La commande ultime pour filtrer les paquets IPv4 qui proviennent probablement de fuites sur le GPON :
tcpdump -nnevv '( broadcast or multicast ) and ( net 192.168.0.0/16 or net 172.16.0.0/12 or net 10.0.0.0/8 ) and ! net 172.16.100.9'
On écoute tout ce qui est broadcast ou multicast sur les adresses IPv4 dites privées sauf 172.16.100.9 qui est le serveur DHCP de K-Net et transmets des paquets légitimes en broadcast dans le GPON pour les clients DHCP.
Exemple sur quelques secondes :
root@HERMES:~$ tcpdump -i ethwan -nnevv '( broadcast or multicast ) and ( net 192.168.0.0/16 or net 172.16.0.0/12 or net 10.0.0.0/8 ) and ! net 172.16.100.9'
tcpdump: listening on ethwan, link-type EN10MB (Ethernet), capture size 262144 bytes
12:50:13.338708 40:3f:8c:85:8a:5a > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.26 tell 192.168.1.36, length 46
12:50:13.338739 40:3f:8c:85:8a:5a > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.1 tell 192.168.1.36, length 46
12:50:14.338802 40:3f:8c:85:8a:5a > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.56 tell 192.168.1.36, length 46
12:50:15.338708 40:3f:8c:85:8a:5a > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.25 tell 192.168.1.36, length 46
12:50:15.699658 60:a4:b7:ef:cc:2e > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 777: (tos 0xa0, ttl 64, id 3937, offset 0, flags [none], proto UDP (17), length 763)
192.168.1.56.34993 > 255.255.255.255.29810: [udp sum ok] UDP, length 735
12:50:17.307280 78:62:56:4d:99:e1 > 01:00:5e:00:00:fb, ethertype IPv4 (0x0800), length 136: (tos 0x0, ttl 255, id 60607, offset 0, flags [DF], proto UDP (17), length 122)
192.168.1.19.5353 > 224.0.0.251.5353: [udp sum ok] 8 [2q] PTR (QM)? _%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local. PTR (QM)? _googlecast._tcp.local. (94)
12:50:17.310217 54:60:09:ff:56:f8 > 01:00:5e:00:00:fb, ethertype IPv4 (0x0800), length 385: (tos 0x0, ttl 255, id 0, offset 0, flags [DF], proto UDP (17), length 371)
192.168.1.36.5353 > 224.0.0.251.5353: [udp sum ok] 0*- [0q] 1/0/3 _googlecast._tcp.local. PTR Google-Home-567e9bc21c37d610e479da487ee3cb5b._googlecast._tcp.local. ar: Google-Home-567e9bc21c37d610e479da487ee3cb5b._googlecast._tcp.local. (Cache flush) TXT "id=567e9bc21c37d610e479da487ee3cb5b" "cd=D3323C35CC1CD90DB0DB42FCE03BA8E3" "rm=" "ve=05" "md=Google Home" "ic=/setup/icon.png" "fn=Salon" "ca=199172" "st=0" "bs=FA8FCA7B45A9" "nf=1" "rs=", Google-Home-567e9bc21c37d610e479da487ee3cb5b._googlecast._tcp.local. (Cache flush) SRV 567e9bc2-1c37-d610-e479-da487ee3cb5b.local.:8009 0 0, 567e9bc2-1c37-d610-e479-da487ee3cb5b.local. (Cache flush) A 192.168.1.36 (343)
12:50:18.338833 40:3f:8c:85:8a:5a > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.40 tell 192.168.1.36, length 46
12:50:19.338895 40:3f:8c:85:8a:5a > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.58 tell 192.168.1.36, length 46
12:50:20.805781 40:3f:8c:85:8a:5a > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.36 tell 192.168.1.36, length 46
12:50:20.806905 60:31:97:7a:84:da > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.36 tell 45.83.228.34, length 46
12:50:21.194722 f0:9f:c2:7c:6a:73 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.1 (ff:ff:ff:ff:ff:ff) tell 192.168.1.26, length 46
12:50:25.338927 40:3f:8c:85:8a:5a > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.1 tell 192.168.1.36, length 46
12:50:25.719370 60:a4:b7:ef:cc:2e > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 777: (tos 0xa0, ttl 64, id 57677, offset 0, flags [none], proto UDP (17), length 763)
192.168.1.56.34993 > 255.255.255.255.29810: [udp sum ok] UDP, length 735
12:50:26.338864 40:3f:8c:85:8a:5a > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.56 tell 192.168.1.36, length 46
12:50:27.338958 40:3f:8c:85:8a:5a > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.25 tell 192.168.1.36, length 46
12:50:30.338864 40:3f:8c:85:8a:5a > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.40 tell 192.168.1.36, length 46
12:50:31.339114 40:3f:8c:85:8a:5a > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.58 tell 192.168.1.36, length 46
12:50:32.339052 40:3f:8c:85:8a:5a > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.26 tell 192.168.1.36, length 46
12:50:35.739739 60:a4:b7:ef:cc:2e > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 777: (tos 0xa0, ttl 64, id 58703, offset 0, flags [none], proto UDP (17), length 763)
192.168.1.56.34993 > 255.255.255.255.29810: [udp sum ok] UDP, length 735
12:50:37.310967 78:62:56:4d:99:e1 > 01:00:5e:00:00:fb, ethertype IPv4 (0x0800), length 136: (tos 0x0, ttl 255, id 62186, offset 0, flags [DF], proto UDP (17), length 122)
192.168.1.19.5353 > 224.0.0.251.5353: [udp sum ok] 9 [2q] PTR (QM)? _%9E5E7C8F47989526C9BCD95D24084F6F0B27C5ED._sub._googlecast._tcp.local. PTR (QM)? _googlecast._tcp.local. (94)
12:50:37.317215 54:60:09:ff:56:f8 > 01:00:5e:00:00:fb, ethertype IPv4 (0x0800), length 385: (tos 0x0, ttl 255, id 0, offset 0, flags [DF], proto UDP (17), length 371)
192.168.1.36.5353 > 224.0.0.251.5353: [udp sum ok] 0*- [0q] 1/0/3 _googlecast._tcp.local. PTR Google-Home-567e9bc21c37d610e479da487ee3cb5b._googlecast._tcp.local. ar: Google-Home-567e9bc21c37d610e479da487ee3cb5b._googlecast._tcp.local. (Cache flush) TXT "id=567e9bc21c37d610e479da487ee3cb5b" "cd=D3323C35CC1CD90DB0DB42FCE03BA8E3" "rm=" "ve=05" "md=Google Home" "ic=/setup/icon.png" "fn=Salon" "ca=199172" "st=0" "bs=FA8FCA7B45A9" "nf=1" "rs=", Google-Home-567e9bc21c37d610e479da487ee3cb5b._googlecast._tcp.local. (Cache flush) SRV 567e9bc2-1c37-d610-e479-da487ee3cb5b.local.:8009 0 0, 567e9bc2-1c37-d610-e479-da487ee3cb5b.local. (Cache flush) A 192.168.1.36 (343)
12:50:37.339145 40:3f:8c:85:8a:5a > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.1 tell 192.168.1.36, length 46
^C
23 packets captured
23 packets received by filter
0 packets dropped by kernel