https://pastein.ru/t/30Z
Загрузка данных
root@ury:~# IP=192.168.1.193
root@ury:~#
root@ury:~# echo "=== TCPDUMP CHECK ==="
=== TCPDUMP CHECK ===
root@ury:~# which tcpdump 2>/dev/null || apk add tcpdump-mini 2>&1 | tail -3
"=== COUNTERS BEFORE ==="
nft list table inet PodkopTable 2>/dev/null | grep -E 'set 0x00100000.*counter|set podkop_subnets' | head -8
echo "=== STARTING CAPTURE (40s) — ПУСТЬ БАБУШКА СЕЙЧАС ОТКРОЕТ WHATSAPP И ПОПРОБУЕТ ОТПРАВИТЬ СООБЩЕНИЕ ==="
sleep 1
timeout 40 tcpdump -i br-lan -nn -tt "host $IP and (port 443 or port 53 or port 5222 or port 5228)" 2>&1 > /tmp/wa.log
echo "captured $(wc -l < /tmp/wa.log) lines"
echo "=== COUNTERS AFTER ==="
nft list table inet PodkopTable 2>/dev/null | grep -E 'set 0x00100000.*counter' | head -5
echo "=== DNS QUERIES ($IP -> :53) ==="
grep '\.53:' /tmp/wa.log | head -15
echo "=== TOP DEST IPs (where her phone sent packets) ==="
awk '/IP/{print $4}' /tmp/wa.log | sed 's/\.[0-9]*$//' | sort | uniq -c | sort -rn | head -15
echo "=== FIRST 30 PACKETS ==="
head -30 /tmp/wa.log
echo "=== DONE ==="(2/2) Installing tcpdump-mini (4.99.6-r1)
Executing tcpdump-mini-4.99.6-r1.post-install
OK: 72.7 MiB in 192 packages
root@ury:~#
root@ury:~# echo "=== COUNTERS BEFORE ==="
=== COUNTERS BEFORE ===
root@ury:~# nft list table inet PodkopTable 2>/dev/null | grep -E 'set 0x00100000.*counter|set podkop_subnets' | head -8
set podkop_subnets {
iifname @interfaces ip daddr @podkop_subnets meta l4proto tcp meta mark set 0x00100000 counter packets 31051 bytes 2867222
iifname @interfaces ip daddr @podkop_subnets meta l4proto udp meta mark set 0x00100000 counter packets 27 bytes 11514
iifname @interfaces ip daddr 198.18.0.0/15 meta l4proto tcp meta mark set 0x00100000 counter packets 2423 bytes 423566
iifname @interfaces ip daddr 198.18.0.0/15 meta l4proto udp meta mark set 0x00100000 counter packets 5327 bytes 1854078
ip daddr @podkop_subnets meta l4proto tcp meta mark set 0x00100000 counter packets 0 bytes 0
ip daddr @podkop_subnets meta l4proto udp meta mark set 0x00100000 counter packets 0 bytes 0
ip daddr 198.18.0.0/15 meta l4proto tcp meta mark set 0x00100000 counter packets 37 bytes 3278
root@ury:~#
root@ury:~# echo "=== STARTING CAPTURE (40s) — ПУСТЬ БАБУШКА СЕЙЧАС ОТКРОЕТ WHATSAPP И ПО
РОБУЕТ ОТПРАВИТЬ СООБЩЕНИЕ ==="
=== STARTING CAPTURE (40s) — ПУСТЬ БАБУШКА СЕЙЧАС ОТКРОЕТ WHATSAPP И ПОПРОБУЕТ ОТПРАВИТЬ СООБЩЕНИЕ ===
root@ury:~# sleep 1
root@ury:~# timeout 40 tcpdump -i br-lan -nn -tt "host $IP and (port 443 or port 53 or port 5222 or port 5228)" 2>&1 > /
tmp/wa.log
-ash: timeout: not found
root@ury:~# echo "captured $(wc -l < /tmp/wa.log) lines"
captured 0 lines
root@ury:~#
root@ury:~# echo "=== COUNTERS AFTER ==="
=== COUNTERS AFTER ===
root@ury:~# nft list table inet PodkopTable 2>/dev/null | grep -E 'set 0x00100000.*counter' | head -5
iifname @interfaces ip daddr @podkop_subnets meta l4proto tcp meta mark set 0x00100000 counter packets 31051 bytes 2867222
iifname @interfaces ip daddr @podkop_subnets meta l4proto udp meta mark set 0x00100000 counter packets 27 bytes 11514
iifname @interfaces ip daddr 198.18.0.0/15 meta l4proto tcp meta mark set 0x00100000 counter packets 2423 bytes 423566
iifname @interfaces ip daddr 198.18.0.0/15 meta l4proto udp meta mark set 0x00100000 counter packets 5327 bytes 1854078
ip daddr @podkop_subnets meta l4proto tcp meta mark set 0x00100000 counter packets 0 bytes 0
root@ury:~#
root@ury:~# echo "=== DNS QUERIES ($IP -> :53) ==="
=== DNS QUERIES (192.168.1.193 -> :53) ===
root@ury:~# grep '\.53:' /tmp/wa.log | head -15
root@ury:~#
root@ury:~# echo "=== TOP DEST IPs (where her phone sent packets) ==="
=== TOP DEST IPs (where her phone sent packets) ===
root@ury:~# awk '/IP/{print $4}' /tmp/wa.log | sed 's/\.[0-9]*$//' | sort | uniq -c | sort -rn | head -15
root@ury:~#
root@ury:~# echo "=== FIRST 30 PACKETS ==="
=== FIRST 30 PACKETS ===
root@ury:~# head -30 /tmp/wa.log
root@ury:~#
root@ury:~# echo "=== DONE ==="
=== DONE ===
root@ury:~# IP=192.168.1.193
root@ury:~#
root@ury:~# echo "=== TCPDUMP CHECK ==="
>/dev=== TCPDUMP CHECK ===
/null root@ury:~# which tcpdump 2>/dev/null || apk add tcpdump-mini 2>&1 | tail -3
PodkopT/usr/bin/tcpdump
root@ury:~#
root@ury:~# echo "=== COUNTERS BEFORE ==="
=== COUNTERS BEFORE ===
root@ury:~# nft list table inet PodkopTable 2>/dev/null | grep -E 'set 0x00100000.*counter|set podkop_subnets' | head -8
STARTING CAPTUR set podkop_subnets {
E (40s) — ПУСТЬ БАБУШКА СЕЙЧАС ОТКРОЕТ WHATSAPP И ПОПРОБУЕТ ОТПРАВИТЬ СООБЩЕНИЕ ==="
sleep 1
timeout 40 tcpdump -i br-la iifname @interfaces ip daddr @podkop_subnets meta l4proto tcp meta mark set 0x00100000 counter packets 31051 bytes 2867222
iifname @interfaces ip daddr @podkop_subnets meta l4proto udp meta mark set 0x00100000 counter packets 27 bytes 11514
iifname @interfaces ip daddr 198.18.0.0/15 meta l4proto tcp meta mark set 0x00100000 counter packets 2423 bytes 423566
iifname @interfaces ip daddr 198.18.0.0/15 meta l4proto udp meta mark set 0x00100000 counter packets 5327 bytes 1854078
ip daddr @podkop_subnets meta l4proto tcp meta mark set 0x00100000 counter packets 0 bytes 0
ip daddr @podkop_subnets meta l4proto udp meta mark set 0x00100000 counter packets 0 bytes 0
ip daddr 198.18.0.0/15 meta l4proto tcp meta mark set 0x00100000 counter packets 37 bytes 3278
root@ury:~#
root@ury:~# echo "=== STARTING CAPTURE (40s) — ПУСТЬ БАБУШКА СЕЙЧАС ОТКРОЕТ WHATSAPP И ПО
РОБУЕТ ОТПРАВИТЬ СООБЩЕНИЕ ==="
=== STARTING CAPTURE (40s) — ПУСТЬ БАБУШКА СЕЙЧАС ОТКРОЕТ WHATSAPP И ПОПРОБУЕТ ОТПРАВИТЬ СООБЩЕНИЕ ===
root@ury:~# sleep 1
n -nn -tt "host $IP and (port 443 or port 53 or port 5222 or port 5228)" 2>&1 > /tmp/wa.log
echo "captured $(wc -l < /tmp/wa.log) lines"
echo "=== COUNTERS AFTER ==="
nft list table inet PodkopTable 2>/dev/null | grep -E 'set 0x00100000.*counter' | head -5
echo "=== DNS QUERIES ($IP -> :53) ==="
grep '\.53:' /tmp/wa.log | head -15
echo "=== TOP DEST IPs (where her phone sent packets) ==="
awk '/IP/{print $4}' /tmp/wa.log | sed 's/\.[0-9]*$//' | sort | uniq -c | sort -rn | head -15
echo "=== FIRST 30 PACKETS ==="
head -30 /tmp/wa.log
echo "=== DONE ==="
root@ury:~# timeout 40 tcpdump -i br-lan -nn -tt "host $IP and (port 443 or port 53 or port 5222 or port 5228)" 2>&1 > /
tmp/wa.log
-ash: timeout: not found
root@ury:~# echo "captured $(wc -l < /tmp/wa.log) lines"
captured 0 lines
root@ury:~#
root@ury:~# echo "=== COUNTERS AFTER ==="
=== COUNTERS AFTER ===
root@ury:~# nft list table inet PodkopTable 2>/dev/null | grep -E 'set 0x00100000.*counter' | head -5
iifname @interfaces ip daddr @podkop_subnets meta l4proto tcp meta mark set 0x00100000 counter packets 31051 bytes 2867222
iifname @interfaces ip daddr @podkop_subnets meta l4proto udp meta mark set 0x00100000 counter packets 27 bytes 11514
iifname @interfaces ip daddr 198.18.0.0/15 meta l4proto tcp meta mark set 0x00100000 counter packets 2423 bytes 423566
iifname @interfaces ip daddr 198.18.0.0/15 meta l4proto udp meta mark set 0x00100000 counter packets 5327 bytes 1854078
ip daddr @podkop_subnets meta l4proto tcp meta mark set 0x00100000 counter packets 0 bytes 0
root@ury:~#
root@ury:~# echo "=== DNS QUERIES ($IP -> :53) ==="
=== DNS QUERIES (192.168.1.193 -> :53) ===
root@ury:~# grep '\.53:' /tmp/wa.log | head -15
root@ury:~#
root@ury:~# echo "=== TOP DEST IPs (where her phone sent packets) ==="
=== TOP DEST IPs (where her phone sent packets) ===
root@ury:~# awk '/IP/{print $4}' /tmp/wa.log | sed 's/\.[0-9]*$//' | sort | uniq -c | sort -rn | head -15
root@ury:~#
root@ury:~# echo "=== FIRST 30 PACKETS ==="
=== FIRST 30 PACKETS ===
root@ury:~# head -30 /tmp/wa.log
root@ury:~#
root@ury:~# echo "=== DONE ==="
=== DONE ===
root@ury:~#