J'ai parlé trop vite pour les fuites d'adresses privées qui sont parties…
Ma commande initiale ne les capte pas les IP en 224.xxx (mdns)
Donc en ayant ajusté la commande, on voit encore des fuites qui implique des adresses privées :
root@HERMES:~$ tcpdump -i ethwan -tnev "ether[6:2] == 0x001e and ether[8:1] == 0x80" | grep -e " 192.168." -e " 10." -e " 172.16." -B1
tcpdump: listening on ethwan, link-type EN10MB (Ethernet), capture size 262144 bytes
00:1e:80:9b:2f:90 > 01:00:5e:00:00:fb, ethertype IPv4 (0x0800), length 86: (tos 0x0, ttl 1, id 33548, offset 0, flags [DF], proto UDP (17), length 72)
92.118.99.232.55782 > 224.0.0.251.5353: 11533 PTR (QM)? 192.168.1.203.in-addr.arpa. (44)
00:1e:80:9b:2f:90 > 01:00:5e:00:00:fb, ethertype IPv4 (0x0800), length 86: (tos 0x0, ttl 1, id 33549, offset 0, flags [DF], proto UDP (17), length 72)
92.118.99.232.57556 > 224.0.0.251.5353: 11534 PTR (QM)? 192.168.1.203.in-addr.arpa. (44)
00:1e:80:9b:2f:90 > 01:00:5e:00:00:fb, ethertype IPv4 (0x0800), length 86: (tos 0x0, ttl 1, id 33551, offset 0, flags [DF], proto UDP (17), length 72)
92.118.99.232.44442 > 224.0.0.251.5353: 11535 PTR (QM)? 192.168.1.243.in-addr.arpa. (44)
00:1e:80:9b:2f:90 > 01:00:5e:00:00:fb, ethertype IPv4 (0x0800), length 86: (tos 0x0, ttl 1, id 33552, offset 0, flags [DF], proto UDP (17), length 72)
92.118.99.232.47410 > 224.0.0.251.5353: 11536 PTR (QM)? 192.168.1.243.in-addr.arpa. (44)
00:1e:80:9b:2f:90 > 01:00:5e:00:00:fb, ethertype IPv4 (0x0800), length 86: (tos 0x0, ttl 1, id 33553, offset 0, flags [DF], proto UDP (17), length 72)
92.118.99.232.40434 > 224.0.0.251.5353: 11537 PTR (QM)? 192.168.1.201.in-addr.arpa. (44)
00:1e:80:9b:2f:90 > 01:00:5e:00:00:fb, ethertype IPv4 (0x0800), length 86: (tos 0x0, ttl 1, id 33554, offset 0, flags [DF], proto UDP (17), length 72)
92.118.99.232.59524 > 224.0.0.251.5353: 11538 PTR (QM)? 192.168.1.201.in-addr.arpa. (44)
00:1e:80:9b:2f:90 > 01:00:5e:00:00:fb, ethertype IPv4 (0x0800), length 86: (tos 0x0, ttl 1, id 33557, offset 0, flags [DF], proto UDP (17), length 72)
92.118.99.232.59130 > 224.0.0.251.5353: 11539 PTR (QM)? 192.168.1.202.in-addr.arpa. (44)
00:1e:80:9b:2f:90 > 01:00:5e:00:00:fb, ethertype IPv4 (0x0800), length 86: (tos 0x0, ttl 1, id 33558, offset 0, flags [DF], proto UDP (17), length 72)
92.118.99.232.56713 > 224.0.0.251.5353: 11540 PTR (QM)? 192.168.1.202.in-addr.arpa. (44)
--
00:1e:80:9b:2f:90 > 01:00:5e:00:00:fb, ethertype IPv4 (0x0800), length 86: (tos 0x0, ttl 1, id 34182, offset 0, flags [DF], proto UDP (17), length 72)
92.118.99.232.35433 > 224.0.0.251.5353: 11541 PTR (QM)? 192.168.1.209.in-addr.arpa. (44)
00:1e:80:9b:2f:90 > 01:00:5e:00:00:fb, ethertype IPv4 (0x0800), length 86: (tos 0x0, ttl 1, id 34183, offset 0, flags [DF], proto UDP (17), length 72)
92.118.99.232.59909 > 224.0.0.251.5353: 11542 PTR (QM)? 192.168.1.209.in-addr.arpa. (44)
00:1e:80:9b:2f:90 > 01:00:5e:00:00:fb, ethertype IPv4 (0x0800), length 86: (tos 0x0, ttl 1, id 34184, offset 0, flags [DF], proto UDP (17), length 72)
92.118.99.232.42246 > 224.0.0.251.5353: 11543 PTR (QM)? 192.168.1.203.in-addr.arpa. (44)
00:1e:80:9b:2f:90 > 01:00:5e:00:00:fb, ethertype IPv4 (0x0800), length 86: (tos 0x0, ttl 1, id 34186, offset 0, flags [DF], proto UDP (17), length 72)
92.118.99.232.50066 > 224.0.0.251.5353: 11544 PTR (QM)? 192.168.1.203.in-addr.arpa. (44)
00:1e:80:9b:2f:90 > 01:00:5e:00:00:fb, ethertype IPv4 (0x0800), length 86: (tos 0x0, ttl 1, id 34187, offset 0, flags [DF], proto UDP (17), length 72)
92.118.99.232.48482 > 224.0.0.251.5353: 11545 PTR (QM)? 192.168.1.243.in-addr.arpa. (44)
00:1e:80:9b:2f:90 > 01:00:5e:00:00:fb, ethertype IPv4 (0x0800), length 86: (tos 0x0, ttl 1, id 34188, offset 0, flags [DF], proto UDP (17), length 72)
92.118.99.232.47755 > 224.0.0.251.5353: 11546 PTR (QM)? 192.168.1.243.in-addr.arpa. (44)
--
00:1e:80:9b:2f:90 > 01:00:5e:00:00:fb, ethertype IPv4 (0x0800), length 86: (tos 0x0, ttl 1, id 34189, offset 0, flags [DF], proto UDP (17), length 72)
92.118.99.232.60920 > 224.0.0.251.5353: 11547 PTR (QM)? 192.168.1.201.in-addr.arpa. (44)
00:1e:80:9b:2f:90 > 01:00:5e:00:00:fb, ethertype IPv4 (0x0800), length 86: (tos 0x0, ttl 1, id 34190, offset 0, flags [DF], proto UDP (17), length 72)
92.118.99.232.47587 > 224.0.0.251.5353: 11548 PTR (QM)? 192.168.1.201.in-addr.arpa. (44)
00:1e:80:9b:2f:90 > 01:00:5e:00:00:fb, ethertype IPv4 (0x0800), length 86: (tos 0x0, ttl 1, id 34192, offset 0, flags [DF], proto UDP (17), length 72)
92.118.99.232.45269 > 224.0.0.251.5353: 11549 PTR (QM)? 192.168.1.120.in-addr.arpa. (44)
00:1e:80:9b:2f:90 > 01:00:5e:00:00:fb, ethertype IPv4 (0x0800), length 86: (tos 0x0, ttl 1, id 34193, offset 0, flags [DF], proto UDP (17), length 72)
92.118.99.232.42585 > 224.0.0.251.5353: 11550 PTR (QM)? 192.168.1.120.in-addr.arpa. (44)
00:1e:80:9b:2f:90 > 01:00:5e:00:00:fb, ethertype IPv4 (0x0800), length 86: (tos 0x0, ttl 1, id 34196, offset 0, flags [DF], proto UDP (17), length 72)
92.118.99.232.51903 > 224.0.0.251.5353: 11551 PTR (QM)? 192.168.1.202.in-addr.arpa. (44)
00:1e:80:9b:2f:90 > 01:00:5e:00:00:fb, ethertype IPv4 (0x0800), length 86: (tos 0x0, ttl 1, id 34197, offset 0, flags [DF], proto UDP (17), length 72)
92.118.99.232.51611 > 224.0.0.251.5353: 11552 PTR (QM)? 192.168.1.202.in-addr.arpa. (44)
^C122 packets captured
123 packets received by filter
0 packets dropped by kernel