akostrikov · March 31, 2024 13:51
diff --git a/cap.sh b/cap.sh
 # Можно без capabilities пинговать
 akostrikov@DESKTOP-2F6SIC8:~$ sudo setcap cap_net_raw=-ep /usr/bin/ping
 [sudo] password for akostrikov:
 akostrikov@DESKTOP-2F6SIC8:~$ getcap /usr/bin/ping
 /usr/bin/ping =

 # Причем пинг идёт с ICMP
 akostrikov@DESKTOP-2F6SIC8:~$ sudo tcpdump -i any host 1.1.1.1 &
 [1] 684
 akostrikov@DESKTOP-2F6SIC8:~$ tcpdump: data link type LINUX_SLL2
 tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
 listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes

 akostrikov@DESKTOP-2F6SIC8:~$ ping 1.1.1.1 -c1
 PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
 64 bytes from 1.1.1.1: icmp_seq=1 ttl=49 time=25.3 ms

 --- 1.1.1.1 ping statistics ---
 1 packets transmitted, 1 received, 0% packet loss, time 0ms
 rtt min/avg/max/mdev = 25.272/25.272/25.272/0.000 ms
 akostrikov@DESKTOP-2F6SIC8:~$ 16:41:26.762637 eth0  Out IP 172.29.209.78 > one.one.one.one: ICMP echo request, id 2, seq 1, length 64
 16:41:26.787892 eth0  In  IP one.one.one.one > 172.29.209.78: ICMP echo reply, id 2, seq 1, length 64


 # Работает с помощью ping_group_range
 akostrikov@DESKTOP-2F6SIC8:~$ sudo sysctl net.ipv4.ping_group_range
 net.ipv4.ping_group_range = 0   2147483647
 # Отключаем
 akostrikov@DESKTOP-2F6SIC8:~$ sudo sysctl "net.ipv4.ping_group_range=1 0"
 net.ipv4.ping_group_range = 1 0
 akostrikov@DESKTOP-2F6SIC8:~$ ping 1.1.1.1 -c1
 akostrikov@DESKTOP-2F6SIC8:~$ sudo tcpdump -i any host 1.1.1.1 &
 [2] 1095
 akostrikov@DESKTOP-2F6SIC8:~$ tcpdump: data link type LINUX_SLL2
 tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
 listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes

 # Ничего не видно
 akostrikov@DESKTOP-2F6SIC8:~$ ping 1.1.1.1 -c1
 akostrikov@DESKTOP-2F6SIC8:~$
 akostrikov@DESKTOP-2F6SIC8:~$ fg
 sudo tcpdump -i any host 1.1.1.1
 ^C
 0 packets captured
 0 packets received by filter
 0 packets dropped by kernel
 akostrikov@DESKTOP-2F6SIC8:~$ sudo sysctl "net.ipv4.ping_group_range=1 2147483647"
 net.ipv4.ping_group_range = 1 2147483647

 akostrikov@DESKTOP-2F6SIC8:~$ sudo tcpdump -i any host 1.1.1.1 &
 [2] 1197
 akostrikov@DESKTOP-2F6SIC8:~$ tcpdump: data link type LINUX_SLL2
 tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
 listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes

 # Теперь видим ICMP пакеты
 akostrikov@DESKTOP-2F6SIC8:~$ ping 1.1.1.1 -c1
 PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
 64 bytes from 1.1.1.1: icmp_seq=1 ttl=49 time=23.6 ms

 --- 1.1.1.1 ping statistics ---
 1 packets transmitted, 1 received, 0% packet loss, time 0ms
 rtt min/avg/max/mdev = 23.643/23.643/23.643/0.000 ms
 akostrikov@DESKTOP-2F6SIC8:~$ 16:43:26.646968 eth0  Out IP 172.29.209.78 > one.one.one.one: ICMP echo request, id 3, seq 1, length 64
 16:43:26.670593 eth0  In  IP one.one.one.one > 172.29.209.78: ICMP echo reply, id 3, seq 1, length 64
 akostrikov@DESKTOP-2F6SIC8:~$ sudo setcap cap_net_raw=+ep /usr/bin/ping
 akostrikov@DESKTOP-2F6SIC8:~$ sudo sysctl "net.ipv4.ping_group_range=1 0"
 net.ipv4.ping_group_range = 1 0
 akostrikov@DESKTOP-2F6SIC8:~$ ping 1.1.1.1 -c1
 PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
 64 bytes from 1.1.1.1: icmp_seq=1 ttl=49 time=23.7 ms

 --- 1.1.1.1 ping statistics ---
 1 packets transmitted, 1 received, 0% packet loss, time 0ms
 rtt min/avg/max/mdev = 23.727/23.727/23.727/0.000 ms
 akostrikov@DESKTOP-2F6SIC8:~$ 16:44:08.397165 eth0  Out IP 172.29.209.78 > one.one.one.one: ICMP echo request, id 42818, seq 1, length 64
 16:44:08.420874 eth0  In  IP one.one.one.one > 172.29.209.78: ICMP echo reply, id 42818, seq 1, length 64

 akostrikov@DESKTOP-2F6SIC8:~$ fg
 sudo tcpdump -i any host 1.1.1.1
 ^C
 4 packets captured
 4 packets received by filter
 0 packets dropped by kernel
 akostrikov@DESKTOP-2F6SIC8:~$ sudo sysctl "net.ipv4.ping_group_range=1 2147483647"
 net.ipv4.ping_group_range = 1 2147483647
	# Можно без capabilities пинговать
	akostrikov@DESKTOP-2F6SIC8:~$ sudo setcap cap_net_raw=-ep /usr/bin/ping
	[sudo] password for akostrikov:
	akostrikov@DESKTOP-2F6SIC8:~$ getcap /usr/bin/ping
	/usr/bin/ping =

	# Причем пинг идёт с ICMP
	akostrikov@DESKTOP-2F6SIC8:~$ sudo tcpdump -i any host 1.1.1.1 &
	[1] 684
	akostrikov@DESKTOP-2F6SIC8:~$ tcpdump: data link type LINUX_SLL2
	tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
	listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes

	akostrikov@DESKTOP-2F6SIC8:~$ ping 1.1.1.1 -c1
	PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
	64 bytes from 1.1.1.1: icmp_seq=1 ttl=49 time=25.3 ms

	--- 1.1.1.1 ping statistics ---
	1 packets transmitted, 1 received, 0% packet loss, time 0ms
	rtt min/avg/max/mdev = 25.272/25.272/25.272/0.000 ms
	akostrikov@DESKTOP-2F6SIC8:~$ 16:41:26.762637 eth0 Out IP 172.29.209.78 > one.one.one.one: ICMP echo request, id 2, seq 1, length 64
	16:41:26.787892 eth0 In IP one.one.one.one > 172.29.209.78: ICMP echo reply, id 2, seq 1, length 64


	# Работает с помощью ping_group_range
	akostrikov@DESKTOP-2F6SIC8:~$ sudo sysctl net.ipv4.ping_group_range
	net.ipv4.ping_group_range = 0 2147483647
	# Отключаем
	akostrikov@DESKTOP-2F6SIC8:~$ sudo sysctl "net.ipv4.ping_group_range=1 0"
	net.ipv4.ping_group_range = 1 0
	akostrikov@DESKTOP-2F6SIC8:~$ ping 1.1.1.1 -c1
	akostrikov@DESKTOP-2F6SIC8:~$ sudo tcpdump -i any host 1.1.1.1 &
	[2] 1095
	akostrikov@DESKTOP-2F6SIC8:~$ tcpdump: data link type LINUX_SLL2
	tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
	listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes

	# Ничего не видно
	akostrikov@DESKTOP-2F6SIC8:~$ ping 1.1.1.1 -c1
	akostrikov@DESKTOP-2F6SIC8:~$
	akostrikov@DESKTOP-2F6SIC8:~$ fg
	sudo tcpdump -i any host 1.1.1.1
	^C
	0 packets captured
	0 packets received by filter
	0 packets dropped by kernel
	akostrikov@DESKTOP-2F6SIC8:~$ sudo sysctl "net.ipv4.ping_group_range=1 2147483647"
	net.ipv4.ping_group_range = 1 2147483647

	akostrikov@DESKTOP-2F6SIC8:~$ sudo tcpdump -i any host 1.1.1.1 &
	[2] 1197
	akostrikov@DESKTOP-2F6SIC8:~$ tcpdump: data link type LINUX_SLL2
	tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
	listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes

	# Теперь видим ICMP пакеты
	akostrikov@DESKTOP-2F6SIC8:~$ ping 1.1.1.1 -c1
	PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
	64 bytes from 1.1.1.1: icmp_seq=1 ttl=49 time=23.6 ms

	--- 1.1.1.1 ping statistics ---
	1 packets transmitted, 1 received, 0% packet loss, time 0ms
	rtt min/avg/max/mdev = 23.643/23.643/23.643/0.000 ms
	akostrikov@DESKTOP-2F6SIC8:~$ 16:43:26.646968 eth0 Out IP 172.29.209.78 > one.one.one.one: ICMP echo request, id 3, seq 1, length 64
	16:43:26.670593 eth0 In IP one.one.one.one > 172.29.209.78: ICMP echo reply, id 3, seq 1, length 64
	akostrikov@DESKTOP-2F6SIC8:~$ sudo setcap cap_net_raw=+ep /usr/bin/ping
	akostrikov@DESKTOP-2F6SIC8:~$ sudo sysctl "net.ipv4.ping_group_range=1 0"
	net.ipv4.ping_group_range = 1 0
	akostrikov@DESKTOP-2F6SIC8:~$ ping 1.1.1.1 -c1
	PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
	64 bytes from 1.1.1.1: icmp_seq=1 ttl=49 time=23.7 ms

	--- 1.1.1.1 ping statistics ---
	1 packets transmitted, 1 received, 0% packet loss, time 0ms
	rtt min/avg/max/mdev = 23.727/23.727/23.727/0.000 ms
	akostrikov@DESKTOP-2F6SIC8:~$ 16:44:08.397165 eth0 Out IP 172.29.209.78 > one.one.one.one: ICMP echo request, id 42818, seq 1, length 64
	16:44:08.420874 eth0 In IP one.one.one.one > 172.29.209.78: ICMP echo reply, id 42818, seq 1, length 64

	akostrikov@DESKTOP-2F6SIC8:~$ fg
	sudo tcpdump -i any host 1.1.1.1
	^C
	4 packets captured
	4 packets received by filter
	0 packets dropped by kernel
	akostrikov@DESKTOP-2F6SIC8:~$ sudo sysctl "net.ipv4.ping_group_range=1 2147483647"
	net.ipv4.ping_group_range = 1 2147483647