Pour être sûr, je viens de refaire un dump en filtrant petit à petit pour ne rien louper.
Coté LAN : Absolument rien du WAN.
Ma k-box ne permet pas de téléphoner mais elle ne fuit pas!
Coté WAN : Tout le trafic extérieur vient de la passerelle K-net-Covage74. Je ne vois même pas les DHCP Discover, les ARP, les ICMP 4 ou 6 .
J'aimerais bien voir du SIP mais c'est silence téléphone chez moi!
Ma mac K-box LAN : finie en b6
Ma mac K-box WAN : finie en b4
Autres tests de mon côté.
TL;DR : je confirme ce que Steph a trouvé, sur 10 minutes de trace côté WAN : rien de suspect. Lorsque je prends des traces régulièrement côté LAN, rien de suspect non plus.
1. J'ai obtenu une trace WAN, après avoir rebranché mon PC directement sur l'ONT par :
$ sudo timeout 600 tcpdump -i enp3s0f4u1 -nev >trace-`date "+%F-%H-%M"`
2. j'ai ensuite "anonymisé mes adresses IP et MAC dans le fichier obtenu et recherché les paquets qui ne me concernaient pas :
$ grep ether anon |grep -v ma-mac
19:54:43.349750 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 113, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
19:55:12.133183 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 180, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
19:55:17.961273 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 167, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
19:55:43.423853 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 113, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
19:56:12.204715 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 180, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
19:56:18.021330 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 167, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
19:56:43.473737 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 113, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
19:57:12.295667 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 180, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
19:57:18.122548 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 167, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
19:57:43.577163 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 113, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
19:58:12.378247 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 180, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
19:58:18.214669 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 167, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
19:58:43.686676 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 113, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
19:59:12.484144 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 180, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
19:59:18.303763 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 167, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
19:59:43.756094 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 113, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
20:00:11.880361 00:02:5d:bb:1d:78 > 01:00:5e:10:8a:02, ethertype 802.1Q (0x8100), length 64: vlan 113, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
20:00:12.548478 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 180, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
20:00:18.353845 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 167, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
20:00:43.754904 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 113, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
20:01:12.489243 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 180, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
20:01:18.293895 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 167, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
20:01:43.687233 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 113, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
20:02:12.433424 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 180, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
20:02:18.248531 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 167, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
20:02:43.634368 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 113, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
20:03:12.370115 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 180, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
20:03:18.185380 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 167, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
20:03:43.577282 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 113, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
20:04:12.333938 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 180, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
20:04:18.138524 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 167, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
3. J'ai regardé de plus près ces (31) paquets, qui proviennent toujours de la même source Ethernet (routeur Covage ?), mais sur des VLAN différents.
$ grep -A1 IGMP trace-2022-04-26-19-54-anon|head -15
19:54:43.349750 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 113, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
10.0.0.113 > 224.0.0.1: igmp query v2
--
19:55:12.133183 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 180, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
10.0.0.110 > 224.0.0.1: igmp query v2
--
19:55:17.961273 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 167, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
10.0.0.11 > 224.0.0.1: igmp query v2 [max resp time 200]
--
19:55:43.423853 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 113, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
10.0.0.113 > 224.0.0.1: igmp query v2
--
19:56:12.204715 00:02:5d:bb:1d:78 > 01:00:5e:00:00:01, ethertype 802.1Q (0x8100), length 64: vlan 180, p 4, ethertype IPv4 (0x0800), (tos 0xc0, ttl 1, id 0, offset 0, flags [DF], proto IGMP (2), length 32, options (RA))
10.0.0.110 > 224.0.0.1: igmp query v2
--
4. J'ai vérifié que ces paquets viennent de 3 adresses IP distinctes, sur le réseau Covage a priori :
$ grep -A1 IGMP anon |grep -o "10.0.0.*> " |sed 's/ >//'|sort|uniq -c
10 10.0.0.11
10 10.0.0.110
11 10.0.0.113
Donc, pas de "pollution" par les autres types de paquets que voit bolemo...