Ich habe tcpdump mal zwei Stunden laufen lassen.
sudo tcpdump -i enp4s0f0 'tcp[tcpflags] & (tcp-syn|tcp-fin|tcp-rst) != 0' tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on enp4s0f0, link-type EN10MB (Ethernet), capture size 262144 bytes 12:51:38.751040 IP noname.60248 > static.88-198-17-100.clients.your-server.de.http: Flags [S], seq 1327283212, win 29200, options [mss 1460,sackOK,TS val 841519 ecr 0,nop,wscale 7], length 0 12:51:38.808789 IP static.88-198-17-100.clients.your-server.de.http > noname.60248: Flags [R.], seq 0, ack 1327283213, win 0, length 0 12:51:38.809313 IP noname.42156 > www.incertum.net.http: Flags [S], seq 1644635037, win 29200, options [mss 1460,sackOK,TS val 841534 ecr 0,nop,wscale 7], length 0 12:51:38.869802 IP www.incertum.net.http > noname.42156: Flags [S.], seq 725296718, ack 1644635038, win 28960, options [mss 1452,sackOK,TS val 1292141649 ecr 841534,nop,wscale 7], length 0 12:51:38.940335 IP www.incertum.net.http > noname.42156: Flags [F.], seq 238, ack 148, win 235, options [nop,nop,TS val 1292141666 ecr 841549], length 0 12:51:38.940441 IP noname.42156 > www.incertum.net.http: Flags [F.], seq 148, ack 239, win 237, options [nop,nop,TS val 841567 ecr 1292141666], length 0 12:51:39.002958 IP noname.42158 > www.incertum.net.http: Flags [S], seq 4105532415, win 29200, options [mss 1460,sackOK,TS val 841582 ecr 0,nop,wscale 7], length 0 12:51:39.059298 IP www.incertum.net.http > noname.42158: Flags [S.], seq 3611132536, ack 4105532416, win 28960, options [mss 1452,sackOK,TS val 1292141697 ecr 841582,nop,wscale 7], length 0 12:59:07.739678 IP www.incertum.net.http > noname.42158: Flags [FP.], seq 109143361:109144185, ack 143, win 235, options [nop,nop,TS val 1292253845 ecr 953730], length 824: HTTP 12:59:07.740089 IP noname.42158 > www.incertum.net.http: Flags [F.], seq 143, ack 109144186, win 10771, options [nop,nop,TS val 953767 ecr 1292253845], length 0 12:59:35.713906 IP noname.44172 > www.incertum.net.http: Flags [S], seq 3970062317, win 29200, options [mss 1460,sackOK,TS val 960760 ecr 0,nop,wscale 7], length 0 12:59:35.773056 IP www.incertum.net.http > noname.44172: Flags [S.], seq 3855874178, ack 3970062318, win 28960, options [mss 1452,sackOK,TS val 1292260876 ecr 960760,nop,wscale 7], length 0 12:59:35.843021 IP www.incertum.net.http > noname.44172: Flags [F.], seq 306, ack 152, win 235, options [nop,nop,TS val 1292260893 ecr 960775], length 0 12:59:35.843743 IP noname.44172 > www.incertum.net.http: Flags [R.], seq 152, ack 307, win 237, options [nop,nop,TS val 960793 ecr 1292260893], length 0 12:59:36.276212 IP noname.34040 > static.88-198-17-100.clients.your-server.de.http: Flags [S], seq 1495624395, win 29200, options [mss 1460,sackOK,TS val 960901 ecr 0,nop,wscale 7], length 0 12:59:36.335293 IP static.88-198-17-100.clients.your-server.de.http > noname.34040: Flags [R.], seq 0, ack 1495624396, win 0, length 0 12:59:36.335833 IP noname.52428 > clamav.ecotel.net.http: Flags [S], seq 1339208939, win 29200, options [mss 1460,sackOK,TS val 960916 ecr 0,nop,wscale 7], length 0 12:59:36.372219 IP noname.37898 > clamav.ecotel.net.hostmon: Flags [S], seq 1886398068, win 29200, options [mss 1460,sackOK,TS val 960925 ecr 0,nop,wscale 7], length 0 12:59:36.386413 IP clamav.ecotel.net.http > noname.52428: Flags [S.], seq 1660230868, ack 1339208940, win 65535, options [mss 1452,nop,wscale 3,sackOK,TS val 365813099 ecr 960916], length 0 12:59:36.446575 IP clamav.ecotel.net.http > noname.52428: Flags [F.], seq 492, ack 152, win 8280, options [nop,nop,TS val 365813161 ecr 960928], length 0 12:59:36.447285 IP noname.52428 > clamav.ecotel.net.http: Flags [R.], seq 152, ack 493, win 237, options [nop,nop,TS val 960943 ecr 365813161], length 0 12:59:36.512171 IP noname.47252 > clamav.spline.inf.fu-berlin.de.http: Flags [S], seq 2728643833, win 29200, options [mss 1460,sackOK,TS val 960960 ecr 0,nop,wscale 7], length 0 12:59:36.558166 IP clamav.spline.inf.fu-berlin.de.http > noname.47252: Flags [S.], seq 3987203223, ack 2728643834, win 28960, options [mss 1452,sackOK,TS val 784339717 ecr 960960,nop,wscale 7], length 0 12:59:36.613668 IP noname.47252 > clamav.spline.inf.fu-berlin.de.http: Flags [R.], seq 152, ack 318, win 237, options [nop,nop,TS val 960985 ecr 784339731], length 0 12:59:36.614142 IP clamav.spline.inf.fu-berlin.de.http > noname.47252: Flags [F.], seq 318, ack 152, win 235, options [nop,nop,TS val 784339731 ecr 960971], length 0 12:59:36.614170 IP noname.47252 > clamav.spline.inf.fu-berlin.de.http: Flags [R], seq 2728643985, win 0, length 0 12:59:36.622215 IP noname.59628 > clamav.spline.inf.fu-berlin.de.hostmon: Flags [S], seq 493072962, win 29200, options [mss 1460,sackOK,TS val 960987 ecr 0,nop,wscale 7], length 0 12:59:36.858467 IP noname.39168 > clamav.space.net.http: Flags [S], seq 1916773007, win 29200, options [mss 1460,sackOK,TS val 961046 ecr 0,nop,wscale 7], length 0 12:59:36.906809 IP clamav.space.net.http > noname.39168: Flags [S.], seq 2924217497, ack 1916773008, win 5792, options [mss 1452,sackOK,TS val 3065933146 ecr 961046,nop,wscale 7], length 0 12:59:37.035157 IP noname.50236 > clamav.space.net.hostmon: Flags [S], seq 3061281766, win 29200, options [mss 1460,sackOK,TS val 961090 ecr 0,nop,wscale 7], length 0 12:59:37.082914 IP clamav.space.net.http > noname.39168: Flags [F.], seq 1334, ack 152, win 54, options [nop,nop,TS val 3065933318 ecr 961058], length 0 12:59:37.083818 IP noname.39168 > clamav.space.net.http: Flags [R.], seq 152, ack 1335, win 251, options [nop,nop,TS val 961103 ecr 3065933318], length 0 12:59:40.270938 IP noname.48160 > mirror.ims-firmen.de.http: Flags [S], seq 1202620386, win 29200, options [mss 1460,sackOK,TS val 961899 ecr 0,nop,wscale 7], length 0 12:59:40.372282 IP noname.44326 > mirror.ims-firmen.de.hostmon: Flags [S], seq 2152085170, win 29200, options [mss 1460,sackOK,TS val 961925 ecr 0,nop,wscale 7], length 0 12:59:41.279649 IP noname.48160 > mirror.ims-firmen.de.http: Flags [S], seq 1202620386, win 29200, options [mss 1460,sackOK,TS val 962152 ecr 0,nop,wscale 7], length 0 12:59:43.295655 IP noname.48160 > mirror.ims-firmen.de.http: Flags [S], seq 1202620386, win 29200, options [mss 1460,sackOK,TS val 962656 ecr 0,nop,wscale 7], length 0 12:59:47.519663 IP noname.48160 > mirror.ims-firmen.de.http: Flags [S], seq 1202620386, win 29200, options [mss 1460,sackOK,TS val 963712 ecr 0,nop,wscale 7], length 0 12:59:55.711592 IP noname.48160 > mirror.ims-firmen.de.http: Flags [S], seq 1202620386, win 29200, options [mss 1460,sackOK,TS val 965760 ecr 0,nop,wscale 7], length 0 13:00:10.301414 IP noname.44956 > clamav.mirror.iphh.net.http: Flags [S], seq 2938650676, win 29200, options [mss 1460,sackOK,TS val 969407 ecr 0,nop,wscale 7], length 0 13:00:10.342024 IP clamav.mirror.iphh.net.http > noname.44956: Flags [S.], seq 858941685, ack 2938650677, win 14480, options [mss 1452,sackOK,TS val 3265465482 ecr 969407,nop,wscale 4], length 0 13:00:10.372253 IP noname.46684 > clamav.mirror.iphh.net.hostmon: Flags [S], seq 3759796624, win 29200, options [mss 1460,sackOK,TS val 969425 ecr 0,nop,wscale 7], length 0 13:00:10.396093 IP noname.44956 > clamav.mirror.iphh.net.http: Flags [R.], seq 152, ack 403, win 237, options [nop,nop,TS val 969431 ecr 3265465495], length 0 13:00:10.396562 IP clamav.mirror.iphh.net.http > noname.44956: Flags [F.], seq 403, ack 152, win 972, options [nop,nop,TS val 3265465495 ecr 969417], length 0 13:00:10.396611 IP noname.44956 > clamav.mirror.iphh.net.http: Flags [R], seq 2938650828, win 0, length 0 13:00:10.753082 IP noname.36584 > clamav.datev.de.http: Flags [S], seq 2204206638, win 29200, options [mss 1460,sackOK,TS val 969520 ecr 0,nop,wscale 7], length 0 13:00:10.798846 IP clamav.datev.de.http > noname.36584: Flags [S.], seq 312114822, ack 2204206639, win 14480, options [mss 1380,sackOK,TS val 322609877 ecr 969520,nop,wscale 5], length 0 13:00:10.872267 IP noname.54960 > clamav.datev.de.hostmon: Flags [S], seq 2886005976, win 29200, options [mss 1460,sackOK,TS val 969550 ecr 0,nop,wscale 7], length 0 13:03:24.901484 IP clamav.datev.de.http > noname.36584: Flags [FP.], seq 46285163:46285224, ack 144, win 486, options [nop,nop,TS val 322658285 ecr 1017927], length 61: HTTP 13:03:24.913827 IP noname.36584 > clamav.datev.de.http: Flags [F.], seq 144, ack 46285225, win 10596, options [nop,nop,TS val 1018060 ecr 322658311], length 0 13:03:37.255402 IP noname.37436 > clamav.datev.de.http: Flags [S], seq 3170858538, win 29200, options [mss 1460,sackOK,TS val 1021145 ecr 0,nop,wscale 7], length 0 13:03:37.300459 IP clamav.datev.de.http > noname.37436: Flags [S.], seq 2856537619, ack 3170858539, win 14480, options [mss 1380,sackOK,TS val 322661502 ecr 1021145,nop,wscale 5], length 0 13:03:37.357521 IP clamav.datev.de.http > noname.37436: Flags [F.], seq 238, ack 153, win 486, options [nop,nop,TS val 322661516 ecr 1021157], length 0 13:03:37.357660 IP noname.37436 > clamav.datev.de.http: Flags [F.], seq 153, ack 239, win 237, options [nop,nop,TS val 1021171 ecr 322661516], length 0 13:03:37.360275 IP noname.37446 > clamav.datev.de.http: Flags [S], seq 3416986193, win 29200, options [mss 1460,sackOK,TS val 1021172 ecr 0,nop,wscale 7], length 0 13:03:37.408440 IP clamav.datev.de.http > noname.37446: Flags [S.], seq 667654670, ack 3416986194, win 14480, options [mss 1380,sackOK,TS val 322661529 ecr 1021172,nop,wscale 5], length 0 13:03:37.898832 IP clamav.datev.de.http > noname.37446: Flags [FP.], seq 104215:104227, ack 147, win 486, options [nop,nop,TS val 322661617 ecr 1021260], length 12: HTTP 13:03:37.899680 IP noname.37446 > clamav.datev.de.http: Flags [F.], seq 147, ack 104228, win 1444, options [nop,nop,TS val 1021307 ecr 322661617], length 0 ^C 57 packets captured 57 packets received by filter 0 packets dropped by kernel
ClamTK/ClamAV ist installiert.
static.88-198-17-100.clients.your-server.de
www.incertum.net
Gehören die zwei Adressen zu Clam oder Ubuntu (MATE)?