Tcpdump - Linux Command - Unix Command

ZITA

tcpdump - dump traffic pamutambo

SYNOPSIS

tcpdump [ -daflnNOpqRStuvxX ] [ -c count ]

[ -C file_size ] [ -F file ]

[ -i interface ] [ -m module ] [ -r file ]

[ -s snaplen ] [ -T aina ] [ -U user ] [ -w file ]

[ -E algo: pakavanzika ] [ kutaura ]

DESCRIPTION

Tcpdump inogadziridza musoro wepakiti pamusangano wekubatanidza unofananidzwa nemashoko ekureva . Inogonawo kutarisana ne-mureza, iyo inoita kuti ichengetedze data yepaketeni kune faira yezvekuongorora, uye / kana ne-- r flag, iyo inokonzera kuti iverenge kubva pakachengetedzwa kwepakiti pane pane kuverenga mapeti kubva pane network network. Muzviitiko zvose, mapepa chete anofanana nekutaura achashandurwa ne tcpdump .

Tcpdump ichaita, kana isiri kumhanya ne-- c mureza, ramba uchibata mapepa kusvikira yavhiringidzika nechiratidzo cheSIGINT (chakaitwa, somuenzaniso, nokunyora kukanganisa kwako, kazhinji kudzora-C) kana chiratidzo cheSIGTERM (chinowanzogadzirwa nechinouraya (1) murairo); kana ikamhanya ne-- c mureza, iyo inotora mapeti kusvikira yakanganiswa nechiratidzo cheSIGINT kana SIGTERM kana nhamba yakatarwa yepakiti yakashandurwa.

Apo tcpdump inopedza kutora mapaketi, icharondedzera kukosha kwe:

mapatete `` akagamuchirwa nemafuta '' (zvinoreva izvi zvinoenderana neA OS yauri kutamba tcpdump , uye zvichida nenzira iyo OS yakagadzirirwa - kana firiji yave yakataurwa pamutsara wekuraira, pane dzimwe OSes inokosha mapaketi pasinei nokuti akafananidzwa nemafungiro ekushambadzira, uye kune dzimwe OSes inongori mapepa akange akafananidzwa nemafungiro ekushambadzira uye akashandurwa ne tcpdump );

mapepa `` akakonzerwa ne kernel '' (iyi ndiyo nhamba yepakiti yakadonhedzwa, nekuda kwekushayikwa kwechigadziriswa nzvimbo, ne packet capture mechanism mu OS iyo tcpdump iri kushanda, kana OS inoshuma iyo mashoko kune zvichedzo; kana zvisingaiti, zvichazoti se 0).

Pazvikwata zvinotsigira chiratidzo cheSIGINFO, chakadai seSBD dzakawanda, ichazivisa izvo zvinoverengwa kana ichigamuchira chiratidzo cheSIGINFO (chakaitwa, somuenzaniso, nekunyora '`status' 'unhu, unowanzobata-T) uye hucharamba uchiwana mapepa .

Kuverenga mapepa kubva kune network network kunoda kuti uve neropafadzo dzakakosha:

Under SunOS 3.x kana 4.x neNIT kana BPF:

Iwe unofanira kunge wakaverenga kuwanikwa kune / dev / nit kana / dev / bpf * .

Pasi peSolaris neDLPI:

Iwe unofanirwa kuverenga / kunyora kugona kune keseti pseudo pseudo, seg / dev / le . Pane dzimwe shanduro dzeSolaris, zvisinei, izvi hazvikwanisi kubvumira tcpdump kuti inotora nenzira yakashata; pane iyo shanduro dzeSolaris, unofanira kunge uri mudzi, kana tcpdump inofanira kuiswa saridhi kumidzi, kuitira kuti inotora muhutano hwemaitiro. Cherechedza kuti, pane vakawanda (zvichida zvose) interfaces, kana iwe usati waita nenzira yakashata, haugoni kuona mapepa ari kubuda, saka kubatwa kwete kuitwa mumararamiro angave asingabatsiri.

Pasi pe HP-UX neDLPI:

Iwe unofanirwa kuva mudzi kana tcpdump inofanira kuiswa sarudzo kusvika kumidzi.

Pasi pe IRIX ne snoop:

Iwe unofanirwa kuva mudzi kana tcpdump inofanira kuiswa sarudzo kusvika kumidzi.

Pasi pe Linux:

Iwe unofanirwa kuva mudzi kana tcpdump inofanira kuiswa sarudzo kusvika kumidzi.

Pasi peUltrix uye Digital UNIX / Tru64 UNIX:

Chero chero upi zvake angashandisa network network ne tcpdump . Kunyange zvakadaro, hapana mushandisi (kwete kunyange mukuru-user) anogona kutora mu-promiscuous mode pane imwe shanduko kunze kwekuti mukuru-user akwanisa kubvumira mararamiro-mode mode pane iyo interface achishandisa pfconfig (8), uye hapana mushandisi (kwete kunyange mushumiri mukuru ) inogona kutora unicast motokari inogamuchirwa kana kutumirwa nemichina pane imwe shanduko kunze kwekuti mukuru-user akwanisa kukopa-yose-mode operation pane iyo interface achishandisa pfconfig , saka purogiramu inobata yakagadzirirwa pane zvingangodaro inoda kuti zvimwe zvinyengeri-maitiro kana kopi -all-mode operation, kana maviri maitiro ekushanda, anobvumira pane iyo inoratidzwa.

Pasi peBDD:

Iwe unofanira kunge wakaverenga kuwanikwa kune / dev / bpf * .

Kuverenga pakachengetwa papepa yefaira hakudi ropafadzo dzakakosha.

MASHOKO

-a

Kuedza kushandura mitambo uye kuparadzira mazita kune mazita.

-c

Buda mushure mekubvuma kuverenga mapepa.

-C

Usati wanyora pakambani pamba pakachengetedza, tarisa kana faira iri ikozvino yakakura kudarika file_size uye, kana zvakadaro, chengeta mafaira ekuchengetedza iye zvino uye uzarure imwe itsva. Zvinyorwa pashure pekuponesa kwekutanga zvichave nezita rinotsanangurwa ne --b flag, neine nhamba shure kwayo, kutanga pa2 nekuenderera mberi. Zvikamu zve file_size zviri mamiriyoni eheste (1 000 000 byte, kwete 1 048 576 byte ).

-d

Dzurai yakagadzirwa nekodhi-yekodhi inoenderana nemafomu anokwanisa kuverengwa kuvanhu uye kumira.

-dd

Dump paket-matching code se C p fragment.

-dd

Dump podet-matching code kana nhamba yekupedzisira (yakatarwa neverengi).

-e

Dhinda iyo-link-header musoro pamusara wega rimwe nerimwe.

-E

Shandisa algo: chakavanzika chekubvisa ipsec ESP pamapatete. Algorithms inogona kuva des-cbc , 3des-cbc , blowfish-cbc , rc3-cbc , cast128-cbc , kana kusina . Zvisizvo ndezve-cbc . Iko kukwanisa kubvisa mapeti aripo chete kana tcpdump yakanyorwa ne cryptography yakagadzirirwa. chakavanzika shanduro yeAscii yeESP yakavanzika. Hatigoni kutora bhinary zvinoshandiswa panguva ino. Iro sarudzo inotora RFC2406 ESP, kwete RFC1827 ESP. Izvo zvinoshandiswa ndezvokuti zvinangwa zvekugadzirisa, uye kushandiswa kwesarudzo iyi nechokwadi 'chivande' kiyi inodzwa mwoyo. Nokupa chipidhi chePsec pachivako chekurayira iwe unoita kuti ionekwe kune vamwe, kuburikidza ne ps (1) nezvimwe zviitiko.

-f

Pepanhau 'yekunze' yekombiyuta yekutengesa nhamba panzvimbo yekufananidzira (iyi sarudzo inotarisirwa kuenderera mberi nekukuvadza kwakakomba kweuropi muSp yp server - kazhinji iyo inosungirirwa nekusingaperi inoshandura nhamba dzisiri dzepa internet).

-F

Shandisa faira semuongero wekutaura kwefaira. Chimwe chirevo chinopiwa pamusoro pomutsetse wemirairo hachina hanya.

-i

Teerera pa- interface . Kana zvisingazivikanwi, tcpdump inotsvaga shanduro yehuwandu hwemapurisa yepamusoro-soro yakaverengwa, yakagadziriswa sarudzo (kusina loopback). Imisungo inoputswa nokusarudza mutsara wokutanga.

Pa Linux maitiro ane 2.2 kana kuti gare gare kernels, sangano rekushandurwa kwe `` chero '' rinogona kushandiswa kutora mapepa kubva kune interfaces ose. Cherechedza kuti zvinyorwa pa `` chero '' 'chigadziro hachizoitike muhutano hwemaitiro.

-l

Ita mutsara wokutengesa wakagadzirwa. Inobatsira kana iwe uchida kuona iyo data uchiiona. Muenzaniso,
`` tcpdump -l | tee dat '' kana `` tcpdump -l> dat & tail -f dat ''.

-m

Mutoro we SMI MIB module tsanangudzo kubva pane faira module . Iyi sarudzo inogona kushandiswa kakawanda kutakura mamiriyoni eMIB modules mu tcpdump .

-n

Usashandura mazita ekugamuchira mazita kune mazita. Izvi zvinogona kushandiswa kurega DNS lookups.

-nn

Usashandura nhamba ye protocol uye pechipfeji.

-N

Usapindira mazita echirongwa chekuita mazita evanhu. Muenzaniso, kana iwe ukapa mureza uyu ipapo tcpdump ichadhindwa `` nic '' panzvimbo ye `` nic.ddn.mil ''.

-O

Usamhanyira packet-inoenderana code optimizer. Izvi zvinobatsira bedzi kana iwe unenge uchifungidzira bhuti mune optimizer.

-p

Usaisa mukana wekushandura muhutano hwemaitiro. Cherechedza kuti iyo inogona kuve inogona kunge yakagadzikana nenzira yeimwe chikonzero; saka, `-p 'haigoni kushandiswa sechirevo che` `ether host' yeruti-hw-addr} kana ether broadcast '.

-q

Kurumidza (kunyarara?) Zvakabuda. Dhinda zvinyorwa zvishoma nezvishoma zvemashoko kuitira kuti mitsara yokubuda iite shoma.

-R

Funga ESP / AH mapeti kuti aite maererano nemashoko akare (RFC1825 kusvika kuRFC1829). Kana ichitsanangurwa, tcpdump haisi kuzonyora replay kudzivirira munda. Sezvo pasina purogiramu yemuzinda weEpro / AH, tcpdump haikwanisi kuderedza shanduro yeESP / AH protocol.

-r

Verenga mapepa kubva pafaira (iyo yakasikwa ne--w chokuita). Mhinduro inoshandiswa inoshandiswa kana faira iri `` - ''.

-S

Shingaira zvachose, panzvimbo yehukama, TCP kuenzanisa nhamba.

-s

Snarf snaplen bytes yedhipatimendi kubva pamapaketani ese pane kutadza kusvibiswa kwe 68 (neNOSOS's NIT, zvishoma inonyanya 96). 68 bytes yakakwana ye IP, ICMP, TCP uye UDP asi inogona kutora mashoko epa prototi kubva kune zita re server uye mapepa eNFS (ona pasi apa). Pepetet truncated pamusana pezvishoma zvinyorwa zvinoratidzwa mune zvakabuda ne `` [| proto ] '', apo proto ndiro zita rehuwandu hweprotocol pane iyo truncation yakaitika. Cherechedza kuti kutora zvinyorwa zvikuru zvinowedzera nguva yaunotora pakugadzira mapeti uye, zvinobudirira, inoderedza kuwanda kwepakiti yekugadzirisa. Izvi zvingaita kuti mapaketi aparadze. Iwe unofanirwa kuisa zvishoma kuti uwane nhamba shomanana iyo inotora ruzivo rweprotocol iwe unofarira. Kugadziridza pane 0 kunoreva kushandisa urefu hunoda kuti ubate mapeti akazara.

-T

Shandisa mapepa akasarudzwa ne " kutaura " kuti adudziridzwe rudzi rwakatemwa. Iye zvino anozivikanwa marudzi ari cnfp (Cisco NetFlow protocol), rpc (Remote Procedure Call), rtp (Real-Time Applications protocol), rtcp (Real-Time Applications control protocol), iyo (Simple Network Management Protocol), vat (Visual Audio Tool) ), uye wb (yakaparadzirwa White Board).

-t

Usapindira timestamp pamusara wega rimwe nerimwe.

-tt

Dhinda timestampu isina kufananidzwa pamuganhu wega wega.

-U

Inodonha midzi mitsva uye inoshandiswa muDisiti yeUnited user nekundi yeboka kune boka guru rekushandisa .

Cherechedza! Red Hat Linux inodonha ropafadzo dzese kumushandisi `` pcap '' kana chimwe chinhu chisina kutaurwa.

-t

Shingairira delta (mune micro-seconds) pakati pezvino uye mutsara wekutanga pane imwe neimwe yekuyerera.

-ZV

Shingaira timestamp inowanikwa maitiro akaendeswa mberi nezuva pane rimwe nerimwe rutsanga.

-u

Shingaira kushandiswa kweNFS isina kufanirwa.

-v

(Zvishoma nezvishoma) verbose output. Semuenzaniso, nguva yekurarama, chiziviso, urefu hwakareba uye zvisarudzo mu IP packet zvakadhindwa. Uyewo inoita kuti kuwedzerwa kwepakete yakavhenekera kuongorora zvakadai sekuona IP uye ICMP musoro checksum.

-vv

Kunyange zvakanyanya verbose zvakabuda. Somuenzaniso, mamwe masimi akadhindwa kubva kuNFS mhinduro packets, uye SMB mapeti akanyatsorodzwa.

-vvv

Kunyange zvakanyanya verbose zvakabuda. Somuenzaniso, telnet SB ... SE zvinoshandiswa zvinonyorwa zvakakwana. Ne -X telnet sarudzo dzakadhindwa mu hex pamwe chete.

-w

Nyora mapepa mavara kuti uise panzvimbo pane kuparidzira uye kuadhinda. Vanogona kudzokorwe gare gare ne--sarudzo. Standard output inoshandiswa kana faira iri `` - ''.

-x

Shingai imwe bheji (kusasanidza chikwata chayo chengetani musoro) mu hex. Zviduku zvepakiti yose kana zvinyorwa zvinyorwa zvichadhindwa . Cherechedza kuti iyi ndiyo yose yakabatana-pakatakiti yepakiti, kuitira kuti zvidimbu zvekubatanidza zvinokonzera (semuEthernet), iyo yepamusoro yepati ichadhindwawo kana pakakwirira yepakete yepakete iri shoma pane yakadzingwa padding.

-X

Paunenge uchinyora hex, shandura ascii zvakare. Nokudaro kana -x ichigadziriswawo, peji yacho inodhindwa mu hex / ascii. Izvi zvinyatsobatsira pakuongorora mitemo mitsva. Kunyange kana -x isingatauri, zvimwe zvikamu zveimwe mapeti zvinogona kudhindwa mu hex / ascii.

kutaura

inosarudza mapeti ayo acharambidzwa. Kana pasina kutaura kunopiwa, mapepa ose ari mumambure achabviswa. Kana zvisina kudaro, mapepa chete ayo anotaura kuti `chokwadi 'achabviswa.

Izwi rinosanganisira imwe kana kupfuura mamwe mavambo. Mazvikokota kazhinji anowanzove id (zita kana nhamba) yakatangira imwe kana kupfuura. Pane mitatu yakasiyana yekufananidzira:

chimiro

vanofananidzira vanotaura kuti chii chinonzi chinhu icho zita kana zita rinoreva. Mhando inogona kuitika inogadzirwa , netsiva uye chikepe . Ega, 'host foo', net 128.3 ',' port 20 '. Kana pasina chimiro chekufananidzira, vagari vanofungidzirwa.

dir

zvikwereti zvinotsanangura kushandiswa kwekutungamirirwa kune uye / kana kubva kune id . Nzira dzinogona kunge dziri src , dst , src kana dst uye src uye dst . Ega, `src foo ',' dst net 128.3 ',` src kana dst port ftp-data'. Kana pasina chimiro chekuita, src kana dst inofungidzirwa. Nokuda kwe "null" link zvigadzirwa (kureva kuti ipe kuti pane zvigadziriswe zvakadai sechidimbu) inyanzvi dzisina kubuda uye dzinopera dzinogona kushandiswa kutsanangura nzira yaunoda.

proto

zvidzidzo zvinogadzirisa mutsara kune imwe protocol. Zvingaitika protos ndezve: ether , fddi , tr , ip , ip6 , arp , rarp , decnet , tcp uye udp . Ega, `ether src foo ',' arp net 128.3 ',` tcp chikwata 21'. Kana paine pasina proto anofanirwa, zvirevo zvose zvinoenderana nemhando iyo inofungidzirwa. Semu, `src foo 'zvinoreva` (ip kana arp kana rarp) src foo' (kunze kwekupedzisira kwechirongwa chepamutemo), `net bar 'zvinoreva` (ip kana arp kana rarp) net bar' uye `port 53 'zvinoreva `(tcp kana udp) chikwata 53 '.

[`fddi 'inonyanya kushandiswa kune' ether '; muparidzi anovabata iwo zvino seanoreva `` data link link inoshandiswa pane inonzi inonzi interface interface '' FDDI misoro ine Ethernet-kufanana uye nzvimbo yekuenda mazita, uye kazhinji ine Ethernet-yakafanana nemakiti emakiti, kuitira kuti iwe unogona kufuta pane idzi FDDI sezvakangoita nemimwe mamiriro Ethernet minda. Musoro weDDDI anewo mamwe mimwe minda, asi haugoni kuvarondedzera zvakajeka mukutaura kwefaira.

Saizvozvowo, 'tr' ishandisi ye `ether '; mashoko ekutanga emashoko pamusoro pemusoro weDDDI anoshandawo kuTimen Ring headers.]

Mukuwedzera kune pamusoro apa, pane zvimwe zvakakosha 'zvinyorwa' zvinyorwa zvisingatevedzeri purogiramu: gateway , kuparidzirwa , zvishoma , huru uye masvomiti mazwi. Zvose izvi zvinotsanangurwa pasi apa.

Zvimwe zvakaoma mafiritsi zvinyorwa zvinovakwa nekushandisa mazwi uye , kana kuti kwete kubatanidza mammiti. Ega, 'host foo uye kwete port ftp uye kwete port ftp-data'. Kuchengetedza kutapa, zvakafanana mazita ezvinyorwa zvinogona kubviswa. Ezvo, tcp dst port ftp kana ftp-data kana kuti domain 'yakangofanana' tcp dst port ftp kana tcp dst port ftp-data kana tcp dst port domain '.

Zvinotenderwa primitives ndezvi:

dst host host

Ichokwadi kana iyo IPv4 / v6 nzvimbo yekuenda yepaketeni iripo, iyo inogona kuva iri kero kana zita.

src muiti mukuru

Ichokwadi kana IPv4 / v6 inobuda munda ye packet iripo.

mutambi wacho

Ichokwadi kana iyo IPv4 / v6 inzvimbo kana nzvimbo yekuenda kwepaketeni inopinda . Zvose zvemashoko akataurwa pamusoro apa zvinogona kufananidzwa nemashoko ekutanga, ip , arp , rarp , kana ip6 se:

ip host host

iyo yakaenzana ne:

ether proto \ ip uye mukuru weuto

Kana yakagadzirwa nezita rine mazita akawanda IP, kero imwe neimwe ichaongororwa kuti ienzane.

ether dst ehost

Ichokwadi kana iyo ethernet yekuenda kukero i ehost . Ehost inogona kunge iri zita kubva kune / etc / ethers kana nhamba (ona ethers (3N) nokuda kwekuverenga mazita).

ether src ehost

Ichokwadi kana iyo ettetet source yero ye ehost .

ether host ehost

Ichokwadi kana imwe yero ettetta kana nzvimbo yekuenda ipo ehost .

gateway host

Ichokwadi kana iyo pakiti yakashandisa munhu mukuru semagedhi. Ie, iyo etetet yekushandisa kana yekuenda kukero yakagamuchira asi hapana iyo IP kana nzvimbo yePI yakatarwa . Hondo inofanira kunge iri zita uye inofanira kuwanikwa mbiri nemasikiriti ekugadzirisa-mazita-ku-IP-address maitiro ekugadzirisa (mazita mazita file, DNS, NIS, nezvimwewo) uye nemushandisi wezita-ku-Ethernet-address resolution maitiro (/ etc / ethers, nezvimwewo). (Izwi rinofanana ndi

ether host ehost uye kwete mutambi wekugamuchira

iyo inogona kushandiswa nemamwe mazita kana nhamba ye host / ehost .) Iri syntax harishandi mukugadzirirwa kwePv6-enabled panguva ino.

dst net net

Ichokwadi kana iyo IPv4 / v6 kero yekuenda yepaketti ine nhamba yehutaneti yehuta . Net ingave iri zita kubva kune / etc / network kana nhamba yenhamba (ona mitambo (4) kuti uwane mamwe mashoko).

src net net

Ichokwadi kana IPv4 / v6 nheyo yepakiti yepaketti ine nhamba yehutaneti yematare .

net net

Ichokwadi kana iyo IPv4 / v6 inzvimbo yekuenda kana nzvimbo yekuenda yepaketeni ine nhamba yeunetaneti yematare .

net net mask netmask

Ichokwadi kana iyo IP inosangana net uye netmask chaiyo. Itai kuti vawane vane src kana dst . Cherechedza kuti iyi syntax haisi yakakodzera yePv6 net .

net net / len

Ichokwadi kana iyo IPv4 / v6 kero yakasangana net netmask len bits yakawanda. Itai kuti vawane vane src kana dst .

dst port port

Ichokwadi kana iyo packet ip / tcp, ip / udp, ip6 / tcp kana ip6 / udp uye ine nzvimbo inosvika pamba inosvika pari . Iko haringava nhamba kana zita rinoshandiswa mu / etc / services (ona tcp (4P) uye udp (4P)). Kana zita rinoshandiswa, zvose nhamba yechiteshi uye protocol zvinotariswa. Kana nhamba kana zita risina kunzwisisika rinoshandiswa, nhamba yekutsva ndiyo chete inongororwa (semuenzaniso, dhi rekuno 513 richadhinda zvose tcp / login traffic uye udp / ivo vanofamba, uye nzvimbo yekuchengetedza zvichinyora zvose tcp / domain uye udp / domain trafic).

src port port

Ichokwadi kana iyo packet ine nzvimbo inotakura chikwata chekoti .

port port

Ichokwadi kana imwe nzvimbo inotangira kana kuenda kune imwe nzvimbo yepaketeni ndiyo piritsi . Zvose zvemashoko ekutaura ari pamusoro apa zvinogona kufananidzwa nemashoko ezvinyorwa, tcp kana udp , se:

tcp src port port

iyo inowirirana chete tcp mapetti ane chitubu chechikepe chiteshi chengarava .

zvishoma urefu

Ichokwadi kana packet ine urefu hwakareba kupfuura kana yakaenzana nehurefu . Izvi zvakaenzana ne:

rina = = kureba .

urefu hwakareba

Ichokwadi kana packet ine urefu hwakareba kupfuura kana hwakaenzana nehurefu . Izvi zvakaenzana ne:

len> = kureba .

ip proto protocol

Ichokwadi kana packet iyi ip packet (ona ip (4P)) ye protocol type protocol . Purogiramu inogona kuva nhamba kana imwe yezita mazita icmp , icmp6 , igmp , igrp , pim , ah , esp , vrrp , udp , kana tcp . Cherechedza kuti matauriri tcp , udp , uye icmp zvakarewo mazwi makuru uye anofanira kupukunyuka kuburikidza ne backslash (\), iyo iri mu C-shell. Cherechedza kuti izvi zvekare hazvidzingiri mutsetse wekodzero yeprotocol.

ip6 proto protocol

Ichokwadi kana packet iyi ipv6 packet ye protocol type protocol . Cherechedza kuti izvi zvekare hazvidzingiri mutsetse wekodzero yeprotocol.

ip6 protochain protocol

Ichokwadi kana iyo packet ipv6 packet, uye ine protocol header nerudzi rweprotocol mune protokeri musoro weketani. Semuyenzaniso,

ip6 protochain 6

inofanidza chero IPv6 packet ne TCP protocol header mu protocol header chain. Iyo packet inogona kunge ine, somuenzaniso, kuvimbiswa musoro, kuendesa musoro, kana kuti hop-by-hop musoro musoro, pakati pe IPv6 musoro uye TCP musoro. Bhuku reBPF rinobudiswa nekutanga iri rakaoma uye haigoni kugadziriswa neBPF code optimizer mu tcpdump , saka izvi zvingave zvishoma nezvishoma.

ip protochain protocol

Inofanana ne ip6 protochain protocol , asi iyi ndeye IPv4.

ether broadcast

Ichokwadi kana iyo pakiti iri eetetet broadcast packet. The ether keyword is optional.

ip kupararira

Ichokwadi kana iyo packet ip-packed packet. Inotarisa zvose zvose-zeroes uye zvose-izvo zvinoparidzirwa magungano, uye zvinotarisa kumusoro kwemasitemu mask.

ether multicast

Ichokwadi kana iyo packet isetetet multicast pakiti. The ether keyword is optional. Icho chiri shorthand ye ` ether [0] & 1! = 0 '.

ip multicast

Ichokwadi kana iyo packet iri IP multicast pakiti.

ip6 multicast

Ichokwadi kana packet iyi ipv6 multicast pakiti.

ether proto protocol

Ichokwadi kana iyo packet ndeye ether type protocol . Purojekiti inogona kuva nhamba kana imwe yemazita ip , ip6 , arp , rarp , atalk , aarp , decnet , sca , lat , mopdl , moprc , iso , stp , ipx , kana netbeui . Cherechedza izvi zvinowanikwawo mazwi makuru uye inofanira kupukunyuka kuburikidza ne backslash (\).

[Muchiitiko cheDDDI (semuenzaniso, ` fddi protocol arp ') uye Token Ring (semuenzaniso,` tr protocol arp '), kune zvizhinji zvezvinyorwa izvi, chiziviso cheprotocol chinobva ku 802.2 Logical Link Control (LLC) musoro, iyo inowanzoiswa pamusoro peDDDD kana kuti Token Ring musoro.

Paunenge uchinyanya kutsvaga mapurojekiti akawanda eDDDI kana Token Ring, tcpdump inongotarisa iyo protocol ID field ye LLC musoro mune izvo zvinonzi SNAP format ne Organational Unit Identifier (OUI) ye 0x000000, yeC encapsulated Ethernet; haina kutarisa kana iyo packet iri muSNAP format neOUI ye 0x000000.

Izvo zvisiri izvo, iyo inotsvaga DSAP (Destination Service Access Point) uye SSAP (Source Service Access Point) minda ye LLC, musoro uye stb uye netbeui , uko inotarisa DSAP yemusoro we LLC, uye atalk , apo checks for SNAP-format packet neOUI ye 0x080007 uye Appletalk etype.

Munyaya yeEthernet, tcpdump inotarisa Ethernet type field nokuda kwezvimwe zvezvirevo; izvo zvakasununguka ndeziso , seni , uye netbeui , iyo inotarisa huwandu hwema802.3 uye inotarisa musoro weV LLC sezvainoita kune FDDI uye Token Ring, atalk , uko inotarisa mbiri yeAppletalk etype mune Ethernet frame uye SNAP-format packet sezvainoita kuDDDI uye Token Ring, aarp , uko inotarisa Appletalk ARP neype mune Ethernet frame kana 802.2 SNAP frame neOUI ye 0x000000, uye ipx , iyo inoongorora IPX etype mu Ethernet frame, IPX DSAP mumusoro we LLC, iyo 802.3 isina LLC yakagadziridza musoro we IPX, uye IPX etype mune SNAP frame.]

decnet src host

Ichokwadi kana demo reDENNET iripo, iyo inogona kunge iri kero yefomu `` 10.123 '', kana zita reDENNET reimba. [DECNET host name zita rinotsigira rinongowanika paUltrix matsuro anogadzirirwa kuti atange DECNET.]

decnet dst host

Ichokwadi kana dheta reDÉNET kuenda kune imwe nzvimbo.

decnet host host

Ichokwadi kana imwe yedeni reDENNET kana kuti nzvimbo yekuenda inopinda .

ip , ip6 , arp , rarp , atalk , aarp , decnet , iso , stp , ipx , netbeui

Mitsanangudzo ye:

ether proto p

apo p ndeimwe yemitemo yakataurwa pamusoro apa.

lat , moprc , mopdl

Mitsanangudzo ye:

ether proto p

apo p ndeimwe yemitemo yakataurwa pamusoro apa. Cherechedza kuti tcpdump haisati yaziva kuparadzanisa mitemo iyi.

vlan [vlan_id]

Ichokwadi kana iyo packet iEEEE 802.1Q VLAN pakiti. Kana [vlan_id] ichitsanangurwa, ndeyechokwadi iyo packet ine vlan_id yakataurwa. Cherechedza kuti yekutanga vlan keyword yakasangana mumashoko ekushandura inoshandura maitiro ekugadzirisa kwezvasara zvemashoko paanofungidzira kuti packet iVLAN packet.

tcp , udp , icmp

Mitsanangudzo ye:

ip ip proto p kana ip6 proto p

apo p ndeimwe yemitemo yakataurwa pamusoro apa.

iso proto protocol

Ichokwadi kana iyo packet isipi yeOSI ye protocol type protocol . Purogiramu inogona kuva nhamba kana imwe yemazita mazita clnp , sis , kana isis .

clnp , se , isis

Mitsanangudzo ye:

iso proto p

apo p ndeimwe yemitemo yakataurwa pamusoro apa. Cherechedza kuti tcpdump ine basa risina kukwana rekutsvaga mitemo iyi.

expr relop expr

Ichokwadi kana ukama hwacho hwakabata, apo relop imwe ye>>, <,> ,, = = = = ,! =, Uye expr ishoko rinoreva arithmeti rinoumbwa nenhamba dzisingaperi (rinoratidzwa muC standard C syntax). , -, *, /, &, | Kuti usvike deta mukati memutakiti, shandisa izwi rinotevera:

proto [ expr : size ]

Proto imwe ye ether, fddi, tr, ppp, slip, link, ip, arp, rarp, tcp, udp, icmp kana ip6 , uye inoratidza protocol yechipfuva chekushandura kwekanyorwa. ( ether, fddi, tr, ppp, slip and link all refer to the link layer.) Cherechedza kuti tcp, udp nemamwe maitiro epamusoro-protocol zvinoshanda chete ku IPv4, kwete IPv6 (izvi zvichagadziriswa munguva yemberi). Izvo zvakakanganiswa, maererano neyakaratidzwa protocol layer, inopiwa nexpr . Kukura ndiko kusarudzo uye kunoratidza nhamba yemadhora mumunda wekufarira; inogona kuva imwe chete, mbiri, kana ina, uye yakafa kune imwe. Icho chinonzi operator, chinoratidzwa nechinyorwa chin , inopa urefu hwepaketeni.

Semuenzaniso, ` ether [0] & 1! = 0 'inobata zvose zvinotevedza. Izwi rokuti ip [0] & 0xf! = 5 'inobata zvose ip packets nemasarudzo. Izwi rokuti ip [6: 2] & 0x1fff = 0 'rinobata zvinyorwa zvisingashandisi zvinyorwa uye frag zero yezvinyorwa zvekare. Iko cheki inoshandiswa zvakakwana kune tcp uye udp index operation. Semuenzaniso, tcp [0] nguva dzose inoreva chivako chekutanga cheTCP musoro , uye haambotauri chekutanga chechikamu chinopindira.

Zvimwe zvinokanganisa uye mashamba emunda zvinogona kuratidzirwa semazita panzvimbo pekuverenga kwenhamba. Izvo zvinotevera protocol header field offset zviripo: icmptype (ICMP type field), icmpcode (ICMP code field), uye tcpflags (TCP flags field).

Izvo zvinotevera ICMP type field mazano zvinowanikwa: icmp-echoreply , icmp-unreach , icmp-sourcequench , icmp-redirect , icmp-echo , icmp-routeradvert , icmp-routersolicit , icmp-timxceed , icmp-paramprob , icmp-tstamp , icmp -tstampreply , icmp-ireq , icmp-ireqreply , icmp-maskreq , icmp-maskreply .

Izvi zvinotevera TCP mapepa emunda mashamba anowanikwa: tcp-end , tcp-syn , tcp-rst , tcp-push , tcp-push , tcp-ack , tcp-urg .

Zviputi zvinogona kusanganiswa nekushandisa:

Iboka rinoberekerwa nevabereki vezvibereko zvepamusoro uye zvinoshandiswa nevabereki (vanababa vakanyanyokosha kune Shell uye vanofanira kupukunyuka).

Kusarura (` ! 'Kana' kwete ').

Concatenation (` && ' kana` uye ').

Alternation (` || 'kana` kana ').

Kusarura kunotangira mberi. Kusiyana uye kubvumirana kunobatanidzwa mberi uye kushamwaridzana kuruboshwe kurudyi. Cherechedza kuti zvakajeka uye zviratidzo, kwete juxtaposition, zvino zvinoda kubvumirana.

Kana chicherechedzo ichipiwa pasina chinyorwa, izwi rinonyanya kupfuura rinofungidzirwa. Semuyenzaniso,

kwete kugadzirira vs naAce

inopfupika

kwete kubatirana nevatori vayo

iyo isingafaniri kuvhiringidzwa nayo

kwete (mutungamiriri vs or ace)

Kurondedzera nharo kunogona kuendeswa kune tcpdump sechinhu chimwe chete nharo kana semakakava mazhinji, chero ipi zvayo yakanyanya kunaka. Kazhinji, kana mashoko aya ane Shell metacharacters, zviri nyore kupfuudza sechinhu chimwe chete, chakataurwa nemashoko. Nharo dzakasiyana-siyana dzinogadziriswa nezvivako zvisati zvichitsvaga.

EXAMPLES

Kushandura mapeti ose anouya kana kuti kubva musi wekuvira kwezuva :

tcpdump host sundown

Kudhindwa kwemigwagwa pakati pe helios uye kana kupisa kana ace :

tcpdump helios host uye \ (moto kana ace)

Kunyora zvose IP packets pakati peAce uye chero ani zvake kunze kwe helios :

tcpdump ip host host uye kwete helios

Kuti udhindwe hutambudziro wese pakati pevanhu vanogara munzvimbo neBenkeley:

tcpdump net ucb-ether

Kushandura zvose ftp traffic kuburikidza ne internet gateway snup : (cherechedza kuti mashoko acho anodudzwa kudzivirira shell kubva (mis-) kududzira mababaheses):

tcpdump 'gateway snup uye (port ftp kana ftp-data)'

Kudhindwa kwemigwagwa hakuna kuvharwa kubva kana kutarisirwa kunzvimbo dzomunharaunda (kana iwe gedhi kune imwe mambure, izvi hazvifaniri kumbozviisa mumutsetse wemunharaunda yako).

tcpdump ip uye kwete net localnet

Kuti udhindise kutanga uye kupedza mapeti (iyo SYN uye FIN mapeti) yekutaurirana kweTCP imwe neimwe inosanganisira avo vasiri vemunharaunda.

tcpdump 'tcp [tcpflags] & (tcp-syn | tcp-fin) = 0 uye kwete src uye dst net localnet '

Kudhinda IP packets kwenguva yakareba kupfuura 576 bytes kutumirwa kuburikidza ne gateway snup :

tcpdump 'gateway snup and ip [2: 2]> 576'

Kudhinda IP kushambadzira kana multicast packets dzisina kutumirwa kuburikidza ne ethernet broadcast kana multicast:

tcpdump 'ether [0] & 1 = 0 uye ip [16]> = 224'

Kushandura dzose ICMP mapetetiti asiri echo chikumbiro / mhinduro (kureva, kwete ping mapeti):

tcpdump 'icmp [icmptype] = icmp-echo uye icmp [icmptype]! = icmp-echoreply'

MUTO WEMISORO

Izvo zvinoitika zve tcpdump ndiyo protocol inotenderera. Zvinotevera zvinopa tsanangudzo pfupi uye mienzaniso yehuwandu hwemafaira.

Link Level Headers

Kana iyo '-e' sarudzo inopiwa, chibatanidzo chemukoko musoro chinonyorwa. Pa ethernets, iyo nzvimbo uye nzvimbo inoshanyira, protocol, uye packet urefu zvakadhindwa.

Pamusangano weDDDD, '-e' sarudzo inokonzera tcpdump kudhinda 'frame control' munda, iyo nzvimbo uye nzvimbo dzakatarisa, uye pakutakura kwepakati. (Iyo 'frame control' munda inotungamirira kududzirwa kweimwe yose yepaketti.) Patikiti dzakafanana (dzakadai seaya ane IP datagrams) ndiwo 'async' mapaketi, ane chinhu chinokosha pakati pe 0 ne7, somuenzaniso, ` async4 '. mapepa anofungidzirwa kuti ane 802.2 Logical Link Control (LLC) packet; musoro we LLC wakadhindwa kana isiri ISO datagram kana kuti inonzi SNAP packet.

PaChiratidzo Ring network, iyo '-e' sarudzo inokonzera tcpdump kudhinda 'kupinda kugadziriswa' uye 'masimba ekutonga' minda, iyo nzvimbo uye nzvimbo dzinotarirwa, uye pakutakura kwepakati. Sezvakaita maDDDI, mapetete anofungidzirwa kuva nePACK packet. Pasinei nokuti '-e' sarudzo inotsanangurwa here kana kwete, ruzivo rwekushandisa ruzivo rwakadhindwa kuti ruve-inotorwa mapepa.

(NB: Tsanangudzo inotevera inosvika pakuziva ne SLIP compression algorithm inotsanangurwa muRFC-1144.)

Pachirongwa cheSLIP, chirongwa chekutungamirira (`` I '' chekuwedzera, `O '' nokuda kwekubuda), peti yepaketani, uye ruzivo rwekunyorwa kunobudiswa. Ipeji yepaketeni yakadhindwa kutanga. Iyo mitatu mitatu ip , utcp , uye ctcp . Hapana humwe ruzivo rwemashoko rwakadhindwa kuti ip packets. Pamatakiti eTCP, chiziviso chekubatanidza chakadhindwa maererano nemhando. Kana iyo packet ikamanikidzwa, musoro wayo wakakodhwa unodhindwa. Izvo zviitiko zvakakosha zvakadhindwa se * S + n uye * SA + n , apo n ndiyo chikamu icho kuenzanisa nhamba (kana kuenzanisa nhamba uye ack) kwachinja. Kana iyo isiri nyaya yakakosha, zero kana zvimwe zvinoshandiswa zvakadhindwa. Shanduro inoratidzirwa neU (kukurumidza pointer), W (window), A (ack), S (sequence yenhamba), uye ini (pakiti yePakiti), inoteverwa ne delta (+ n kana -n), kana kuti hutsva hutsva (= n). Pakupedzisira, kuwanda kwedata iri mu packet uye yakamanikidzwa musoro musoro yakadhindwa.

Semuenzaniso, rutsara rinotevera rinoratidza chidimbu chakasimbiswa TCP pakiti, ine ruzivo rwakakwana rwekutsvaga; iyo ack yashandurwa ne 6, kuenzanisa nhamba ne 49, uye ID yepakiti ne6; pane ma 3 bytes yedata uye 6 bytes eomusoro musoro:

O ctcp * A + 6 S + 49 I + 6 3 (6)

ARP / RARP Packet

Arp / rarp output inoratidza rudzi rwekukumbira uye mazano aro. Idzimiro inofanirwa kuve ichitsanangurwa. Heino mufananidzo shoma wakatorwa kubva pakutanga kwe `rlogin 'kubva kumusasa rtsg kugamuchira csam :

arp ndiani-ane csam anoti rtsg arp akapindura csam is-pa CSAM

Mutsara wokutanga unoti rtsg yakatumira arp packet ichikumbira i-ethernet ye-internet host host csam. Csam inopindura neadethodhe yayo (mumuenzaniso uyu, ethernet aderesi dziri mumakutu neateresi dzepawetaneti muzasi).

Izvi zvingatarisa zvishoma kudarika kudai tainge taita tcpdump -n :

arp uyo-ane 128.3.254.6 ati 128.3.254.68 arp kupindura 128.3.254.6 i-pa 02: 07: 01: 00: 01: c4

Dai tainge taita tcpdump -e , chokwadi chokuti paki yekutanga inoparidzirwa uye yechipiri inongedzo-kusvika-inogona kuonekwa:

RTSG Broadcast 0806 64: arp ndiani-ane csam anoti rtsg CSAM RTSG 0806 64: arp reply csam is-pa CSAM

Pamutambo wekutanga iyi inotaura kuti ethernet source address iri RTSG, iyo nzvimbo ndiyo ye-ethernet yedhidhi yekushambadzira, mhando yebindu yaiva nehex 0806 (rudzi rweETHER_ARP) uye yakareba yakareba 64 byte.

TCP Packets

(NB: Tsanangudzo inotevera inosvika pakuziva neTCP protocol inotsanangurwa muRFC-793. Kana iwe usingazivi neyo prototi, kana iri tsanangudzo kana tcpdump zvichange zvichishandiswa zvikuru kwauri.)

Zvose zvakagadzirwa ne tcp protocol line ndeyokuti:

src> dst: flags data-seqno ack window urgent options

Src uye dst ndiyo inobva kune imwe nzvimbo uye kuenda kunzvimbo dze IP nematareji. Mabhogi mamwe kusanganiswa kweS (SYN), F (FIN), P (PUSH) kana R (RST) kana imwe '.' (kwete mareza). Data-seqno inotsanangura chikamu chekuenzanisa nzvimbo yakafukidzwa nedata iri mu pakiti (ona muenzaniso uri pasi apa). Nhamba iri kuenzanisa nhamba yeyotevera inotarisirwa inotarisirwa kune imwe nzira yekubatanidza uku. Window ndiyo nhamba yemagetsi ekugamuchira nzvimbo yekubata inowanikwa kune imwe nzira pamusoro pekubatanidzwa uku. Urg inoratidza kuti kune 'inokurumidza' dheti mu packet. Zvimwe zvinoshandiswa tcp zvinoshandiswa zvakapoteredzwa nemaakona mabheji (p., ).

Src, dst uye mabhogi nguva dzose dziripo. Mimwe minda inobva pane zviri mukati me packet's tcp protocol musoro uye inowanikwa chete kana yakakodzera.

Heino mugove wokutanga we rlogin kubva kumusasa rtsg kuti uwane csam .

rtsg.1023> csam.login: S 768512: 768512 (0) win 4096 csam.login> rtsg.1023: S 947648: 947648 (0) ack 768513 win 4096 rtsg.1023> csam. login:. ack 1 win 4096 rtsg.1023> csam.login: P 1: 2 (1) ack 1 kukunda 4096 csam.login> rtsg.1023:. ack 2 win 4096 rtsg.1023> csam.login: P 2:21 (19) ack 1 win 4096 csam.login> rtsg.1023: P 1: 2 (1) ack 21 kukunda 4077 csam.login> rtsg.1023: P 2: 3 (1) ack 21 kukunda 4077 urg 1 csam.login> rtg.1023: P 3: 4 (1) ack 21 kukunda 4077 kuku 1

Mutsara wokutanga unotaura kuti tcp chikwata 1023 pa rtsg yakatumira pakiti kuvharoji yekutengesa pa csam. I S inoratidza kuti iyo svaneti yakagadzirirwa. Iko pakutevedzana kuenzanisa nhamba yaiva 768512 uye yakanga isina deta. (Inonzi 'yekutanga': yekupedzisira (nbytes) 'iyo inoreva' kuenzanisa manhamba kutanga kusvika asi isingasanganisi yekupedzisira iyo inoshandiswa neyese data user).) Pakanga pasina ack-backed-backed ack, iyo yakawanikwa yewindo yakagadzirwa yaiva 4096 byte uye kwaive ne-max-sekuru-size sarudzo yakakumbira mss ye1024 bytes.

Csam anopindura ne packet yakafanana kunze kwekuti inosanganisira ack-backed ack ye SYN rtsg. Rtsg ndiye acks csam's SYN. The `. ' zvinoreva kuti hapana mareza akaiswa. Iko pakambani isina zvinyorwa zvekuti hapana nhamba yekutevedzana kwedata. Cherechedza kuti ack kuenzanidza nhamba isimba duku (1). Nguva yokutanga tcpdump inoona tcp `kukurukurirana ', inonyora nhamba yekuenzanisa kubva pa packet. Pazvikwata zvinotevera zvekukurukurirana, musiyano pakati pechikwata chekutsvaga kwepakete ino uye nhamba yekutanga yekuenzanisa yakadhindwa. Izvi zvinoreva kuti kuenzanisa nhamba mushure mokunge yekutanga ingashandurwa seanoshandiswa ne-byte nzvimbo mumusangano wedhauriro yehurukuro (neyokutanga dhiyabhorosi inokanganisa nheyo imwe neimwe iri '1'). `-S 'ichapfuura ichi chiitiko, zvichiita kuti nhamba yekutanga yekuenzanisa iite.

Pamusoro pemutsetse wechitanhatu, rtsg inotumira csam 19 netes data (bytes 2 kusvika 20 mu rtsg -> csam rutivi rwekukurukurirana). Pushani yePUSH inogadzirirwa mu packet. Pano mutsetse wechinomwe, csam inoti yakagamuchira deta yakatumirwa neRtsg kusvika asi isingasanganisi 21. Zvinyorwa izvi zvakawanda zvinoratidzika zvakagara muchengeti rechekeri kubva pawindo rekugamuchira recsam rawana 19 byte duku. Csam inotumirawo imwe yeshoko yedata ku rtsg mune peji iyi. Pamashoko 8 ne 9, csam inotumira maawa maviri eokukurumidza, yakasundira dhigiri ku rtsg.

Kana iyo yakananga yaiva duku zvakakwana zvokuti tcpdump haina kubata TCP yakazara musoro, iyo inoshandura yakawanda yemusoro sezvainokwanisa uye zvino inoshuma `` [| tcp ] '' kuratidza kuti zvakasara hazvigone kududzirwa. Kana musoro wacho uine chisarudzo chisingakanganisi (rimwe rine urefu huri duku kana kupfuura pamagumo emusoro), tcpdump inorondedzera se `` [ zvakaipa opt ] '' uye haina kududzira zvimwe zvingasarudzwa (sezvo zvisingagoni kuudza kwavanotanga). Kana musoro wekureba uchiratidza maitiro aripo asi iyo IP datagram urefu haisi nguva yakareba kuti zvingasarudzwa zvivepo, tcpdump inoshuma se "` [ bad hdr length ] ''.

Kutora mapurati eTCP neimwe mureza mubatanidzwa (SYN-ACK, URG-ACK, nezvimwewo)

Pane 8 bits mubato rekudzora chikamu cheTCP musoro:

CWR | ECE | URG | ACK | PSH | RST | SYN | FIN

Ngatitii tinoda kutarisa mapuraneti anoshandiswa mukugadzira tCP connection. Yeuka kuti TCP inoshandisa 3-hand handkeke protocol iyo inotanga kushandiswa kwetsva; kuenzanirana kwehutano maererano neTCP bits bits is

1) Caller anotumira SYN

2) Mupiro anopindura ne SYN, ACK

3) Caller anotumira ACK

Iye zvino tava kuda kutora mapaketi ane chete SYN bit (Set 1). Cherechedza kuti hatidi mapepa kubva padanho repiri (SYN-ACK), kungoita SYN yokutanga. Izvo zvatinoda ndezvakanaka mafungiro ekutaurira tcpdump .

Yeuka chimiro cheTCP musoro usingasarudzi:

0 15 31 ----------------------------------------------- ------------------ | chitubu chengororo | kuenda kugungwa | -------------------------------------------------- --------------- | kuenzanisa nhamba | -------------------------------------------------- --------------- | kubvuma nhamba | -------------------------------------------------- --------------- | HL | rsvd | C | E | U | A | P | R | S | F | usayizi wehwindo | -------------------------------------------------- --------------- | TCP checksum | urgent pointer | -------------------------------------------------- ---------------

Musoro weTCP unowanzobata maitikiti makumi maviri e data, kunze kwekunge zvisarudzo zviripo. Mutsara wekutanga we grafu una ma octet 0 - 3, mutsara wechipiri unoratidza ma octet 4 - 7 nezvimwewo.

Kutanga kuverenga ne 0, zvakakosha zveTCP zvigadziro zvinowanikwa mu octet 13:

0 7 | 15 | 23 | 31 ---------------- | --------------- | --------------- | ---------------- | HL | rsvd | C | E | U | A | P | R | S | F | usayizi wehwindo | ---------------- | --------------- | --------------- | - --------------- | | 13th octet | | |

Ngatinyatsoongorora octet kwete. 13:

| | | --------------- | | C | E | U | A | P | R | S | F | | --------------- | | 7 5 3 0 |

Aya ndiwo matanho ekudzora TCP atinoda.Takaverenga mabheti mu octet iyi kubva ku 0 kusvika ku7, kurudyi kuruboshwe, saka PSH bit bit nhamba nhatu, nepo URG bit nhamba ye5.

Yeuka kuti tinoda kutora mapakiti ne SYN chete yakagadzirirwa. Ngationei zvinoitika kune octet 13 kana TCP datagram inosvika ne SYN bit inowanikwa mumusoro wayo:

| C | E | U | A | P | R | S | F | | --------------- | | 0 0 0 0 0 0 0 0 0 | | --------------- | | 7 6 5 4 3 2 1 0 |

Tichitarisa chikamu chekutonga bits tinoona kuti nhamba nhamba nhamba 1 (SYN) inogadzirirwa.

Achifunga kuti octet nhamba 13 ndeye 8-bit asina kubvumirwa mumutsetse wenhepfenyuro yekutengesa, huwandu hwebhanari hwei octet

00000010

uye chirevo chacho chinomiririra

7 6 5 4 3 2 1 0 0 * 2 + 0 * 2 + 0 * 2 + 0 * 2 + 0 * 2 + 0 * 2 + 1 * 2 + 0 * 2 = 2

Isu tava kuda kupera, nokuti iye zvino tava kuziva kuti kana SYN ichinge yaiswa, kukosha kweatiti yechigumi nemutatu muTCP musoro, kana zvichishandurwa se 8-bit asina kuiswa mu network network order, inofanira kunge iri 2.

Ukama uhwu hunogona kuratidzirwa se

tcp [13] == 2

Tinogona kushandisa kutaura uku sechisvini che tcpdump kuitira kutarisa mapurati ane SYN chete akaiswa:

tcpdump -i xl0 tcp [13] == 2

Mutsara unoti "regai octet yechi13 yeTCP datagram iwedzere kuwedzerwa 2", izvo chaizvo zvatinoda.

Iye zvino, ngatitii tinoda kutora maPatetti, asi hatina hanya kana ACK kana chero imwe TCP bhata zvigadzirirwa panguva imwe chete. Ngationei zvinoitika kune octet 13 apo TCP datagram neSET-ACK yakasvika:

| C | E | U | A | P | R | S | F | | --------------- | | 0 0 0 1 0 0 1 0 | | | --------------- | | 7 6 5 4 3 2 1 0 |

Iye zvino bits 1 ne4 zvinowanikwa mu octet yechi13. Kubwinya kwebhanari ye octet 13 ndeye

00010010

iyo inoshandura kusvika kudenga

7 6 5 4 3 2 1 0 0 * 2 + 0 * 2 + 0 * 2 + 1 * 2 + 0 * 2 + 0 * 2 + 1 * 2 + 0 * 2 = 18

Iye zvino hatigoni kungoshandisa 'tcp [13] == 18' mu tcpdump filing expression, nokuti iyo ingasarudza chete mapepa aya ane SYN-ACK akaiswa, asi kwete avo vane SYN chete vakagadzirirwa. Yeuka kuti hatina hanya kana ACK kana chimwe chekutonga bit chinogadzirirwa chero SIR isarudzwa.

Kuti tikwanise kuzadzisa chinangwa chedu, tinoda kuti tive nemanzwiro ECHOKWADI uye kukosha kwebatoti ye octet 13 ine chimwe chinhu chinokosha kuchengetedza SYN bit. Tinoziva kuti tinoda kuti SYN iiswe chero ipi zvayo, saka tichajeka uye kukosha mueti yegumi nematanhatu nehuwandu hwebato reS SYN:

00010010 SYN-ACK 00000010 SYN NA 00000010 (tinoda SYN) NA 00000010 (tinoda SYN) -------- -------- = 00000010 = 00000010

Tinoona kuti izvi NEOOO zvinotora mhinduro imwechete pasinei nokuti ACK kana imwe TCP kutonga bit inogadzirirwa. Chirevo chekufananidzira kweUYE uye kukosha pamwe chete nemugumisiro wekushanda uku 2 (bhariary 00000010), saka tinoziva kuti pamapatete ane SYN akaisa hukama hunotevera hunofanira kuchengetedza:

((kukosha kweoctet 13) uye (2)) == (2)

Izvi zvinotitaurira isu tcpdump filter kutaura

tcpdump -i xl0 'tcp [13] & 2 == 2'

Cherechedza kuti iwe unofanirwa kushandisa zvinyorwa zvisiri izvo kana kudzokera shure mumashoko ekuvanza AND AND ('&') unhu hunokosha kubva pachigamba.

UDP Packets

UDP fomu inofananidzwa nehuti packet:

actinide.who> broadcast.who: udp 84

Izvi zvinoreva puroti uyo ari muimba yechitinha akatumira udp datagram kune chiteshi chekufambisa uyo paanoparidzira vanhu, iyo yepaIndaneti inobudiswa kero. Ipeji yacho yaiva nemayita 84 emudhi data.

Dzimwe nhengo dzeDP dzinozivikanwa (kubva kune imwe nzvimbo kana kuenda kune imwe nzvimbo yekufambisa) uye nhamba yepamusoro yeprototi yakadhindwa. Kunyanya, zvikumbiro zvebasa reZita reZita (RFC-1034/1035) uye Sun RPC inoshanya (RFC-1050) kuNFS.

Zita re UDP Server Requests

(NB: Tsanangudzo inotevera inosvika pakuzivikanwa ne Domain Domain protocol inotsanangurwa muRFC-1035. Kana iwe usingazivi neyo protocol, tsanangudzo inotevera ichaonekwa yakanyorwa muchiGreek.)

Zita sevhariji yevhesi yakarongwa se

src> dst: id op? mapeji qtype qclass zita (len) h2opolo.1538> helios.domain: 3+ A? ucvhax.berkeley.edu. (37)

Host h2opolo yakabvunza domain domain pane helios ye rekodi yekero (qtype = A) inosangana nezita zitavhavha.berkeley.edu. Mhinduro id yaiva `3 '. I'`+ 'inoratidza kuti chikwata chaidiwa mureza chakaiswa. Yakareba urefu wakanga uri makumi matatu nemazana matatu, kwete kusanganisira UDP uye IP protocol headers. Basa rekutsvaga raive rakajairika, Mutsva , saka munda wakabviswa. Kana iyo op yakanga iri chimwe chinhu, ingadai yakadhindwa pakati pe `3 'uye` +'. Saizvozvowo, qclass yaive yakajairika, C_IN , uye yakasiyiwa. Chero ipi zvimwe yeklassi ingadai yakadhindwa pakarepo mushure me `A '.

Zvimwe zvisiri izvo zvinotariswa uye zvingaguma nemimwe minda yakapoteredzwa mabhejikiti akaenzana: Kana mubvunzo une mhinduro, magwaro emagetsi kana zvimwe zvinyorwa chikamu, ancount , nscount , kana arcount yakadhindwa se `[ n a] ',` n `[ n n ] 'kana `[ n au]' apo n nhamba yakakodzera. Kana imwe yemhinduro bits yakagadzirirwa (AA, RA kana rcode) kana chero ipi zvayo inofanira kunge iri zero bits inogadziriswa nemabheti maviri neatatu, `[b2 & 3 = x ] 'inodhindwa, apo x inokosha ye hex musoro nemabhedheni maviri neatatu.

Zita reDPP Mhinduro dzeSeva

Zita sevhendi mhinduro dzakarongwa se

src> dst: id op rcode flags a / n / or class class data (len) helios.domain> h2opolo.1538: 3 3/3/7 A 128.32.137.3 (273) helios.domain> h2opolo.1537: 2 NXDomain * 0/1/0 (97)

Mumuenzaniso wokutanga, helios inopindura kumubvunzo id 3 kubva h2opolo ne 3 rekodhi dzemhinduro , 3 zita revha rekodhi uye 7 mamwe marekodhi. Mhinduro yekutanga yekutanga ndeye A (adress) uye dhiyo yacho iri kero kero internet 128.32.137.3. Huwandu hwemhinduro yacho yaiva 273 bytes, kusina UDP uye IP headers. Ikoku (Query) uye code yekupindura (NoError) yakasiyiwa, sezvakanga zvakaita kirasi (C_IN) yeA re rekodi.

Mumuenzaniso wechipiri, helios inopindura mubvunzo 2 nekhodi yekupindura yenzvimbo isingawaniki (NXDomain) isina mhinduro, rimwe zita sevhare uye kwete marenda emagetsi. The `* 'inoratidza kuti mhinduro yepamutemo yakaiswa. Sezvo kwakanga kusina mhinduro, hapana chimiro, kirasi kana deta zvakadhindwa.

Mamwe mapepa mavara anokwanisa kuoneka ari '-' (kudzokera kunowanikwa, RA, kwete ) uye `| ' (truncated message, TC, yakagadzirirwa). Kana iyo 'mubvunzo' chikamu chisine chinyorwa chimwe chete, `[nq] 'inodhindwa.

Cherechedza kuti mazita ekukumbira sevhareji uye mhinduro dzinowanzove dzakakura uye zvisingagadziri snaplen ye 68 bytes zvisingatore zvakakwana zvepakiti kuti zvinyorwe. Shandisai - mureza kuti uwedzere nyoka kana iwe uchida kunyatsotsvaga zita revhareji. ' -s 128 ' yakashanda zvakanaka kwandiri.

SMB / CIFS kududzira

tcpdump ikozvino inosanganisira zvakajeka SMB / CIFS / NBT kukododha ye data pamusoro pe UDP / 137, UDP / 138 uye TCP / 139. Mamwe mazita ekutanga kwePX uye NetBEUI SMB data anoshandawo.

Nenzira yekuti kusarudzwa kwakakwana kunopedzerwa, uye ine zvakawanda zvakadzama zvakaitwa kana -i inoshandiswa. Iva kunyeverwa kuti ne -vha imwe SMB pakiti inogona kutora peji kana kupfuura, saka ingoshandisa-kana iwe unonyatsoda zvose zvinyorwa zvese.

Kana uri kukodha ma SMB semisangano ine zvidzidzo zveunicode uye unogona kuda kugadzirisa shanduko yakasiyana-siyana USE_UNICODE kune 1. Chigadziro chekutarisa unicode sits chingagamuchirwa.

Kuti uwane ruzivo pamusoro peSMB mafomu emaketani uye kuti zvese masimi anoreve kuona www.cifs.org kana pub / samba / specs / directory pane yako favorite samba.org mirror site. Idzimba dzeSMB dzakanyorwa naAndrew Tridgell (tridge@samba.org).

NFS Inokumbira uye Replies

Zuva NFS (Network File System) zvikumbiro uye mhinduro dzakadhindwa se:

src.xid> dst.nfs: len op args src.nfs> dst.xid: reply shona op results shinhi6709> wrl.nfs: 112 readlink fh 21,24 / 10.73165 wrl.nfs> sushi.6709: pindura ok 40 readlink "../var" sushi.201b> wrl.nfs: 144 lookup fh 9,74 / 4096.6878 "xcolors" wrl.nfs> sushi.201b: reply ok 128 lookup fh 9,74 / 4134.3150

Mutsara wokutanga, shandhi yekutumira inotumira mutengesi ne id 6709 kusvika wrl (cherechedza kuti nhamba inotevera src yakagadzirisa id idhipatimendi, kwete chiteshi chenguva). Chikumbiro chacho chaiva 112 bytes, kusina UDP ne IP headers. Kuvhiya kwaiva kuverengerwa (kuverenga kuenzanisira kuisanganiswa ) pane faira ( fh ) 21,24 / 10.731657119. (Kana mumwe munhu ane nhanho, sezviri munyaya iyi, faira yefaira inogona kududzirwa seyiyo huru, inoshandiswa nhamba yechipikisi chidiki, inoteverwa nenhamba inode uye nhamba yechizvarwa.) Wrl mhinduro `ok 'nezviri mukati mechikwata.

Mutsara wechitatu, sushi anobvunza wrl kuti adzore zita rokuti ' xcolors ' mune faira file 9,74 / 4096.6878. Cherechedza kuti zvinyorwa zvakadhindwa zvinoenderana nebasa rekushanda. Idzimiro inofanirwa kuva ichitsanangudzo kana ichiverengwa pamwe chete neNFS protocol spec.

Kana iyo -v (verbose) mureza inopiwa, mamwe mashoko anonyorwa. Semuyenzaniso:

sushi.1372a> wrl.nfs: 148 read fh 21,11 / 12.195 8192 bytes @ 24576 wrl.nfs> sushi.1372a: reply ok 1472 read REG 100664 ids 417/0 sz 29388

(- uyewo inonyora IP musoro TTL, ID, urefu, uye kuparadzanisa masimu, ayo akasiyiwa kubva mumuenzaniso uyu.) Mutsara wokutanga, sushi anobvunza wrl kuti averenge 8192 bytes kubva pafaira 21,11 / 12.195, pamusana pokusiya 24576. Wrl mhinduro `ok '; peji inoratidzwa pamutsara wechipiri ndiyo chikamu chekutanga chepinduri, uye naizvozvo inongova 1472 bytes kwenguva refu (imwe inotsvaga inotevera muzvimedu zvakatevera, asi zvimedu izvi hazvina NFS kana kunyange UDP zvinyorwa saka zvingasazodhindwa, zvichienderana neshoko rinoshandiswa rinoshandiswa). Nemhaka yokuti -v mureza anopiwa, zvimwe zvefaira maitiro (izvo zvinodzorerwa kuwedzera kune data yefaira) zvakadhindwa: faira yepeji (`` REG '', kuti iite faira nguva dzose), faira mode (mu octal), the uid and gid, uye faira faira.

Kana iyo -v mureza ichipiwa kanopfuura kamwe chete, mamwe mashoko akawanda anonyorwa.

Cherechedza kuti zvikumbiro zveNFS zvakakura zvikuru uye zvizhinji zvezvenhoroondo hazvizodhindwa kunze kwekuti snaplen iwedzerwa . Edza kushandisa ` -s 192 'kutarisa NFS muthara.

NFS kupindura mapeti haisi pachena zvakajeka kuongorora kwe RPC. Pane kudaro, tcpdump inochengetedza '`zvamazuva ano' 'zvikumbiro, uye unozvifananidza nazvo kune mhinduro uchishanda iyo ID yekutengesa. Kana mhinduro isinganyatsotevedzeri chikumbiro chinowirirana, inogona kunge isingakanganisiki.

AFS Inokumbira uye Mhinduro

Transarc AFS (Andrew File System) zvikumbiro uye mhinduro dzakadhindwa se:

src.sport> dst.dport: rx packet-type src.sport> dst.dport: rx packet-type service call call-zita args src.sport> dst.dport: rx packet-type service answer call-zita args elvis. 7001> pike.afsfs: rx data fs call rename old fid 536876964/1/1 ".newsrc.new" new fid 536876964/1/1 ".newsrc" pike.afsfs> elvis.7001: rx data fs reply rename

Mutsara wokutanga, muto we elvis anotumira RX packet kuti iende. Iri raiva RX data packet kune fs (fileserver) service, uye ndiyo yekutanga kwepiriti yeRPC. Purogiramu yePC yaive yakatumidzwa zvakare, ine yekare yeparesi yefa yechiratidzo ye 536876964/1/1 uye yekare filename ye `.newsrc.new ', uye imwe yero yechirangaridzo id ye 536876964/1/1 uye itsva filename ye` `. newsrc '. Mukuru wepake anopindura neRPC mhinduro kune iyo zita renheyo (iyo yakabudirira, nokuti yaiva yedhipatimendi ye data uye kwete chekuvhara mapeti).

Pasi pose, dzose AFS RPCs dzinodhindwa zvishoma neRPC zita renhamba. Nyaya zhinji AFS RPCs dzine zvimwe zvemashoko akaiswa pasi (kazhinji chete 'zvinonakidza' nharo, pane imwe tsanangudzo inofadza).

Idzimiro inofanirwa kuva kuzvitsanangura, asi zvingave zvisina kubatsira kune vanhu vasingazivikanwe nekushanda kwe AFS neRX.

Kana iyo -v (verbose) mureza inopiwa kaviri, kugamuchira mapetet uye mamwe mashoko eheader zvakadhindwa, zvakadai seRX call ID, nhamba yekufonera, nhamba yekuenzanisa, nhamba ye serial, uye RX packet flags.

Kana iyo -v mureza ichipiwa kaviri, humwe ruzivo rwakadhindwa, rwakadai seRX call ID, serial number, uye RX packet flags. Izwi reMTU rekukurukurirana rakadhindwa zvakare kubva kuRX ack pakiti.

Kana iyo -v mureza ichipiwa katatu, kuchengetedzwa kwekuchengeteka uye id rebasa zvakadhindwa.

Nzira dzekukanganisa dzakadhindwa kuti dzisabatsire mapetete, kunze kweUbik bhakoni mapaketi (nokuti mabheti emabhesi anoshandiswa kuratidza yevhoti yevhodhi yeprobikiti yeUbik).

Cherechedza kuti zvikumbiro zveAAFS zvakakura zvikuru uye zvizhinji zvemashoko hazvingadhindwi kunze kwekuti snaplen iwedzerwa . Edza kushandisa ` -s 256 'kutarisa AFS motokari.

AFS kupindura mapakiti haatauri zvakajeka basa re RPC. Pane kudaro, tcpdump inochengetedza '`zvamazuva ano' 'zvikumbiro, uye unozvifananidza nazvo kune mhinduro uchishandisa nhamba yekufonera neIvhisi yebasa. Kana mhinduro isinganyatsotevedzeri chikumbiro chinowirirana, inogona kunge isingakanganisiki.

KIP Appletalk (DDP muDP)

Appletalk DDP packets yakaiswa muDP datagrams yakaiswa-yakaiswa uye yakashatiswa sePDP paketets (kureva kuti, mashoko ose eDP musoro anoregererwa). Ifaira /etc/atalk.names inoshandiswa kushandura appletalk net net node nhamba kumazita. Mitsara iri iri fomu ine fomu

zita renhamba 1.254 ether 16.1 icsd-net 1.254.110 ace

Mitsara miviri yokutanga inopa mazita eappletalk mitambo. Mutsetse wechitatu unopa zita remumwe munhu (mukuru wacho akaparadzaniswa kubva mumambure ne octet yechitatu munhamba - nhamba yakadzika inofanira kuva nemaeiti maviri uye nhamba yevaiti inofanira kunge ine maectet matatu.) Nhamba uye zita rinofanira kuparadzana ne whitespace (mabhii kana matsi). Ita /etc/atalk.names faira inogona kunge ine mitsetse isina ruvara kana rutsigiro rwemashoko (mitsara inotanga ne `# ').

Appletalk adresses zvakadhindwa mufananidzo:

net.host.port 144.1.209.2> icsd-net.112.220 office.2> icsd-net.112.220 jssmag.149.235> icsd-net.2

(Kana iyo /etc/atalk.names isipo kana isina mvumo yeimwe appletalk yakagadziriswa / net net, aderesi dzakadhindwa mumhando dzemufananidzo.) Muenzaniso wokutanga, NBP (DDP port 2) mumatare 144.1 node 209 iri kutumira kune chero chipi chinoteerera pachiteshi 220 chekodhi icsd node 112. Mutsara wechipiri wakangofanana kunze kwezita rose rekodhi rinozivikanwa (`office '). Mutsara wechitatu nderekutumira kubva kumahombe 235 pamusoro net net jssmag node 149 kuti iparidze pane icsd-net NBP port (chinyorwa chokuti dhidhiyo yekutambira (255) inoratidzirwa nezita rekunze risingawani nhamba yekugamuchira - nekuda kwechikonzero chakanaka kuchengetedza mazita ekunyora uye mazita ematare akasiyana mu /etc/atalk.names).

NBP (zita rinosunga protocol) uye ATP (Appletalk transaction protocol) mapeti ane zvinyorwa zvinyorwa zvinyorwa. Zvimwe zvirevo zvinongorambidza zita reprotocol (kana nhamba kana zita risina kubhadhara nokuda kweprototi) uye ukuru hwepakiti.

NBP mapetetsi akarongwa semuenzaniso unotevera:

icsd-net.112.220> jssmag.2: nbp-lkup 190: "=: LaserWriter @ *" jssmag.209.2> icsd-net.112.220: nbp-reply 190: "RM1140: LaserWriter @ *" 250 techpit.2> icsd -net.112.220: nbp-mhinduro 190: "techpit: LaserWriter @ *" 186

Mutsara wokutanga ndiro chikumbiro chekutsvaga mazita kune vashandi vemajini vanoendeswa netsitsi icsd vagari 112 uye kuparidzwa mumutsetse jssmag. Iko nbp id yeiyo yekutsvaga ndeye 190. Mutsara wechipiri unoratidza mhinduro yechikumbiro ichi (chinyorwa kuti ine id idyochete) kubva kumubati jssmag.209 inotaura kuti ine mudziyo wemichina inonzi "RM1140" yakanyoreswa pachiteshi 250. Chechitatu mutsara ndechimwe mhinduro kune chikumbiro chimwechetewo achiti host techpit ine laserwriter "techpit" yakanyoreswa pachiteshi 186.

ATP paket formatting inoratidzwa nemuenzaniso unotevera:

jssmag.209.165> helios.132: atp-req 12266 <0-7> 0xae030001 helios.132> jssmag.209.165: atp-resp 12266: 0 (512) 0xae040000 helios.132> jssmag.209.165: atp-resp 12266: 1 (512) 0xae040000 helios.132> jssmag.209.165: atp-resp 12266: 2 (512) 0xae040000 helios.132> jssmag.209.165: atp-resp 12266: 3 (512) 0xae040000 helios.132> jssmag.209.165: atp- resp 12266: 4 (512) 0xae040000 helios.132> jssmag.209.165: atp-resp 12266: 5 (512) 0xae040000 helios.132> jssmag.209.165: atp-resp 12266: 6 (512) 0xae040000 helios.132> jssmag. 209.165: atp-resp * 12266: 7 (512) 0xae040000 jssmag.209.165> helios.132: atp-req 12266 <3,5> 0xae030001 helios.132> jssmag.209.165: atp-resp 12266: 3 (512) 0xae040000 helios .132> jssmag.209.165: atp-resp 12266: 5 (512) 0xae040000 jssmag.209.165> helios.132: atp-rel 12266 <0-7> 0xae030001 jssmag.209.133> helios.132: atp-req * 12267 <0 -7> 0xae030002

Jssmag.209 anotanga kutengesa id 12266 ne helios yekutambira kuburikidza nekukumbira mapeji 8 (the `<0-7> '). Iyo nhamba ye hex pamugumo wemutsara inokosha ye `userdata 'munda mune chikumbiro.

Helios inopindura ne 8 512-byte mapetti. Iyo `: digit 'inotevera chiito chekutengeserana inopa purogiramu yekuenzanisa nhamba mumutengesi uye nhamba iri parens ndiyo yakawanda yedata iri mu packet, kusina iyo inp header. Iti * * 'pane peji 7 inoratidza kuti bitemo EOM zvakaiswa.

Jssmag.209 zvino inokumbira kuti mapeti 3 & 5 ave akadzorerwa zvakare. Helios anovatsigira zvakare jssmag.209 inobudisa mutengesi. Pakupedzisira, jssmag.209 inotanga chikumbiro chinotevera. The `* 'pachikumbiro chinoratidza kuti XO (' kamwechete ') haina kuiswa.

IP Fragmentation

Zvikamu zveInternet datagrams zvakadhindwa se

(frag id : size @ offset +) (frag id : size @ offset )

(Fomu yekutanga inoratidza kuti pane zvidimbu zvakawanda.Chipiri chinoratidza ichi ndicho chikamu chekupedzisira.)

Id iyo fragment id. Kukura ndiko kukura kwefragment (mune bytes) kusina IP header. Kuguritswa kweiyo ndiyo fragment's offset (inteste) mumutauro wepakutanga.

Icho chidimbu chizivo chinokonzerwa nechidimbu chimwe nechimwe. Chikamu chekutanga chinosanganisira yakakwirira yeprotocol header uye info frag inonyorwa mushure memashoko ekutenderera. Fragments mushure mokutanga isina yepamusoro yeprotocol musoro musoro uye iyo frag info inodhindwa mushure mokubva uye nzvimbo yaunotarisa. Somuenzaniso, pano chikamu che ftp kubva arizona.edu kune lbl-rtsg.arpa pamusoro pekubatana kwe CSNET iyo isingaoneki kusabata 576 byte datagrams:

arizona.ftp-data> rtsg.1170:. 1024: 1332 (308) ack 1 kukunda 4096 (frag 595a: 328 @ 0 +) arizona> rtsg: (frag 595a: 204 @ 328) rtsg.1170> arizona.ftp-data:. ack 1536 anowana 2560

Pane zvinhu zvishoma kuti uone apa: Kutanga, mazita ari mumutsara wechipiri haafaniri kusanganisira nhamba dzenhamba. Izvi ndechokuti mashoko eTCP protocol ose ari muzana rekutanga uye hatina hanya kuti chii chiteshi chekufambisa kana kuenzanisa nhamba apo patinonyora zvidimbu zvekare. Chechipiri, tcp kugoverana kwemashoko ari mumutsara wekutanga kunoparidzirwa sekuti pane 308 bytes yemudhi data kana, chokwadi, kune 512 bytes (308 mukutanga frag uye 204 muchipiri). Kana iwe uri kutsvaga masango mukuenzanisa nzvimbo kana kuedza kuenzanisa up acks nemapatete, izvi zvinogona kukunyengera.

Patikiti ine IP haina kuparadzanisa mureza inoratidzwa ne trailing (DF) .

Timestamps

Nokutadza, zvose zvinowanikwa mitsara zvinotungamirirwa ne timestamp. Timestamp ndiyo nguva yeawa ino iri mufomu

hh: mm: ss.frac

uye yakarurama seyeri yaawa. Timestamp inoratidza nguva iyo kernel yakatanga kuona peji. Hapana kuedza kunoshandiswa kugadzirisa nguva yakakanganiswa pakati apo iyo ethernet yerusitodhi yakabvisa paketani kubva padambo uye apo kernel inoshumira 'pakiti itsva' inopedza.

ONA DZIMWE

traffic (1C), nit (4P), bpf (4), pcap (3)

Zvinonyanya kukosha: Shandisa mutemo wevanhu ( % munhu ) kuti uone kuti murairo unoshandiswa sei pane imwe kombiyuta.