Installation guide

Quarantined Networks

Determining Accessible Services Example

7-8

The final list of accessible services for this example is shown in the following

figure.

The complete tcpdump results for this example are shown below:

tcpdump -i eth0 -s0 -w /tmp/dns.pcap port 53 and host 172.21.20.20

waldo:~ # tcpdump -i eth0 -s0 port 53 and host 172.21.20.20

tcpdump: WARNING: eth0: no IPv4 address assigned

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

16:20:22.551309 IP 172.21.20.20.2586 > SA00.domain: 49734+ A?

windowsupdate.microsoft.com. (45)

16:20:22.552492 IP SA00.domain > 172.21.20.20.2586: 49734 NXDomain* 0/1/0 (96)

16:20:50.529861 IP 172.21.20.20.2586 > SA00.domain: 40773+ A?

windowsupdate.microsoft.com. (45)

16:20:50.531469 IP SA00.domain > 172.21.20.20.2586: 40773 NXDomain* 0/1/0 (96)

16:22:07.387959 IP 172.21.20.20.2586 > SA00.domain: 12107+ A?

windowsupdate.microsoft.com. (45)

16:22:07.491558 IP SA00.domain > 172.21.20.20.2586: 12107 2/1/1 CNAME

windowsupdate.microsoft.nsatc.net., A SA00 (148)

Figure 7-3. Final List of Accessible Services Example