NAME
i-tcpdump - ukuthutha i-traffic kwi-network
SYNOPSIS
tcpdump [ -adeflnNOpqRStuvxX ] [ -c count ]
[ -C file_size ] [ -F ifayile ]
[ -i interface ] [ -m module ] [ -r ifayile ]
[ -s snaplen ] [ -T uhlobo ] [ -U user ] [ -w ifayile ]
[ -E algo: imfihlo ] [ ibinzana ]
INKCAZELO
I-Tcpdump iprinta izihloko zeepakethi kwi-interface yomnatha- melwano ehambelana nesibonakaliso se-boolean. Inokuphinda iqhutywe ne--flegi, eyibangela ukuba igcine idatha yepakethi kwifayili yohlalutyo kamva, kunye / okanye ne-- r ibhentshi , ebangela ukuba ifunde kwifayile yepakethe egcinwe kunokuba ifunde iipakethi kwi-interface yomnatha. Kuzo zonke iimeko, iipakethi kuphela ezichasayo ibinzana ziya kucutshungulwa yi- tcpdump .
I-Tcpdump iya kuthi, ukuba ingaqhubeki kunye ne-- c flag, qhubeka ubeka iipakethi ize iphazamise isignali ye-SIGINT (eyenziwe, umzekelo, ngokuthayipha uhlobo lwakho lokuphazamisa, ngokuqhelekileyo ukulawula-C) okanye uphawu lwe-SIGTERM (ngokuqhelekileyo oluveliswe ngokubulala (1) umyalelo); ukuba uhamba ne-- c flag, iya kubamba iipakethi ize iphazamiseke ngumqondiso we-SIGINT okanye we-SIGTERM okanye inani elichaziweyo leepakethi liye lacutshungulwa.
Xa i- tcpdump iphetha ukuthabatha amapakethi, iya kubalisa amanqaku oku:
Iipakethi `` ezifunyenwe ngecwecwe '' (intsingiselo yale nto ixhomekeke kwi-OS oqhuba ngayo i- tcpdump , kwaye mhlawumbi ngendlela eyaqwalaselwa yi-OS - ukuba iqhosha lichazwe kumgca wokulawula, kwezinye ii-OSes kubalwa iipakethi kungakhathaliseki ukuba zihambelana nento yokucoca, kunye nakwezinye ii-OSes kubala kuphela amapakethi ahambelana nokuboniswa kwefayile kwaye iqhutywe yi- tcpdump );
iipakethi `` zenziwe nge kernel '' (le yimibolo yeepakethi eziye zawa, ngenxa yokungabi nendawo yesikhokelo, ngokusetyenziswa kwepakethi kwindlela ye-OS apho i- tcpdump isebenza, ukuba i-OS ibika ulwazi malunga nezicelo; ukuba akunjalo, kuya kubikwa njenge-0).
Kwiipulatifomi ezixhasa isibonakaliso se-SIGINFO, njengama-BSD amaninzi, iya kubika ezo zibalo xa zifumana isalathisi se-SIGINFO (okwenziwe, umzekelo, ngokuthayipha impawu 'yesimo' ', ngokuqhelekileyo ukulawula i-T) kwaye uya kuqhubeka nokufaka iipakethi .
Ukufunda iipakethi kwi-interface yomnatha inokufuna ukuba unamalungelo akhethekileyo:
Ngaphansi kwe-SunOS 3.x okanye 4.x nge-NIT okanye i-BPF:
Kufuneka ufunde ukufikelela kwi / dev / nit okanye / dev / bpf * .
Ngaphansi kweSolaris kunye neDLPI:
Kufuneka ufunde / ubhale ukufikelela kwinqutyo yenethiwekhi yomnxeba, umzekelo / dev / le . Okungenani ezinye iinguqu zeSolaris, nangona kunjalo, oku akwanele ukuvumela i- tcpdump ukuba ifakwe kwindlela yokuziphatha; kulezo nguqulelo ze-Solaris, kufuneka ube yingcambu, okanye i- tcpdump kufuneka ifakwe isetyudi kwiingcambu, ukuze ifakwe kwindlela yokuziphatha. Qaphela ukuba, kwiindawo ezininzi (mhlawumbi zonke), xa ungafaki kwimodi ekhohlisayo, awuyi kubona nayiphi na ipakethe ephumayo, ngoko ukubanjwa okungenziwanga kwindlela yokuziphatha kungenakuncedo.
Ngaphantsi kwe-HP-UX ne-DLPI:
Kumele ube yingcambu okanye i- tcpdump kufuneka ifakwe isetyudi kwiingcambu.
Ngaphansi kwe-IRIX nge-snoop:
Kumele ube yingcambu okanye i- tcpdump kufuneka ifakwe isetyudi kwiingcambu.
Ngaphantsi kweLinux:
Kumele ube yingcambu okanye i- tcpdump kufuneka ifakwe isetyudi kwiingcambu.
Ngaphantsi kwe-Ultrix ne-Digital UNIX / Tru64 UNIX:
Naliphi na umsebenzisi angathabatha inethiwekhi yendlela ye- tcpdump . Nangona kunjalo, akukho mse benzisi (nangona umsebenzisi ophezulu) angashenxisa kwimimoya ekhohlisayo kwi-interface ngaphandle kokuba umsebenzisi onamandla kakhulu akwazi ukusebenza kwindlela yokuziphatha enobungqina obuphambili kweso sikhombisi usebenzisa i- pfconfig (8), kwaye akukho msebenzisi (kungengomsebenzisi omkhulu ) unokubamba i-unicast ithrafikhi efunyenwe okanye ithunyelwe ngumatshini kwi-interface ngaphandle kokuba umsebenzisi onamandla kakhulu akwazi ukwenza umsebenzi wekhompyutheni kwindlela yokusebenzisa usebenzisa i- pfconfig. -kusebenza kwemoyeni, okanye zombini iindlela zokusebenza, zinikezelwe kulo mboniso.
Ngaphansi kweBDD:
Umele ufunde ukufikelela kwi / dev / bpf * .
Ukufunda ifayile yepakethe egcinwe ayifuni amalungelo akhethekileyo.
IMISEBENZI
-a
Ukuzama ukuguqula intengiso kunye nokusasaza idilesi kumagama.
-c
Phuma emva kokufumana iipakethi zamanani.
-C
Ngaphambi kokuba ubhale ipakethe eluhlaza kwiifayile ezigciniweyo, khangela ukuba i fayile okwangoku ikhudlwana kunefayile_size kwaye, ukuba kunjalo, vala iifayile zokugcina kunye nokuvula entsha. Iifayile emva kokuba ifayile yokuqala yokugcina izakuba negama elichazwe nge-flag, kunye nenombolo emva kwayo, ukuqala ngo-2 kwaye uqhubeke phezulu. Iinqununu zefayile_size zizigidi zeetes (1,000,000 bytes, hhayi 1,048,576 bytes).
-d
Ukulahla ikhowudi ehambelana neepakethi kwifom efundwa ngumntu kwi-output standard kunye nokuyeka.
-dd
Ukulahla ikhowudi ehambelanayo nepakethe njengeC c fragment.
-ddd
Ukulahla ikhowudi ehambelana nepaketethi njengamanani okugqibela (elandelwa kubalo).
-e
Phrinta intloko yekhonkco kwinqanaba lokulahla ngalinye.
-E
Sebenzisa i- algo: imfihlo yokucima iipakethi ze-IPS ze-IPS. I-algorithms inokuba yi- de-cbc , i- 3des-cbc , i -blowfish-cbc , i- rc3-cbc , i- cast128-cbc , okanye ayikho . I-default is des-cbc . Ikhono lokucoca iipakethi likhona kuphela ukuba i- tcpdump iqulunqwe nge-cryptography inikwe amandla. imfihlo umbhalo we-ascii we-ESP eyimfihlo. Asikwazi ukuthatha ixabiso elingenakuqhathaniswa naloo mzuzu. Okukhethwa kukho kuthatha i-RFC2406 ye-ESP, kungekhona i-RFC1827 ye-ESP. Inketho kuphela yinjongo yokuphuhlisa, kunye nokusetyenziswa kwalolu khetho kunye nencoko 'eyimfihlo' ngokwenene idimazekile. Ngokubonisa ukhiye wokufihla kwe-IPsec kumgca womyalelo ukwenza ubonakale kwabanye, nge- ps (1) nakwezinye iimeko.
-f
I-intanethi ye-intanethi "yangaphandle" idibanisa inani leelwimi kunokuba lifanekise (olu khetho lujoliswe ukuba lufikeleleke kumonakalo ophezulu wengqondo kwiseva ye-Sun yp --- ngokuqhelekileyo ixhomekeke ngonaphakade kwii-intanethi zee-intanethi).
-F
Sebenzisa ifayile njengegalelo kwintetho yefayile. Ibinzana elongezelelweyo elinikeziweyo kumgca wolawulo lugcinwa.
-i
Mamela kwi- interface . Ukuba engacacisiwe, i- tcpdump ifuna uluhlu lwendlela yoqwalaselo lwenkqubo yezona zinto eziphantsi, ezibonisiweyo (ngaphandle kweloopback). Izibopho ziphulwe ngokukhetha umdlalo wokuqala.
Kwiinkqubo ze-Linux ezine-2.2 okanye ezinye iikhenna ezizayo, ingxoxo ye-`` nayiphi na '' ingasetyenziselwa ukufaka iipakethi kuzo zonke izixhobo. Qaphela ukuba iifayile kwi `` nayiphi na '' idivayisi ayiyi kwenziwa kwindlela yokuziphatha.
-l
Yenza umgca wokugcina umgca. Uncedo xa ufuna ukufumana idatha ngenkathi uyifumana. Umzekelo,
`tcpdump -l | tee dat '' okanye `` tcpdump -l> fayile & umsila -f dat ''.
-m
Ukulayishwa kweenkcazelo zeMMI zeMIB ukusuka kwifayile yefayile. Olu khetho lunokusetyenziswa maxesha amaninzi ukulayisha iimodyuli ezininzi ze-MIB kwi- tcpdump .
-n
Musa ukuguqula iidilesi zamagumbi ngamagama. Oku kungasetyenziswa ukuphepha i-DNS lookups.
-nn
Musa ukuguqula inombolo yomgaqo-nkqubo kunye ne-port kunye nokunye amagama.
-N
Musa ukuprinta igama lesiqulatho segama lamagama omkhosi. Umzekelo, ukuba unika le flegi koko i- tcpdump izakuprinta `` nic '' endaweni ye `` nic.ddn.mil ''.
-O
Musa ukuqhuba i-packet-matching code optimizer. Oku kuncedo kuphela xa ukrokreza i-bug kwi-optimizer.
-p
Ungayifaki imbonakalo kwimodi ekhohlisayo. Qaphela ukuba i-interface ingaba yindlela ekhohlisayo ngesinye isizathu; ke, '-p' ayinakusetyenziswa njengesigqithiso sokuthi 'ether host {wendawo-hw-addr} okanye i-ether yokusasazwa'.
-q
Ukukhawuleza (ukuthula?). Phrinta ulwazi olungaphantsi komgaqo-nkqubo wokuba umgca weemveliso zifutshane.
-R
Kucinga iipakethi ze-ESP / AH eziza kusekelwe kwiinkcukacha ezidala (RFC1825 ukuya kwi-RFC1829). Ukuba kucacisiwe, i- tcpdump ayiyi kuphrinta iqhosha lokukhusela lokubuyisela. Ekubeni akukho ntsimi yeprotocol yenkqubo kwi-ESP / AH ethi, i- tcpdump ayikwazi ukuyifumana inguqu ye-ESP / AH protocol.
-r
Funda amapakethi kwifayili (eyadalwa nge--w inketho). Igalelo eliqhelekileyo lisetyenzisiweyo ukuba ifayile yi `` - ''.
-S
Phrinta ngokupheleleyo, kunokuba isondeleyo, iinombolo zeTCP.
-s
I- Snarf i-snaplen yedatha yedatha kwipakethi nganye kunokuba i-default default ye-68 (ne-NIT ye-SunOS, ubuncinci ngokwenene 96). Ii-bytes ezaneleyo ze-IP, i-ICMP, i-TCP kunye ne-UDP kodwa ingadlulisa ulwazi lweprotocol ukusuka kumncedisi wegama kunye neepakethe ze-NFS (jonga ngezantsi). Iipakethi zithatyathwe ngenxa yesikrini esincinci sichazwe kwisiphumo esithi `` [| | proto ] '', apho iproto ligama lenkqubo yeprotocol apho i-truncation yenzeka khona. Qaphela ukuba ukuthatha iifayile ezinkulu kuncedisa inani elithathayo ukulungiselela iipakethe kwaye, ngokuphumelelayo, linciphisa inani lepakethe. Oku kungenza iipakethi zilahleke. Kufuneka unciphise i- snaplen kwinani elincinci eliza kubamba ulwazi lokwinkqubo olunomdla kuyo. Ukubeka i- snaplen kwi-0 kuthetha ukusebenzisa ubude obufunekayo ukuze ubambe ipakethe epheleleyo.
-T
Qinisa iipakethi ezikhethiweyo ngokuthi " intetho " ukutolika uhlobo oluthile . Iindidi ezikhoyo ngoku ziyaziwa yi- cnfp (i-Cisco NetFlow protocol), i- rpc (i-Remote Procedure Call), i- rtp (i-Real-Time Applications protocol), i- rtcp (i-Real-Time Applications control protocol) ), kunye ne- wb (ihambisa iBhodi eliMhlophe).
-t
Musa ukushicilela i-timestamp kumgca wokulahla ngamnye.
-tt
Phrinta itampampu engaqinisekanga kumgca ngamnye wokulahla.
-U
Ukuhlamba amalungelo encambu kunye nokutshintsha i-ID yomsebenzisi kwi-ID yomsebenzisi kunye neqela kunye neqela eliphambili lomsebenzisi .
Phawula! I-Red Hat Linux ngokuzenzekelayo iwisa amalungelo kwi-user` `pcap '' ukuba akukho nto ichazwe.
-ttt
Phrinta i-delta (kwimizuzwana emibini) phakathi komgca wamanje kunye wangaphambili kumgca wokulahla ngamnye.
-tttt
Phrinta i-timestamp kwifomathi engapheliyo eyenziwa ngumhla kumgca wokulahla ngamnye.
-u
Ukuprinta i-NFS engaxhaswanga.
-v
(Kancinci ngaphezulu) i-verbose output. Umzekelo, ixesha lokuhlala, ukuchongwa, ubude obude kunye neenketho kwiipakethe yePI ziprintwe. Kwakhona kunokongeza ukuhlolwa kweepakethe ezongezelelweyo ezifana nokuqinisekisa i-IP kunye ne-ICMP yesihloko somhloli wokuhlola.
-vv
Imveliso ye verbose. Umzekelo, iinkalo ezongezelelweyo zinyatheliswa kwiipakethi zeempendulo ze-NFS, kwaye iipakethi ze-SMB zichongiwe ngokupheleleyo.
-vvv
Imveliso ye verbose. Ngokomzekelo, ukhetho lwe-telnet SB ... SE luprintwe ngokupheleleyo. Ngeendlela ze-- X telnet zinyatheliswa kwi-hex ngokunjalo.
-w
Bhala iipakethi eziluhlaza ukuze ufake ifayile kunokushicilela. Bakwazi ukuphrinta kamva nge--r inketho. Umlinganiselo osetyenziswayo ukuba ifayile yi `` - ''.
-x
Phrinta ipakethi nganye (nciphisa i-header level header) kwi-hex. Incinci yepakethi yonke okanye i- snaplen bytes iya kuprintwa. Qaphela ukuba le yipakethi yonke yokudibanisa ikhonkco, ukwenzela ukuba izikhonkco zekhonkco ezidibeneyo (umz. U-Ethernet), i-bytes zokubambisa ziya kuphrinta kwakhona xa ipakethe ephezulu egciniweyo imfutshane kunomdaka ofunekayo.
-X
Xa ushicilela iheksi, phrinta ascii. Ngaloo ndlela-- x isetyenziswe, ipakethe iphrinta kwi-hex / ascii. Oku kukulungele ukuhlalutya iinkqubo ezintsha. Nangona ukuba -x ayisetyenziswanga , ezinye iipakethi ezithile zingashicilelwa kwi-hex / ascii.
ibinzana
ukhetha iipakethi eziza kulahlwa. Ukuba akukho nto ichazwayo, zonke iipakethi ezisetyenzisweni ziya kukhutshwa. Ngaphandle koko, iipakethi kuphela zegama elithi 'yinyaniso' ziya kulahlwa.
Eli binzana liqukethe enye okanye ngaphezulu . Izikhundla zivame ukuba ne- id (igama okanye inombolo) elandelwa ngumntu omnye okanye ngaphezulu. Kukho iintlobo ezintathu ezahlukeneyo zokufaneleka:
uhlobo
abafanelekayo bathi yintoni na into yegama okanye igama elibhekiselele kuyo. Iintlobo ezinokwenzeka zingabamkeli , inetha kunye nezibuko . Umzekelo, i-foo host ', net 128.3', 'port 20'. Ukuba akukho luhlobo lohlobo olufanelekileyo, umphathi uqikelelwa.
ngcolile
abaqeqeshwayo bachaza inkcazo ethile yokudlulisela kunye / okanye kwi- id . Izikhokelo ezinokwenzeka ziyi- src , i- dst , i- src okanye i-dst kunye ne- src kunye ne- dst . Umzekelo, 'src foo', 'i-dst net 128.3', `src okanye i-dst port ftp-data '. Ukuba akukho catshulwa, u- src okanye i-dst iyicingwa. Ngokuba 'izalathisi' ezingenanto (oko kukuthi zikhomba kwiiprotokholi ezifana ne-slip) iziqinisekiso ezingenayo kwaye ezingapheliyo zingasetyenziselwa ukucacisa isikhokelo esifunekayo.
proto
abaqeqeshiweyo banqanda umdlalo kumgaqo othile. Protos ezinokwenzeka zi: ether , fddi , tr , ip , ip6 , arp , rarp , decnet , tcp kunye nodp . Umzekelo, 'ether src foo', 'arp net 128.3', 'tcp port 21'. Ukuba akukho proto efanelekileyo, zonke iiprotoksi ezihambelana nomhlobo zicingwa. Umzekelo, 'i-src foo' ithetha '(ip okanye arp okanye rarp) src foo' (ngaphandle kweyokugqibela akusiyo i-syntax yomthetho), 'ibha yomnatha' ithetha '(ip okanye arp okanye rarp) ibha net' ne 'port 53' kuthetha `(tcp okanye udp) port 53 '.
[`fddi 'ngokwenene i-alias ye` ether'; Umqhubi uyabaphatha ngokucacileyo njengentsingiselo ethi `` inqanaba lenkcazo yolwazi elisetyenziswe kwi-interface yolwazi oluxeliweyo. '' Iintloko ze-FDDI ziqulethe iidilesi ze-Ethernet ezifana nomthombo kunye neendawo zokuya kuyo, kwaye zihlala ziqulethe iintlobo zeepakethi ze-Ethernet, ukuze uhlunge kule mimandla ye-FDDI. njengoko kunjalo neendawo ezifanayo ze-Ethernet. Iintloko ze-FDDI ziqulethe ezinye iindawo, kodwa awukwazi ukuzibiza ngokucacileyo kwintetho yefayile.
Ngokufanayo, 'tr' yimihlaba ye 'ether'; Iingxelo zemihlathi yangaphambili malunga neentloko ze-FDDI nazo ziyafaka kwiibhloko ze-Token Ring.]
Ukongezelela koku ngasentla, kukho ezinye izinto ezizodwa 'ezizodwa' ezingahambelani nephethini: isango , ukusasazwa , ngaphantsi , kumakhulu nakwiimpawu ze-arithmetic. Zonke ezi zichazwe ngezantsi.
Amanqaku okucoca amanqaku afanelekileyo akhiwe ngokusebenzisa amagama kunye , okanye ukuba angahlanganisi izibonda. Umzekelo, i-host host kunye ne-port ftp kwaye ingekho i-port ftp-data '. Ukugcina uthayibha, izintlu ezifanayo ezifanelekileyo ziyakushiywa. Umzekelo, 'i-tcp dst port port ftp okanye i-ftp-data okanye idilesi' iyafana 'ne-tcp dst port ftp okanye i-tcp dst port ftp-data okanye i-tcp dst port domain'.
Iimpawu zokuqala ezivumelekileyo zi:
umphathi we- dst host host
Enyanisweni ukuba ifayile ye-IPv4 / v6 yokuya kwipakethe ibamba , okungenzeka ukuba idilesi okanye igama.
src host host
Enyanisweni ukuba intsimi ye-IPv4 / v6 yomthombo wepakethi ibamba .
ummkeli wemphathi
Enyanisweni ukuba umthombo we IPv4 / v6 okanye indawo yokupakisha yepakethe uyamkela . Naliphi na amagama angentla angabonakaliswa ngamagama angundoqo, ip , arp , rarp , okanye ip6 njengoko:
umphathi weep hoste lingana no:
i-ether proto \ ip kunye ne-host hostUkuba umnini-gama ligama elinamakheli amaninzi e-IP, idilesi nganye iya kujongwa kumdlalo.
eher dst ehost
Enyanisweni ukuba idilesi ye-ethernet yokuya kuyo i- ehost . I-Ehost inokuba yigama elivela / / etc / ethers okanye inombolo (bona i- ethers (3N) yefomathi yenombolo).
ether src ehost
Inyaniso ukuba idilesi ye-ethernet ye- ehostithi i- ehost .
e-host host ehost
Inyaniso ukuba nayiphi imithombo ye-ethernet okanye idilesi yokuya kuyo i- ehost .
umgcini wesango
Enyanisweni ukuba ipakethe isebenzise umphathi njengendlela yesango. Ie, idilesi ye-ethernet okanye idilesi yokuya kuyo yayingeniso kodwa akukho mthombo we-IP okanye indawo ye-IP eyayihlala kuyo. Ummiselo kufuneka ube negama kwaye kufuneka ufunyaniswe zombini ngeendlela zokulungisa izixhobo zamagama (umgama we host host, i-DNS, i-NIS, njl) kunye nomgca we-host-name-to-Ethernet-address resolution indlela (/ etc / ethers, njl.). (Ingqamaniso efanayo
i-ether host hostezingasetyenziselwa ngamagama okanye iinombolo ze- host / ehost .) Le syntax ayisebenzi kwi-IPv6 ukulungiswa kwamandla ngeli xesha.
netset net net
Enyanisweni ukuba idilesi ye-IPv4 / v6 yendawo yepakethe inombolo yenethiwekhi yomnatha . I-Net ingaba libizo elivela / / etc / amanethiwekhi okanye inombolo yenethwekhi (jonga amanethiwekhi (4) ngeenkcukacha).
net net net
Inyaniso ukuba idilesi ye-IPv4 / v6 yomthombo wepakethi inenombolo yenethiwekhi yomnatha .
net net
Enyanisweyo ukuba nayiphi i-IPv4 / v6 idilesi okanye idilesi yokuya kwipakethi inenombolo yenethiwekhi yomnatha .
netmask net netmask
Enyanisweni ukuba idilesi ye-IP ifanelana nethenda kunye ne- netmask ethile. Mhlawumbi ufaneleke nge- src okanye i- dst . Qaphela ukuba le syntax ayivumelekanga kwi-IPv6 net .
net net / len
Enyanisweni ukuba idilesi ye-IPv4 / v6 ifanelana nethenda kunye ne-netmask len bits ububanzi. Mhlawumbi ufaneleke nge- src okanye i- dst .
port port port
Enyanisweni ukuba iipakethe yi ip / tcp, ip / udp, ip6 / tcp okanye ip6 / udp kwaye inexabiso lokungena kwelokuhamba kwechweba . Ichweba ingaba yinani okanye igama elisetyenziswe kwi / etc / iinkonzo (bona i- tcp (4P) ne- udp (4P)). Ukuba igama lisetyenzisiwe, zombini inamba yefowuni kunye neprotocol ihlolwe. Ukuba inombolo okanye igama elingalunganga lisetyenzisiweyo, kuphela inombolo yefowuni ihlolwe (umz., I- dst port 513 iya kuprinta zombini i-tcp / login traffic kunye ne-udp / ukuba ngubani umzila wezithuthi, kunye ne- domain ye-port ezoprinta zombini i-tcp / idilesi kunye ne-udp / i-traffic traffic).
src port port
Enyanisweni ukuba ipakethe inexabiso le-port yesitulo .
port port
Enyanisweni ukuba i-port okanye indawo yokuya kuyo ipakethe iyindawo. Naliphi na amagama angama-port angentla angaphathwa ngamagama angundoqo, i- tcp okanye i- udp , njengoko:
tcp src port portehambelana neepakethe ze-tcp ezineziphatho zazo ezikulo ndawo .
ubude obungaphantsi
Enyanisweni ukuba ipakethe inebude obungaphantsi okanye obulinganayo nobude . Oku kuyafana:
len <= ubude .ubude obude
Enyanisweni ukuba ipakethe inebudanga obukhulu kunokuba lilingana nobude . Oku kuyafana:
len> = ubude .ip proto protocol
Enyanisweni ukuba ipakethi ipakethi ye-IP (bona ip (4P)) yeprotocol yomgaqo-protocol . Iprotocol ingaba inombolo okanye enye yamagama amagama, icmp6 , igmp , igrp , ipim , ah , esp , vrrp , udp , okanye tcp . Qaphela ukuba ii-identifier tcp , udp , kunye ne- icmp nazo ziyimfihlo kwaye kufuneka ziphunyuke nge-backslash (\), leyo \\ kwi-shell-C. Qaphela ukuba lo mbuzo awuyikugxotha ikhenkethi yentloko yeprotocol.
ip6 proto protocol
Enyanisweni ukuba ipakethi yipakethi ye-IPv6 yeprotocol yomgaqo-protocol . Qaphela ukuba lo mbuzo awuyikugxotha ikhenkethi yentloko yeprotocol.
ip6 protochain protocol
Enyanisweni ukuba ipakethi ipakethi ye-IPv6, kwaye iqulethe intloko yomgaqo-protocol kunye nenkqubo yomgaqo -nkqubo kwikhoyunithi yintloko yeprotocol. Umzekelo,
ip6 protochain 6ihambelana nayiphi na ipakethe ye-IPv6 kunye nehloko yeprotocol ye-TCP kwinkqubo ye-header chain. Ipakethi ingaqukatha, umzekelo, intloko yokubhaliweyo, i-header header, okanye i-head-by-hop-header inketho, phakathi kwentloko ye IPv6 kunye ne-TCP. Ikhowudi yeBPF ekhutshwe yilo mva iyinkimbinkimbi kwaye ayikwazi ukulungiswa ngekhowudi ye-BPF ye-optimizer kwi- tcpdump , ngoko oku kunganciphisa.
ip protochain protocol
Ilingana ne ip6 protochain protocol , kodwa oku ku-IPv4.
ether
Inyaniso ukuba ipakethi yipakethi ye-ethernet yokusasazwa. Igama elingundoqo le- ether likhethiweyo.
ip ukusasazwa
Enyanisweni ukuba ipakethi yipakethi ye-IP yokusasazwa. Ihlola zonke zombini-zeroes kunye nazo zonke-ezidibanisa iindibano, kwaye zijonge kwi-subnet mask.
ener multicast
Enyanisweni ukuba ipakethi yipakethe ye-ethernet ephezulu. Igama elingundoqo le- ether likhethiweyo. Oku kufutshane ' ether [0] & 1! = 0 '.
ip multicast
Enyanisweni ukuba ipakethi iyipakethe ye-IP yamaninzi.
ip6 multicast
Inyaniso ukuba ipakethi yipakethe ye-IPv6 multicast.
ether proto protocol
Enyanisweni ukuba iipakethe ziyi-ether hlobo protocol . Iprotocol ingaba yinani okanye elinye lamagama ip , ip6 , arp , rarp , inalk , aarp , decnet , sca , lat , mopdc , iso , stp , ipx , okanye netbeui . Qaphela ukuba ezi zihlomelo nazo ziyimfihlo kwaye kufuneka ziphunyuke nge-backslash (\).
[Kwimeko ye-FDDI (umz., ` Fddi protocol arp ') kunye nePoken Ring (umzekelo,` tr pro protocol arp '), ngenxa yezona ziprotocol, ukubonakaliswa kweprotocol kuvela kwi-header 802.2 ye Logical Link Control (LLC). idla ngokugqitywa phezulu kwe-FDDI okanye i-Token Ring header.
Xa ukuhlunga kwiinkcukacha ezininzi zeprotocol kwi-FDDI okanye i-Token Ring, i- tcpdump ihlola inkcazo ye -ID yenkqubo ye-LLC kwinhloko ebizwa ngokuba yi-SNAP ifowuni kunye ne-Identifier Identifier Unit (OUI) ye-0x000000, ye-Ethernet eneenkcukacha; ayihlolisanga ukuba iipakethe zifomathi ye-SNAP kunye ne-OUI ye-0x000000.
Iimpawu ezingabonakaliyo yi- iso , apho ihlola i-DSAP (Indawo yokuSebenza kweNdawo yokuPhepha kweeNkonzo) kunye ne-SSAP (iMithombo ye-Service Access Point) kwi-header ye-LLC, i- stp kunye ne- netbeui , apho ihlola i-DSAP yesihloko se-LLC kunye ne- headline , apho ihlola ipakethi yefomathi ye-SNAP kunye ne-OUI ye-0x080007 kunye ne-Appletalk etype.
Kwimeko ye-Ethernet, i- tcpdump ihlola insimu yohlobo lwe-Ethernet kwininzi yale protocol; i- iso , i- sap , ne- netbeui , apho ihlola i-frame engama-802.3 kwaye ihlola i-header ye-LLC njengoko yenzayo kwi-FDDI kunye ne-Token Ring, apho ihlola khona zombini i-Appletalk etype kwisakhelo se-Ethernet kunye Iipakethi yefomathi ye-SNAP njengoko yenzayo kwi-FDDI kunye ne-Token Ring, i- aarp , apho ihlola i-ettpe ye-Appletalk ARP kwisakhelo se-Ethernet okanye ifom ye-802.2 ye-SNAP kunye ne-OUI ye-0x000000, kunye ne- ipx , apho ihlola i-IPX etype isakhelo se-Ethernet, i-IPX DSAP kwi-header ye-LLC, i-802.3 engenayo i-IPX encapsulation encapsulation ye-IPX, kunye ne-IPX etype kwisakhiwo se-SNAP.]
i-decnet src
Enyanisweni ukuba idilesi ye-DECNET ye-intanethi iyamkela , ingaba idilesi yefomu `` 10.123 '', okanye igama le-hostName yeDENNET. [I-DECNET igama lomncedisi loncedo lufumaneka kuphela kwiinkqubo ze-Ultrix ezilungiselelwe ukuqhuba i-DECNET.]
i-decnet host host
Enyanisweni ukuba idilesi ye-DECNET yokuya kuyo iyamkela .
umncedisi we-decnet
Enyanisweyo ukuba nayiphi na i-DECNET umthombo okanye idilesi yokuya kuyo.
ip , ip6 , arp , rarp , atalk , aarp , decnet , iso , stp , ipx , netbeui
Izifinyezo ze:
ether proto papho ip enye yee protocols apha ngasentla.
lat , moprc , mopdl
Izifinyezo ze:
ether proto papho ip enye yee protocols apha ngasentla. Qaphela ukuba i- tcpdump ayengazi okwangoku ukuphazamisa ezi protocol.
vlan [vlan_id]
Inyaniso ukuba ipakethi yipakethi ye-VEAN IEEE 802.1Q. Ukuba [vlan_id] icacisiwe, yinyaniso kuphela ipakethi ine- vlan_id ecacisiweyo . Qaphela ukuba igama eliyinhloko lokuqala le- vlan lidibanise ekutshintshiseni ukutshintshwa kwezinto zokuhlawula i-offset for off remaining expressions in the assumption that packet is a packet VLAN.
tcp , udp , icmp
Izifinyezo ze:
ip proto p okanye ip6 proto ipheapho ip enye yee protocols apha ngasentla.
iso proto protocol
Enyanisweni ukuba ipakethi yipakethi ye-OSI yeprotocol yomgaqo-protocol . Iprotocol ingaba yinani okanye enye yegama elithi clnp , sis , okanye isis .
clnp , sis , isis
Izifinyezo ze:
iso proto papho ip enye yee protocols apha ngasentla. Qaphela ukuba i- tcpdump inomsebenzi ongaphelelanga wokuxubusha ezi protocol.
u-expr relop expr
Enyanisweni ukuba ulwalamano lubambelela, apho i- relop enye ye >> , <,> =, < ,, =,, =, <=, =,! =, Kunye ne- expr ibonakaliso ye-arithmetic enziwe ngamaxesha amaninzi (achazwe kwi-syntax eyi-C standard), abaqhubi bhinari abaqhelekileyo [+ , -, *, /, &, |], umqhubi wexesha, kunye nabafikeleleli beenkcukacha zepakethe. Ukufikelela idatha phakathi kwepakethi, sebenzisa le syntax elandelayo:
proto [ expr : ubungakanani ]Iproto enye ye- ether, fddi, tr, ppp, slip, link, ip, arp, rarp, tcp, udp, icmp okanye ip6 , kwaye ibonisa uluhlu lweprotocol lwe-operation index. ( ether, fddi, tr, ppp, slip kwaye udibanise konke ubhekise kumgca wekhonkco.) Qaphela ukuba i- tcp, u-udp kunye nezinye iindlela zokulandelelana ezisetyenziselwe kuphela kwi-IPv4, kungekhona i-IPv6 (oku kuya kugqitywa kwikamva). I-octte offset, ngokubhekiselele kumgca wokulandelwa kweprotocol, unikezelwa ngu- expr . Ubungakanani bukhethiweyo kwaye bubonisa inani leetes kwibala lemdla; ingaba enye, emibini, okanye emine, kwaye ingafani nakunye. Umsebenzisi wobude, oboniswe ngegama elingundoqo, unikeza ubude bepakethi.
Ngokomzekelo, ' ether [0] & 1! = 0 ' ibamba yonke inqwelomoya. Intetho ethi ip [0] & 0xf! = 5 'ibamba zonke iipakethi zePP ngokukhetha. Inkulumo ethi ip [6: 2] & 0x1fff = 0 'ibamba kuphela iinkcukacha zedatha kunye nezicatshulwa zedatha. Olu tshekiso lusetyenziswe ngokupheleleyo kwi- tcp kunye ne-index ye-index ye- udp . Ngokomzekelo, i- tcp [0] isoloko ithetha i-byte yokuqala ye-TCP inhloko , kwaye akalokothi ithathe i-byte yokuqala yeqhekeza elithintekayo.
Ezinye iimpazamo kunye neenqobo zentsimi zingabonakaliswa njengamagama kunokubaluleka kweenombolo. I-field header ye-header field ye-offsets ifumaneka: icmptype (intsimi yohlobo lwe-ICMP), i- icmpcode (intsimi yekhowudi ye-ICMP), kunye ne- tcpflags (intsimi yefayile yeTCP).
Ezi zilandelayo zixabiso zentsimi yohlobo lwe-ICMP ziyafumaneka: icmp-echoreply , icmp-unreach , icmp-sourcequench , icmp-redirect , icmp-echo , icmp-routeradvert , icmp-routersolicit , icmp-timxceed , icmp-paramprob , icmp-tstamp , icmp -i- stamp-ireq , icmp-ireqreply , icmp-maskreq , icmp-maskreply .
Ezi zilandelayo zexabiso zeflegi zeflegi zikhoyo: i- tcp-fin , i- tcp-syn , i- tcp-rst , i- tcp-push , i- tcp-push , i- tcp-ack , i- tcp-urg .
Izibhengezo zingadibaniswa ngokusebenzisa:
Iqela labazali abanomdla kunye nabaqhubi (abazali bomzali bazodwa kwiShell kwaye kufuneka basinde).
Ukungahambi (` ! 'Okanye' akukho ').
I-Concatenation (` && ' okanye` kunye ').
Okunye (` || 'okanye` okanye ').
Ukungabi nantoni kunobuso obuphezulu. Ukwahlula kunye neenkomatheni zineendlela ezilinganayo kunye nomhlobo oshiya ukuya kwesokudla. Qaphela ukuba ezicacileyo kunye neeteksi, kungekhona i-juxtaposition, ngoku zifunekayo ukuze zenze i-concatenation.
Ukuba i-identifier inikezwa ngaphandle kwegama elingundoqo, igama eliphambili elisandul Umzekelo,
ayinamkeli ne-aceli futshane
ayinamkeli i-vs and host hostokungafanelekanga
hayi (umphathi okanye i-ace)Iingcamango zenkcazo zingadluliselwa kwi- tcpdump njengengxoxo enye okanye njengeengxabano ezininzi, nokuba yiyiphi enye into elula. Ngokuqhelekileyo, ukuba ibinzana liqulethe i-Shell metacharacters, kulula ukuyidlulisela njengengxoxo enye, ecatshulwa. Iingxabano ezininzi ziyaqulunqwa ngeendawo ngaphambi kokuba zichithwe.
I MI ZEKELO
Ukushicilela zonke iipakethi ezifika okanye ezisuka ekuphumeni kwelanga :
i-tcpdump host hostUkuprinta i-traffic phakathi kwe- helios kunye nokuba kushushu okanye i- ace :
i-tcpdump host helios kunye \ (eshushu okanye i-ace)Ukuprinta zonke iipakethi ze-IP phakathi kwe- ace kunye nawuphi na umkhosi ngaphandle kwe- helios :
i-tcpdump ip host ace kwaye ayikho i-heliosUkuprinta zonke izithuthi phakathi kwemikhosi yasekhaya kunye nemikhosi eBerkeley:
tcpdump net ucb-etherUkushicilela yonke i-ftp traffic ngokusebenzisa i-intanethi yesango: (phawula ukuba ibinzana licatshulwa ukukhusela igobolesi ukusuka (mis-) ukutolika abazali):
i-tcpdump 'yesango lendlela kunye (port ftp okanye ftp-data)'Ukushicilela i-traffic ayifumananga kuyo okanye ayijoliswe kwimikhosi yendawo yangaphakathi (ukuba ungena kwelinye inetha, le nto ayifanele iyenze kumnatha wakho wendawo).
i-tcpdump ip kunye ne- netnetUkushicilela iipakethi zokuqala kunye zokuphela (i-SYN kunye neePET ze-PET) kwingxoxo nganye ye-TCP equka umenzi ongengendawo.
tcpdump 'tcp [tcpflags] & (i-tcp-syn | tcp-fin)! = 0 kwaye ayiyi-src kunye ne-dst net localnet 'Ukushicilela iipakethi ze-IP ezinde ngaphezu kwama-576 byte athunyelwa ngokusuka kwesango:
I-tcpdump 'isango lendlela kwaye ip [2: 2]> 576'Ukushicilela ukupapashwa kwe-IP okanye iipakethi ze-multicast ezingazange zithunyelwe nge-ethernet ukusasazwa okanye i-multicast:
tcpdump 'ether [0] & 1 = 0 kunye ip [16]> = 224'Ukuprinta zonke iipakethi ze-ICMP ezingenayo izicelo / iimpendulo (oko kukuthi, akuyiyo ipakethe):
tcpdump 'icmp [icmptype] = = icmp-echo kunye icmp [icmptype]! = icmp-echoreply'ISIMBO SOMSEBENZI
Umphumo we- tcpdump ngumxhomekeke kumgaqo-protocol. Oku kulandelayo kukunika inkcazo emfutshane nemizekelo yeeninzi zeefom.
Isihloko seNqanaba leNqanaba
Ukuba ukhetho lwe-'e 'lunikezelwa, inqaku lekhonkco lekhonkco liprintwe. Kwi-ethernets, idilesi kunye neendawo zokuya kuyo, umgaqo-nkqubo, kunye nobude bepakethi.
Kwiinkcukacha ze-FDDI, inketho ye- 'e 'ibangela i- tcpdump ukushicilela intsimi' yolawulo lwengqimba ', idilesi zendawo kunye neendawo zokuya kuyo, kunye nobude bepakethi. (Inkqubo yokulawula 'ulawulo' ilawula ukutolika kwayo yonke ipakethe.) Iipakethi eziqhelekileyo (njengalezo eziqukethe iinkcukacha ze-IP) ziyi-'yync 'iipakethi, ezinexabiso eliphambili phakathi kwe-0 no-7; umzekelo, ` async4 '. Iipakethi zithathwa ukuba ziqukethe iipakethi ye-Logic Link Control (LLC) ye-802.2 ye-Logical Link (LLC); isihloko se-LLC sinyatheliswa ukuba asiyi -ISO datagram okanye ipakethi ye-SNAP.
Kumanethiwekhi aseToken Ring, i-'e 'inketho ibangela ukuba i- tcpdump iphintele ' ulawulo lokufikelela 'kunye' nokulawulwa kwecwangciso ', iidilesi zendawo kunye neendawo zokuhlala, kunye nobude bepakethi. Njengoko kumanethiwekhi e-FDDI, iipakethi zithathwa ukuba ziqukethe ipakethi ye-LLC. Kungakhathaliseki ukuba i-'e 'inketho ichazwe okanye cha, ulwazi lokwazisa umthombo luprintwe kwiipakethi eziphambili.
(NB: Inkcazo elandelayo ithatha ulwazi malunga ne-SLIP yokuchithwa kwe-algorithm echazwe kwi-RFC-1144.)
Kwizixhumanisi ze-SLIP, isalathisi sesalathisi (`` I '' esingenayo, 'O' 'esiphumelele), uhlobo lwepakethi kunye nolwazi lokuncinci lushicilelwa. Uhlobo lwepakethi luprintwe kuqala. Ezi zintathu iintlobo zi- ip , utcp , kunye ne- ctcp . Akukho lwazi lwekhonkco olongezelelweyo oluphrintiweyo kwiip packets ip . Kwiipakethi ze-TCP, isihlonzi soxhumo luprintwa luhlobo olulandelayo. Ukuba ipakethi icinezelwe, intloko yayo enekhowudi ifakwe. Iimeko ezikhethekileyo zinyatheliswa njenge- S + n kunye ne-SA + n , apho n isamba apho inombolo yokulandelelana (okanye ukulandelelana kwenombolo kunye ne-ack) ishintshile. Ukuba ayikho imeko ekhethekileyo, utshintsho okanye ngaphezulu utshintsho. Utshintsho olubonakaliswa ngu-U (i-pointer ephuthumayo), W (iwindi), A (ack), S (inombolo yelandelelwano), kunye nam (i-ID yepakethi), ilandelwa yi-delta (+ n okanye -n), okanye ixabiso elitsha (= n). Ekugqibeleni, inani leenkcukacha kwipakethe kunye nobude bentloko ecinezelweyo buprintwe.
Ngokomzekelo, umgca olandelayo ubonisa ipakethi ye-TCP eqinekileyo ephumayo, eneenkcukacha zokuxhamla ngokucacileyo; i-ack ishintshile ngo-6, inombolo yokulandelelana ngo-49, kunye ne-ID yePakethi ngo-6; kukho ii-bytes zeedatha kunye ne-6 bytes ze-header ezixinyiweyo:
O ctcp * A + 6 S + 49 I + 6 3 (6)Iipropati ze-ARP / RARP
Imveliso yeArp / rarp ibonisa uhlobo lwesicelo kunye neengxabano zalo. Ifomathi ijoliswe ukuba ibe yinto ecacileyo. Nantsi isampula esifutshane esithathwe ukususela kwi-`rlogin 'ukusuka kwindibano ye- host ukufumana i- csam :
I-arp ngubani-ene-csam ithetha impendulo ye-rpg arp i-CSAMUmgca wokuqala uthi i-rtsg ithumele ipakethe ye-arp icela idilesi ye-ethernet ye-intanethi ye-host csam. I-Csam iphendula ngedilesi yayo ye-ethernet (kule mzekelo, idilesi ze-ethernet zikwiphepha kunye nee-aderesi ze-intanethi kwimeko encinane).
Oku kuya kubonakala kuncinane xa senze i- tcpdump -n :
U-128.3.254.6 uthi 128.3.254.68 impendulo ye-arp 128.3.254.6 i-02: 07: 01: 00: 01: c4Ukuba senzile i-tcpdump -e , into yokuba ipakethe yokuqala isasazwa kwaye yesibini yindawo ekujoliswe kuyo kuya kubonakala:
I-RTSG yokusasazwa 0806 64: i-arp ngubani-u-csam utshele i-rtsg CSAM RTSG 0806 64: impendulo ye-arp i-CSAMKwipakethi yokuqala le nto ithi idilesi ye-ethernet i-RTSG, indawo ekuyo kuyo idilesi ye-ethernet yokusasazwa, insimu yohlobo iqulethe i-hex 0806 (uhlobo lwe-ETHER_ARP) kunye nobude obude buyi-64 bytes.
Iipakethi zeTCP
(NB: Inkcazo elandelayo ichaza ulwazi malunga neprotocol ye-TCP echazwe kwi-RFC-793. Ukuba awuqhelanga neprotocol, akukho ncazelo okanye i-tcpdump iya kuba yinto eninzi kuwe.)
Ifomathi jikelele yendlela yomgaqo-tcp:
src> i-dst: iifowuni ze-fayile-seqno iwk window eneenkcukacha eziphuthumayo I-Src kunye ne- dst ziyimithombo kunye neendawo zokuya kwii-IP kunye neechwep. Iiflagi zidibene kunye neS (SYN), F (FIN), P (PUSH) okanye R (RST) okanye enye '.' (akukho ziflegi). Idatha-seqno ichaza isahlulo sokulandelana kwendawo ehlanganiswe nedatha kule phakethi (jonga umzekelo apha ngezantsi). I-Ack ilandelelana nenani leedatha elandelayo kulindeleke ukuba olunye ulwalathiso olu luxhumano. Ifowuni inani leempawu zendawo yokufumana i-tamp space inokufumana esinye isikhokelo kule nxu lumano. Urg ibonisa ukuba kukho 'idatha engxamisekileyo' kwipakethi. Izinketho zikhetho ze-tcp ezifakwe kwiibhanki zecala (umz:
I-Src, i-dst neefostile zihlala zikhona. Ezinye iindawo zixhomekeke kwiziqulatho ze-tcp yeprotected protocol yepakethi kwaye ziveliswa kuphela xa zifanelekileyo.
Nantsi inxalenye yokuvula ye-rlogin kwi- rtsg yomncedisi ukufumana i- csam .
rtsg.1023> csam.login: S 768512: 768512 (0) win 4096Umgca wokuqala uthi i-tcp port 1023 kwi-rtsg ithumele ipakethe kwi- log login kwi-csam. I- S ibonisa ukuba i-flag ye- SYN isetyenziswe. Inombolo yokulandelelana kwepakethi yayingu-768512 kwaye ayiqukethe idatha. (Ukwaziswa kukuba 'ngowokuqala: okugqibela (nbytes)' oku kuthetha 'ukulandelelana kwamanani kuqala ukuya kutsho kodwa kungabandakanyi ukugqibela okuyiyobyteste yedatha yomsebenzisi'.) Kwakungenayo i-ack ehambelana ne-piggy, ifowuni yokufumana ifumaneka yayingu-4096 byte kwaye kwakukho ukhetho oluphezulu lwamaqela afunayo i-mss ye-1024 byte.
I-Csam iphendula ngepakethi efanayo ngaphandle kokuba iquka i-ack-backed ack ye-SYN ye-rtsg. Rtsg ke ii-acks ze-SYN. '. kuthethi akukho ziflegi ezibekwe. Iphakheji ayinalo idatha ngenxa yokuba akukho nombolo yokulandelelana kwedatha. Qaphela ukuba inombolo yokulandelelana kwe-ack yinkalo encinci (1). Ngethuba lokuqala i- tcpdump ibona i-tcp `ingxoxo ', icacisa inombolo yokulandelelana kwipakethe. Kwiipakethi ezalandelayo zengxoxo, umahluko phakathi kwenani lokulandelelana kwepakethe langoku kunye nenombolo yokulandelelana yokuqala iprintwe. Oku kuthetha ukuba ulandelelwano lwamanani emva kokuqala ukutolika njengezikhundla ezihambelana nendawo kwi-intanethi yomtsalane wedatha (kunye neyokuqala yedatha ngokuchithwa kolunye ulawulo luse '1'). `-S 'izakugqithisa lo mboniso, kubangele ukuba iinombolo zokulandelelanisa zangaphambili zivelise.
Ngomgca we-6, i-rtsg ithumela i-bytes 19 yedatha (nge-2 ukuya kwe-20 kwicala ye-rtsg -> csam yencoko). Iflegi yePUSH isetyenziswe kwipakethi. Ngomgca we-7, i-csam ithi ifunyenwe idata ethunyelwe ngu-rtsg kodwa ingabandakanyi i-byte 21. Ininzi yale nkcukacha ibonakala ihleli kwisitampu sekhompyutheni ukususela kwifestile yokufumana i-csam ifumane ama-bytes angama-19. I-Csam iphinda ithumele i-byte enye yedata kwi-rtsg kule pakethi. Kwimizila ye-8 neye-9, i-csam ithumela ii-bytes ezimbini zxamnye, zitshintshe idatha kwi-rtsg.
Ukuba i-snapshot yayincinci ngokwaneleyo ukuba i- tcpdump ayibamba i-header epheleleyo ye-TCP, iguqulela ubuninzi bentloko njengoko inako kwaye ibika '`[| tcp ] '' ukubonisa intsalela ayikwazi ukutolika. Ukuba inhloko iqulethe inketho ekhohlisayo (enye enobungakanani okanye encinane okanye ngaphaya kokuphela kwentloko), i- tcpdump ibibika njenge `` [ opt opt ] '' kwaye ayitshicili nayiphi na enye inketho (kuba akunakwenzeka ukuxelela apho baqala khona). Ukuba ubude bentloko bubonisa ukhetho olukhoyo kodwa ubude be-datagram abudele ngokwaneleyo ukuba ukhetho lube khona, i- tcpdump ibibika njeng `` [ ubude be hdr ubude ] ''.
Ukuthabatha iipakethi ze-TCP kunye nenhlanganisela ethile yeflegi (SYN-ACK, URG-ACK, njl.).
Kukho iibhitithi eziyi-8 kwicandelo lolawulo lweebitshi we-TCP intloko:
CWR | ECE | URG | ACK | PSH | RST | SYN | FIN
Makhe sicinge ukuba sifuna ukubukela iipakethi ezisetyenziswa ekumiseni uxhulumaniso lwe-TCP. Khumbula ukuba i-TCP isebenzisa indlela yokubamba ngesandla ngesandla se-3 xa iqalisa uxhumano olutsha; ulandelelwano lwentsebenzo ngokubhekiselele kwiibhloko zokulawula i-TCP
1) umnxeba uthumela i-SYN
2) Ummkeli uphendula nge-SYN, ACK
3) umnxebi uthumela i-ACK
Ngoku sinomdla ekuthatheni iipakethi ezine-SYN bit bit set (Isinyathelo 1). Qaphela ukuba asifuni iipakethi ukusuka kwisinyathelo 2 (SYN-ACK), nje nge-SYN yokuqala. Into esiyidingayo ibonakaliso elungileyo lefayili ye- tcpdump .
Khumbula isakhiwo somxholo we-TCP ngaphandle kokukhetha:
0 15 31 ----------------------------------------------- ------------------ | port port | kwindawo yokuya kuyo | -------------------------------------------------- --------------- | ulandelelwano inombolo ... -------------------------------------------------- --------------- | inombolo yokuvuma ... -------------------------------------------------- --------------- | HL | rs | i | C | E | U | A | P | R | S | F | ubukhulu bewindow -------------------------------------------------- --------------- | TCP checksum | isalathisi esiphuthumayo | -------------------------------------------------- ---------------Inhloko ye-TCP ihlala iphethe ii-octet ezingama-20 zedatha, ngaphandle kokuba kukho okukhethwa kukho. Umgca wokuqala wegrafu uqulethe ii-octet 0 - 3, umgca wesibini ubonisa ii-octet 4 - 7 njl.
Ukuqala ukubala nge-0, ii-bc eziphathekayo zokulawula i-TCP ziqulethwe kwi-octet 13:
0 7 | 15 | 23 | 31 ---------------- | --------------- | --------------- | ---------------- | HL | rs | i | C | E | U | A | P | R | S | F | ubukhulu bewindow ---------------- | --------------- | --------------- | - --------------- | | I-octet yesi-13 | |Masiqwalasele ngokuthe kratya i-octet akukho. 13:
| | | --------------- | | C | E | U | A | P | R | S | F | | --------------- | | 7 5 3 0 |Lezi zixhobo zolawulo lweTCP esinomdla kuzo. Sizibalile ii-bits kule octet ukusuka kwi-0 ukuya kwe-7, ukuya kwesobunxele, ngoko-ke i-PSH ibinzana lenani le-3, ngelixa u-URG uyinombolo yesi-5.
Khumbula ukuba sifuna ukubamba iipakethi nge-SYN kuphela. Makhe sibone okwenzekayo kwi-octet 13 ukuba i-TCP datagram ifika kunye ne-SYN bit bithelwe kwintloko yayo:
| C | E | U | A | P | R | S | F | | --------------- | | 0 0 0 0 0 0 1 0 | | --------------- | | 7 6 5 4 3 2 1 0 |Ukujonga kwicandelo lokulawula iibitsithi sibona ukuba kuphela inani lenani le-1 (SYN) elimiselweyo.
Ukucinga ukuba i-octet inombolo ye-13 iyinombolo ye-8-bit engabhalwanga kwinombolo ye-network byte, ixabiso lebhanki lale octet
00000010
kunye nesimo sayo sokugqibela
7 6 5 4 3 2 1 0 0 * 2 + 0 * 2 + 0 * 2 + 0 * 2 + 0 * 2 + 0 * 2 + 1 * 2 + 0 * 2 = 2Sifanele senziwe, ngokuba ngoku siyazi ukuba kuphela i-SYN isetyenzisiweyo, ixabiso le-octet yesi-13 kwi-header TCP, xa ichazwa njenge-8-bit inombolo engabhalwanga kwinombolo ye-network byte, kufuneka ibe ngu-2.
Olu lwalamano lunokubonakaliswa njengolu hlobo
tcp [13] == 2
Singasebenzisa eli binzana njengecebo lokucoca i- tcpdump ukwenzela ukuba ubukele iipakethi ezinokuphela kwe-SYN:
tcpdump -i xl0 tcp [13] == 2
Ibinzana elithi "vumela i-octet ye-13 ye-TCP datagram ibe nexabiso elidlulileyo 2", oko kanye kanye esikufunayo.
Ngoku, makhe sicinge ukuba kufuneka sithathe iipakethi ze-SYN, kodwa asikhathalele ukuba i-ACK okanye nayiphi na enye ityala lokulawula i-TCP isetyenziswe ngexesha elifanayo. Makhe sibone oko kwenzeka ntoni kwi-octet 13 xa i-TCP datagram kunye nesethi ye-SYN-ACK ifika:
| C | E | U | A | P | R | S | F | | --------------- | | 0 0 0 1 0 0 1 0 | | --------------- | | 7 6 5 4 3 2 1 0 |Ngoku u-1 kunye no-4 zibekwe kwi-octet yesi-13. Inani lebhanari ye-octet 13
00010010
eliguqulela kwisidanga
7 6 5 4 3 2 1 0 0 * 2 + 0 * 2 + 0 * 2 + 1 * 2 + 0 * 2 + 0 * 2 + 1 * 2 + 0 * 2 = 18Ngoku asikwazi ukusebenzisa nje i-tcp [13] == 18 'kwindlela yokucoca i- tcpdump , kuba loo nto yayiza kukhetha kuphela iipakethi ezinokusetyiswa kwe-SYN-ACK, kodwa kungekhona ezo zi-SYN kuphela ezibekiwe. Khumbula ukuba asikhathali ukuba i-ACK okanye nayiphi enye into yokulawula imiselwe ixesha elide njengoko i-SYN isetyenziswe.
Ukuze sifinyelele umgomo wethu, kufuneka sikwazi ukuba nexabiso elibini le-octet 13 kunye nelinye ixabiso lokugcina i-SYN bit. Siyazi ukuba sifuna i-SYN ibekwe kuyo nayiphi na imeko, ngoko siya kuqonda kunye nexabiso kwi-octet yesi-13 kunye nenani elibini le-SYN:
00010010 I-SYN-ACK 00000010 I-SYN NE-00000010 (sifuna i-SYN) NE-00000010 (sifuna i-SYN) -------- -------- = 00000010 = 00000010Siyabona ukuba oku kunye nokusebenza kuhambisa umphumo ofanayo kungakhathaliseki ukuba i-ACK okanye enye ityala lokulawula i-TCP lisetyenziswe. Iimpawu zokugqibela zexabiso le-NA kunye nomphumo walo msebenzi ngu-2 (ibhanari 00000010), ngoko siyazi ukuba kumapakethi kunye ne-SYN ukubeka ulwalamano olulandelayo kufuneka lubambelele:
((ixabiso le-octet 13) NO (2)) == (2)
Oku kusitsho kumboniso wefayile ye- tcpdump
tcpdump -i xl0 'tcp [13] & 2 == 2'
Qaphela ukuba kufuneka usebenzise izicatshulwa ezikhethiweyo okanye ukubuyela emuva kwigama lokufihla i-AND ('&') udidi olukhethekileyo kwigobolondo.
Iipakethe zeDP
Ifomathi ye-UDP iboniswe ngepakethi ye-pabho:
actinide.who> ukusasazwa.who: udp 84Oku kuthetha ukuba i-port ephethe i- actinide yempi yathumela i-udp datagram kwi-port ebonisa ukusabalalisa ummiselo, idilesi yokusasazwa kwe-Intanethi. Ipakethe iqulethwe ngamagama angama-84 eedatha yomsebenzisi.
Ezinye iinkonzo ze-UDP ziyabonwa (ukusuka kwinombolo yomthombo okanye kwindawo yokufika kuyo) kunye nolwazi oluphezulu lweprotocol oluprintwayo. Ngokukodwa, i-Domain Name izicelo zeenkonzo (RFC-1034/1035) kunye ne-Sun RPC (i-RFC-1050) kwi-NFS.
Igama le-UDP Name Server
(NB: Inkcazo elandelayo ichaza ulwazi nge-Domain Service protocol echazwe kwi-RFC-1035. Ukuba awuqhelanga nomgaqo-nkqubo, le nkcazo elandelayo iya kubonakala ibhalwe ngesiGrike.)
Izicelo zeeseva zegama zifomathiweyo
src> dst: id id? iifowuni qtype qclass igama (len) h2opolo.1538> helios.domain: 3+ A? ucvhax.berkeley.edu. (37)Umncedisi h2opolo wabuza umncedisi wesizinda kwi- helios kwirekhodi yeedesi (qtype = A) edibene negama ucvhax.berkeley.edu. Umbuzo we-ID wawuyi-'3 '. '+' 'Ibonisa ukuba iflegi efunayo ibuyele. Ubude bombuzo buyi-37 bytes, kungabandakanyi i-UDP ne-IP protocol headers. Ukusebenza kombuzo kwakuqhelekileyo, Umbuzo , ngoko ke inkundla ye-op yashiywa. Ukuba i-op ibe yinto enye, yayingashicilelwa phakathi '3' kunye ne `+ '. Ngokufanayo, i-qclass yayiqhelekileyo, i- C_IN , kwaye ingashiywanga. Nayiphi na enye i-qclass yayiza kushicilelwa kwangoko emva kwe `A '.
Iimpazamo ezimbalwa zihlolwe kwaye zingakhokelela kwiindawo ezongezelelweyo ezifakwe kwiibakaki zesikwere: Ukuba umbuzo uqulethe impendulo, iirekhodi zamagunya okanye iirekhodi zecandelo elongezelelweyo , i- ancount , ncount , okanye i- arcount ifathelwa njenge `[ n a] ',` n n ] 'okanye `[ n au]' apho n inani elifanelekileyo. Ukuba kukho nayiphi na imirhumo yokuphendula isetyenzisiweyo (iAA, RA okanye i-rcode) okanye nayiphina 'yezinto ezifunekayo zibe zero' zibekwe kwi-bytes ezimbini nantathu, '[b2 & 3 = x ]' ishicilelwe, apho x ixabiso leheksi intloko yesibini kunye namathathu.
Igama le-UDP Igama leempendulo
Izimpendulo zeseva yegama zifomathiweyo
src> i-dst: i-id op rcode iifowuni i-n / n / okanye udidi lweedatha yeklasi (len) helios.domain> h2opolo.1538: 3 3/3/7 A 128.32.137.3 (273) helios.domain> h2opolo.1537: 2 NXDomain * 0/1/0 (97)Kwimzekelo yokuqala, i- helios isabela kumbuzo we-id 3 ukusuka kwi- h2opolo eneirekhodi ezi-3 zokuphendula , iirekhodi zamagama ezi-3 kunye neirekhodi ezongezelelweyo ezi-7. Impendulo yokuqala yokuqala nguhlobo A (idilesi) kunye nedatha yayo idilesi ye-intanethi 128.32.137.3. Ubungakanani bempendulo yee-273 byte, ngaphandle kwe-UDP kunye ne-header ye-IP. I-op (Umbuzo) kunye nekhowudi yompendulo (AkukhoKhupha) yashiywa, njengokuba kwakukho iklasi (C_IN) yeRekhodi.
Ngokomzekelo wesibini, i- helios iyaphendula kumbuzo wesi-2 ngekhowudi yokuphendula ye-domain engekhoyo (i-NXDomain) engenakho iimpendulo, iseva elinye igama kunye namanqaku egunya. I `* 'ibonisa ukuba ibinzana lempendulo eligunyazisiweyo libekwe. Ekubeni kungekho zimpendulo, akukho hlobo, iklasi okanye idatha yanyatheliswa.
Ezinye iifayile zeflegi ezinokubonakala ngathi `- '(ukuphindaphinda kufumaneka, i-RA, ingasethiwe) kunye ne` |' (umyalezo oqiniweyo, TC, usethe). Ukuba umbuzo othi 'umbuzo' awuququli nanye ingeniso, `[ n q] 'iyashicilelwa.
Qaphela ukuba izicelo zeeseva zamagama kunye nezimpendulo ziba zikhulu kwaye i- snaplen engagqibekanga yeebhithi ezingama-68 ayikwazi ukubamba ngokwaneleyo ipakethe ukuze iphrinta. Sebenzisa i - flegi ukuze ukwandise i-snaplen ukuba ufuna ukuphanda ngokuphandle igama lomnxeba wegama. ' -i-128 ' isebenze kakuhle kum.
I-SMB / CIFS yokuqulunqa
i-tcpdump ngoku iquka ngokucacileyo ukukhutshwa kwe-SMB / CIFS / NBT yokudibanisa idatha kwi-UDP / 137, UDP / 138 kunye ne-TCP / 139. Ezinye iinkcukacha zokuqala ze-IPX kunye ne-NetBEUI SMB nedatha yenziwe.
Ngokungagqibekanga i-decode encinci yenziwe, kunye ne-decode ecacileyo enziwe xa -v isetyenziswa. Qaphela ukuba nge -va enye ipakethi ye-SMB ingathatha iphepha okanye ngaphezulu, ngoko-ke kuphela-ke ukuba ufuna ngokwenene zonke iinkcukacha ze-gory.
Ukuba uhlaziya iisestim ze-SMB ezineenkalo ze-unicode uze unqwenele ukusetha uguquko lokusingqongileyo u-USE_UNICODE ukuya ku-1. Iqhosha lokuzijonga ngokuzenzekelayo izixhobo ze-unicode ziya kwamkeleka.
Ukufumana ulwazi kwiifom zepakethi ze-SMB kunye nantoni zonke iifayile zithetha ukuthatha i-www.cifs.org okanye i-pub / samba / i-specs / ulawulo kwiziko lakho eliyintandokazi ye-samba.org. Iintlanzi ze-SMB zabhalwa ngu-Andrew Tridgell (tridge@samba.org).
Izicelo zeNFS kunye nezimpendulo
Izicelo zeNFS (i-File File System) kunye nezimpendulo zinyatheliswa njenge:
src.xid> dst.nfs: len op args src.nfs> i-dst.xid: impendulo yeempendulo ze-sushi.6709> wrl.nfs: 112 readlink fh 21,24 / 10.73165 wrl.nfs> sushi.6709: phendula 40 readlink "../var" sushi.201b> wrl.nfs: 144 ukujonga fh 9,74 / 4096.6878 "i-xcolors" wrl.nfs> sushi.201b: phendula ngokukodwa 128 lookup fh 9,74 / 4134.3150Ngomgca wokuqala, ummiselo wesushi uthumela intsebenziswano kunye ne-id 6709 kwi- wrl (phawula ukuba inombolo elandela umphathi we-src id idiskripthi, kungekhona i-port source). Isicelo sasi-112 bytes, ngaphandle kwe-UDP ne-IP. Ukusebenza kwakufundile ukufunda (funda isixhumanisi esingumqondiso) kwifayile yokuphatha ( fh ) 21,24 / 10.731657119. (Ukuba umntu unethamsanqa, njengalolu hlobo, ukuphathwa kwefayile kunokutshilwa njengeyona nto inkulu, inombolo encinci yeso sixhobo, ilandelwa inombolo ye-inode kunye nenombolo yesizukulwana.) Izimpendulo ze-Wrl 'ok' kunye neziqulatho zekhonkco.
Ngomgca wesithathu, uSushi ucela wrl ukukhangela igama elithi ' xcolors ' kwifayile yesalathisi 9,74 / 4096.6878. Qaphela ukuba idatha eprintwayo ixhomekeke kwindlela yokusebenza. Ifom ejoliswe ukuba ibe yinto ecacileyo xa ifundwa ngokubambisana ne-NFS protocol pro.
Ukuba i-flag (verbose) iflegi inikwa, ulwazi olongezelelweyo luprintwe. Umzekelo:
sushi.1372a> wrl.nfs: 148 ff 21,11 / 12.195 8192 bytes @ 24576 wrl.nfs> sushi.1372a: phendula ok 1472 ufunde REG 100664 ids 417/0 sz 29388(-nanjalo iphrinta i-IP yentloko ye-TTL, i-ID, ubude, kunye neendawo zokuqhekeka, eziye zashiywa kulo mzekelo.) Ngomgca wokuqala, uSushi ucela u-8192 bytes kwifayili 21,11 / 12.195, ngo-byte offset 24576. Izimpendulo zeWrl 'ok'; Iipakethi eziboniswe kumgca wesibini yi-fragment yokuqala yeempendulo, kwaye ngoko ke i-1472 bytes ubude (enye i-bytes iya kulandela kwiingxenyana ezilandelayo, kodwa ezi ngxube zinayo i-NFS okanye i-headers ye-UDP kwaye ayinakuphrinta, kuxhomekeke kwintetho yefayili esebenzayo). Ngenxa yokuba i-flag ivuliwe, ezinye zeempawu zefayili (ezibuyiselwe ngaphezu kwedatha yefayili) zinyatheliswa: uhlobo lwefayile (`` REG '', kwifayile eqhelekileyo), imodeli yefayile (kwi-octal), i-uid kunye ne-gid, kunye nobukhulu befayili.
Ukuba i-flag ivuliwe ngaphezu kweyodwa, iinkcukacha ezininzi zinyatheliswa.
Qaphela ukuba izicelo ze-NFS zikhulu kakhulu kwaye ezininzi iinkcukacha aziyi kuphrinta ngaphandle kokuba i- snaplen yanda. Zama ukusebenzisa i- ' -s 192 ' ukujonga ithrafikhi ye-NFS.
Iipakethi zempendulo ze-NFS azichongi ngokucacileyo ukusebenza kwe-RPC. Endaweni yoko, i- tcpdump igcina iifayile ze `` zakutshanje ', kwaye iyazifanisa nezimpendulo usebenzisa i-ID yomthengiso. Ukuba impendulo ayilandelanga ngokulandelelana isicelo esifanelekileyo, kusenokungabi nakwenzeka.
Iimfuno ze-AFS kunye neempendulo
I-Transarc AFS (Andrew File System) izicelo kunye nezimpendulo zinyatheliswa njenge:
src.sport> dst.dport: i-pack ye-packet-type src.sport> dst.dport: i-rx ipetet-type service call call-name args src.sport> i-dst.dport: i-rx-type service response response name name args elvis. 7001> pike.afsfs: i-rx data fs ibiza kwakhona igama elide elidala 536876964/1/1 ".newsrc.new" entsha fid 536876964/1/1 ".newsrc" pike.afsfs> elvis.7001: i-rx data fs iphendula kwakhonaNgomgca wokuqala, i-host elvis ithumela ipakethe ye-RX ukuhamba. Le yipakethe yedatha ye-RX kwi-fs (ifayile yeenkonzo), kwaye iqalo lenombolo ye-RPC. Ikholi ye-RPC yabiza igama, kunye ne-ID ye-old file id ye-536876964/1/1 kunye negama legama elidala elithi `.newsrc.new ', kunye ne-ID entsha ye-directory ye-536876964/1/1 kunye negama legama elitsha elithi`. indaba '. I-pike yomphathi iphendula impendulo ye-RPC kwi-call rename (eyaphumelela, kuba yayiyipakethi yedatha kwaye ayikho ipakethi yokungahambi).
Ngokubanzi, onke ama-RPS RPC anqunywe ubuncinane ngegama lekholi ye-RPC. Uninzi lwe-RPS RPC zinezinye iimbambano ezichongiweyo (ngokuqhelekileyo kuphela iziphakamiso 'ezithakazelisayo', ngenjongo ethile yokuthakazelisa).
Ifom ejoliswe ekuzichazeni, kodwa mhlawumbi ayinakunceda abantu abangaqhelani nokusebenza kwe-AFS kunye ne-RX.
Ukuba i-flag (verbose) iflegi inikezelwa kabini, ukuvuma iipakethi kunye nolwazi olongezelelweyo lwenkcazelo luprintwe, njenge-ID yefowuni ye-RX, inombolo yefowuni, inombolo yelandelelwano, inombolo ye-serial kunye neefayile ze-RX.
Ukuba i-flag ivuliwe kabini, ulwazi olongezelelweyo luprintwe, njenge-ID yefowuni ye-RX, inombolo ye-serial, kunye neefayile ze-RX. Ulwazi lwentetho ye-MTU iphrintiwe kwiiphakethi ze-ack ze-RX.
Ukuba i-flag ivuliwe kathathu, i-index yezokhuseleko kunye ne-id idisk
Iipositi zokuphutha ziprintwe kwiipakethi zokungabikho, ngaphandle kweepakethe ze-Ubik zepakethi (ngenxa yokukhupha iipakethi zisetyenziselwa ukubonisa i-yevo yokuvota kwi-protocol ye-Ubik).
Qaphela ukuba izicelo ze-AFS zikhulu kakhulu kwaye ezininzi iziphakamiso aziyi kuphrinta ngaphandle kokuba i- snaplen yanda. Zama ukusebenzisa i- ' -s 256 ' ukujonga i-AFS yendlela.
Iipakethi zempendulo ze-AFS azichazi ngokucacileyo ukusebenza kwe-RPC. Endaweni yoko, i- tcpdump igcina iifayile ze `` zakutshanje ', kwaye iyazifanisa nezimpendulo usebenzisa inombolo yefowuni kunye ne-ID yenkonzo. Ukuba impendulo ayilandelanga ngokulandelelana isicelo esifanelekileyo, kusenokungabi nakwenzeka.
IKIP Appletalk (iDDP kwi-UDP)
Iipakethi ze-Appletalk DDP ezifakwe kwi-datagrams ze-UDP zifakwe ngaphakathi kwaye zilahla njengeipakethi zeDDP (oko kukuthi, yonke inkcazelo ye-headline ye-UDP ilahliwe). Ifayile /etc/atalk.names isetyenziselwa ukuguqulela inombolo ye-appletalk kunye neenombolo ze-node kumagama. Imida kule fayili ifom
Igama leenombolo 1.254 ether 16.1 icsd-net 1.254.110 aceImigca emibini yokuqala inikezela ngamagama amanethiwekhi e-appletalk. Umgca wesithathu unikeza igama lomntu othile (ummiselo uhlukaniswe emnatha yi-octet yesi-3 kwinani - inombolo enomnatha kufuneka ibe neeyiti ezimbini kunye nenani lempi kufuneka libe nee-octet ezintathu.) Inombolo negama kufuneka ihlukaniswe nge-whitespace (iibhola okanye iithebhu). Ifayile ye-/etc/atalk.names ingaqukatha imigca engenanto okanye imigca yokuphawula (imigca eqala nge `# ').
Iilesi ze-Appletalk ziprintwe kwifomu:
net.host.port 144.1.209.2> icsd-net.112.220 iofisi.2> icsd-net.112.220 jssmag.149.235> icsd-net.2(Ukuba i /etc/atalk.nameshiyo ayikho okanye ingenayo ukungena kwezinye i-appletalk host / inombolo yenombolo, iidilesi ziprintwe kwifom yenombolo.) Kumzekelo wokuqala, i-NBP (port DDP 2) kwi-net 144.1 I-node 209 ithumela kuyo nayiphi na ephulaphulayo kwi-port 220 ye-icsd node 112. Umgca wesibini unjalo ngaphandle kwegama elipheleleyo le-node yomthombo yaziwa ('ofisi'). Umgca wesithathu uthumela ukusuka kwi-port 235 kwi-net jssmag node 149 ukusasaza kwi-port ye-icsd-net ye-NBP port (inqaku lokuba idilesi yokusasazwa (255) iboniswe igama lomnxeba ngaphandle kwenombolo yombutho-ngenxa yesi sizathu esihle ukugcina amagama omnxeba kunye namagama ahlukileyo kwi / /etc/atalk.names).
I-NBP (igama lokubopha umgaqo-nkqubo) kunye ne-ATP (iiplathi ze-Appletalk transaction protocol) ziqulethwe iziqulatho zazo. Ezinye iiprotoli zilahla igama leprotocol (okanye inombolo ukuba akukho igama lubhaliswe kwiprotocol) kunye nobukhulu bepakethi.
Iipakethi ze-NBP zifomathiweyo njengemizekelo elandelayo:
icsd-net.112.220> jssmag.2: nbp-lkup 190: "=: LaserWriter @ *" jssmag.209.2> icsd-net.112.220: nbp-reply 190: "RM1140: LaserWriter @ *" 250 techpit.2> icsd -net.112.220: nbp-impendulo 190: "i-techpit: LaserWriter @ *" 186Umgca wokuqala ngumbuzo wokukhangela amagama abaqhubi be-laserwriters bathunyelwe nge-net icsd host host 112 kunye nokusasazwa kwi-net jssmag. I-ID ye-nbp ye-lookup ingama-190. Umgca wesibini ubonisa impendulo yesi sicelo (inqaku lokuba unayo id efanayo) ukusuka kumncedisi jssmag.209 ethi it has a resource laserwriter ebizwa ngokuthi "RM1140" ebhaliswe kwi-port 250. Umgca ngenye impendulo kwisicelo esifanayo esithi umphathi we-techpit une-laserwriter "techpit" ebhaliswe kwi-port 186.
Ukufometha kwepakethi ye-ATP kuboniswa ngumzekelo olandelayo:
jssmag.209.165> helios.132: atp-req 12266 <0-7> 0xae030001 helios.132> jssmag.209.165: atp-resp 12266: 0 (512) 0xae040000 helios.132> jssmag.209.165: atp-resp 12266: 1 (512) 0xae040000 helios.132> jssmag.209.165: atp-resp 12266: 2 (512) 0xae040000 helios.132> jssmag.209.165: i-atp-resp 12266: 3 (512) 0xae040000 i-helios.132> i-jssmag.209.165: i-atp- i-12266: 4 (512) 0xae040000 i-helios.132> jssmag.209.165: i-atp-resp 12266: 5 (512) 0xae040000 i helios.132> jssmag.209.165: i-atp-resp 12266: 6 (512) 0xae040000 helios.132> jssmag. 209.165: i-atp-resp * 12266: 7 (512) 0xae040000 jssmag.209.165> helios.132: atp-req 12266 <3,5> 0xae030001 helios.132> jssmag.209.165: atp-resp 12266: 3 (512) 0xae040000 i helios .132> jssmag.209.165: atp-resp 12266: 5 (512) 0xae040000 jssmag.209.165> helios.132: atp-rel 12266 <0-7> 0xae030001 jssmag.209.133> helios.132: atp-req * 12267 <0 -7> 0xae030002I-Jssmag.209 iqalisa id idiskripthi ye-transactions 12266 kunye ne-helios yokusingatha ngokucela iipakethi eziyi-8 (`<0-7> '). Inombolo ye-hex ekupheleni komgca ixabiso lentsimi 'userdata' kwisicelo.
I-Helios iphendula iipakethi eziyi-512-byte. Le `: idijithi 'emva kwe-id yokuthengisela inika inombolo yokulandelelana kwepakethi kwintengiselwano kunye nenani kwi-parens yimalini yedata kwipakethi, ngaphandle kwe-header atp. I-'*' kwipakethi ye-7 ibonisa ukuba inqaku le-EOM lisetyenziswe.
I-Jssmag.209 icela ukuba iipakethe ezi-3 ne-5 zithunyelwe kwakhona. I-Helios iyababuyisela ke i-jssmag.209 ikhupha ukuthengiselana. Ekugqibeleni, i-jssmag.209 iqalisa isicelo esilandelayo. '`' Kwisicelo sibonisa ukuba i-XO ('kanye kanye kanye') ayisetyenziswanga.
Ukwahlukana kwe IP
Iinkcukacha ze-Intanethi zinyathelisiwe
(frag id : size @ offset +) (frag id : ubungakanani @ ukucima )(Ifom yokuqala ibonisa ukuba kukho iziqhekeza ezingaphezulu. Iyesibini ibonisa ukuba le ngxenyana yokugqibela.)
I-Id yi-id yeqhekeza. Ubukhulu bubungakanani befragment (kwi-bytes) ngaphandle kwe-header ye-IP. Ukukhutshwa kwesi siqhelo se-fragment (kwi-bytes) kwi-datagram yangaphambili.
Ulwazi lwengxenyana luphuma kwisiqephu ngasinye. Iqhekeza lokuqala liqulethe intloko yeprotocol yomgangatho ophakamileyo kunye nolwazi oluxhamliweyo luprintwa emva kolwazi lweprotocol. Iingcezu emva kokuqala ziqulethe i-header protocol yenqanaba eliphezulu kunye neenkcukacha zengcibi zinyatheliswa emva kokuba idilesi kunye neendawo eziya kuyo. Ngokomzekelo, nantsi inxalenye ye-ftp esuka kwi-arizona.edu ukuya kwi-lbl-rtsg.arpa kwixhumano lwe-CSNET olungabonakali ukuphatha i-datagrams ye-576 byte:
kwi-arizona.ftp-data> rtsg.1170:. I-1024: 1332 (308) i-ack 1 iphumelele 4096 (i-frag 595a: 328 @ 0 +) i-arizona> rtsg: (frag 595a: 204 @ 328) rtsg.1170> arizona.ftp-data:. i-ack 1536 inqoba 2560Kukho izinto ezimbalwa ukuphawula apha: Okokuqala, iilesi kumgca we-2 azibandakanyi manani eenombolo. Oku kungenxa yokuba ulwazi lweprotocol lweTCP lulo lonke iqhekeza lokuqala kwaye asikwazi ukuba ziphi na iinombolo zokuhamba okanye ukulandelelana xa sinyathelisa iinqununu zaso. Okwesibini, ulwazi lolandelelwano lwe-tcp kumgca wokuqala luprintwe ngokungathi kukho i-308 bytes yedatha yomsebenzisi xa, ngokwenene, kukho i-512 bytes (308 kwisiqalo sokuqala kunye no-204 kwesibili). Ukuba ukhangele imingxuma ekulandeleni indawo okanye uzama ukufanisa up acks neepakethi, oku kunokukukhohlisa.
Ipakethe ene-IP musa ukuhlula iiflegi ibhalwe ngokulandelelana (DF) .
Timestamps
Ngokungagqibekanga, yonke imigca yokuphuma ilandelwa yitampampu. Ixesha lesitampu lixesha langoku lewashi kwimo
hh: mm: ss.frackwaye lichanekile njengeeyure lekernel. Ixesha lesitampu libonisa ixesha le-kernel yokuqala ebona ipakethi. Akukho nzame eyenziwa kwi-akhawunti ngexesha lokuhlawulela phakathi kokuba i-ethernet isikhombisi sikhuphe iipakethe ukusuka kwintambo kwaye xa i-kernel isebenza 'ipakethe entsha' iphazamise.
BONA KWAKHO
izithuthi (1C), nit (4P), bpf (4), pcap (3)
Kubalulekile: Sebenzisa umyalelo womntu ( % umntu ) ukubona indlela umyalelo usetyenziswa ngayo kwiikhomputha yakho ethile.