According to the tcpdump output below, what is the IP address of the client host?



02:12:40.511381 IP 192.168.246.11.1045 > 192.168.246.1.22: S 3838532429:3838532429(0) win 5840 <mss 1460,sackOK,timestamp 31325740,nop,wscale 2>

02:12:40.511540 IP 192.168.246.1.22 > 192.168.246.11.1045: S 1209330085:1209330085(0) ack 383853 2430 win 5792 <mss 1460,sackOK,timestamp 11553457 3132574,nop,wscale 0>

02:12:40.511755 IP 192.168.246.11.1045 > 192.168.246.1.22: . ack 1 win 1460 <nop,nop,timestamp 3 132574 11553457>

02:12:40.515122 IP 192.168.246.1.22 > 192.168.246.11.1045: P 1:26(25) ack 1 win 5792 <nop,nop,timestamp 11553460 3132574>

02:12:40.515511 IP 192.168.246.11.1045 > 192.168.246.1.22: . ack 26 win 1460 <nop,nop,timestamp 3132578 11553460>

02:12:40.515952 IP 192.168.246.11.1045 > 192.168.246.1.22: P 1:23(22) ack 26 win 1460 <nop,nop,timestamp 3132578 11553460>

Answer: 192.168.246.11

題解

「tcpdump」指令可以用來顯示網路介面的封包。

「192.168.246.11.1045 > 192.168.246.1.22」表示此封包是由「192.168.246.11」的1045埠傳給「192.168.246.1」的22埠,此為SSH伺服器的預設連接埠,因此我們可以推測出客戶端應為「192.168.246.11」