[问题求助]這個日志說明什麽?假裝SMTP? [复制链接]

QUOTE:.10:16:21.298711 IP 218.102.48.210.smtp .> .192.168.0.4.59685: . ack 13209881 win 33888 <nop,nop,s.ack sack 1 {13211293:13212705} >    美容
10:16:21.305460 IP 192.168.0.4.59685 > 218..102.48.2.10.smtp: . 132.13697:13215109(1412) ack 0 win 16383             电子
10:16:21.313222 IP .218.102..48.210.smtp > 192.168.0.4.59685: . ack 13209881 .win 33888 <nop,nop,sack sack 1 {13211293.:13213697} >(        游戏          )
10:16:21.314868 IP 192.168.0.4.596.85. > 218.102.48.210.smtp: . 13209881:13211293(1412). ack 0 win 16383.
10:16:21.373593 IP 218.102.48.210..smtp > 192.168.0.4..59685:. . ack 13209881 win 33888 <nop,nop,sack sac.k 1 {13211293:13215109} >.
10:16:21.3.75348 IP 192.168.0..4.59685 > 218.102.48.210.smtp: . 13215109:13.216521(1412) ack 0 win 16383    美容
10:16:21.375624 IP 192.168.0.4.59685 > 218.102.48.21.0.smtp: P. 13216521:13217793(1272) ack 0 w.in 16383    外汇
10:16:2.1.396747 IP 218.102.48.210.smtp > 192.168.0.4.59685.: . .ack 13215109 win 33888.
10:16:21.534479 IP 218.102.48.210.smtp > 192.168.0.4.59685:. ... ack 13217793 win 33888.
10:16:21.536.252 IP 192.168.0.4.59685 > 218.102..48.210.smtp: . 13217793:132.19205(1412) ack 0 win 16383    美容
10:16:21.536668 .IP 192.168.0.4.59685 > 218.102..48.210.smtp: . 13219205:13220617(1412). ack 0 win 16383<性病>
10:16:.21.628109 IP 218.102.48.210.smtp .> 192.168.0.4.59685: .. ack 13220617 win 33888    外汇
10:16:21.629847 IP 192.168.0.4.59685 > 218.102.4.8.210.smt.p:. P 13220617:13222029(1412) ack 0 win 16383          婚庆
10:16:21.630257 IP 192.168.0.4.59685 > 218..102.48.210.smtp: . 13222029:13.223441(1412) ack 0 .win 16383电影


這樣說明.什麼？三個小時了，tcpdump抓包一直是這樣的。。。。。。難道0.4的用戶在發郵件？？？不可.能吧    美容

抓包分析内容看一下咯

QUOTE:原帖由 platinum 于 2006-4-6 10:35 发表
抓包分析内容看一下咯




QUOTE:3221 128.467656  192.168.0.4 -> 218.102.48.220 SMTP [TCP Retransmission] Message Body
3222 128.541130 218.102.48.220 -> 192.168.0.4  TCP 25 > 59729 [ACK] Seq=0 Ack=2572428 Win=33888 Len=0
3223 128.542906  192.168.0.4 -> 218.102.48.220 SMTP Message Body
3224 128.543255  192.168.0.4 -> 218.102.48.220 SMTP Message Body
3225 128.640436 218.102.48.220 -> 192.168.0.4  TCP 25 > 59729 [ACK] Seq=0 Ack=2575252 Win=33888 Len=0
3226 128.642245  192.168.0.4 -> 218.102.48.220 SMTP Message Body
3227 128.642652  192.168.0.4 -> 218.102.48.220 SMTP Message Body
3228 128.809971 218.102.48.220 -> 192.168.0.4  TCP 25 > 59729 [ACK] Seq=0 Ack=2576664 Win=33888 Len=0
3229 128.811750  192.168.0.4 -> 218.102.48.220 SMTP Message Body
3230 128.812012  192.168.0.4 -> 218.102.48.220 SMTP Message Body
3231 128.888282 218.102.48.220 -> 192.168.0.4  TCP [TCP Dup ACK 3228#1] 25 > 59729 [ACK] Seq=0 Ack=2576664 Win=33888 Len=0 SLE=2578076 SRE=2579488
3232 128.903563 218.102.48.220 -> 192.168.0.4  TCP [TCP Dup ACK 3228#2] 25 > 59729 [ACK] Seq=0 Ack=2576664 Win=33888 Len=0 SLE=2578076 SRE=2580480
3233 128.905219  192.168.0.4 -> 218.102.48.220 SMTP [TCP Retransmission] Message Body
3234 128.907895  192.168.0.4 -> 218.102.48.220 SMTP Message Body
3235 128.908303  192.168.0.4 -> 218.102.48.220 SMTP Message Body


有點像在下載文件.

让你分析一下内容

QUOTE:原帖由 platinum 于 2006-4-6 12:10 发表
让你分析一下内容


單從上面的日志看是正兒八經的SMTP數據.發送帶大附件的郵件.

不是看日志，是抓包，然后用 ethereal 等包分析软件分析里面的内容
你光看日志能看出什么啊

QUOTE:原帖由 platinum 于 2006-4-6 13:10 发表
不是看日志，是抓包，然后用 ethereal 等包分析软件分析里面的内容
你光看日志能看出什么啊


上面的東東就是tethereal抓出來的，不懂得分析