According to the tcpdump output below, what is the IP address of the client host?
14:17:19.225220 IP 192.168.1.106.33239 > 192.168.1.127.22: S 4158312222, win
5840, options [mss 1460,sackOK,TS val 806043 ecr 0,nop,wscale 6]
14:17:19.242943 IP 192.168.1.127.22 > 192.168.1.106.33239: S. 4013568495 ack
4158312223, win 5792, options [mss 1460,sackOK,TS val 565852 ecr 806043,nop, wscale 6]
14:17:19.243111 IP 192.168.1.106.33239 > 192.168.1.127.22: . ack 1, win 92, options [nop,nop,TS
val 806045 ecr 565852] 14:17:19.264654 IP 192.168.1.127.22 > 192.168.1.106.33239: P. seq 1:40,
ack 1, win 91, options [nop,nop,TS val 565856 ecr 806045]
Answer: 192.168.1.106
Explanation:
192.168.1.127.22 means Port 22 on Host 192.168.1.127, which is the ssh-server;
Which leaves 192.168.1.106 as the client host.
———————————–
WARNING: actual IP may be different in the LPI test! (192.168.246.11 was the original IP i think)
192.168.1.106
IP 192.168.1.106
Tcpdump prints out a description of the contents of packets on a network interface that match the boolean expression. It can also be run
with the -w flag, which causes it to save the packet data to a file for later analysis, and/or with the -r flag, which causes it to read
from a saved packet file rather than to read packets from a network interface. In all cases, only packets that match expression will be
processed by tcpdump.