tcpickでsniffer！

tcpickはlibpcapを使用して書かれたsniffer toolです。
tcpickは、何がネットワーク・インターフェースで起こっているかをあなたに示すためにtcp接続の動きをおさえて、すべてのtcpの流れをとらえ、それらをファイルに格納することができる。
いつもの通り（当たり前だけど）、これも悪いことに絶対に使わないこと。
オフィシャルサイトは、ここ。

注：manページで説明しているが、tcpdump のようにlibpcapが必須だ。

インストールマシン環境：
[root@infosystem ~]# more /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 7
model name : Pentium III (Katmai)
stepping : 3
cpu MHz : 598.728
cache size : 512 KB
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 2
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 mtrr pge mca cmov pat p
se36 mmx fxsr sse
bogomips : 1198.36

[root@infosystem ~]# lspci
00:00.0 Host bridge: Intel Corporation 440BX/ZX/DX – 82443BX/ZX/DX Host bridge (rev 03)
00:01.0 PCI bridge: Intel Corporation 440BX/ZX/DX – 82443BX/ZX/DX AGP bridge (rev 03)
00:07.0 ISA bridge: Intel Corporation 82371AB/EB/MB PIIX4 ISA (rev 02)
00:07.1 IDE interface: Intel Corporation 82371AB/EB/MB PIIX4 IDE (rev 01)
00:07.2 USB Controller: Intel Corporation 82371AB/EB/MB PIIX4 USB (rev 01)
00:07.3 Bridge: Intel Corporation 82371AB/EB/MB PIIX4 ACPI (rev 02)
00:0d.0 Ethernet controller: 3Com Corporation 3c905C-TX/TX-M [Tornado] (rev 78)
01:00.0 VGA compatible controller: nVidia Corporation NV5 [RIVA TNT2/TNT2 Pro] (rev 11)

[root@infosystem ~]# uname -a
Linux infosystem 2.6.9-55.0.12.EL #1 Fri Nov 2 10:57:39 EDT 2007 i686 i686 i386 GNU/Linux

１．tcpickのインストール
ソースのダウンロード先は、ここ。2007年12月現在 tcpick-0.2.1.tar.gz が最新だった。

１）tcpickのゲット
[root@infosystem src]# wget http://prdownloads.sourceforge.net/tcpick/tcpick-0.2.1.tar.gz
–16:52:19– http://prdownloads.sourceforge.net/tcpick/tcpick-0.2.1.tar.gz
=> `tcpick-0.2.1.tar.gz’
Resolving fifo… 192.168.0.12
Connecting to fifo|192.168.0.12|:8080… connected.
Proxy request sent, awaiting response… 301 Moved Permanently
Location: http://downloads.sourceforge.net/tcpick/tcpick-0.2.1.tar.gz [following]
–16:52:19– http://downloads.sourceforge.net/tcpick/tcpick-0.2.1.tar.gz
=> `tcpick-0.2.1.tar.gz’
Connecting to fifo|192.168.0.12|:8080… connected.
Proxy request sent, awaiting response… 302 Moved Temporarily
Location: http://jaist.dl.sourceforge.net/sourceforge/tcpick/tcpick-0.2.1.tar.gz [following]
–16:52:20– http://jaist.dl.sourceforge.net/sourceforge/tcpick/tcpick-0.2.1.tar.gz
=> `tcpick-0.2.1.tar.gz’
Connecting to fifo|192.168.0.12|:8080… connected.
Proxy request sent, awaiting response… 200 OK
Length: 175,871 (172K) [application/x-gzip]

100%[================================>] 175,871 996.41K/s

16:52:20 (996.14 KB/s) – `tcpick-0.2.1.tar.gz’ saved [175871/175871]

２）ファイルの展開
[root@infosystem src]# tar zxvf tcpick-0.2.1.tar.gz
tcpick-0.2.1/
tcpick-0.2.1/doc/
tcpick-0.2.1/doc/AUTHORS.html
tcpick-0.2.1/doc/ChangeLog.html
tcpick-0.2.1/doc/EXAMPLES.html
tcpick-0.2.1/doc/EXAMPLES.it.html
tcpick-0.2.1/doc/INTERNALS.html
tcpick-0.2.1/doc/KNOWN-BUGS.html
tcpick-0.2.1/doc/README.html
tcpick-0.2.1/doc/README.it.html
tcpick-0.2.1/doc/TODO.html
tcpick-0.2.1/doc/AUTHORS.texinfo
tcpick-0.2.1/doc/ChangeLog.texinfo
tcpick-0.2.1/doc/EXAMPLES.it.texinfo
tcpick-0.2.1/doc/EXAMPLES.texinfo
tcpick-0.2.1/doc/INTERNALS.texinfo
tcpick-0.2.1/doc/KNOWN-BUGS.texinfo
tcpick-0.2.1/doc/README.it.texinfo
tcpick-0.2.1/doc/README.texinfo
tcpick-0.2.1/doc/template.texinfo
tcpick-0.2.1/doc/TODO.texinfo
tcpick-0.2.1/src/
tcpick-0.2.1/src/Makefile.EDITME
tcpick-0.2.1/src/config.h.EDITME
tcpick-0.2.1/src/Makefile.am
tcpick-0.2.1/src/Makefile.in
tcpick-0.2.1/src/config.h.in
tcpick-0.2.1/src/args.c
tcpick-0.2.1/src/display.c
tcpick-0.2.1/src/lookup_tree.c
tcpick-0.2.1/src/lookup_query.c
tcpick-0.2.1/src/loop.c
tcpick-0.2.1/src/tracker.c
tcpick-0.2.1/src/tcpick.c
tcpick-0.2.1/src/write.c
tcpick-0.2.1/src/datalink.c
tcpick-0.2.1/src/verify.c
tcpick-0.2.1/src/colors.c
tcpick-0.2.1/src/time.c
tcpick-0.2.1/src/timer.c
tcpick-0.2.1/src/timer.h
tcpick-0.2.1/src/debug.c
tcpick-0.2.1/src/fragments.c
tcpick-0.2.1/src/conn.h
tcpick-0.2.1/src/ip.h
tcpick-0.2.1/src/tcp.h
tcpick-0.2.1/src/udp.h
tcpick-0.2.1/src/tcpick.h
tcpick-0.2.1/src/flags.h
tcpick-0.2.1/src/fragment.h
tcpick-0.2.1/src/globals.h
tcpick-0.2.1/src/extern.h
tcpick-0.2.1/src/text.h
tcpick-0.2.1/src/colors.h
tcpick-0.2.1/src/def.h
tcpick-0.2.1/src/lookup.h
tcpick-0.2.1/src/quit.c
tcpick-0.2.1/src/msg.c
tcpick-0.2.1/README
tcpick-0.2.1/configure.in
tcpick-0.2.1/aclocal.m4
tcpick-0.2.1/Makefile.am
tcpick-0.2.1/Makefile.in
tcpick-0.2.1/configure
tcpick-0.2.1/AUTHORS
tcpick-0.2.1/COPYING
tcpick-0.2.1/ChangeLog
tcpick-0.2.1/INSTALL
tcpick-0.2.1/NEWS
tcpick-0.2.1/THANKS
tcpick-0.2.1/TODO
tcpick-0.2.1/depcomp
tcpick-0.2.1/install-sh
tcpick-0.2.1/missing
tcpick-0.2.1/mkinstalldirs
tcpick-0.2.1/INTERNALS
tcpick-0.2.1/INTERNALS.old
tcpick-0.2.1/KNOWN-BUGS
tcpick-0.2.1/tcpick.8
tcpick-0.2.1/public_key.asc
tcpick-0.2.1/public_key_OLD.asc
tcpick-0.2.1/public_key_OLD.revoke
tcpick-0.2.1/public_key_message.txt
tcpick-0.2.1/PLATFORMS.compile
tcpick-0.2.1/PLATFORMS.running
tcpick-0.2.1/PLATFORMS.old
tcpick-0.2.1/EXAMPLES
tcpick-0.2.1/VERSION
tcpick-0.2.1/Makefile.EDITME
tcpick-0.2.1/autogen.sh
tcpick-0.2.1/README.it
tcpick-0.2.1/EXAMPLES.it
tcpick-0.2.1/tcpick_italian.8
tcpick-0.2.1/INSTALL.it
tcpick-0.2.1/OPTIONS
tcpick-0.2.1/OPTIONS.it

[root@infosystem src]# chown -R root.root tcpick-0.2.1

[root@infosystem src]# cd tcpick-0.2.1

３）Makefileを作成する
[root@infosystem tcpick-0.2.1]# ./configure
checking for a BSD-compatible install… /usr/bin/install -c
checking whether build environment is sane… yes
checking for gawk… gawk
checking whether make sets $(MAKE)… yes
checking for gcc… gcc
checking for C compiler default output file name… a.out
checking whether the C compiler works… yes
checking whether we are cross compiling… no
checking for suffix of executables…
checking for suffix of object files… o
checking whether we are using the GNU C compiler… yes
checking whether gcc accepts -g… yes
checking for gcc option to accept ANSI C… none needed
checking for style of include used by make… GNU
checking dependency style of gcc… gcc3
checking for pcap_loop in -lpcap… yes
checking for an ANSI C-conforming const… yes
checking how to run the C preprocessor… gcc -E
checking for egrep… grep -E
checking for ANSI C header files… yes
checking for sys/types.h… yes
checking for sys/stat.h… yes
checking for stdlib.h… yes
checking for string.h… yes
checking for memory.h… yes
checking for strings.h… yes
checking for inttypes.h… yes
checking for stdint.h… yes
checking for unistd.h… yes
checking for stdlib.h… (cached) yes
checking for GNU libc compatible malloc… yes
checking for working memcmp… yes
checking for ANSI C header files… (cached) yes
checking arpa/inet.h usability… yes
checking arpa/inet.h presence… yes
checking for arpa/inet.h… yes
checking netdb.h usability… yes
checking netdb.h presence… yes
checking for netdb.h… yes
checking netinet/in_systm.h usability… yes
checking netinet/in_systm.h presence… yes
checking for netinet/in_systm.h… yes
checking netinet/udp.h usability… yes
checking netinet/udp.h presence… yes
checking for netinet/udp.h… yes
checking netinet/in.h usability… yes
checking netinet/in.h presence… yes
checking for netinet/in.h… yes
checking sys/socket.h usability… yes
checking sys/socket.h presence… yes
checking for sys/socket.h… yes
checking getopt.h usability… yes
checking getopt.h presence… yes
checking for getopt.h… yes
checking pcap.h usability… yes
checking pcap.h presence… yes
checking for pcap.h… yes
checking pcap/pcap.h usability… no
checking pcap/pcap.h presence… no
checking for pcap/pcap.h… no
checking time.h usability… yes
checking time.h presence… yes
checking for time.h… yes
checking sys/time.h usability… yes
checking sys/time.h presence… yes
checking for sys/time.h… yes
checking errno.h usability… yes
checking errno.h presence… yes
checking for errno.h… yes
checking stdarg.h usability… yes
checking stdarg.h presence… yes
checking for stdarg.h… yes
checking signal.h usability… yes
checking signal.h presence… yes
checking for signal.h… yes
checking for netinet/ip.h… yes
checking for net/if.h… yes
checking for netinet/if_ether.h… yes
checking for gethostbyaddr… yes
checking for getservbyport… yes
checking for gettimeofday… yes
checking for inet_ntoa… yes
checking for strdup… yes
checking for strndup… yes
checking for strtol… yes
checking for getopt… yes
checking for getopt_long… yes
checking for asctime… yes
checking for atoi… yes
checking for getuid… yes
checking for isascii… yes
checking for isgraph… yes
checking for iscntrl… yes
checking for vfprintf… yes
checking for localtime… yes
checking for vprintf… yes
checking for setuid… yes
checking for perror… yes
checking for signal… yes
checking for setitimer… yes
checking for strftime… yes
checking for time… yes
checking for unlink… yes
checking for mkdir… yes
checking for atexit… yes
checking for _exit… yes
configure: creating ./config.status
config.status: creating Makefile
config.status: creating src/Makefile
config.status: creating src/config.h
config.status: executing depfiles commands

４）makeする
[root@infosystem tcpick-0.2.1]# make
Making all in src
make[1]: Entering directory `/usr/local/src/tcpick-0.2.1/src’
make all-am
make[2]: Entering directory `/usr/local/src/tcpick-0.2.1/src’
if gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -MT args.o -MD -MP -MF “.deps/args.Tpo” -c -o args.o args.c; \
then mv -f “.deps/args.Tpo” “.deps/args.Po”; else rm -f “.deps/args.Tpo”; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -MT display.o -MD -MP -MF “.deps/display.Tpo” -c -o display.o display.c; \
then mv -f “.deps/display.Tpo” “.deps/display.Po”; else rm -f “.deps/display.Tpo”; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -MT lookup_tree.o -MD -MP -MF “.deps/lookup_tree.Tpo” -c -o lookup_tree.o lookup_tree.c; \
then mv -f “.deps/lookup_tree.Tpo” “.deps/lookup_tree.Po”; else rm -f “.deps/lookup_tree.Tpo”; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -MT lookup_query.o -MD -MP -MF “.deps/lookup_query.Tpo” -c -o lookup_query.o lookup_query.c; \
then mv -f “.deps/lookup_query.Tpo” “.deps/lookup_query.Po”; else rm -f “.deps/lookup_query.Tpo”; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -MT loop.o -MD -MP -MF “.deps/loop.Tpo” -c -o loop.o loop.c; \
then mv -f “.deps/loop.Tpo” “.deps/loop.Po”; else rm -f “.deps/loop.Tpo”; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -MT tracker.o -MD -MP -MF “.deps/tracker.Tpo” -c -o tracker.o tracker.c; \
then mv -f “.deps/tracker.Tpo” “.deps/tracker.Po”; else rm -f “.deps/tracker.Tpo”; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -MT tcpick.o -MD -MP -MF “.deps/tcpick.Tpo” -c -o tcpick.o tcpick.c; \
then mv -f “.deps/tcpick.Tpo” “.deps/tcpick.Po”; else rm -f “.deps/tcpick.Tpo”; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -MT write.o -MD -MP -MF “.deps/write.Tpo” -c -o write.o write.c; \
then mv -f “.deps/write.Tpo” “.deps/write.Po”; else rm -f “.deps/write.Tpo”; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -MT datalink.o -MD -MP -MF “.deps/datalink.Tpo” -c -o datalink.o datalink.c; \
then mv -f “.deps/datalink.Tpo” “.deps/datalink.Po”; else rm -f “.deps/datalink.Tpo”; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -MT verify.o -MD -MP -MF “.deps/verify.Tpo” -c -o verify.o verify.c; \
then mv -f “.deps/verify.Tpo” “.deps/verify.Po”; else rm -f “.deps/verify.Tpo”; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -MT colors.o -MD -MP -MF “.deps/colors.Tpo” -c -o colors.o colors.c; \
then mv -f “.deps/colors.Tpo” “.deps/colors.Po”; else rm -f “.deps/colors.Tpo”; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -MT time.o -MD -MP -MF “.deps/time.Tpo” -c -o time.o time.c; \
then mv -f “.deps/time.Tpo” “.deps/time.Po”; else rm -f “.deps/time.Tpo”; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -MT timer.o -MD -MP -MF “.deps/timer.Tpo” -c -o timer.o timer.c; \
then mv -f “.deps/timer.Tpo” “.deps/timer.Po”; else rm -f “.deps/timer.Tpo”; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -MT debug.o -MD -MP -MF “.deps/debug.Tpo” -c -o debug.o debug.c; \
then mv -f “.deps/debug.Tpo” “.deps/debug.Po”; else rm -f “.deps/debug.Tpo”; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -MT fragments.o -MD -MP -MF “.deps/fragments.Tpo” -c -o fragments.o fragments.c; \
then mv -f “.deps/fragments.Tpo” “.deps/fragments.Po”; else rm -f “.deps/fragments.Tpo”; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -MT quit.o -MD -MP -MF “.deps/quit.Tpo” -c -o quit.o quit.c; \
then mv -f “.deps/quit.Tpo” “.deps/quit.Po”; else rm -f “.deps/quit.Tpo”; exit 1; fi
if gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -MT msg.o -MD -MP -MF “.deps/msg.Tpo” -c -o msg.o msg.c; \
then mv -f “.deps/msg.Tpo” “.deps/msg.Po”; else rm -f “.deps/msg.Tpo”; exit 1; fi
gcc -g -O2 -o tcpick args.o display.o lookup_tree.o lookup_query.o loop.o tracker.o tcpick.o write.o datalink.o verify.o colors.o time.o timer.o debug.o fragments.o quit.o msg.o -lpcap
make[2]: Leaving directory `/usr/local/src/tcpick-0.2.1/src’
make[1]: Leaving directory `/usr/local/src/tcpick-0.2.1/src’
make[1]: Entering directory `/usr/local/src/tcpick-0.2.1′
make[1]: Nothing to be done for `all-am’.
make[1]: Leaving directory `/usr/local/src/tcpick-0.2.1′

５）インストールリンクする
[root@infosystem tcpick-0.2.1]# make install
Making install in src
make[1]: Entering directory `/usr/local/src/tcpick-0.2.1/src’
make[2]: Entering directory `/usr/local/src/tcpick-0.2.1/src’
test -z “/usr/local/bin” || mkdir -p — “/usr/local/bin”
/usr/bin/install -c ‘tcpick’ ‘/usr/local/bin/tcpick’
make[2]: Nothing to be done for `install-data-am’.
make[2]: Leaving directory `/usr/local/src/tcpick-0.2.1/src’
make[1]: Leaving directory `/usr/local/src/tcpick-0.2.1/src’
make[1]: Entering directory `/usr/local/src/tcpick-0.2.1′
make[2]: Entering directory `/usr/local/src/tcpick-0.2.1′
make[2]: Nothing to be done for `install-exec-am’.
test -z “/usr/local/man/man8” || mkdir -p — “/usr/local/man/man8”
/usr/bin/install -c -m 644 ‘./tcpick.8’ ‘/usr/local/man/man8/tcpick.8’
/usr/bin/install -c -m 644 ‘./tcpick_italian.8’ ‘/usr/local/man/man8/tcpick_italian.8’
make[2]: Leaving directory `/usr/local/src/tcpick-0.2.1′
make[1]: Leaving directory `/usr/local/src/tcpick-0.2.1′

２．tcpickを使う
１）このオプションは指定したポートに対して、二進データや圧縮ファイルをsniffingするのに役に立つ
datファイルが作成されて、バイナリデータが書き込まれました。
[root@infosystem ~]# tcpick -i eth0 -wR “port ssh”
Starting tcpick 0.2.1 at 2007-12-14 11:18 JST
Timeout for connections is 600
tcpick: listening on eth0
setting filter: “port ssh”
1 SYN-SENT 192.168.3.61:1283 > 192.168.3.6:ssh
1 SYN-RECEIVED 192.168.3.61:1283 > 192.168.3.6:ssh
1 ESTABLISHED 192.168.3.61:1283 > 192.168.3.6:ssh
1 FIN-WAIT-1 192.168.3.61:1283 > 192.168.3.6:ssh
1 TIME-WAIT 192.168.3.61:1283 > 192.168.3.6:ssh
1 CLOSED 192.168.3.61:1283 > 192.168.3.6:ssh

[root@infosystem ~]# ls -al
-rw-r–r– 1 root root 4123 Dec 14 11:19 tcpick_192.168.3.61_192.168.3.6_ssh.clnt.dat
-rw-r–r– 1 root root 2747 Dec 14 11:19 tcpick_192.168.3.61_192.168.3.6_ssh.serv.dat

２）基本コマンド、サービスのプロトコル流れを追うことが出来る
[root@infosystem ~]# tcpick -i eth0 -C
Starting tcpick 0.2.1 at 2007-12-14 11:13 JST
Timeout for connections is 600
tcpick: listening on eth0
1 SYN-SENT 192.168.3.61:1277 > 192.168.3.6:ssh
1 SYN-RECEIVED 192.168.3.61:1277 > 192.168.3.6:ssh
1 ESTABLISHED 192.168.3.61:1277 > 192.168.3.6:ssh
1 FIN-WAIT-1 192.168.3.61:1277 > 192.168.3.6:ssh
1 TIME-WAIT 192.168.3.61:1277 > 192.168.3.6:ssh
1 CLOSED 192.168.3.61:1277 > 192.168.3.6:ssh

[root@infosystem ~]# tcpick -i eth0 -C
Starting tcpick 0.2.1 at 2007-12-04 17:17 JST
Timeout for connections is 600
tcpick: listening on eth0
1 SYN-SENT 192.168.3.61:zephyr-hm > 192.168.3.6:ssh
1 SYN-RECEIVED 192.168.3.61:zephyr-hm > 192.168.3.6:ssh
1 ESTABLISHED 192.168.3.61:zephyr-hm > 192.168.3.6:ssh
1 FIN-WAIT-1 192.168.3.61:zephyr-hm > 192.168.3.6:ssh
1 TIME-WAIT 192.168.3.61:zephyr-hm > 192.168.3.6:ssh
1 CLOSED 192.168.3.61:zephyr-hm > 192.168.3.6:ssh

３）sshポートに対して、リビルドされたストリームを表示し、クライアント側で表示するのに適さないキャラクタだけが、hexコードとして表示される。さらにトラック数指定により、高トラフィックなネットワーク機器で非常に有利な設定を行っている
[root@infosystem ~]# tcpick -i eth0 -C -bCU -T1 “port 22”
Starting tcpick 0.2.1 at 2007-12-07 16:06 JST
Number of connections that will be tracked: 1
Timeout for connections is 600
tcpick: listening on eth0
setting filter: “port 22”
1 SYN-SENT 192.168.3.61:1588 > 192.168.3.6:ssh
1 SYN-RECEIVED 192.168.3.61:1588 > 192.168.3.6:ssh
1 ESTABLISHED 192.168.3.61:1588 > 192.168.3.6:ssh
SSH-1.99-OpenSSH_3.9p1
<00><00><02>|<0b><14><b0>b<bd>P@H<ba>J<a8><1d>?6n<89><c5><d2><00><00>
<00>Ydiffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman
-group1-sha1<00><00><00><0f>ssh-rsa,ssh-dss<00><00><00><87>aes128-cbc,3des
-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu
.se,aes128-ctr,aes192-ctr,aes256-ctr<00><00><00><87>aes128-cbc,3des-cbc,blowfish
-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr
,aes192-ctr,aes256-ctr<00><00><00>Uhmac-md5,hmac-sha1,hmac-ripemd160,hmac-
ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96<00><00><00>Uhmac-md5,hmac-
sha1,hmac-ripemd160,hmacripemd160@openssh.com,hmac-sha1-96,hmac-md5-96<00>
<00><00> none,zlib<00><00><00>none,zlib<00><00><00><00><00><00><00><00>
<00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><00><f9>
<b6><0c><bf>a<dd><ba>3d<f8><b6>%BV<fc>-<f3>!<1b><1d><80><f4>Uh<16><c5>
<d6>)<b0><a4><02>(<86><1b><ee>{D<97>DM<d9>7^<f7><e8><99>{<b7>)Lj<a0><97>
<a1><e5><ad>G<db>r<c1>IV<89><8f><d1><1c><a2><92><ed>v!^ <d8><06>x5<15>
(<d5><f0><92>g<b2><92><14><15><9c><0c><b6><95><ee><cc><90><e0>\<0e>!7N
<d6><f0>GY<b3><f0><e1>b<ee>,<fb><c8>%<9b><c1><a1><f2><8c><80><97><00>
<e1><f3><ec><ba>$<a9><9a>x<bc><cc>nwcHpX7<f8>j+J4<db>Y’SF<89><05><17>
<98><02>x<8f>R<c3>7<e0><R<c9><95<15>N<af><ee>r<f9><ca>2<a9><89><aa>
E<ad>h”<05>9<a6><aa>0*<ea>M<cc><ce>~o<cf>m<ee>WDE<11><b4><ba><f5><b4>
<83>-‘$<7f><de><d2>1<16><84><13><b1>*<0e><11>G<a5>plV#<<bb><00><00>
<00><01><02><00><00><00><00><00><00><00><00><00><00><02>!<00><00>
<00><95><00><00><00><07>ssh-rsa<00><00><00><01>#<00><00><00><81><00>
<bb>)%<02><b3><fd><b0><aa><b5>{3_<c9><9b>^<7f><fe>n<01>,<bd>G<b7>&[<ff>
<9a><e4><a4><de><f7><87><b8>ozl<b5><af><f1><06>#<14>BC<05>1$<ea><be>
<d3><c4><97><ef><fb>K<ef><9a><e8> ‘r<90>h<a5>{<92><e6>’W<ed>I<df>~^?<8e>
<8f><a8><d3><b4><c2><fe><1f>)<c0><c8><b4>$Y<db>`<cc><b6> <9f>+<7f><88>
5<b3><8e><1d>o<f9>”<c3><aa><d9>R5 <cd><85>|<cc><b4><89><fc><de><fd>
<1d><ef><c3>c<c5><a7><90><9f><00><00><01><00>)<d4>

途中省略

1 FIN-WAIT-1 192.168.3.61:1588 > 192.168.3.6:ssh
1 TIME-WAIT 192.168.3.61:1588 > 192.168.3.6:ssh
1 CLOSED 192.168.3.61:1588 > 192.168.3.6:ssh

以上

コメント