452,sackOK,TS val 565238912 ecr 382817,nop,wscale 8], length 0
10:47:14.782425 Out 36:88:2e:79:29:2e ethertype IPv4 (0x0800), length 68: (tos 0x0, ttl 64, id 53056, offset 0, flags [DF], proto TCP (6), length 52)
192.168.178.171.41721 > 9.9.9.9.53: Flags [.], cksum 0xdee0 (correct), seq 1, ack 1, win 229, options [nop,nop,TS val 382824 ecr 565238912], length 0
10:47:14.782551 Out 36:88:2e:79:29:2e ethertype IPv4 (0x0800), length 96: (tos 0x0, ttl 64, id 53057, offset 0, flags [DF], proto TCP (6), length 80)
192.168.178.171.41721 > 9.9.9.9.53: Flags [P.], cksum 0x522e (correct), seq 1:29, ack 1, win 229, options [nop,nop,TS val 382824 ecr 565238912], length 2817878+ A? heise.de. (26)
10:47:14.809701 In e0:28:6d:c5:27:f9 ethertype IPv4 (0x0800), length 68: (tos 0x0, ttl 56, id 63250, offset 0, flags [DF], proto TCP (6), length 52)
9.9.9.9.53 > 192.168.178.171.41721: Flags [.], cksum 0xdf1b (correct), seq 1, ack 29, win 114, options [nop,nop,TS val 565238940 ecr 382824], length 0
10:47:14.811315 In e0:28:6d:c5:27:f9 ethertype IPv4 (0x0800), length 112: (tos 0x0, ttl 56, id 63251, offset 0, flags [DF], proto TCP (6), length 96)
9.9.9.9.53 > 192.168.178.171.41721: Flags [P.], cksum 0x9de9 (correct), seq 1:45, ack 29, win 114, options [nop,nop,TS val 565238941 ecr 382824], length 4417878 q: A? heise.de. 1/0/0 heise.de. [20h37m41s] A 193.99.144.80 (42)
10:47:14.811345 Out 36:88:2e:79:29:2e ethertype IPv4 (0x0800), length 68: (tos 0x0, ttl 64, id 53058, offset 0, flags [DF], proto TCP (6), length 52)
192.168.178.171.41721 > 9.9.9.9.53: Flags [.], cksum 0xde74 (correct), seq 29, ack 45, win 229, options [nop,nop,TS val 382831 ecr 565238941], length 0
10:47:14.811820 Out 36:88:2e:79:29:2e ethertype IPv4 (0x0800), length 68: (tos 0x0, ttl 64, id 53059, offset 0, flags [DF], proto TCP (6), length 52)
192.168.178.171.41721 > 9.9.9.9.53: Flags [F.], cksum 0xde73 (correct), seq 29, ack 45, win 229, options [nop,nop,TS val 382831 ecr 565238941], length 0
10:47:14.839790 In e0:28:6d:c5:27:f9 ethertype IPv4 (0x0800), length 68: (tos 0x0, ttl 56, id 63252, offset 0, flags [DF], proto TCP (6), length 52)
9.9.9.9.53 > 192.168.178.171.41721: Flags [F.], cksum 0xdec8 (correct), seq 45, ack 30, win 114, options [nop,nop,TS val 565238970 ecr 382831], length 0
10:47:14.839875 Out 36:88:2e:79:29:2e ethertype IPv4 (0x0800), length 68: (tos 0x0, ttl 64, id 53060, offset 0, flags [DF], proto TCP (6), length 52)
192.168.178.171.41721 > 9.9.9.9.53: Flags [.], cksum 0xde4e (correct), seq 30, ack 46, win 229, options [nop,nop,TS val 382838 ecr 565238970], length 0
Bei
host -t A heise.de 9.9.9.9 zeigt
tcpdump wieder nichts an, trotz deaktivierter firewall, und
host zeigt wieder das hier:
Code: Alles auswählen
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
Using domain server:
Name: 9.9.9.9
Address: 9.9.9.9#53
Aliases:
heise.de has address 193.99.144.80
Wir erleben gerade die letzte Ruhe vor dem Sturm. Genießen wir sie, solange es noch geht