NPE
tcpdump - dump tsheb khiav ntawm lub network
SYNOPSIS
tcpdump [ -adeflnNOpqRStuvxX ] [ -c suav ]
[ -C file_size ] [ -F ntaub ntawv ]
[ -i interface ] [ -m module ] [ -r ntaub ntawv ]
[ -siv snaplen ] [ -T ntaus ] [ -U neeg siv ] [ -w daim ntawv ]
[ -E algo: daim card ] [ qhia ]
KEV POM ZOO
Tcpdump luam tawm tawm lub hau ntawm pob ntawv ntawm lub network interface uas phim cov kev qhia tawm los ntawm boolean. Nws tuaj yeem khiav nrog cov -w chij, uas ua rau nws khaws cov ntaub ntawv khaws tseg rau cov ntaub ntawv tom qab kev tshuaj xyuas, thiab / lossis nrog chij -r chij, uas ua rau nws nyeem los ntawm cov ntaub ntawv khaws tseg kom tsis txhob nyeem cov pob ntawv los ntawm lub network interface. Hauv tag nrho cov rooj sib hais, tsuas yog cov ntawv ntim uas ua piv txwv qhia tau los ntawm tcpdump .
Tcpdump yuav, yog hais tias tsis khiav nrog chij -c chij, ntxiv mus ntim khoom mus txog thaum nws raug cuam tshuam los ntawm SIGINT teeb liab (generated, piv txwv, los ntawm koj tus cim kev cuam tshuam, feem ntau tswj tau-C) lossis SIGTERM teeb liab (xws li tsim nrog tua (1) hais kom ua); yog tias khiav nrog chij -c chij, nws yuav ntes cov pob ntawv kom txog rau thaum nws raug cuam tshuam los ntawm SIGINT los yog SIGTERM teeb liab los yog tus lej ntawm cov pob ntawv tau ua tiav.
Thaum twg tcpdump finishes capturing packets, nws yuav suav cov nram qab no:
packets '' (tau txais los ntawm lim) '(lub ntsiab lus ntawm qhov no yog nyob ntawm OS uas koj nyob nraum khiav tcpdump , thiab tejzaum nws ntawm txoj kev OS tau teeb tsa - yog hais tias lub lim tau teev nyob rau ntawm cov kab hais kom ua, ntawm qee OSes nws suav packets tsis hais seb lawv tau sib luag los ntawm cov lim qhia, thiab ntawm lwm yam OS nws suav tsuas packets uas tau matched los ntawm lim qhia thiab tau tiav los ntawm tcpdump );
packets '`poob ntawm kernel' '(qhov no yog tus lej ntawm cov pob ntawv uas tau poob, vim qhov tsis muaj chaw seem, los ntawm pob ntawv ntes nyob hauv OS uas tcpdump khiav, yog OS qhia tawm cov ntaub ntawv rau cov ntawv thov; yog tias tsis yog, nws yuav raug tshaj tawm li 0).
Nyob rau hauv cov chaw haujlwm uas txhawb SIGINFO cov teeb liab, xws li BSDs, nws yuav tshaj tawm cov kev suav no thaum nws tau txais SIGINFO teeb liab (generated, piv txwv li, los ntawm koj li 'cim' tus cim, feem ntau tswj tuav) thiab tseem yuav ntxiv cov ntim pob khoom .
Cov ntaub ntawv nyeem los ntawm kev sib koom tes network yuav xav tau tias koj muaj cai tshwj xeeb:
Hauv SunOS 3.x lossis 4.x nrog NIT lossis BPF:
Koj yuav tsum tau nyeem ntawv / dev / nit los sis / dev / bpf * .
Hauv Solaris nrog DLPI:
Koj yuav tsum tau nyeem / sau ntawv mus rau lub network pseudo ntaus ntawv, xws li / dev / le . Rau tsawg kawg ib co versions ntawm Solaris, li cas los xij, qhov no tsis txaus kom cia tcpdump mus ntes tau nyob rau hauv hom suab paj nruag; ntawm cov versions of Solaris, koj yuav tsum tau ua lub hauv paus, los yog tcpdump yuav tsum tau muab tso rau setuid hauv paus, thiaj li yuav ntes tau hauv hom kev cog lus. Nco ntsoov tias, ntau tus (kab tias tag nrho) interfaces, yog tias koj tsis ntes hauv hom kev tshaj lij, koj yuav tsis pom muaj cov ntawv ntim sab nrauv, yog li kev ntes tsis tau ua hauv hom kev ua si yuav tsis yog qhov tseem ceeb.
Nyob rau hauv HP-UX nrog DLPI:
Koj yuav tsum yog hauv paus los yog tcpdump yuav tsum tau nruab setuid rau hauv paus.
Nyob rau hauv IRIX nrog snoop:
Koj yuav tsum yog hauv paus los yog tcpdump yuav tsum tau nruab setuid rau hauv paus.
Hauv Linux:
Koj yuav tsum yog hauv paus los yog tcpdump yuav tsum tau nruab setuid rau hauv paus.
Nyob rau hauv Ultrix thiab Digital UNIX / Tru64 UNIX:
Txhua tus neeg siv yuav ntes network tsheb nrog tcpdump . Txawm li cas los, tsis muaj tus neeg siv (tsis txawm tus super-neeg) yuav ntes tau hauv hom suab paj nruag ntawm ib qho interface tshwj tsis yog tias tus neeg siv super-user tau qhib kev lag luam rau hom kev siv pfconfig (8), thiab tsis muaj neeg siv (tsis txawm tus neeg siv ) yuav ntes tsis tau lub tsheb khiav tsis tau txais los ntawm lossis xa los ntawm lub tshuab ntawm ib qho interface tshwj tsis yog tias tus neeg siv super-user tau siv hom kev lag luam txhua yam ntawm kev siv pfconfig , pabcuam kev ntes zoo dua rau ntawm ib qho kev ntshe yuav tsum yog qhov kev cog lus qiv lossis hom -rau ib lub lag luam, los yog ob hom kev lag luam, yuav tsum tau qhib rau qhov kev sib tshuam ntawd.
Hauv qab BSD:
Koj yuav tsum tau nyeem ntawv / dev / bpf * .
Nyeem cov ntawv ntim cov ntawv tseg tsis tau tshwj xeeb.
XAIV
-a
Sim mus hloov cov network thiab chaw nyob tawm mus rau cov npe.
-c
Tawm tom qab tau txais cov pob ntawv suav .
-C
Ua ntej sau cov pob ntawv nyoos mus rau ib tug savefile, xyuas seb cov ntaub ntawv puas tam sim no loj tshaj file_size thiab, yog tias muaj, kaw qhov savefile tam sim no thiab qhib ib lub tshiab. Savefiles tom qab thawj savefile yuav muaj lub npe teev nrog -w chij, nrog ib tug xov tooj tom qab nws, pib ntawm 2 thiab ntxiv upward. Cov chaw ntawm file_size yog lab tus bytes (1,000,000 bytes, tsis 1.048,576 bytes).
-d
Muab pov tseg cov ntawv sau ua cov ntawv ua ke nyob rau hauv ib daim ntawv nyeem tib neeg kom tso zis thiab tso tseg.
-dd
Pob tseg pob ntawv-txuam cai ua ib qho kev poob haujlwm C.
-ddd
Pob tseg pob ntawv-txuam cai ua zauv zauv (preceded nrog ib tug suav).
-e li
Sau cov hlua txuas rau txhua pob tseg.
-E
Siv algo: zais cia rau decrypting IPsec ESP pob ntawv. Algorithms tej zaum yuav yog -cbc , 3des-cbc , blowfish-cbc , rc3-cbc , cast128-cbc , los yog tsis muaj . Lub neej ntawd tsis yog -cbc . Lub peev xwm los txhim kho pob ntawv tsuas yog tam sim no yog tcpdump tau muab tso ua ke nrog cov ntaub ntawv khov kho tau. zais cia cov ntawv nyeem ascii rau ESP zais cia qhov tseem ceeb. Peb tsis tuaj yeem siv qhov kev cai binary arbitrary tam sim no. Cov kev xaiv xav tias RFC2406 ESP, tsis yog RFC1827 ESP. Qhov kev xaiv no tsuas yog siv debugging xwb, thiab kev siv qhov kev xaiv no nrog qhov tseeb 'zais' yuam kev poob siab. Los ntawm kev nthuav qhia IPsec zais cia rau hauv txoj kab kev hais kom ua koj yuav pom nws rau lwm tus, ntawm ps (1) thiab lwm zaus.
-f
Sau cov ntawv 'txawv teb chaws' ntau dua li cov cim (qhov kev xaiv no yog tsim los ntawm lub paj hlwb loj hauv Sun lub yp server --- feem ntau nws hangs txhais lus tsis yog hauv zos tus xov tooj).
-F
Siv cov ntaub ntawv raws li cov tswv yim rau qhov kev qhia lim. Ib qho kev qhia ntxiv ntawm cov kab hais kom ua raug tsis lees paub.
-i
Mloog hauv interface . Yog hais tias tsis paub meej, tcpdump tshawb cov qauv hauv daim ntawv teev npe rau tus xov tooj qis dua, teeb tsa nruab nrab (tsis suav cov loopback). Ties yog tawg los ntawm kev xaiv qhov ntxov tshaj plaws match.
Hauv Linux tshuab nrog 2.2 los sis tom qab kernels, ib qho kev sib cav ntawm '`muaj' 'yuav siv los ntes packets los ntawm tag nrho cov interfaces. Nco ntsoov tias captures ntawm lub 'twg' lub cuab yeej yuav tsis ua nyob rau hauv promiscuous hom.
-l
Ua stdout kab buffered. Pab tau yog tias koj xav pom cov ntaub ntawv thaum koj ntes nws. Xws li,
`` tcpdump -l | tee dat '' los yog `tcpdump -l> dat & tail -f dat ''.
-m
Load SMI MIB module txhais ntawm cov ntaub ntawv module . Qhov kev xaiv no siv tau ob peb zaug los thauj ntau MIB modules rau hauv tcpdump .
-n
Tsis txhob hloov siab hloov chaw rau cov npe. Qhov no yuav siv tau kom tsis txhob muaj DNS lookups.
-nn
Tsis txhob hloov cov txheej txheem thiab chaw nres nkoj thiab lwm yam.
-N
Tsis txhob sau cov npe ntawm cov npe ntawm cov npe ntawv. Piv txwv li, yog tias koj muab cov cim no ces tcpdump yuav luam '`nic' 'es tsis txhob' nic.ddn.mil ''.
-Ob
Tsis txhob khiav cov pob ntawv hloov txoj kev xaiv. Qhov no tsuas pab tau koj yog tias koj xav tau ib qho kab hauv qhov zoo tshaj plaws.
-p
Tsis txhob muab lub nruab rau hauv hom kev sib tw. Nco ntsoov tias lub interface yuav nyob hauv hom suab paj nruag rau qee yam yog vim li cas; qhov no, '-p' yuav siv tsis tau ua ib lo lus luv luv rau 'ether party {local-hw-addr} los yog ether broadcast'.
-q
Yooj yim (tso nrig?) Tso zis. Sau cov ntaub ntawv tsawg dua cov txheej txheem tso tawm cov kab zis yog luv dua.
-R
Cia siab tias ESP / AH packets yuav ua raws li qhov qub kev qhia (RFC1825 mus rau RFC1829). Yog hais tias teev, tcpdump yuav tsis sau cov kab tawm teb chaws replay. Txij li tsis muaj cov txheej txheem version field hauv ESP / AH specification, tcpdump yuav tsis deduce cov version ntawm ESP / AH raws tu qauv.
-r
Nyeem cov ntawv sau los ntawm cov ntaub ntawv (uas tau tsim muaj nrog txoj cai -w). Txuj kev tawm tswv yim yog siv cov ntaub ntawv yog `` - ''.
-S
Sau tsis meej, es tsis yog tus txheeb ze, TCP cov naj npawb sib lawv liag.
-S
Snarf snaplen bytes ntawm cov ntaub ntawv los ntawm txhua pob ntawv es tsis yog lub neej ntawm 68 (nrog SunOS tus NIT, qhov tsawg kawg yog ua tau 96). 68 bytes txaus rau IP, ICMP, TCP thiab UDP, tiam sis tej zaum yuav siv cov ntaub ntawv los ntawm cov npe neeg rau zaub mov thiab NFS packets (saib hauv qab). Cov ntaub ntawv muab faib ua ke vim tias muaj kev txwv tsawg kawg nkaus uas tau muab tso rau hauv qhov tso tawm nrog '`[| | proto ] '', qhov twg proto yog lub npe ntawm tus txheem raws li lub sijhawm uas muaj qhov truncation tau tshwm sim. Nco ntsoov tias kev noj cov koob tshuaj loj dua tuaj yeem ua rau lub sijhawm nws yuav siv sij hawm rau cov txheej txheem thiab, txo, cov nqi ntawm pob ntawv ywv. Qhov no yuav ua rau cov pob ntawv poob. Koj yuav tsum tsis txhob pub tsawg tshaj tus naj npawb uas yuav ntes koj raws li cov lus qhia uas koj xav tau.
-T
Force packets xaiv los ntawm " kev qhia " los txhais tau cov lus qhia meej. Cov nquag hu ua cnfp (Cisco NetFlow raws tu qauv), rpc (Cov Kev Sib Txuas Cov Kev Tiv Thaiv), rtp (Daim Ntawv Teev Npe Tshuaj Tiag), rtcp (Cov Ntawv Teev Txog Kev Siv Tim Tiag), snmp (Kev Tswj Tawm Raws Yoo Network), Vat (Visual Audio Tool ), thiab wb (faib Pawg Neeg Dawb).
-t
Tsis txhob sau ib daim timestamp rau ntawm txhua pob tseg.
-tawm
Sau ib daim ntawv pov thawj rau ntawm txhua lub pob tseg.
-U
Txo cov cai hauv paus thiab hloov cov neeg siv ID rau cov neeg siv thiab pab pawg neeg ID rau cov pab pawg neeg siv .
Lus Cim! Red Hat Linux yeej dauv cov cai rau tus neeg siv 'pcap' 'yog tias tsis muaj ib yam twg teev.
-tejt
Sau cov lus sib tw (hauv vib voog) hla kab tam sim no thiab yav dhau los ntawm txhua kab hauv pob.
-taub
Sau ib daim timestamp rau hauv hom ntawv ua ntej dhau los ntawm hnub ntawm txhua pob tseg.
-u
Sau cov lag luam tsis muaj NFS.
-v
(Slightly ntau) verbose cov zis. Piv txwv, lub sij hawm los nyob, cim, cim ntev thiab kev xaiv hauv IP packet raug luam tawm. Kuj tseem muaj peev xwm ntxiv cov ntaub ntawv ntim cov tshev xws li kuaj cov IP thiab ICMP header checksum.
-vv
Txawm tias ntau tshaj tawm cov lus qhia. Piv txwv, ntxiv cov ntawv sau tau los ntawm NFS cov ntawv teb lus, thiab SMB packets tau tag nrho kev daws teeb meem.
-vvv
Txawm tias ntau tshaj tawm cov lus qhia. Piv txwv, telnet SB ... SE xaiv tau luam tawm tas nrho. Nrog -x telnet xaiv yog luam tawm hauv hex li zoo.
-w
Sau cov pob ntawv nyoos kom txhob ua ntau dua li parsing thiab luam tawm lawv. Lawv tuaj yeem muab luam tawm nrog -r xaiv. Txo cov zis yog siv cov ntaub ntawv yog `` - ''.
-x
Sau txhua pob ntawv (rho tawm nws cov kab sib txuas hauv qib) nyob rau hauv hex. Cov me me ntawm tag nrho pob ntawv los yog snaplen bytes yuav muab luam tawm. Nco ntsoov tias qhov no yog tag nrho cov pob ntawv txuas, tag nrho rau cov txheej txuas (xws li Ethernet), padding bytes tseem yuav muab luam tawm thaum txheej pob ntawv dua yog luv dua li qhov yuav tsum tau padding.
-X
Thaum luam ntawv hex, luam ascii dhau. Yog li yog -x tseem teem caij, pob ntawv luam tawm hauv hex / ascii. Qhov no yog ib qho zoo heev rau kev txheeb xyuas cov txheej txheem tshiab. Txawm tias -x tseem tsis tau teev, qee qhov ntawm qee cov pob ntawv yuav raug luam tawm hauv hex / ascii.
kev qhia
xaiv cov khoom ntim twg yuav raug pov tseg. Yog tias tsis muaj cov lus qhia , tag nrho cov pob ntawv hauv net yuav muab pov tseg. Txwv tsis pub, tsuas yog cov ntawv ntim rau qhov kev qhia yog 'tseeb' mam muab pov tseg.
Cov kev qhia muaj ib los yog ntau qhov primitives. Primitives feem ntau muaj xws li daim ID (lub npe los sis tus naj npawb) ua ntej los ntawm ib tug los yog ntau tus neeg quali fi cient. Muaj peb hom kev sib tw:
hom
qualifiers hais dab tsi tshaj plaws tus id npe lossis tus xov tooj xa mus rau. Cov hom tau ua yog tswv tsev , lub vas thiab qhov chaw nres nkoj . Piv txwv, 'host foo', 'net 128.3', 'chaw nres nkoj 20'. Yog tias tsis muaj hom kev ntaus nqi, tus tswv yog assumed.
dir
qualifiers qhia meej txog kev xa mus rau thiab / los yog ntawm tus ID . Cov lus qhia tau yog src , dst , src lossis dst thiab src thiab dst . Piv txwv li, 'src foo', 'dst net 128.3', 'src lossis dst port ftp-data'. Yog hais tias tsis muaj cov qual qualifier, src lossis dst assumed. Rau 'tsis tau' txuas cov khaubncaws sab nraud povtseg (piv txwv li taw tes rau cov ntsiab lus taw kev xws li ntawv tso) cov kev siv tawm hauv lub cev thiab tawm sab nraud tuaj yeem siv los qhia meej txog yam xav tau.
proto
qualifiers txwv qhov kev sib tw rau ib qho kev cai. Cov duab tau zoo yog: ether , fddi , tr , ip , ip6 , arp , rarp , decnet , tcp thiab udp . Piv txwv li, 'ether src foo', 'arp net 128.3', 'tcp port 21'. Yog tias tsis muaj ib tug neeg muaj feem xyuam nrog proto, tag nrho cov kev cai muaj raws nraim nrog hom ua ke. Piv txwv li, 'src foo' txhais tau hais tias '(ip lossis arp lossis rarp) src foo' (tshwj tsis yog tom kawg tsis yog txoj cai syntax), 'net bar' txhais tias '(ip lossis arp lossis rarp) net bar' thiab 'port 53' txhais tau tias '(tcp los yog udp) chaw nres nkoj 53'.
["fddi" yog ib qho kev cai rau 'ether'; tus parser kho lawv zoo ib yam li lub ntsiab lus 'theem txuas ntawm kev siv network interface.' 'FDDI headers muaj xws li Ethernet zoo li cov chaw thiab chaw nyob, thiab feem ntau muaj cov pob khoom zoo li Ethernet, ces koj yuav lim rau cov FDDI liaj teb cia li nrog rau qhov sib txawv Ethernet liaj teb. FDDI headers kuj muaj lwm cov hauj lwm, tab sis koj tsis tuaj yeem hais lawv meej meej rau hauv lub lim tiam.
Zoo sib xws, 'tr' yog ib qho kev cai rau 'ether'; cov nqe lus dhau los cov lus hais txog FDDI headers kuj siv tau rau Token Nplhaib taub hau.]
Ntxiv rau cov lus saum toj no, muaj qee cov ntsiab lus 'txheej thaum ub' uas tsis ua raws li tus qauv: lub qhov rooj , kev tshaj tawm , cov kab lus, tsawg dua , thiab ntau ntxiv . Tag nrho cov no tau piav qhia hauv qab no.
Ntau txoj kev lim cov kab lus tau ua los ntawm kev siv cov lus thiab , los yog thiab tsis txhob muab cov khoom primitives ua ke. Piv txwv li, 'foo host thiab tsis chaw nres nkoj ftp thiab tsis chaw nres nkoj ftp'. Kom txuag tau ntaus ntawv, cov npe uas zoo li qub yuav raug rho tawm. Piv txwv li, 'tcp dst chaw nres nkoj ftp los yog ftp-cov ntaub ntawv los yog sau' yog raws nraim tib yam li 'tcp dst chaw nres nkoj ftp los yog tcp dst port ftp-cov ntaub ntawv los yog tcp dst port'.
Cov txiaj ntsim zoo tshaj yog:
dst party party
Muaj tseeb yog tias IPv4 / v6 lo lus chaw ntawm pob ntawv yog tus tswv , uas yog ib qho chaw nyob lossis ib lub npe.
src party party party
Yeej yog tias IPv4 / v6 qhov chaw ntawm pob ntawv yog tus tswv .
party party
Muaj tseeb yog tias IPv4 / v6 qhov chaw los sis lo lus uas peb muaj ntawm pob ntawv yog tus tswv . Ib qho ntawm cov saum toj no cov kab lus saum toj no tuaj yeem npaj ua ntej nrog cov keywords, ip , arp , rarp , los yog ip6 xws li hauv:
ip party party partyuas yog sib npaug rau:
ether proto \ ip thiab party party partyYog tus tswv tsev yog ib lub npe nrog ntau tus IP chaw nyob, txhua qhov chaw nyob yuav raug xyuas rau ib qho kev sib tw.
ether dst ehost
Muaj tseeb yog qhov chaw nyob ntawm ethernet yog ehost . Lus hauv no teb Tus tsiaj ntawv yuav tsum yog ib lub npe ntawm / etc / ethers los yog tus nab npawb (saib cov kab lus (3N) rau hom ntawv numeric).
ether src ehost
Muaj tseeb yog tias ethernet qhov chaw nyob yog ehost .
ether party ehost
Yeej muaj tseeb yog tias qhov chaw ntawm ethernet los yog chaw nyob yog ehost .
rooj vag nkag tsev
Muaj tseeb yog tias pob ntawv siv tswv yim ua ib lub rooj vag. Xws li, ethernet los yog chaw nyob lo lus chaw yog tus tswv tsev , tiam sis tsis yog tus IP qhov chaw los yog IP lo lus uas peb tau ua . Tus tswv tsev yuav tsum yog ib lub npe thiab yuav tsum tau pom ob qho tib si los ntawm lub tshuab cov tswv yim-lub npe-rau-IP-chaw daws teeb meem (tus tswv tsev lub npe, DNS, NIS, thiab lwm yam.) Thiab los ntawm lub tshuab lub npe-rau-Ethernet chaw nyob mechanism (/ etc / ethers, thiab lwm yam). (Qhov sib npaug ua yog
ether party ehost thiab tsis host partyuas yuav siv tau nrog cov npe los yog cov zauv rau host / ehost .) No syntax tsis ua hauj lwm hauv IPv6 enabled configuration tam sim no.
dst net net
Tseeb yog qhov chaw IPv4 / v6 chaw nyob ntawm pob ntawv muaj ib tug naj npawb ntawm cov naj npawb. Net yuav yog ib lub npe ntawm / etc / networks lossis tus naj npawb network (saib cov naj npawb (4) kom paub meej).
src net net
Tseeb yog tias IPv4 / v6 qhov chaw nyob ntawm cov pob ntawv muaj ib tug naj npawb ntawm cov naj npawb.
net net
Tseeb yog tias IPv4 / v6 qhov chaw los sis lo chaw nyob ntawm cov pob ntawv muaj ib tug naj npawb ntawm cov naj npawb.
net net npog netmask
Yeej muaj tseeb yog qhov chaw tus IP ntais cov net nrog lub netmask . Tej zaum yuav tsim nyog nrog src los yog dst . Nco ntsoov tias qhov no syntax tsis siv rau IPv6 net .
net net / len
Muaj tseeb yog tias IPv4 / v6 qhov chaw sib txuas nrog netmask len bits dav. Tej zaum yuav tsim nyog nrog src los yog dst .
chaw nres nkoj chaw nres nkoj
Muaj tseeb yog tias pob ntawv yog ip / tcp, ip / udp, ip6 / tcp los yog ip6 / udp thiab muaj ib qhov chaw nres nkoj nqis ntawm chaw nres nkoj . Qhov chaw nres nkoj yuav yog ib tug xov tooj los yog ib lub npe siv / lwm yam / kev pabcuam (saib tcp (4P) thiab udp (4P)). Yog tias siv lub npe, tag nrho cov chaw nres nkoj naj npawb thiab cov ntawv pov thawj raug kuaj. Yog tias tus naj npawb los yog lub npe tsis meej, siv tus naj npawb chaw nres nkoj tsuas yog kos (xws li, dst port 513 yuav sau ob qho tcp / login tsheb thiab udp / leej twg tsheb, thiab qhov chaw nres nkoj sau yuav sau ob tcp / domain thiab udp / domain tsheb).
src chaw nres nkoj chaw nres nkoj
Muaj tseeb yog tias pob ntawv muaj qhov chaw nres nkoj tus nqi ntawm qhov chaw nres nkoj .
chaw nres nkoj chaw nres nkoj
Muaj tseeb yog tias qhov chaw los yog lo lus chaw nres nkoj ntawm pob ntawv yog qhov chaw nres nkoj . Ib qho ntawm kab lus saum toj saud lus tuaj yeem npaj ua ntej nrog cov keywords, tcp lossis udp , xws li hauv:
tcp src chaw nres nkoj chaw nres nkojuas ntais nkaus xwb tcp pob khoom uas nws qhov chaw nres nkoj qhov chaw nres nkoj .
tsawg dua
Muaj tseeb yog tias pob ntawv muaj qhov ntev dua los yog sib npaug ntawm qhov ntev . Qhov no yog sib npaug rau:
len <= ntev .ntev dua
Muaj tseeb yog tias pob ntawv tau ntev ntev dua los yog sib npaug ntawm qhov ntev . Qhov no yog sib npaug rau:
len> = ntev .IP proto raws tu qauv
Muaj tseeb yog tias pob ntawv yog tus IP packet (saib IP (4P)) raws li cov kev cai lij choj raws tu qauv . Kev pom zoo yuav yog ib tug xov tooj los yog ib lub npe ntawm icmp , icmp6 , igmp , igrp , pim , ah , esp , vrrp , udp , los yog tcp . Nco ntsoov tias cov identifiers tcp , udp , thiab icmp tseem keywords thiab yuav tsum tau dim ntawm backslash (\), uas yog \\ hauv lub C-plhaub. Nco ntsoov hais tias qhov no txheej thaum ub tsis ua raws li kev cai lij choj lub taub hau.
ip6 proto raws tu qauv
Muaj tseeb yog tias pob ntawv yog IPv6 pob ntawv ntawm cov kev cai lij choj raws tu qauv . Nco ntsoov hais tias qhov no txheej thaum ub tsis ua raws li kev cai lij choj lub taub hau.
IP6 protochain raws tu qauv
Muaj tseeb yog tias pob ntawv yog IPv6 pob ntawv, thiab muaj cov txheej txheem header nrog hom raws tu qauv hauv nws cov kev sib txuas ntawm cov khoom siv hlau. Piv txwv,
ip6 protochain 6ntais ntawv cov IPv6 pob ntawv nrog TCP raws kev cai tswjhwm header nyob rau hauv cov ntaub ntawv sib txuas ntawm lub taub hau. Cov pob ntawv yuav muaj, piv txwv, peev xwm tshaj tawm, kev taw qhia txog kev sib tw, los yog lub plhaub raj tawm ntawm qib siab, ntawm IPv6 header thiab TCP header. BPF code emitted los ntawm no txheej thaum ub yog complex thiab tsis tau optimized los ntawm BPF optimizer chaws hauv tcpdump , ces qhov no ua tau qeeb qeeb.
IP protochain raws tu qauv
Sib npaug los ntawm kev cai lij choj ip6 protochain , tab sis qhov no yog rau IPv4.
ether tshaj tawm
Muaj tseeb yog tias pob ntawv yog ib qho kev tshaj tawm hauv ethernet. Lub ntsiab lus tseem ceeb ntawm koj lub npe yog nyob ntawm koj xaiv.
IP tshaj tawm
Muaj tseeb yog tias pob ntawv yog ib pob IP packet. Nws saib xyuas rau tag nrho ob qho tagnrho-zeroes thiab tag nrho cov uas tau tshaj tawm cov rooj sib tham, thiab saib cov xov tooj hauv lub npav sab nraud.
ether multicast
Muaj tseeb yog tias pob ntawv yog ib qho chaw ua ntau yam hauv ethernet. Lub ntsiab lus tseem ceeb ntawm koj lub npe yog nyob ntawm koj xaiv. Qhov no yog qhov sib txig rau ' ether [0] & 1! = 0 '.
IP multicast
Muaj tseeb yog tias pob ntawv yog ib pob IP ntau pob.
ip6 multicast
Muaj tseeb yog tias pob ntawv yog ib pob IPv6 multicast.
ether proto raws tu qauv
Muaj tseeb yog tias pob ntawv yog ntawm cov txheej txheem ntawm ether. Cov kev cai yuav yog ib tus xov tooj los yog ib lub npe ntawm ip , ip6 , arp , rarp , atalk , aarp , decnet , sca , lat , mopdl , moprc , iso , stp , ipx , los yog netbeui . Nco ntsoov cov identifiers no tseem keywords thiab yuav tsum tau dim ntawm ntawm backslash (\).
[FDDI Protocol ] thiab Token Nplhaib (xws li, raws tu qauv ntawm kev sib cav ), rau feem ntau ntawm cov kev cai lij choj, kev tiv thaiv kev sib txuas lus yog los ntawm 802.2 Logical Link Control (LLC) header, uas yog feem ntau yog tso rau saum FDDI lossis Token Ring header.
Thaum teev cov ntaub ntawv pov thawj feem ntau ntawm tus FDDI lossis Token Ring, tcpdump checks tsuas yog tus tswv ntawm ID ntawm lub koom haum LLC ntawm SNAP hom ntawv nrog koom haum Identifier (OUI) ntawm 0x000000, rau encapsulated Ethernet; nws tsis xyuas seb qhov pob ntawv yog nyob rau hauv SNAP hom ntawv nrog OUI ntawm 0x000000.
Cov kev zam yog iso , uas nws tshawb xyuas DSAP (Cov Hom phiaj Chaw Taw Qhia) thiab SSAP (Qhov Chaw Pabcuam Access Point) ntawm cov LLC header, stp thiab netbeui , qhov twg nws tshawb xyuas DSAP lub header LLC, thiab qhov chaw nyob, cov tshev mis rau SNAP-txheej pob ntawv nrog OUI ntawm 0x080007 thiab Appletalk etype.
Hauv Ethernet, tcpdump checks Ethernet hom teb rau feem ntau ntawm cov kev cai; cov kev zam yog iso , SAP , thiab netbeui , uas nws saib xyuas rau 802.3 tus ncej thiab tom qab ntawd tshev lub Tuam Tsev LLC li nws ua rau FDDI thiab Token Ring, atalk , qhov twg nws tshev ob leeg rau daim ntawv thov Appletalk nyob hauv Ethernet thiab SNAP ntawv pob ntawv raws li nws ua rau FDDI thiab Token Nplhaib, aarp , qhov twg nws saib rau Appletalk ARP etype nyob hauv ib lub voj voog Ethernet los yog 802.2 SNAP thav duab nrog OUI ntawm 0x000000, thiab ipx , qhov twg nws cov tshev rau IPX nyob rau hauv tus txheej txheem Ethernet, IPX DSAP hauv LLC header, tus 802.3 nrog tsis muaj lub npe ntawm CNX encapsulation ntawm IPX, thiab IPX nyob rau hauv cov qauv SNAP.]
decnet src party
Muaj tseeb yog tias DECNET qhov chaw nyob yog host , uas yog qhov chaw nyob ntawm daim ntawv '10.123' ', lossis DECNET host name. [DECNET lub tsev teev ntuj lub npe txhawb yog tsuas muaj nyob ntawm Ultrix systems uas yog teeb tsa khiav DECNET.]
decnet dst party
Muaj tseeb yog tias DECNET lo lus chaw qhov chaw nyob yog tus tswv .
decnet party party party
Muaj tseeb yog tias DECNET qhov chaw los sis chaw nyob yog tus tswv .
ip , ip6 , arp , rarp , atalk , aarp , decnet , iso , stp , ipx , netbeui
Cov ntawv luv luv rau:
ether proto pqhov twg p yog ib qho ntawm cov txheej txheem saum toj no.
lat , moprc , mopdl
Cov ntawv luv luv rau:
ether proto pqhov twg p yog ib qho ntawm cov txheej txheem saum toj no. Lus hauv no teb Nco ntsoov tias tcpdump tsis tam sim no paub li cas parse cov kev cai no.
vlan [vlan_id]
Muaj tseeb yog tias pob ntawv yog pob IEEE 802.1Q VLAN pob ntawv. Yog hais tias [vlan_id] teev, tsuas yog qhov tseeb yog lub pob ntawv muaj qhov teev vlan_id . Ceeb toom tias thawj vlan lo lus tseem ceeb yuav tsum tau hloov hauv kev qhia tawm cov kev nplua nyiaj rau cov seem ntawm qhov kev xav ntawm lub pob ntawv yog VLAN pob ntawv.
tcp , udp , icmp
Cov ntawv luv luv rau:
ip proto p lossis ip6 proto pqhov twg p yog ib qho ntawm cov txheej txheem saum toj no.
iso proto raws tu qauv
Muaj tseeb yog tias pob ntawv yog OSI pob ntawv ntawm cov kev cai lij choj raws tu qauv . Cov kev tiv thaiv yuav yog ib tug xov tooj los yog ib lub npe clnp , esis , los yog isis .
clnp , esis , isis
Cov ntawv luv luv rau:
iso proto pqhov twg p yog ib qho ntawm cov txheej txheem saum toj no. Nco ntsoov tias tcpdump ua haujlwm tsis tiav ntawm parsing cov kev cai no.
expr relop expr
Yog hais tias qhov kev sib raug zoo, qhov chaw uas muaj kev sib raug zoo yog ib qho ntawm>>, <,> =, <=, =,! =, Thiab expr yog ib qho kev xam pom ntawm integer constants (qhia hauv standard C syntax) , -, *, /, &, |], tus neeg teb xov tooj ntev, thiab cov ntawv ntim tshwj xeeb rau cov ntaub ntawv. Kom nkag tau cov ntaub ntawv hauv cov pob ntawv, siv cov lus hauv qab no:
proto [ expr : me me ]Proto yog ib qho ntawm ether, fddi, tr, ppp, npleem, txuas, ip, arp, rarp, tcp, udp, icmp los yog ip6 , thiab qhia cov txheej txheem txheej rau qhov lag luam lag luam. ( ether, fddi, tr, ppp, npleem thiab txuas tag nrho xa mus rau txheej txheej.) Nco ntsoov tias tcp, udp thiab lwm hom txheej txheem qes hom tsuas yog siv rau IPv4, tsis yog IPv6 (qhov no yuav raug muab kho yav tom ntej). Kev txiav txim siab by byte, txheeb ze rau cov txheej txheem txheej txheem, yog muab los ntawm expr . Qhov loj me me yog qhov yeem thiab qhia txog cov naj npawb ntawm bytes hauv thaj tsam ntawm kev txaus siab; nws yuav ua tau ib qho, ob, los yog plaub, thiab sai rau ib qho. Ntev tus neeg teb xov tooj, uas yog lo lus tseem ceeb len , muab qhov ntev ntawm pob ntawv.
Piv txwv, ' ether [0] & 1! = 0 ' catches txhua lub tsheb khiav mus los. Qhov kev qhia ' ip [0] & 0xf! = 5 ' catches txhua IP packets nrog kev xaiv. Qhov kev qhia ' ip [6: 2] & 0x1fff = 0 ' catches tsuas unfragmented datagrams thiab voj zero ntawm fragmented datagrams. Daim tshev yog implicitly thov rau cov tcp thiab udp Performance index. Piv txwv, tcp [0] ib txwm txhais tau tias tus thawj byte ntawm tus TCP header , thiab yeej tsis txhais tau tias tus thawj byte ntawm ib qho kev txhim kho fragment.
Ib co offsets thiab teb qhov tseem ceeb yuav tsum yog cov npe tsis yog raws li cov kev cai numeric. Cov ntsiab lus hauv qab no yog muaj nyob hauv: icmptype (ICMP hom teb), icmpcode (ICMP chaws teb), thiab tcpflags (TCP chij teb).
Hauv qab no ICMP yam teb qhov tseem ceeb muaj: icmp-echoreply , icmp-unreach , icmp-sourcequench , icmp-redirect , icmp-echo , icmp-routeradvert , icmp-routersolicit , icmp-deburr , icmp-tstamp , icmp -tsaw , icmp-nraaj , icmp-nraug , icmp-maskreq , icmp-maskreply .
Cov nram qab no TCP chij teb qhov tseem ceeb muaj: tcp-fin , tcp-syn , tcp-rst , tcp-push , tcp-push , tcp-ack , tcp-urg .
Primitives tej zaum yuav tag nrho siv:
Ib pawg niam txiv sib koom ua ke (primexes) thiab cov neeg tsav tsheb (quas qes tshwj xeeb rau lub plhaub thiab yuav tsum tau khiav tawm).
Kev tsis txaus siab (' ! ' Lossis ' tsis ').
Concatenation (' & & ' lossis ' thiab ').
Alternation (` || 'los yog' los ').
Kev tsis txaus siab tau siab tshaj plaws. Kev hloov thiab kev sib haum xeeb muaj qhov sib npaug thiab sib nrauj mus sab xis. Nco ntsoov tias tsis meej thiab tokens, tsis juxtaposition, yog tam sim no yuav tsum tau rau concatenation.
Yog tias tus cim pom tseeb yog tsis muaj lo lus tseem ceeb, lo lus cim tseem ceeb tshaj plaws yog xav tau. Piv txwv,
tsis host vs thiab aceyog luv luv rau
tsis host vs thiab tus tswv tsev aceuas yuav tsum tsis txhob totaub nrog
tsis yog (host vs los yog ace)Kev sib cav sib cav tuaj yeem xa mus rau tcpdump raws li ib qho kev sib cav los yog ntau nqe lus, seb qhov twg yooj yim dua. Feem ntau, yog qhov qhia tau hais tias plhaub metacharacters, nws yuav yooj yim kom dhau nws li ib qho, sib cav sib cav. Ntau cov lus sib cav sib luag nrog cov chaw ua ntej parsed.
PIV TXWV
Txhawm rau sau tag nrho cov pob ntawv tuaj txog los yog tawm ntawm lub hnub poob :
tcpdump party hnub poobLos luam tawm cov tsheb khiav ntawm helios thiab cov kub los yog ace :
tcpdump party getos thiab \ (kub los yog ace \)Yuav kom luam tau tag nrho cov IP packets ntawm ace thiab cov tswj hwm los tsis tau txais:
tcpdump ip host ace thiab tsis tau txaisLos luam tag nrho cov tsheb khiav hauv zos thiab cov host hauv Berkeley:
tcpdump net ucb-etherYuav kom luam tagnrho txhua txoj hauv kev lag luam hauv internet xws li hauv Internet qhov rooj snp : (Nco ntsoov tias qhov kev qhia tau hais kom tiv thaiv tau lub plhaub los ntawm (mis-) txhais lus rau hauv kab lus):
tcpdump 'rooj vag snup thiab (chaw nres nkoj ftp lossis ftp-cov ntaub ntawv)'Txhawm rau sau cov tsheb khiav tsis tau los ntawm qhov chaw tsis muaj vaj tse (yog tias koj lub rooj vag mus rau lwm tus nqa, cov khoom no yuav tsum tsis txhob muab xa mus rau hauv koj lub zos).
tcpdump ip thiab tsis netnet hauv zosTxhawm rau pib thiab xaus packets (SYN thiab FIN packets) ntawm txhua tus sib tham TCP uas muaj ib lub koom haum tsis nyob hauv zos.
tcpdump 'tcp [tcpflags] & (tcp-syn | tcp-fin)! = 0 thiab tsis src thiab dst net localnetYuav kom sau cov pob ntawv IP ntev dua 576 bytes xa mus rau hauv lub qhov rooj snip :
tcpdump 'gateway snup and ip [2: 2]> 576'Yuav kom luam tawm cov ntawv tshaj xais IP los yog cov pob ntawv multicast uas tsis xa rau ntawm kev tshaj tawm hauv ethernet los yog multicast:
tcpdump 'ether [0] & 1 = 0 thiab ip [16]> = 224'Yuav kom luam tau tag nrho cov ICMP pob ntawv uas tsis tau txais cov lus thov / cov lus teb (piv txwv li, tsis muaj ping packets):
tcpdump 'icmp [icmptype]! = icmp-echo thiab icmp [icmptype]! = icmp-echoreply'TAWM TSAB NTAWV
Lub tso zis ntawm tcpdump yog raws tu qauv. Cov hauv qab no muab cov lus piav qhia luv luv thiab cov qauv ntawm ntau hom ntawv.
Txuas Qib Headers
Yog tias qhov kev xaiv '-e' raug muab, lub hau qib theem txuas tau luam tawm. Nyob rau ntawm tus txheejtxheem, qhov chaw thiab qhov chaw nyob, cov ntawv pov thawj, thiab pob ntawv ntev yog luam tawm.
Nyob rau FDDI tes hauj lwm, qhov '-e' option ua rau tcpdump los sau cov 'thav duab tswj' teb, qhov chaw thiab chaw nyob chaw, thiab pob ntawv ntev. Cov ntawv pob (xws li cov uas muaj cov IP datagrams) yog cov 'async' packets, nrog qhov tseem ceeb ntawm 0 thiab 7; piv txwv li, ' async4 '. packets yog assumed kom muaj 802.2 Logical Link Control (LLC) pob; LLC header yog luam tawm yog tias nws tsis yog ib qho ISO datagram lossis ib lub hnab ntawv SNAP sib tham.
Nyob rau hauv Token Nplhaib tes hauj lwm, qhov '-e' option ua rau tcpdump mus luam cov 'tswj kev tswj' thiab 'tho control' teb, qhov chaw thiab chaw nyob chaw nyob, thiab pob ntawv ntev. Xws li FDDI tes hauj lwm, cov pob ntawv xav tias yuav muaj lub pob ntawm lub npas A. Txawm tsis muaj qhov xaiv '-e' xaiv los yog tsis yog, cov ntaub ntawv qhia txog cov ntaub ntawv tseem muab luam tawm rau cov ntawv sau tawm.
(NB: Cov lus piav qhia nram qab no xav paub txog cov SLIP compression algorithm piav qhia hauv RFC-1144.)
Ntawm SLIP cov kev txuas, ib qho kev taw qhia ('Kuv' rau kev tshaj tawm, 'O' 'rau kev tshaj tawm), cov ntawv ntim khoom, thiab cov ntaub ntawv sib txuam tawm luam tawm. Cov ntawv pob ntawv sau ua ntej. Peb hom yog ip , utcp , thiab ctcp . Tsis muaj cov ncauj lus ntxiv txuas rau IP packets. Rau cov npav TCP, cov cim tus cwj pwm yog luam tawm tom qab hom. Yog hais tias lub pob ntawv tau muab khi tawm, nws cov ntawv cim npe yog sau tawm. Cov rooj plaub tshwj xeeb yog luam tawm * S + n thiab * SA + n , qhov twg n yog tus naj npawb ntawm qhov naj npawb (lossis cov naj npawb thiab ack) tau hloov. Yog tias nws tsis yog ib qho teeb meem tshwj xeeb, pes tsawg los yog ntau dua cov ntawv luam tawm. Ib qho kev hloov yog qhia los ntawm U (ceev pointer), W (qhov rai), A (ack), S (theem zauv), thiab kuv (pob ntawv ID), ua raws li tus delta (+ n lossis -n), lossis tus nqi tshiab (= n). Thaum kawg, tus nqi ntawm cov ntaub ntawv nyob rau hauv pob ntawv thiab cov nias ntawm lub dav hlau nquag tau luam tawm.
Piv txwv, cov kab hauv qab no qhia tau hais tias muaj cov ntawv ntim TCP tawm, nrog ib qho kev sib txuas ntawm implicit; lub pob txuv tau hloov los ntawm 6, tus naj npawb ntawm 49, thiab lub npav ID los ntawm 6; muaj 3 bytes ntawm cov ntaub ntawv thiab 6 bytes ntawm lub taub hau ntawm compressed:
O ctcp * A + 6 S + 49 Kuv + 6 3 (6)ARP / RARP Cov Khoom Siv
Arp / rarp tso tawm qhia tias hom lus thov thiab nws cov lus. Cov hom ntawv yog tsim los ntawm qhov tus kheej piav qhia. Ntawm no yog ib qho qauv luv luv ntawm pib ntawm lub 'rlogin' los ntawm tus tswv tsev rtsg rau tus tswv tsev csam :
leej twg-muaj csam qhia rtsg arp teb csam yog-ntawm CSAMThawj kab lus hais tias rtsg xa ib lub pob ntawv thov rau qhov chaw nyob hauv internet ntawm tus tswv tsev csam hauv ethernet. Csam teb nrog nws qhov chaw nyob hauv ethernet (hauv qhov ua piv txwv, ethernet chaw nyob hauv lub khawm thiab cov chaw nyob hauv internet hauv qab).
Qhov no yuav pom tsawg redundant yog tias peb tau ua tcpdump -n :
tus txiv neej muaj txoj cai 128.3.254.6 qhia 128.3.254.68 arp lus 128.3.254.6 yog-02: 07: 01: 00: 01:Yog tias peb tau ua tcpdump -e , qhov tseeb tias cov pob ntawv thawj yog tshaj tawm thiab tus thib ob yog point-to-point yuav pom:
RTSG tshaj tawm xov tooj cua 0806 64: tus neeg uas muaj npe hu ua rtsg CSAM RTSG 0806 64: arp teb csam yog-ntawm CSAMRau thawj pob ntawv hais tias ethernet qhov chaw nyob yog RTSG, lo lus uas peb yog qhov chaw nyob hauv ethernet, hom teb muaj hex 0806 (hom ETHER_ARP) thiab tag nrho ntev yog 64 bytes.
TCP Cov Ntawv Packets
(NB: Cov lus piav qhia nram qab no xav paub txog cov TCP raws tu qauv hauv RFC-793. Yog tias koj tsis paub txog cov qauv, tsis tau qhov kev piav qhia los yog tcpdump yuav siv ntau rau koj.)
Cov qauv ntawm kab lis kev cai tcp yog:
src> dst: chij cov ntaub ntawv-seqno ack qhov rais ceev kev xaiv Src thiab dst yog qhov chaw thiab chaw nyob IP chaw nyob thiab chaw nres nkoj. Chij yog ib co ua ke ntawm S (SYN), F (FIN), P (PUSH) los sis R (RST) los sis ib zaug xwb. (tsis muaj chij). Cov ntaub ntawv-seqno piav qhia txog qhov ntawm qhov chaw raws li cov lus hauv cov ntawv no (saib cov qauv hauv qab no). Ack yog cov kab zauv ntawm cov ntaub ntawv tom ntej no xav tau lwm yam kev taw qhia ntawm qhov kev txuas ntawd. Qhov rai yog tus naj npawb ntawm bytes uas tau txais qhov chaw tsis muaj chaw nyob rau lwm yam kev taw qhia ntawm qhov kev txuas no. Urg qhia tias muaj 'ceev' cov ntaub ntawv hauv pob ntawv. Cov kev xaiv yog cov kev xaiv tcp uas nyob rau hauv cov ces kaum (piv txwv,
Src, dst thiab chij yeej ib txwm tam sim no. Lwm cov cheeb tsam nyob ntawm seb cov khoom ntawm pob ntawv tcp kev sib txuas ntawm lub taub hau thiab cov zis yog tias tsim nyog.
Ntawm no yog qhov qhib ntawm ib qho kev sib tw ntawm tus tswv tsev rtsg mus rau tus csam party .
rtsg.1023> csam.login: S 768512: 768512 (0) yeej 4096Thawj kab lus hais tias tcp chaw nres nkoj 1023 ntawm rtsg xa ib pob ntawv mus rau qhov chaw nres nkoj nkag teb chaws ntawm csam. Tus S qhia tau hais tias lub cim CLN raug teem. Cov ntawv ntim cov naj npawb yog 768512 thiab nws tsis muaj cov ntaub ntawv. (Cov ntawv cim yog thawj zaug: xeem (nbytes) 'uas txhais tau tias' cov zauv naj npawb ua ntej tab sis tsis xam tas los uas yog nbytes bytes ntawm cov neeg siv cov ntaub ntawv '.) Muaj tsis muaj piggy-backed ack, qhov tau txais qhov rais yog 4096 bytes thiab muaj ib qho kev xaiv ntawm qhov max-segment thov ib qho kev sib sab laj ntawm 1024 bytes.
Csam teb nrog ib pob ntawv zoo ib yam tab sis nws muaj xws li piggy-backed ack rau rtsg SYN. Rtsg ces pib csam SYN. Lub '.' txhais tias tsis muaj tus chij raug teeb tsa. Cov ntawv muaj tsis muaj cov ntaub ntawv xwv thiaj li tsis muaj cov lej ntawm cov ntaub ntawv. Nco ntsoov tias tus zauv cim ua zauv yog ib qho me me (1). Thawj zaug tcpdump pom ib tcp 'sib tham', nws luam tawm cov naj npawb ntawm cov pob ntawv. Ntawm cov ntawv tom qab ntawm kev sib tham, qhov sib txawv ntawm cov pob ntawv tamsis no cov zauv thiab cov ntawv no pib sau. Qhov no txhais tau hais tias cov kab zauv qib tom qab ua ntej yuav txhais tau tias yog qhov sib txheeb ze ntawm qhov kev sib tham cov lus qhia (nrog rau cov thawj cov ntaub ntawv sau los ntawm qhov kev taw qhia yog '1'). `-S 'yuav ua kom dhau qhov feature no, yuav ua rau cov kab zauv yuavtsum tau los ua cov zauv.
Rau kab 6, rtsg xa csam 19 bytes ntawm cov ntaub ntawv (bytes 2 mus txog 20 hauv rtsg -> csam sab ntawm kev sib tham). PUSH chij yog teev nyob rau hauv pob ntawv. Nyob rau kab 7, csam hais tias nws tau txais cov ntaub ntawv xa los ntawm rtsg mus txog tiam sis tsis xam los ntawm byte 21. Feem ntau cov ntaub ntawv no yog thaj zaum hauv lub qhov rooj tsis tuaj vim csam qhov tau txais qhov rais tau txais 19 bytes me dua. Csam kuj xa ib daim ntawv los ntawm cov ntaub ntawv rau rtsg hauv phau ntawv no. Hauv kab 8 thiab 9, csam xa ob txog ntawm bytes ntawm cov ntaub ntawv ceev, thawb cov ntaub ntawv mus rau rtsg.
Yog hais tias cov snapshot tau me txaus uas tcpdump tsis ntes cov peev TCP tag nrho, nws txhais ntau li ntawm cov header li nws tau thiab ces qhia \ "[| tcp ] '' kom qhia tau tias cov seem tshuav yuav tsis txhais. Yog hais tias tus header muaj qhov xaiv kev xaiv (ib qho uas ntev npaum li cas los yog dhau qhov kawg ntawm lub hau), tcpdump qhia nws li "[ tsis zoo ]" thiab tsis txhais yam ntxiv (vim nws tsis tuaj yeem hais qhia lawv pib qhov twg). Yog hais tias tus header ntev qhia tias muaj kev xaiv tiam sis tus IP datagram ntev tsis ntev txaus rau cov kev xaiv kom ua tau muaj, tcpdump qhia nws li \ "[ tsis ncaj siab ntev ntev ] ''.
Kev ntes TCP cov ntawv ntim nrog cov cim tshwj xeeb ua ke (SYN-ACK, URG-ACK, thiab lwm yam)
Muaj 8 khoom hauv cov khoom seem ntawm cov TCP header:
CWR | ECE | URG | ACK | PSH | RST | SYN | FIN
Cia peb xav tias peb xav saib xyuas cov pob ntawv siv los tsim kom muaj kev sib txuas TCP. Nco qab tias TCP siv txoj kev tuav pov hwm 3-txoj kev tuav pov hwm thaum nws pib qhov kev txuas tshiab; qhov sib txuas sib lawv li cas nrog rau kev tswj cov khoom TCP
1) Hem xa tuaj rau SYN
2) Tus tau txais kev pabcuam teb nrog SYN, ACK
3) Neeg hu tuaj rau ACK
Tam sim no peb txaus siab rau kev ntes pob khoom uas tsuas muaj SYN me teeb (Kauj Ruam 1). Nco ntsoov tias peb tsis xav tau cov ntawv ntim ntawm Step 2 (SYN-ACK), tsuas yog ib qho pib SYN. Peb xav tau dab tsi yog qhov tseeb qhia tawm rau tcpdump .
Nco cov qauv ntawm tus TCP header tsis muaj kev xaiv:
0 153 ------------------ qhov chaw nres nkoj | destination chaw nres nkoj | ---------------------------------------- --------------- | theem zauv ---------------------------------------- --------------- | kev lees paub | ---------------------------------------- --------------- | HL | rsvd | C | E | U | A | P | R | S | F | qhov rais loj | ---------------------------------------- --------------- | TCP checksum | ceev pointer | ---------------------------------------- ---------------Ib tug TCP header feem ntau yog tuav 20 octets ntawm cov ntaub ntawv, tshwj tsis yog muaj kev xaiv. Thawj kab ntawm daim duab muaj cov cim octets 0 - 3, kab thib ob qhia tias octets 4 - 7 thiab lwm yam.
Pib suav nrog 0, cov khoom TCP tiv thaiv cov khoom muaj nyob rau hauv octet 13:
0 7 | 15 | 23 | 31 ---------------- | --------------- | --------------- | ---------------- | HL | rsvd | C | E | U | A | P | R | S | F | qhov rais loj | ---------------- | --------------- | --------------- | - --------------- | | 13th octet | | |Cia peb muaj ib lub sijhawm zoo saib octet tsis muaj. 13:
| | | --------------- | | C | E | U | A | P | R | S | F | | --------------- | 7 5 3 0 |Cov no yog cov khoom noj khoom hauv TCP uas peb xav tau. Peb tau muab cov khoom rau hauv cov ntawv nyeem no los ntawm 0 mus rau 7, sab laug, yog li PSH me ntsis yog tus naj npawb 3, thaum URG ntsis yog tus naj npawb 5.
Rov qab hais tias peb xav ntes pob khoom nrog SYN teeb tsa. Wb saib ua li cas rau octet 13 yog hais tias ib tus TCP datagram tuaj nrog SYN ntsis teev nyob rau hauv nws cov header:
| C | E | U | A | P | R | S | F | | --------------- | 0 0 0 0 0 0 0 0 0 | --------------- | 7 6 5 4 3 2 1 0 |Saib ntawm cov khoom seem hauv seem peb pom hais tias tsuas tshuav tus naj npawb 1 (SYN).
Piv txwv tias octet naj npawb 13 yog 8-ntsis unsigned integer hauv network byte order, tus nqi binary ntawm no octet yog
00000010
thiab nws cov duab sawv cev yog decimal
7 6 5 4 3 2 1 0 0 * 2 + 0 * 2 + 0 * 2 + 0 * 2 + 0 * 2 + 0 * 2 + 1 * 2 + 0 * 2 = 2Peb twb yuav luag ua, vim tias tam sim no peb paub tias tsuas yog SYN teeb, tus nqi ntawm 13th octet nyob hauv lub TCP header, thaum txhais ua 8-ntsis unsigned integer nyob hauv kev txiav txim network, yuav tsum yog raws nraim 2.
Qhov kev sib raug zoo no yuav hais tau tias yog
tcp [13] == 2
Peb tuaj yeem siv qhov kev qhia no ua lub lim rau tcpdump thiaj li saib xyuas cov pob ntawv uas tsuas muaj SYN teeb:
tcpdump -i xl0 tcp [13] == 2
Cov lus hais tias "cia lub 13th octet ntawm ib TCP datagram muaj tus nqi zauv 2", uas yog qhov peb xav tau.
Tam sim no, cia peb xav tias peb yuav tsum ntes SYN packets, tab sis peb tsis care yog ACK los yog lwm yam kev sib txuas lus TCP me ntsis tib lub sijhawm. Cia saib dab tsi tshwm sim rau cov octet 13 thaum ib TCP datagram nrog SYN-ACK teem tuaj txog:
| C | E | U | A | P | R | S | F | | --------------- | 0 0 0 1 0 0 1 0 | | --------------- | 7 6 5 4 3 2 1 0 |Tam sim no cov khoom 1 thiab 4 muaj teev nyob rau hauv 13th octet. Tus nqi binary ntawm octet 13 yog
00010010
uas txhais rau decimal
7 6 5 4 3 2 1 0 0 * 2 + 0 * 2 + 0 * 2 + 1 * 2 + 0 * 2 + 0 * 2 + 1 * 2 + 0 * 2 = 18Tam sim no peb tsis cia li siv 'tcp [13] == 18' nyob rau hauv lub tcpdump lim qhia, vim tias yuav xaiv cov packets uas muaj SYN-ACK teeb, tab sis tsis yog cov uas tsuas yog SYN teeb. Nco ntsoov tias peb tsis quav ntsej yog tias ACK lossis lwm qhov kev tswj xyuas me ntsis yog qhov teem caij ntev li SYN.
Yuav kom ua tiav peb lub hom phiaj, peb yuav tsum tau logically THIAB tus nqi binary ntawm octet 13 nrog ib co lwm nqi kom ceev SYN ntsis. Peb paub tias peb xav kom SYN tuaj yeem tsim nyob rau hauv txhua qhov teeb meem, yog li peb mam li paub thiab tus nqi nyob rau hauv 13th octet nrog tus nqi binary ntawm SYN:
00010010 SYN-ACK 00000010 SYN THIAB 00000010 (peb xav SYN) THIAB 00000010 (peb xav SYN) -------- -------- = 00000010 = 00000010Peb pom tias qhov no thiab kev khiav haujlwm muab kev pab cuam tib yam tsis hais seb ACK lossis lwm tus TCP tswj me ntsis lawm. Lub decimal sawv cev ntawm tus nqi THIAB THIAB thiab cov txiaj ntsim ntawm txoj haujlwm no yog 2 (binary 00000010), yog li peb paub tias cov pob ntawv nrog SYN tsim cov lus nram qab no yuav tsum muaj tseeb:
((tus nqi ntawm octet 13) THIAB (2)) == (2)
Cov ntsiab lus no peb rau tcpdump lim qhia
tcpdump -i xl0 'tcp [13] & 2 == 2'
Nco ntsoov tias koj yuav tsum tau siv ib qho quotes los yog ib tug backslash hauv qhov kev qhia mus nkaum qhov THIAB (& &) tshwj xeeb tus cim los ntawm lub plhaub.
UDP Cov Ntawv Packets
UDP hom ntawv yog qhia los ntawm pob ntawv no:
actinide.who> broadcast.who: udp 84Qhov no hais tias qhov chaw nres nkoj uas tus tswv tsev ua actinide xa ib tug udp datagram mus rau qhov chaw nres nkoj uas muaj kev tshaj tawm hauv lub xov tooj , hauv Internet chaw nyob. Cov ntawv ntim muaj 84 bytes ntawm cov neeg siv cov ntaub ntawv.
Qee cov kev pabcuam UDP raug lees paub (los ntawm qhov chaw lossis qhov chaw nres nkoj ntawm chaw nres tsheb) thiab cov ntaub ntawv povthawj siab dua cov ntaub ntawv luam tawm. Qhov tshwj xeeb, Cov Kev Pom Dej Num Lub Npe (RFC-1034/1035) thiab Kev RPC Hu (RFC-1050) mus rau NFS.
UDP Lub Npe Thov Kev Pab
(NB: Cov lus piav qhia nram qab no yog paub txog Tooj Haujlwm Pabcuam Tiv Thaiv (Domain Service Protocol) hauv RFC-1035. Yog tias koj tsis paub cov qauv, cov lus piav qhia nram no yuav sau rau hauv Greek.)
Lub npe neeg thov kev pabcuam raug teeb tsa
src> dst: id kev? chij qtype qclass lub npe (len) h2opolo.1538> helios.domain: 3+ A? ucbvax.berkeley.edu. (37)Host h2opolo nug tus neeg rau zaub mov ntawm cov ntawv sau npe ntawm qhov chaw nyob (qtype = A) nrog rau lub npe ucbvax.berkeley.edu. Cov lus nug tus id yog '3'. Lub '+' qhia tias tus chij rov qab xav tau teeb. Cov lus nug ntev yog 37 bytes, tsis suav nrog UDP thiab IP raws kab lus. Cov lus nug kev lag luam yog qhov ib qho, Lus nug , yog li ntawm qhov teb op yog rho. Yog hais tias tus op tau lwm yam, nws xav tau luam ntawm lub '3' thiab cov '+'. Zoo sib xws, lub qclass yog qhov ib txwm, C_IN , thiab tshem tawm. Lwm cov qclass yuav tau muab luam tawm tam sim ntawd tom qab lub 'A'.
Ob qho no yuav raug kuaj xyuas thiab yuav ua rau muaj ntau ntxiv nyob rau hauv cov phiaj xwm square: Yog tias cov lus nug muaj cov lus teb, cov ntaub ntawv ceev xwm txheej los yog cov ntaub ntawv teev npe ntxiv, cov nyiaj hli , cov khoom tsis muaj , lossis cov nqi khwv tau muab luam tawm ua "[ n ]]," [n ] 'lossis' [au] 'nyob qhov twg n yog qhov suav hais tias tsim nyog. Yog tias ib qho ntawm cov lus teb raug teeb tsa (AA, RA los yog rcode) lossis ib qho ntawm 'yuav tsum tau xoom' cov khoom yuav muab tso rau hauv bytes ob thiab peb, '[b2 & 3 = x ]' luam tawm, qhov x yog qhov nqis ntawm header bytes ob thiab peb.
UDP Lub Tuam Thawj Saib Kev Tawm
Lub npe cov lus teb rau cov lus teb tau muab teev tseg
src> dst: tus npauj npav ntawm cov npav / n / au hom ntaub ntawv (len) getos.domain> h2opolo.1538: 3 3/3/7 A 128.32.137.3 (273) helios.domain> h2opolo.1537: 2 NXDomain * 0/1/0 (97)Nyob rau hauv thawj piv txwv, helios teb rau cov lus nug id 3 ntawm h2opolo nrog 3 cov lus teb teb, 3 lub npe neeg rau zaub mov thiab 7 cov ntaub ntawv ntxiv. Thawj cov lus teb yog A (chaw nyob) thiab nws cov ntaub ntawv yog qhov chaw nyob hauv internet 128.32.137.3. Tag nrho qhov loj ntawm cov lus teb yog 273 bytes, tsis suav UDP thiab IP headers. Lub op (Query) thiab cov lus teb (NoError) tau rho tawm, raws li yog hoob kawm (C_IN) ntawm cov ntaub ntawv A.
Hauv ob qho piv txwv, helios teb rau cov lus nug 2 nrog ib lo lus teb ntawm tus neeg tsis muaj txoj cai (NXDomain) tsis muaj cov lus teb, ib lub npe neeg rau zaub mov thiab tsis muaj ntaub ntawv tso cai. Lub '*' qhia tias cov lus teb me ntsis yog teeb. Txij thaum tsis muaj lus teb, tsis muaj hom, kawm ntawv lossis cov ntaub ntawv raug muab luam tawm.
Lwm cov cim chij uas tshwm sim yog '-' (recursion available, RA, tsis teeb) thiab '|' (lus tshaj tawm, TC, teeb). Yog tias cov lus nug 'tsis muaj tseeb' nkag, '[q] luam tawm.
Nco ntsoov tias lub npe neeg rau zaub mov thov thiab cov lus teb yuav yog qhov loj thiab lub neej ntawd snaplen ntawm 68 bytes tej zaum yuav tsis ntes txaus rau pob ntawv luam tawm. Siv tus chij - chij kom tau qhov snaplen yog tias koj xav tau los soj ntsuam lub npe neeg rau npe. ` -s 128 'tau ua haujlwm zoo rau kuv.
SMB / CIFS seev suab
tcpdump tam sim no suav nrog SMB / CIFS / NBT seev suab rau cov ntaub ntawv ntawm UDP / 137, UDP / 138 thiab TCP / 139. Qee cov lus cim tseg ntawm IPX thiab NetBEUI SMB cov ntaub ntawv kuj ua tiav.
Los ntawm kev ua neej tsis txaus ntseeg me me, qhov kev txiav txim xyuas ntau dua yog ua li cas -v siv. Tau ceeb toom tias nrog -tau ib zaug SMB pob ntawv yuav nqa tau ib nplooj ntawv los yog ntau dua, tsuas yog siv siv-v yog tias koj xav tau txhua yam ntaub ntawv.
Yog hais tias koj yog hais lus SMB zaug uas muaj unicode cov hlua ces koj yuav xav teem ib lub chaw txawv USE_UNICODE rau 1. Ib thaj rau nws pib-ntes unicode srings yuav tau txais tos.
Yog xav paub txog cov ntaub ntawv SMB cov ntaub ntawv thiab txhua qhov chaw ua haujlwm saib www.cifs.org lossis pub / samba / specs / directory ntawm koj nyiam samba.org iav qhov chaw. SMB thaj ua rau thaj raug sau los ntawm Andrew Tridgell (tridge@samba.org).
NFS thov thiab lus teb
Hnub NFS (Network Cov Ntaub Ntawv System) cov lus thov thiab cov lus teb tau muab luam ua:
src.xid> dst.nfs: len op args src.nfs> dst.xid: cov lus teb rau lo lus nug sushi.6709> cov lus qhuab qhia: 112 readlink fh 21,24 / 10.73165 wrl.nfs> sushi.6709: teb ok 40 readlink "../var" sushi.201b> wrl.nfs: 144 lookup fh 9,74 / 4096.6878 "xcolors" wrl.nfs> sushi.201b: teb xov tooj 128 saib fh 9,74 / 4134.3150Nyob hauv thawj kab, tus tswv tsev sushi xa nyiaj nrog daim ID 6709 mus rau wrl (ceeb toom tias tus najnpawb tom qab tus neeg ua haujlwm src yog ib daim ntawv rho npe, tsis yog qhov chaw nres nkoj). Qhov kev thov yog 112 bytes, tsis suav cov UDP thiab IP headers. Lub lag luam yog ib tug readlink (nyeem cov cim qhov txuas) ntawm cov ntaub ntawv lis ( fh ) 21,24 / 10.731657119. (Yog tias muaj ib tus neeg muaj hmoo, xws li hauv qhov no, daim ntawv ua haujlwm tuaj yeem txhais tau tias yog tus loj, tus kabmob ntaus cim yau, tom qab ntawd tus lej hauv thiab cov cim cim.) Sau ntawv teb tias 'ok' nrog rau cov ntsiab lus ntawm qhov txuas.
Nyob rau hauv kab thib peb, sushi nug wrl rau lookup lub npe ' xcolors ' hauv directory ntaub ntawv 9,74 / 4096.6878. Nco ntsoov tias cov ntaub ntawv luam tawm yog nyob ntawm hom haujlwm. Cov hom ntawv yog siv los ua qhov kev pom zoo yog tias nyeem nrog NFS raws tu qauv spec.
Yog tias tus-v (verbose) tus cim raug muab, cov lus qhia ntxiv tau luam tawm. Piv txwv li:
sushi.1372a> wrl.nfs: 148 nyeem fh 21,11 / 12.195 8192 bytes @ 24576 wrl.nfs> sushi.1372a: teb ok 1472 nyeem REG 100664 ids 417/0 sz 29388(-v kuj prints tus IP header TTL, ID, ntev, thiab tawg tsam, uas tau raug rho tawm los ntawm qhov ua piv txwv no.) Hauv thawj kab, sushi nug wrl nyeem 8192 bytes los ntawm cov ntaub ntawv 21,11 / 12.195, ntawm byte offset 24576. Sau ntawv teb `ok '; cov ntawv ntim ntawm cov kab thib ob yog qhov thawj fragment ntawm daim ntawv teb, thiab li no tsuas yog 1472 bytes ntev (lwm cov bytes yuav ua raws cov thij tom ntej, tab sis cov khoom tawg no tsis muaj NFS los yog UDP headers thiab thiaj li yuav tsis muab luam tawm, nyob ntawm seb cov lim qhia tawm). Vim tias qhov -v chij muab, qee qhov ntawm cov ntaub ntawv (uas xa rov qab ntxiv rau cov ntaub ntawv cov ntaub ntawv) muab luam tawm: hom ntaub ntawv (`` REG ', rau cov ntaub ntawv tsis tu ncua), hom ntaub ntawv (nyob rau hauv octal), uid thiab mus, thiab cov ntaub ntawv loj.
Yog tias -v chij muab ntau tshaj ib zaug, ntau cov ntsiab lus tseem ceeb luam tawm.
Nco ntsoov tias NFS cov ntawv thov yog loj heev thiab ntau ntawm cov ntaub ntawv yuav tsis muab luam tawm tshwj tsis yog snaplen yog nce. Sim siv ' -s 192 ' saib NFS cov tsheb.
Cov ntawv ntim NFS teb tsis ntsees qhia RPC lub lag luam. Xwb, tcpdump yuav taug qab cov lus `'nyuam qhuav' ', thiab ua kom lawv siv cov lus teb uas siv tus ID rho npe. Yog tias lub teb tsis ua raws nraim li qhov kev thov, nws yuav tsis yog parsable.
AFS Cov Kev Thov thiab Cov Lus Teb
Transarc AFS (Andrew File System) cov lus thov thiab cov lus teb tau muab luam ua:
src.sport> dst.dport: rx pob ntawv ntaus ntawv src.sport> dst.dport: rx packet-type service hu hu-name args src.sport> dst.dport: rx pob ntawv-ntaus ntawv teb hu-lub npe args elvis. 7001> pike.afsfs: rx cov ntaub ntawv fs hu rename laus fid 536876964/1/1 ".newsrc.new" tshiab ntws 536876964/1/1 ".newsrc" pike.afsfs> elvis.7001: rx cov ntaub ntawv fs teb renameNyob rau hauv thawj kab, tus tswv tsev elvis xa RX pob ntawv rau pike. Qhov no yog RX cov ntaub ntawv rau cov ntaub ntawv fs (fileserver), thiab pib ntawm kev hu rau RPC. Tus RPC hu ua yog ib lub npe, nrog rau cov phau qub qub ntawm 536876964/1/1 thiab ib daim filename ntawm `.newsrc.new ', thiab ib daim ntawv teev npe tshiab ntawm ID 536876964/1/1 thiab ib daim ntawv filename tshiab. newsrc '. Tus tswv tsev pike teb nrog RPC cov lus teb rau lub npe hu ua (uas yog kev vam meej, vim nws yog ib pob ntawv pob ntawv thiab tsis muaj pob ntawv tshem tawm).
Feem ntau, tag nrho AFS RPCs raug cim tau tsawg kawg los ntawm lub npe RPC. Feem ntau AFS RPCs muaj tsawg kawg ntawm cov lus sib hais plaub (feem ntau tsuas yog cov lus nthuav 'interesting', rau qee txhais cov ntsiab lus).
Lub hom phiaj yog siv tus kheej-piav qhia, tab sis nws yuav tsis yog yuav pab tau rau cov neeg uas tsis paub txog cov hauj lwm ntawm AFS thiab RX.
Yog tias -v (verbose) tus chij muab ob zaug, cov ntawv lees paub thiab cov lus qhia ntxiv header luam tawm, xws li RX hu tus ID, hu tus xov tooj, sib lawv liag, tus xov tooj, thiab cov pob ntawv RX.
Yog tias -v chij muab ob zaug, ntxiv cov ntaub ntawv luam tawm, xws li RX hu tus ID, tus xov tooj, thiab RX pob ntawv. Daim ntawv MTU kev sib tham kuj tau luam tawm ntawm RX ack packets.
Yog tias -v chij muab peb lub sij hawm, qhov kev ruaj ntseg Performance index thiab kev pabcuam npav muab luam tawm.
Cov cim yuam kev yog luam tawm rau cov ntawv cim khoom, nrog rau cov ntawv Ubik cov kab ntawv (vim hais tias cov pob ntawv rho npe yog siv los hais qhia txog kev yawm suab rau Ubik kev cai).
Nco ntsoov tias AFS cov ntawv thov yog loj heev thiab feem ntau ntawm cov lus sib cav tsis tuaj yeem luam tawm tshwj tsis yog tias snaplen nce. Sim siv ' 25s ' mus saib AFS tsheb.
Cov ntawv teb AFS tsis qhia meej meej txog RPC lub lag luam. Xwb, tcpdump yuav taug qab cov lus `'nyuam qhuav' ', thiab sib piv rau cov lus teb uas siv tus xov tooj hu thiab tus ID service. Yog tias lub teb tsis ua raws nraim li qhov kev thov, nws yuav tsis yog parsable.
KIP Appletalk (DDP hauv UDP)
Appletalk DDP packets encapsulated hauv UDP datagrams yog de-encapsulated thiab dumped li DDP pob ntawv (ie, tag nrho cov ntaub ntawv UDP header). Cov ntaub ntawv /etc/atalk.names siv los txhais cov ntawv sau appletalk thiab cov zauv ntawm cov npe. Cov kab hauv cov ntaub ntawv no muaj tsab ntawv
tus lej lub npe 1.254 ether 16.1 kev sib tw 1.254.110Thawj ob kab muab cov npe ntawm tes hauj lwm appletalk. Cov kab thib peb muab lub npe ntawm ib tus tswv tsev (tus tswv tsev yog qhov txawv ntawm qhov net ntawm qhov thib 3 octet hauv tus naj npawb - tus naj npawb net yuav tsum muaj ob lub octets thiab ib tus naj npawb siab yuav tsum muaj peb octets.) Tus naj npawb thiab lub npe yuav tsum tau muab cais los ntawm whitespace (kab sab nraud los yog tabs). Cov ntaub ntawv /etc/atalk.names tej zaum yuav muaj kab dawb los yog cov kab ntawv tawm tswv yim (kab pib nrog lub '#').
Appletalk chaw nyob yog luam tawm hauv daim ntawv:
net.host.port 144.1.209.2> icsd-net.112.220 office.2> icsd-net.112.220 jssmag.149.235> icsd-net.2(Yog tias /etc/atalk.names tsis muaj los yog tsis muaj ib qho kev nkag mus rau qee tus tswv lag luam / tus naj npawb appletalk, cov chaw nyob yog sau rau ntawm daim foos naj npawb.) Hauv thawj tus qauv, NBP (DDP port 2) ntawm net 144.1 ntawm 209 yog xa mus rau txhua qhov chaw nres tsheb ntawm qhov chaw nres nkoj 220 ntawm net ntawm 112. Qhov thib ob kab yog tib yam tsuas yog lub npe tag nrho ntawm qhov chaw ntawm lub npe hu ua 'chaw ua hauj lwm'). Cov kab thib peb yog xa tawm ntawm chaw nres nkoj 235 hauv net jssmag node 149 mus tshaj tawm hauv qhov chaw nres nkoj ntawm NSP qhov chaw nres nkoj (nco ntsoov tias qhov chaw tshaj tawm xov tooj (255) yog qhia lub npe tsis muaj tus naj npawb - vim li no nws yog ib lub tswv yim zoo kom lub npe ntawm cov npe thiab cov npe ntawm cov npe hauv /etc/atalk.names).
NBP (lub npe ntawm kev sib cog lus) thiab ATP (Appletalk transaction protocol) packets muaj lawv cov txhais lus. Lwm cov txheej txheem cia li dump lub npe (lossis tus naj npawb yog tias tsis muaj lub npe sau npe rau tus qauv) thiab pob ntawv loj.
Cov ntawv ntim NBP tau muab teev tseg xws li cov qauv hauv qab no:
icsd-net.112.220> jssmag.2: nbp-lkup 190: "=: LaserWriter @ *" jssmag.209.2> icsd-net.112.220: nbp-teb 190: "RM1140: LaserWriter @ *" 250 techpit.2> icsd -net.112.220: nbp-teb 190: "techpit: LaserWriter @ *" 186Thawj kab yog ib lub npe kev xaiv rau laserwriters xa los ntawm net icsd party 112 thiab tshaj tawm hauv net jssmag. Qhov nbp id rau kev saib xyuas yog 190. Kab lus thib ob qhia tau hais tias qhov kev thov no (nco tias nws muaj tib tus id) los ntawm tus tswv tsev jssmag.209 hais tias nws muaj ib qhov kev pabcuam laserwriter hu ua "RM1140" sau npe ntawm qhov chaw nres nkoj 250. Qhov thib peb kab yog lwm teb rau tib qhov kev thov hais tias tus tswv tsev khiav haujlwm muaj laserwriter "techpit" sau npe ntawm chaw nres nkoj 186.
Cov ntawv qhia ATP cov ntaub ntawv qhia tau pom los ntawm qhov piv txwv nram no:
jssmag.209.165> txaisos.132: atp-req 12266 <0-7> 0xae030001 txaisos.132> jssmag.209.165: atp-resp 12266: 0 (512) 0xae040000 helios.132> jssmag.209.165: atp-resp 12266: 1 (512) 0xae040000 txaisos.132> jssmag.209.165: atp-resp 12266: 2 (512) 0xae040000 helios.132> atp-resp 12266: 3 (512) 0xae040000 helios.132> jssmag.209.165: atp- (122): jpeg.209.165: atp-resp 12266: 6 (512) 0xae040000 helios.132> jssmag. 209.165: atp-resp * 12266: 7 (512) 0xae040000 jssmag.209.165> tauos.132: atp-req 12266 <3.5> 0xae030001 helios.132> jssmag.209.165: atp-resp 12266: 3 (512) 0xae040000 helios .132> jpmag.209.165: atp-12266: 5 (512) 0xae040000 jssmag.209.165> tauos.132: atp-rel 12266 <0-7> 0xae030001 jssmag.209.133> tauos.132: atp-req * 12267 <0 -7> 0xae030002Jssmag.209 initiates lw id 12266 nrog tus tswv tsev txais tau los ntawm kev thov txog 8 pob ntawv (lub <0-7>). Hex naj npawb kawg ntawm kab yog qhov value of 'userdata' teb nyob rau hauv qhov kev thov.
Helios teb nrog 8 packets 512-byte. Tus ': tus zauv' tom qab tus ntawv rho npe muab cov ntawv ntim rau hauv kev sib pauv thiab tus najnpawb ntawm cov naiskhu yog cov ntaub ntawv hauv cov pob ntawv, tsis suav lub taub hau. Lub '*' ntawm pob ntawv 7 qhia tau hais tias lub EOM tau me ntsis lawm.
Jssmag.209 ho thov kom packets 3 & 5 tau retransmitted. Helios rov qab lawv ces jssmag.209 faib tawm cov kev sib pauv. Thaum kawg, jssmag.209 pib qhov kev thov tom ntej. Lub '*' ntawm qhov kev thov qhia tias XO ('raws nraim ib zaug') tsis tau teev.
IP Fragmentation
Fragmented Internet datagrams yog luam tawm raws li
(frag id : me me @ offset +) (frag id : me me @ offset )(Thawj daim ntawv qhia tau hais tias muaj ntau lub thooj. Qhov thib ob hais tias qhov no yog lub xeem thooj.)
Id yog daim npav txhooj. Qhov loj yog qhov loj me me (hauv bytes) suav nrog tus IP header. Offset yog qhov ntu qhov offset (hauv paus) hauv daim ntawv qhia thawj.
Cov lus qhia fragment yog cov zis rau txhua thooj. Tus thawj fragment muaj cov txheej txheem kev sib tshuam qib siab dua thiab cov xov xwm fragment yog luam tawm tom qab cov lus sib tham. Tshaj tawm tom qab thawj zaug uas tsis muaj kev sib txhuam theem hau thiab cov xov xwm fragment yog luam tawm tom qab qhov chaw thiab chaw nyob chaw nyob. Piv txwv li, ntawm no yog ib qho ntawm ib qho kev lag luam ntawm ftp ntawm arizona.edu mus rau lbl-rtsg.arpa dhau ib qhov kev twb kev txuas CSNET uas tsis tuaj yeem lis 576 byte datagrams:
arizona.ftp-data> rtsg.1170:. 1024: 1332 (308) ack 1 yeej 4096 (frag 595a: 328 @ 0 +) arizona> rtsg: (frag 595a: 204 @ 328) rtsg.1170> arizona.ftp-data:. xyoo 1536 yeej 2560Muaj ob peb yam uas yuav tsum tau txhim tseg ntawm no: Ua ntej, qhov chaw nyob hauv kab thib ob tsis suav nrog cov chaw nres nkoj. Qhov no yog vim hais tias TCP cov lus sib cav cov ntaub ntawv yog tag nrho hauv cov thawj fragment thiab peb tsis muaj lub tswv yim seb qhov chaw nres nkoj los yog cov lej zauv yog thaum peb luam cov khoom tawg tom qab. Ntxiv mus, cov ntaub ntawv tcp hauv thawj kab yog luam tawm tau hais tias muaj 308 bytes ntawm cov neeg siv cov ntaub ntawv thaum, qhov tseeb, muaj 512 bytes (308 nyob rau thawj thawj thiab 204 hauv ob). Yog tias koj tab tom nrhiav cov qhov hauv qhov chaw sib lawv liag los yog sim ua kom muaj kev sib tw nrog cov pob ntawv, qhov no tuaj yeem dag koj.
Ib pob ntawv nrog tus IP tsis chij cov cim chij nrog ib qho kev sib tw (DF) .
Timestamps
Los ntawm kev ua neej, tag nrho cov kab zis yog preceded los ntawm ib lub sijhawm. Lub timestamp yog lub sijhawm tam sim no hauv daim ntawv
hh: hli: ss.fracthiab yog qhov tseeb li cov ntsiav lub moos. Lub timestamp qhia txog lub sij hawm lub ntsiav thawj pom lub pob ntawv. Tsis muaj kev sim ua rau tus account rau lub sij hawm poob ntawm nruab nrab ntawm lub ethernet interface tshem tawm cov pob ntawv ntawm lub xaim thiab thaum lub ntsiav serviced cov 'pob ntawv tshiab' cuam tshuam.
SAIB ALSO
(1C), qe (4P), bpf (4), pcap (3)
Tseem ceeb: Siv tus txiv neej hais kom ua ( % tus txiv neej ) seb qhov kev hais kom raug siv hauv koj lub computer.