NAME
tcpdump - kutaya magalimoto pa intaneti
SYNOPSIS
tcpdump [ -adeflnNOpqRStuvxX ] [ -c count ]
[ -C file_size ] [ -F fayilo ]
[ -yikulumikiza ] [ -m moduli ] [ -r fayilo ]
[ -sopera ] [ -T mtundu ] [ -U wosuta ] [ -w file ]
[ -E algo: chinsinsi ] [ mawu ]
DESCRIPTION
Tcpdump imatulutsa mapepala a pa mapulogalamu omwe amagwirizana ndi mawu a boolean. Ikhozanso kuyendetsedwa ndi -w flag, zomwe zimayambitsa kusunga deta paketi ku fayilo kuti iwonetseredwe kamodzi, ndi / kapena ndi -r flag, yomwe imachititsa kuti iwerenge kuchokera pa fayilo yosungirako paketi kusiyana ndi kuwerenga mapaketi kuchokera pa Intaneti. Nthawi zonse, mapaketi omwe amafanana ndi mafotokozedwe adzakonzedwa ndi tcpdump .
Tcpdump adzakhala, ngati simuthamanga ndi -c flag, pitirizani kulandira mapaketi mpaka itasokonezedwa ndi chizindikiro cha SIGINT (kupangidwa, mwachitsanzo, polemba khalidwe lanu losokoneza, makamaka kulamulira-C) kapena chizindikiro cha SIGTERM (kawirikawiri chimapangidwa ndi kupha (1) lamulo); Ngati muthamanga ndi -c flag, imatenga mapaketi mpaka itasokonezedwa ndi chizindikiro cha SIGINT kapena SIGTERM kapena mapepala omwe awonetsedwa.
Pamene tcpdump ikatha kutenga mapaketi, idzafotokoza ziwerengero za:
mapaketi `` analandiridwa ndi fyuluta '' (tanthauzo la izi zimadalira OS yomwe mukuyendetsa tcpdump , ndipo mwinamwake momwe njira ya OS inasinthidwira - ngati fyuluta idatchulidwa pa mzere wa lamulo, pa zina za OSS zikuwerengera mapaketi mosasamala kanthu kuti amafananitsidwa ndi fyuluta yowonetsera, ndipo pa ma OSes ena amawerengera mapepala omwe amafananitsidwa ndi fyuluta yowonetsera ndipo anakonzedwa ndi tcpdump );
mapaketi `` agwetsedwa ndi kernel '' (ichi ndi chiwerengero cha mapaketi omwe adatayidwa, chifukwa cha kusowa malo osungirako, ndi phukusi logwira ntchito mu OS yomwe tcpdump ikuyenda, ngati ayi, zidzatchedwa 0).
Pa mapulaneti omwe amathandiza SIGINFO chizindikiro, monga ma BSD ambiri, chidzafotokozera ziwerengerozo pamene zimalandira chizindikiro cha SIGINFO (mwachitsanzo, polemba chikhalidwe chanu `status '', makamaka kulamulira-T) ndikupitiriza kulanda mapaketi .
Kuwerenga mapepala kuchokera ku mawonekedwe a intaneti kungafunike kuti ukhale ndi mwayi wapadera:
Pansi pa SunOS 3.x kapena 4.x ndi NIT kapena BPF:
Mukuyenera kuti mwawerenga kuwerenga / dev / nit / dev / bpf * .
Pansi pa Solaris ndi DLPI:
Muyenera kukhala ndi kuwerenga / kulemba kuntchito yachinsinsi pulogalamu, mwachitsanzo / dev / le . Pafupifupi ma Solaris ena, komatu, izi si zokwanira kulola kuti tcpdump ilowe mumasewera amodzi; pa Mabaibulo amenewa a Solaris, muyenera kukhala mizu, kapena tcpdump iyenera kukhazikitsidwa kuti ikhale ndi mizu, kuti igwire mwakugonjetsa. Dziwani kuti, pamakono ambiri (mwina onse), ngati simugwiritsa ntchito machitidwe amwano, simudzawona mapepala aliwonse omwe amachoka, kotero kuti kuwatenga osati kuchitapo kanthu kungakhale kopindulitsa.
Pansi pa HP-UX ndi DLPI:
Muyenera kukhala muzu kapena tcpdump ayenera kukhazikitsidwa kuti muzuke.
Pansi pa IRIX ndi snoop:
Muyenera kukhala muzu kapena tcpdump ayenera kukhazikitsidwa kuti muzuke.
Pansi pa Linux:
Muyenera kukhala muzu kapena tcpdump ayenera kukhazikitsidwa kuti muzuke.
Pansi pa Ultrix ndi Digital UNIX / Tru64 UNIX:
Wogwiritsa ntchito aliyense angagwire ntchito yamtundu wamtaneti ndi tcpdump . Komabe, palibe wogwiritsa ntchito (ngakhale wamkulu-wosuta) angagwirizane ndi machitidwe osokoneza bongo pokhapokha ngati wogwiritsira ntchito wapamwamba athandiza opondereza ntchitoyo pa pulogalamuyo pogwiritsa ntchito pfconfig (8), ndipo palibe wogwiritsa ntchito (ngakhale wosasintha kwambiri ) akhoza kutenga mawonekedwe osagwirizana nawo omwe amalandira kapena kutumizidwa ndi makina pa mawonekedwe ake pokhapokha ngati wogwiritsa ntchito wapamwamba athandiza ntchito yopezera mafilimu pogwiritsa ntchito pfconfig , choncho phukusi lothandizira limagwiritsa ntchito mawonekedwe omwe amafunika kuti azichita zolaula kapena kujambula -magetsi onse opaleshoni, kapena machitidwe onse awiri, athandizidwe pa mawonekedwe awo.
Pansi pa BSD:
Mukuyenera kuti mwawerenga kuwerenga / dev / bpf * .
Kuwerenga pepala lapaketeti lopulumutsidwa sikufuna maudindo apadera.
OPTIONS
-a
Yesetsani kutembenuza ma intaneti ndi kufalitsa maadiresi ku mayina.
-c
Tulukani mutalandira mapaketi owerengeka .
-C
Musanalembere paketi yaiwisi kufilosofi, onetsetsani kuti fayiloyi ndi yayikulu kuposa file_size ndipo, ngati ziri choncho, kutseka mafayilo osungira omwe akutsopano ndikutsegula chatsopano. Zosungidwa pambuyo pafilosofi yoyamba zidzatchulidwa dzina ndi -w flag, ndi nambala pambuyo pake, kuyambira pa 2 ndi kupitirira mmwamba. Ma unit of file_size ndi mamiliyoni a bytes (1,000,000 bytes, osati 1,048,576 bytes).
-d
Dulani chiphatikizidwe chokhala ndi mapulogalamu ofanana ndi mapepala pamtundu woyenerera waumunthu kuyezo wovomerezeka ndi kuima.
-dd
Dulani kodeti yofanana ndi paketi monga C pulogalamu ya pulogalamu.
-dd
Sulani code podet-code monga nambala decimal (patsogolo ndi chiwerengero).
-a
Sinthani mutu wazitsulo pamzere pazotsatira iliyonse.
-E
Gwiritsani ntchito algo: chinsinsi chodziwitsira pakiti pa EPS ESP. Zolinga zikhoza kukhala za -cbc , 3des-cbc , blowfish-cbc , rc3-cbc , cast128-cbc , kapena palibe . Chotsalira ndi des-cbc . Kukhoza kutulutsa mapaketi kumakhalapo ngati tcpdump inalembedwa ndi cryptography yopezeka. mvetserani malemba ascii for key ESP key. Sitingathe kutengapo mbali mwachindunji panthawiyi. Njirayo imatenga RFC2406 ESP, osati RFC1827 ESP. Njirayo ndi yokhayokha pofuna kugwiritsira ntchito malingaliro, ndipo kugwiritsa ntchito njirayi ndi chinsinsi chenicheni 'chobisika' chalepheretsedwa. Mwa kuyika chinsinsi chachinsinsi cha IPsec ku mzere wa lamulo mumapangitsa kuti iziwoneke kwa ena, kudzera pa ps (1) ndi nthawi zina.
-f
Kusindikiza 'intaneti' imalumikiza ma intaneti m'malo mofananitsa (njirayi imagwiritsidwa ntchito kuti ifike pozungulira kuwonongeka kwa ubongo ku Sun's yp server ... kawirikawiri izo zimangokhala kwanthawizonse kumasulira nambala za intaneti zapanyumba).
-F
Gwiritsani ntchito fayilo monga chongowonjezera kufotokoza kwa fyuluta Mawu ena operekedwa pa mzere wa lamulo amanyalanyazidwa.
-i
Mvetserani pa mawonekedwe . Ngati simunatsimikizidwe, tcpdump ikufufuza mawonekedwe a mawonekedwe omwe ali otsika kwambiri, okonzedweratu mawonekedwe (kuphatikizapo loopback). Makhalidwe akusweka mwa kusankha machesi oyambirira.
Pulogalamu ya Linux ndi 2.2 kapena m'mbuyo maso, kukangana kwa '`aliyense' 'kungagwiritsidwe ntchito kukatenga mapaketi kuchokera pa interfaces onse. Zindikirani kuti kugwidwa pa `` aliyense '' sichidzachitidwa mwatsatanetsatane.
-l
Pangani mzere wokhotakhota. Zothandiza ngati mukufuna kuona deta ndikuigwira. Mwachitsanzo,
`` tcpdump -l | tee dat '' kapena `` tcpdump -l> dat & tail -f dat ''.
-m
Lolani malingaliro a SMI MIB kuchokera ku fayilo yamtundu. Njirayi ingagwiritsidwe ntchito kangapo kuti itenge ma modules angapo a MIB mu tcpdump .
-n
Musatembenuzire ma adiresi oyandikana ndi mayina. Izi zingagwiritsidwe ntchito kupeŵa ma DNS lookups.
-nn
Musasinthe manambala a protolo ndi maofesi ndi zina.
-N
Musasindikize mayina a mayina a mayina awo. Mwachitsanzo, ngati mupereka mbendera ndiye tcpdump idzasindikizidwa `` nic '' mmalo mwa `nic.ddn.mil ''.
-O
Musagwiritse ntchito mapulogalamu ofanana ndi code optimizer. Izi ndizothandiza kokha ngati mukuganiza kuti kachilombo kamene kamakhala kosavuta.
-p
Musati muyike mawonekedwe anu muzolowera. Dziwani kuti mawonekedwewa akhoza kukhala okhudzana ndi chiwerewere pa chifukwa china; Choncho, `-p 'sangagwiritsidwe ntchito ngati chidule cha` ether host {loc-hw-addr} kapena ether broadcast'.
-q
Kutulutsira mwamsanga (chete?). Lembani uthenga wosasinthika wazithunzithunzi kuti mzere wotsalira ndi wofupikitsa.
-R
Lingalirani mapepala a ESP / AH kuti akhale okhudzana ndi zakale (RFC1825 mpaka RFC1829). Ngati tanenedwa , tcpdump sidzasindikiza fomu yopewera replay. Popeza palibe gawo la ma protocol mu malemba a ESP / AH, tcpdump silingathe kufotokozera ndondomeko ya ESP / AH protocol.
-r
Werengani mapaleti kuchokera pa fayilo (yomwe inalengedwa ndi -w). Zowonjezera zowonjezera zimagwiritsidwa ntchito ngati fayilo ndi `` - ''.
-S
Sinthani mndandanda, m'malo mosiyana, manambala a TCP.
-s
Zowonjezereka za deta kuchokera pakapakiti iliyonse kusiyana ndi kusasintha kwa 68 (ndi NIT ya SunOS, osachepera kwenikweni ndi 96). 68 bytes ndi okwanira IP, ICMP, TCP ndi UDP koma amatha kudziwitsa zambiri zokhudza protolo kuchokera pa seva ndi NFS mapaketi (onani pansipa). Ma pakiti otayidwa chifukwa cha zojambula zochepa zimasonyezedwa mu zotsatira ndi `` [| proto ] '', kumene proto ndilo dzina la protocol yomwe truncation yachitika. Zindikirani kuti kutenga zida zazikuluzikulu ziwiri kumawonjezera kuchuluka kwa nthawi yomwe ikuyenera kukonza mapaketi ndipo, moyenera, amachepetsa kuchuluka kwa paketi. Izi zingayambitse mapaketi. Muyenera kuchepetsa chiwerengero chaching'ono chomwe chidzagwiritse ntchito chidziwitso cha protocol chomwe mukuchifuna . Kuyika kwa 0 kumatanthauza kugwiritsa ntchito kutalika kwake kuti mupeze mapaketi onse.
-T
Ikani mapaketi omwe asankhidwa ndi " mawu " kuti atanthauzidwe mtundu womwewo . Masiku ano anthu amadziwika ngati cnfp (Cisco NetFlow protocol), rpc (Maulendo Othawa Pakati ), rtp (Real-Time Applications protocol), rtcp (Real-Time Applications control protocol), ndondomeko (Simple Network Management Protocol), yotchedwa (Visual Audio Tool) ), ndipo wb (yogawa White Board).
-t
Musasindikize timestamp pamphindi uliwonse.
-tt
Sindikirani timatampampu yosadziwika pa tsamba lililonse.
-U
Kutaya mwayi wa mizu ndi kusintha ID ya wosuta kwa ID ndi gulu la gulu ku gulu loyamba la ogwiritsa ntchito .
Zindikirani! Red Hat Linux imangotaya mwayi wopita `` pcap '' ngati palibe china chilichonse chomwe chikufotokozedwa.
-ttt
Sinthani delta (mu micro-masekondi) pakati pa mzere wamakono ndi wam'mbuyo pa chingwe chilichonse.
-tttt
Sinthani timatampamp mwasinthidwe mawonekedwe anayamba ndi tsiku pa tsamba lililonse.
-u
Sindikirani NFS yosadulidwa.
-v
(Pang'ono pang'ono) chikhomo cha verbose. Mwachitsanzo, nthawi yokhala, chizindikiritso, kutalika kwake ndi zosankha mu IP packet amasindikizidwa. Ikuthandizanso kuwongolera kwina kukhulupirika kwa phukusi monga kutsimikizira kuyang'ana kwa IP ndi ICMP.
-vv
Zowonjezera zambiri za verbose. Mwachitsanzo, zina zamasamba zimasindikizidwa kuchokera ku NFS reply packets, ndipo mapepala a SMB amadziwika bwinobwino.
-vvv
Zowonjezera zambiri za verbose. Mwachitsanzo, telnet SB ... SE zimene mungasankhe zimasindikizidwa mokwanira. Ndi -SX njira za telnet zimasindikizidwa mu hex komanso.
-w
Lembani mapepalawa kuti asunge m'malo mowasindikiza ndi kuwamasulira. Pambuyo pake akhoza kusindikizidwa ndi -sankho. Zolemba zoyenera zimagwiritsidwa ntchito ngati fayilo ndi `` - ''.
-x
Sinthani paketi iliyonse (kuchepetsa kusankhana kwake mutu wa mutu) mu hex. Zing'onozing'ono za phukusi lonse kapena zofiira zamtundu zidzasindikizidwa. Dziwani kuti iyi ndi phukusi lonse logwirizanitsa, kotero kuti zigawo zachitsulo zomwe zimapangidwira (mwachitsanzo Ethernet), mapepala a padding adzasindikizidwanso pamene pakiti yapamwamba yowonjezera ifupika kuposa yofunikirako.
-X
Mukasindikiza hex, sindikizani ngaticii. Choncho ngati -x imayikidwanso, paketi imasindikizidwa mu hex / ascii. Izi ndizothandiza kwambiri pofufuza zatsopano. Ngakhale -xiyi isanakhazikitsidwe , mbali zina za mapaketi zingathe kusindikizidwa mu hex / ascii.
mawu
amasankha mapaketi omwe adzatayika. Ngati palibe mawu akuti aperekedwa, mapaketi onse pa ukonde adzatayidwa. Apo ayi, mapepala okha omwe ali `woona 'adzatayidwa.
Mawuwa ali ndi chimodzi kapena zambiri zoyamba. Ampatimenti kawirikawiri amakhala ndi id (dzina kapena nambala) yotsatiridwa ndi chiyero chimodzi kapena zambiri. Pali mitundu itatu yoyenerera:
mtundu
akatswiri amanena kuti ndi dzina liti kapena dzina loyang'anapo. Mitundu yothekayo imakhala yolandiridwa , ukonde ndi doko . Mwachitsanzo, 'foo host', "net 128.3 ',' port 20 '. Ngati palibe choyimira choyimira, wolandiridwa akuganiza.
dir
ziyeneretso zimatanthawuza makamaka kutumiza njira ku / kapena kuchokera ku id . Njira zowoneka ndizochepa, dst , src kapena dst ndi src ndi dst . Mwachitsanzo, 'src foo', "dst net 128.3 ',` src kapena dst port portpp data'. Ngati palibe chidziwitso cholakwika, src kapena dst akuganiza. Kwa zigawo za "null" (mwachitsanzo, yesetsani kuzinthu zowonjezereka monga zong'onong'ono) ziyeneretso zomwe zimachokera komanso zogwiritsidwa ntchito zingagwiritsidwe ntchito pofotokozera njira yomwe mukufuna.
proto
ziyeneretso zimalepheretsa masewera ku protocol inayake. Zochitika zotchedwa protos ndi: ether , fddi , tr , ip , ip6 , arp , rarp , decnet , tcp ndi udp . Mwachitsanzo, 'ether src foo', 'arp net 128.3', `tcp doko 21 '. Ngati palibe zovomerezeka, zizindikiro zonse zimagwirizana ndi mtunduwo. Mwachitsanzo, 'src foo' amatanthawuza '(ip kapena arp kapena rarp) src foo' (kupatulapo pamapeto pake si malamulo ovomerezeka), 'bar bar' amatanthauza '(ip kapena arp kapena rarp) bar bar' ndi 'port 53' amatanthauza `(tcp kapena udp) chitukuko 53 '.
[`fddi 'kwenikweni ndi amodzi kwa` ether'; Wowonjezera amawachitira mofanana ndikutanthauza `` chiyanjano cha deta chimene chikugwiritsidwa ntchito pa intaneti. '' Mutu wa FDDI uli ndi maadiresi omwe amachokera ku Ethernet ndi malo omwe akupita, ndipo nthawi zambiri amakhala ndi mitundu ya pakiti ya Ethernet, kotero kuti mukhoza kusungira pa madera awa a FDDI monga momwe zilili ndi minda yoyenerera ya Ethernet. Mutu wa FDDI uli ndizinthu zina, koma simungatchulepo momveka bwino pa fyuluta.
Mofananamo, `tr 'ndi amodzi kwa` ether'; Mawu a ndime zapitazo za mutu wa FDDI akugwiritsanso ntchito kumutu wa Token Ring.]
Kuwonjezera pa pamwambapa, pali zida zapadera zomwe sizikutsatira ndondomeko: chipatala , kufalitsa , zochepa , zazikulu ndi masamu. Zonsezi zikufotokozedwa pansipa.
Zowonongeka zowonongeka zowonongeka zimamangidwa mwa kugwiritsa ntchito mawu komanso , kapena kuti asagwirizane ndi zikuluzikulu. Mwachitsanzo, 'foo host' osati port ftp ndipo osati port ftp-data '. Kusunga kujambula, ndondomeko zofanana zogwiritsira ntchito zikhoza kuchotsedwa. Mwachitsanzo, `tcp dst port portp kapena ftp-data kapena domain 'ndi chimodzimodzi ndi` tcp dst port ftp kapena tcp dst port ftp-data kapena tcp dst port domain'.
Zovomerezeka zoyenera ndi izi:
wothandizira alendo
Zoona ngati malo a IPv4 / v6 opita kumalo a pakiti akulandiridwa , omwe mwina angakhale adiresi kapena dzina.
src wolandira alendo
Zoona ngati pulogalamu ya IPv4 / v6 yowonjezera ya pakitiyo ikulandiridwa .
wolandiridwa
Zowona ngati pulogalamu ya IPv4 / v6 kapena malo a pakitiyo akulandiridwa . Zina mwazinthu zowonjezera pamwambazi zikhoza kuyendetsedwa ndi mawu achinsinsi, ip , arp , rarp , kapena ip6 monga:
ip host hostzomwe ziri zofanana ndi:
ether proto \ ip ndi gulu la alendoNgati okondedwa ndi dzina lokhala ndi ma intaneti ambiri, adiresi iliyonse idzayang'aniridwa ndi machesi.
ether dst ehost
Zowona ngati aderesi ya komweko ndi ehost . Ehost ikhoza kukhala dzina kuchokera ku / etc / ethers kapena nambala (onani ethers (3N) kuti zikhale zowerengeka).
ether src ehost
Zoona ngati aderesi yowonjezera ndi ehost .
andher host host
Zoona ngati adesi kapena malo olowera ku ethernet ndi ehost .
wolandira chipatala
Zoona ngati pakitiyo imagwiritsa ntchito wolandira ngati chipata. Ie, ma adiresi kapena ma adiresi olowera kumalo adalandiridwa koma palibe pulogalamu ya IP kapena malo omwe amapitako . Wokonzekera ayenera kukhala dzina ndipo ayenera kupezeka onse ndi makina opangidwa ndi makina-dzina-to-IP-address (njira yolemba dzina, DNS, NIS, etc.) ndi kusinthidwa kwa adiresi ya dzina-mpaka-Ethernet-address address mawonekedwe (/ etc / ethers, etc.). (Yankho lofanana ndilo
andher host host ehost osati wolandira alendozomwe zingagwiritsidwe ntchito ndi maina kapena manambala a host / ehost .) Syntax siigwira ntchito mukonzedwe kake ka IPv6 panthawiyi.
khoka laukonde
Zoona ngati adandilo a IPv4 / v6 apakati pa paketi ali ndi chiwerengero cha intaneti. Net ikhoza kukhala dzina kuchokera ku / etc / mawindo kapena nambala yopezeka (onani mawonekedwe (4) kuti mudziwe zambiri).
src net net
Zoonadi ngati IPv4 / v6 yopezera chida cha pakitiyi ili ndi nambala ya intaneti.
net net
Zowona ngati apv4 / v6 adiresi kapena adiresi adiresi ya pakiti ali ndi intaneti nambala ya net .
thumb
Zoona ngati adilesi ya IP ikugwirizana ndi nambala ndi netmask . Mukhoza kukhala oyenerera ndi src kapena dst . Onani kuti mawuwa sakugwirizana ndi IPv6 net .
malonda
Zoona ngati adesi ya IPv4 / v6 ikugwirizana ndi net ndi makina a netmask. Mukhoza kukhala oyenerera ndi src kapena dst .
doko la doko la dst
Zowona ngati pakiti ndi ip / tcp, ip / udp, ip6 / tcp kapena ip6 / udp ndipo ili ndi phindu loyendera pambuyo . Gombelo lingakhale nambala kapena dzina lotchulidwa mu / etc / misonkhano (onani tcp (4P) ndi udp (4P)). Ngati dzina likugwiritsidwa ntchito, chiwerengero cha chiwongoladzanja ndi protocol ndizofufuzidwa. Ngati nambala kapena dzina losavomerezeka limagwiritsidwa ntchito, chiwerengero cha chiwongoladzanja chikayang'anitsidwa (mwachitsanzo, chipika cha 513 chidzasindikiza zonse tcp / login traffic ndi udp / omwe magalimoto, ndi dera lamasitomala adzasindikiza zonse tcp / domain ndi udp / domain traffic).
src port port
Zoona ngati pakitiyo ili ndi phindu lamakono la phukusi .
sitima ya doko
Zoona ngati galimoto yoyambira kapena yopita kwa pakitiyo ndi port . Zonse mwazinthu zomwe zili pamwambazi zingagwiritsidwe ntchito ndi mawu achinsinsi, tcp kapena udp , monga:
tcp src port portzomwe zimagwirizana ndi mapepala a tcp okha omwe chitukuko chawo chimachokera ku doko .
kutalika kwake
Zoona ngati pakitiyo ili ndi kutalika kwache kuposa kapena kufanana ndi kutalika . Izi zikufanana ndi:
len = = kutalika .kutalika kwake
Zoona ngati pakitiyo ili ndi kutalika kwa kutalika kapena kufanana ndi kutalika . Izi zikufanana ndi:
len = = kutalika .ip proto protocol
Zoona ngati pakitiyo ndi IP packet (onani ip (4P)) ya mtundu wa protocol mtundu protocol . Pulogalamuyo ikhoza kukhala nambala kapena imodzi mwa mayina icmp , icmp6 , igmp , igrp , pim , ah , esp , vrrp , udp , kapena tcp . Dziwani kuti zizindikiro za tcp , udp , ndi icmp ndizofunika kwambiri ndipo ziyenera kuthawa kudzera kubwerera mmbuyo (\), zomwe ziri mu C-shell. Dziwani kuti ichi choyambirira sichikuthamangitsa chingwe cha mutu wa protocol.
ip6 proto protocol
Zoona ngati pakitiyo ndi ipv6 pakiti ya protocol mtundu protocol . Dziwani kuti ichi choyambirira sichikuthamangitsa chingwe cha mutu wa protocol.
ip6 protochain protocol
Zoona ngati pakitiyo ndi IPv6 pakiti, ndipo ili ndi mutu wa protocol ndi mtundu wa protocol mu mndandanda wa mutu wa protocol. Mwachitsanzo,
ip6 protochain 6Gwirizanitsani phukusi lililonse la IPv6 ndi mutu wa TCP protocol mu mndandanda wa mutu wa protocol. Phukusili likhoza kukhala, mwachitsanzo, mutu wotsimikizirika, mutu wodutsa mutu, kapena mutu wotsitsika-hop, pakati pa IPv6 mutu ndi TCP mutu. Ndondomeko ya BPF yomwe imachokera ku chiyambi ichi ndi yovuta ndipo sungakhoze kukonzedwa ndi code optimizer code mu tcpdump , kotero izi zikhoza kuchepa pang'ono.
ip protochain protocol
Chimodzimodzi ndi ip6 protochain protocol , koma iyi ndi IPv4.
ether akufalitsa
Zoona ngati pakitiyo ndi pakiti yolumikiza ethernet. Mawu achinsinsi otchedwa ether ndi ofunika.
ip
Zoona ngati pakitiyo ndi phukusi la IP lofalitsidwa. Imafufuza zonse zeroes ndi zonse zomwe zimafalitsa misonkhano, ndikuyang'ana pa subnet mask.
ether multicast
Zoona ngati pakitiyo ndi pakiti yotchedwa multilateral ethernet. Mawu achinsinsi otchedwa ether ndi ofunika. Ichi ndifupikitsa kuti ` ether [0] & 1! = 0 '.
ip multicast
Zoona ngati pakitiyo ndi phukusi la multicast IP.
ip6 multicast
Zoona ngati pakitiyo ndi pakiti ya IPv6 multicast.
ether proto protocol
Zoona ngati pakitiyo ili ndi ether mtundu protocol . Pulogalamuyi ingakhale nambala kapena maina ap , ip6 , arp , rarp , atalk , aarp , decnet , sca , lat , mopdl , moprc , iso , stp , ipx , kapena netbeui . Tawonani izi zomwe zimatchulidwanso ndi mawu achinsinsi ndipo ayenera kuthawa kudzera kubwerera mmbuyo (\).
[Pankhani ya FDDI (mwachitsanzo, ' fddi protocol arp ') ndi Chizindikiro cha Chizindikiro (mwachitsanzo, ` tr protocol arp '), pazinthu zamtunduwu, chizindikiro cha protocol chimachokera ku mutu wa 802.2 Logical Link Control (LLC), womwe kawirikawiri amalembedwa pamwamba pa mutu wa FDDI kapena Token Ring.
Pogwiritsa ntchito zizindikiro zambiri za protocol pa FDDI kapena Chizindikiro cha Token, tcpdump imangoyang'ana gawo la ID lovomerezeka la LLC lomwe limatchedwa SNAP kupanga ndi bungwe la bungwe la bungwe la OXI la 0x000000, la encapsulated Ethernet; Sichiwona ngati paketi ili mu SNAP format ndi OU ya 0x000000.
Zopatulazo ndi iso , zomwe zimayang'ana DSAP (Destination Service Access Point) ndi masamba SSAP (Source Service Access Point) a LLC mutu, stp ndi netbeui , komwe imayang'ana DSAP wa LLC, ndi atalk , kumene amayang'ana pa paketi ya SNAP-format ndi OU ya 0x080007 ndi Appletalk etype.
Pankhani ya Ethernet, tcpdump imayang'anitsitsa munda wa Ethernet pamtundu uliwonse wa ma protocol; Zopatulazo ndi iso , sap , ndi netbeui , zomwe zimayang'ana 802.3 chimango ndikuyang'ana mutu wa LLC monga momwe zimachitira FDDI ndi Token Ring, atalk , komwe imayang'ana onse a Appletalk etype mu Ethernet chimango ndi Phukusi la SNAP monga momwe likuchitira FDDI ndi Token Ring, aarp , komwe imayang'ana Appletalk ARP etype mu Ethernet chimango kapena 802.2 SNAP chimango ndi OU ya 0x000000, ndipo ipx , kumene kufufuza IPX etype mu Ethernet chimango, IPX DSAP mu mutu wa LLC, 802.3 opanda chidziwitso cha LLC cha IPX, ndi IPX etype mu SNAP frame.]
decnet src wolandira
Zoona ngati adilesi ya DECNET yowonjezera, yomwe ikhoza kukhala adiresi ya fomu `` 10.123 '', kapena dzina la eni ake a DECNET. [DECNET host host name thandizo limapezeka pokhapokha pa Ultrix machitidwe omwe akukonzekera kuyendetsa DECNET.]
decnet dst host
Zowonadi ngati adza a DECNET akupita.
wothandizidwa ndi a decnet
Zoona ngati adalowa ku adilesi ya DECNET kapena adiresi.
ip , ip6 , arp , rarp , atalk , aarp , decnet , iso , stp , ipx , netbeui
Machaputala a:
ether proto ppomwe p ndi imodzi mwa malamulo apamwambawa.
lat , moprc , mopdl
Machaputala a:
ether proto ppomwe p ndi imodzi mwa malamulo apamwambawa. Onani kuti tcpdump sakudziwa momwe angasamalire ma protocol awa.
vlan [vlan_id]
Zoona ngati pakitiyi ndi pakiti ya IEEE 802.1Q VLAN. Ngati [vlan_id] yatsimikiziridwa, chowonadi ndi pakiti ali ndi vlan_id . Zindikirani kuti mawu oyamba a vlan omwe akukumana nawo akuwamasulira amachititsa kuti ziwonetsero zotsalira zikhale zogwirizana ndi lingaliro lakuti pakiti ndi pakiti ya VLAN.
tcp , udp , icmp
Machaputala a:
ip proto p kapena ip6 pto ppomwe p ndi imodzi mwa malamulo apamwambawa.
iso proto protocol
Zoona ngati pakitiyo ndi pakiti ya OSI ya protocol mtundu protocol . Pulogalamu ikhoza kukhala nambala kapena imodzi mwa mayina a cnp , se , kapena isis .
clnp , yes , isis
Machaputala a:
iso proto ppomwe p ndi imodzi mwa malamulo apamwambawa. Onani kuti tcpdump ili ndi ntchito yosakwanitsa kuthetsa ma protocol.
expr relop expr
Zoona ngati chibwenzicho chikugwirizanitsa, pomwe relop ndi chimodzi mwa>, <,> =, <=, =, = =, ndi expr ndi mawu a masamu omwe ali ndi zilembo zowonjezera (zomwe zimafotokozedwa muyezo wachigawo C syntax) , -, *, /, &, |], otalikitsa operekera, ndi apadera opeza data papepala. Kuti mupeze deta mkati mwa paketi, gwiritsani ntchito zizindikiro zotsatirazi:
proto [ expr : size ]Proto ndi chimodzi mwa ether, fddi, tr, ppp, slip, link, ip, arp, rarp, tcp, udp, icmp kapena ip6 , ndipo ikuwonetseratu ndondomeko ya ntchito yopangira ndondomeko. ( ether, fddi, tr, ppp, slip ndi kugwirizanitsa zonse zimatanthawuza kuzitsulo zosanjikizana.) Dziwani kuti tcp, udp ndi mitundu ina yowonjezera ma protocol imangogwira ntchito ku IPv4, osati IPv6 (izi zidzakonzedweratu). Kuchokera kwachinsinsi, motsatira ndondomeko yowonetsera protocol, kumaperekedwa ndi expr . Kukula ndizosankhidwa ndikuwonetsa chiwerengero cha zolemba zomwe zili m'munda wa chidwi; mwina ikhoza kukhala imodzi, iwiri, kapena inai, ndi zosinthika kwa imodzi. Woyendetsa wotalika, wotchulidwa ndi keyword len , amapereka kutalika kwa paketi.
Mwachitsanzo, ' ether [0] & 1! = 0 ' imagwira zonse zamtundu wa magalimoto. Mawu akuti ip [0] & 0xf! = 5 'amagwira onse mapaketi a IP ndi zosankha. Mawu akuti ip [6: 2] & 0x1fff = 0 'amatenga deta zokhazokha zokhazokha ndi zolemba zosagawanika. Chekeyi imagwiritsidwa ntchito mokwanira ku ntchito za tcp ndi udp . Mwachitsanzo, tcp [0] nthawizonse imatanthawuza chotsatira choyamba cha mutu wa TCP, ndipo sichikutanthauza kuti chidutswa choyamba cha chidutswa chotsutsana.
Zina zopanda malire ndi zamunda zimatha kufotokozedwa monga maina osati monga zamtengo wapatali. Zotsatira zotsatirazi zotsatilazi zikupezeka: icmptype (ICMP mtundu wamtundu), icmpcode (ICMP code field), ndi tcpflags (TCP milandu yamtundu).
Zotsatira zotsatirazi za mtundu wa ICMP zilipo: icmp-echoreply , icmp-unreach , icmp-sourcequench , icmp-redirect , icmp-echo , icmp-routeradvert , icmp-parterrolicit , icmp-tstamp , icmp -tstampreply , icmp-ireq , icmp-ireqreply , icmp-maskreq , icmp-maskreply .
Zotsatira zotsatirazi za TCP zowonjezera zilipo: tcp-fin , tcp-syn , tcp-rst , tcp-push , tcp-push , tcp-ack , tcp-urg .
Ampando angagwiritsidwe ntchito pogwiritsa ntchito:
Gulu lovomerezeka la anthu oyambirira ndi ochita masewera (okalamba ali apadera kwa Manda ndipo ayenera kuthawa).
Kusayera (` ! 'Kapena' ayi ').
Concatenation (` && ' kapena` ndi ').
Zina (` || 'kapena` kapena ').
Kusayera kumakhala koyambirira. Njira yotsatizana ndi kukambirana ndizofanana ndi kusonkhana kumanzere kupita kumanja. Onani kuti ziwonetsero ndi zizindikiro, osati juxtaposition, tsopano zikufunika kuti zitsimikizidwe.
Ngati chizindikiritso chikuperekedwa popanda mawu achinsinsi, mawu ofunika kwambiri atsopanowa amaganiziridwa. Mwachitsanzo,
osayanjana ndi vs acendi lalifupi
osati kulandira vs vs host hostzomwe siziyenera kusokonezedwa ndi
osati (host vs kapena ace)Mafotokozedwe amatsutso angaperekedwe ku tcpdump monga mtsutso umodzi kapena ngati zifukwa zambiri, zilizonse zosavuta. Kawirikawiri, ngati mawuwa ali ndi majekesti a Shell, ndi kosavuta kufotokoza ngati ndemanga imodzi, yotsutsana. Zokwanira zambiri zimagwirizanitsidwa ndi malo osadulidwa.
ZITSANZO
Kusindikiza mapaketi onse akufika kapena atachoka dzuŵa :
tcpdump host sundownKusindikiza magalimoto pakati pa helios ndi yotentha kapena ace :
tcpdump host helios ndi \ (otentha kapena ace \)Kusindikiza mapaketi onse a IP pakati pa ace ndi munthu wina aliyense kupatula helios :
Tcpdump ip host host osati osati heliosKusindikiza magalimoto onse pakati pa makamu ndi makamu apanyumba ku Berkeley:
tcpdump net ucb-etherKusindikiza maulendo onse podutsa pa intaneti gateway snup : (onani kuti mawuwa atchulidwa kuti ateteze chipolopolo kuchokera (mis-) kutanthauzira ana awo):
tcpdump 'gateway snup (port ftp kapena ftp-data)'Kusindikiza zamagalimoto sizingasunthike kapena kuti zitheke kwa makamu apachilumba (ngati inu mutsekera ku khoka lina, zinthu izi siziyenera kuyika mu ukonde wanu wamkati).
tcpdump ip ndipo osati net localnetKusindikiza mapepala (kuyamba ndi mapeto mapaketi (mapepala a SYN ndi FIN) a zokambirana zonse za TCP zomwe zimaphatikizapo anthu osakhala nawo.
tcpdump 'tcp [tcpflags] & (tcp-syn | tcp-fin) = = 0 osati src ndi dst net net localnet 'Kusindikiza mapaketi a IP kwautali kuposa 576 byte atumizidwa kudutsa chipatala:
Tcpdump 'Gateway snup ip ip [2: 2]> 576'Kusindikiza mapulogalamu a IP kapena mapepala ambirimbiri omwe sanatumizedwe kudzera pa ethernet kapena multicast:
tcpdump 'ether [0] & 1 = 0 ndi ip [16]> = 224'Kusindikiza mapaketi onse a ICMP omwe sali olemba mapemphero / mayankho (mwachitsanzo, osati ping mapepala):
tcpdump 'icmp [icmptype]! = icmp-echo ndi icmp [icmptype]! = icmp-echoreply'MUTU WA FUTU
Zotsatira za tcpdump ndizovomerezeka ndi protocol. Zotsatirazi zikufotokoza mwachidule ndi zitsanzo za mawonekedwe ambiri.
Mutu Wotsogolera Mzere
Ngati chitsimikizo cha '-e' chikuperekedwa, mutu wa mgwirizano wamtunduwu umasindikizidwa. Pa ethernets, magwero ndi malo omwe amapezeka amapezeka, protocol, ndi kutalika kwa paketi amasindikizidwa.
Pa mawonekedwe a FDDI, kusankha '-e' kumapangitsa kuti tcpdump kusindikize munda, 'malo oyendetsa komanso malo omwe akupita, ndi kutalika kwa paketi. (Pulogalamu ya "control control" imayang'anira kutanthauzira kwa paketi yonseyo) Mapaketi oyenera (monga omwe ali ndi IP datagrams) ndi mapepala a async, omwe ali ndi mtengo wapatali pakati pa 0 ndi 7, mwachitsanzo, ` async4 '. mapepala amalingalira kuti ali ndi paketi 802.2 Logical Link Control (LLC); mutu wa LLC umasindikizidwa ngati si ISO datagram kapena paketi yotchedwa SNAP.
Pulogalamu yamakono Yowonongeka, '-e' kusankha kumapangitsa tcpdump kusindikiza ' kulandidwa kwa' ndi 'kulamulira masankhulidwe', malo ndi malo omwe akupita, ndi packet kutalika. Monga pa magulu a FDDI, mapaketi akuganiza kuti ali ndi paketi LLC. Mosasamala kanthu kuti '-e' njirayo yatsimikiziridwa kapena ayi, chidziwitso choyendetsa gwero chimasindikizidwa kwa mapangidwe omwe amachokera.
(NB: Tsatanetsatane yotsatira ikudziwika bwino ndi kusintha kwa SLIP kukonza mu RFC-1144.)
Pa zilankhulo za SLIP, chizindikiro cha malangizo (`` Ine '' chodzaza, `` O '' chifukwa chakutuluka), mtundu wa paketi, ndi kudziwitsidwa kwazomwe zimasindikizidwa. Mtundu wa pakiti umasindikizidwa poyamba. Mitundu itatuyi ndi ip , utcp , ndi ctcp . Palibe chidziwitso choonjezera chosindikizidwa kuti ip packets. Kwa mapaketi a TCP, chizindikiro chogwirizanitsa chikusindikizidwa motsatira mtunduwo. Ngati pakitiyo yayimitsidwa, mutu wake wosindikizidwa umasindikizidwa. Milandu yapaderayi imasindikizidwa monga * S + n and * SA + n , pamene n ndi kuchuluka komwe chiwerengero cha (sequence nambala ndi ack) chasintha. Ngati sichikuchitika, zero kapena kusintha kwina kusindikizidwa. Kusintha kumasonyezedwa ndi U (phokoso lofunika), W (mawindo), A (ack), S (chiwerengero cha chiwerengero), ndipo ine (chiphaso cha ID), wotsatira ndi delta (+ n kapena -n), kapena phindu latsopano (= n). Pomalizira, kuchuluka kwa deta mu paketi ndi kupanikizidwa kumutu kumasindikizidwa.
Mwachitsanzo, mzere wotsatira ukuwonetsa paketi yowonjezera ya TCP, yomwe ili ndi chizindikiro chogwirizana; ack yasintha ndi 6, chiwerengero cha chiwerengero cha 49, ndi ID ya pakiti pa 6; Pali deta 3 ndi ma ote 6 a mutu wopanikizika:
O ctcp * A + 6 S + 49 I + 6 3 (6)ARP / RARP Ma Pakiti
Chidule / rarp output chikusonyeza mtundu wa pempho ndi zifukwa zake. Mapangidwewa apangidwa kuti akhale odzifotokozera okha. Pano pali chitsanzo chaching'ono chomwe chatengedwa kuchokera pachiyambi cha `rlogin 'kuchokera ku host rtsg kuti mukalandire csam :
Mphindi yemwe-ali ndi csam auti rtsg arp yankhani csam ndi-pa CSAMMzere woyamba umanena kuti rtsg imatumiza paket pakapepala yopempha adresse ya ethernet ya intaneti yogonjetsa csam. Csam amayankha ndi aderesi yake ya ethernet (mwachitsanzo ichi, adateteti ethernet ali mu makapu ndi ma intaneti pazochepa).
Izi zingawoneke zochepa ngati titachita tcpdump -n :
Mphindi yemwe-ali ndi 128.3.254.6 auze 128.3.254.68 arp yankho 128.3.254.6 ndi-pa 02: 07: 01: 00: 01: c4Tikadapanga tcpdump -e , kuti phukusi loyamba likulengezedwa ndipo lachiwiri ndilo mfundo-yotsimikizira:
Mauthenga a RTSG 0806 64: arp amene ali ndi csam kuuza rtsg CSAM RTSG 0806 64: arp reply csam ndi-CSAMPa pakiti yoyamba iyi imati adiresi ya chitukuko cha ethernet ndi RTSG, komweko ndi adresi yotulutsidwa ndi ethernet, munda wamtunduwu uli ndi hex 0806 (mtundu ETHER_ARP) ndipo kutalika kwake kuli 64 byte.
Ma Pakiti a TCP
(NB: Malongosoledwe otsatirawa akudziwika bwino ndi TCP protocol yomwe ikufotokozedwa mu RFC-793. Ngati simukudziwa ndi protocol, ngakhale kutanthauzira uku kapena tcpdump sikudzakuthandizani kwambiri.)
Maonekedwe onse a mndandanda wa tcp ndilo:
Src> dst: Flags data-seqno ack zowonjezera zosankha Src ndi dst ndiwo magwero ndi malo omwe amapita ku IP komanso machweti. Flags ndi kuphatikiza kwa S (SYN), F (FIN), P (PUSH) kapena R (RST) kapena '`. (palibe mabendera). Data-seqno imalongosola gawo la mndandanda wa chiwerengero chomwe chikuphatikizidwa ndi deta mu paketi iyi (onani chitsanzo pansipa). Kuthamanga ndikokutsatira chiwerengero cha deta yotsatira imene ikuyembekezeredwa njira ina yokhudzana. Foda ndi chiwerengero cha malo obweretsera malo omwe amapezekanso njira yowonjezeramo. Urg amasonyeza kuti pali 'dala' deta mu paketi. Zosankha ndizosankha za tcp zotsekedwa m'makina ang'ono (mwachitsanzo,
Src, dst ndi mabendera amapezeka nthawi zonse. Masamba ena amadalira zomwe zili mu mutu wa prototi ya tcp ya phukusi ndipo zimatulutsidwa kokha ngati zoyenera.
Pano pali gawo lotsegulira la pulogalamu yochokera ku host rtsg kuti mulandire csam .
rtsg.1023> csam.login: S 768512: 768512 (0) win 4096Mzere woyamba umanena kuti tcp doko 1023 pa rtsg imatumiza pakiti kuti pakhale pakhomo lolowera pa csam. S imasonyeza kuti mbendera ya SYN inakhazikitsidwa. Phukusi loyendetsa nambala linali 768512 ndipo linalibe deta. (Chidziwitsocho ndi 'choyamba: chotsiriza (nbytes)' chomwe chimatanthauza 'kuwerengetsa manambala koyamba koma osaphatikizapo otsiriza omwe ali nbytes omwe amagwiritsira ntchito data'.) Panalibe ack yothandizidwa ndi nkhumba, mawindo olandirako omwe analipo anali 4096 bytes ndi panali chisankho chachikulu cha gawo lalikulu chopempha mss ya 1024 bytes.
Csam amayankha ndi paketi yofanana kupatula iyo imaphatikizapo ack yothandizira nkhumba kwa SYN ya rtsg. Rtsg ndiye acks csam wa SYN. '`. amatanthauza kuti palibe mbendera. Phukusili munalibe deta kotero kuti palibe nambala yotsatira ya deta. Onani kuti chiwerengero cha ack chiwerengero ndi chiwerengero chaching'ono (1). Nthawi yoyamba tcpdump iwona tcp `kukambirana ', imasintha chiwerengero chazotsatira kuchokera pakiti. Pa mapepala otsatira a zokambirana, kusiyana pakati pa chiwerengero cha pakiti potsatira ndondomekoyi ndi nambala yoyamba yotsatirayi imasindikizidwa. Izi zikutanthawuza kuti ziwerengero pambuyo poyambirira kutanthauzira ngati malo amodzi mwachindunji mumtsinje wa zokambirana (ndi choyamba chotsatira deta iliyonse chitsogozo chiri `1 '). '-S' idzasokoneza mbali iyi, kuchititsa kuti ziwerengero zapachiyambi zowonjezera ziwonongeke.
Pa mzere wa 6, rtsg imatumiza makalata 19 (data 2 mpaka 20 mu rtsg -> csam mbali ya zokambirana). Mbendera ya PUSH imayikidwa mu packet. Pa mzere wachisanu ndi chiwiri, csam imati imalandira deta yomwe imatumizidwa ndi rtsg koma osati kuphatikizapo 21. Zambiri za detayi zikuoneka kuti zakhala pansi pazenera zowonongeka kuchokera pawindo lalandilo la csam lomwe lili ndi mayina 19 ang'onoang'ono. Csam imatumizanso deta imodzi ya deta ku rtsg mu pakitiyi. Pa mzere wa 8 ndi wa 9, csam imatumiza maulendo awiri ofulumira, kukoketsa data ku rtsg.
Ngati chithunzicho chinali chaching'ono moti tcpdump sanatenge mutu wonse wa TCP, iyo imatanthauzira mutu wambiri momwe ingathere ndiyeno imayimba `` [| tcp ] '' kusonyeza zotsalira sizikanakhoza kumasuliridwa. Ngati mutu uli ndi njira yonyenga (imodzi yokhala ndi yayitali kwambiri kapena yopitirira pamapeto pamutu), tcpdump imayimilira ngati `` [ zoipa opt ] '' ndipo sikutanthauzira zina zowonjezera (popeza n'kosatheka kunena kumene amayamba). Ngati kutalika kwa mutu kumasonyeza zosankha zilipo koma kutalika kwa IP datagram sikokwanira kuti zosankhazo zikhalepo , tcpdump amazitcha `` [ bad hdr length ] ''.
Kutenga mapaketi a TCP okhala ndi mitundu yosiyanasiyana ya mbendera (SYN-ACK, URG-ACK, etc.)
Pali mabomba 8 mu gawo loyendetsa gawo la mutu wa TCP:
CWR | ECE | URG | ACK | PSH | RST | SYN | FIN
Tiyerekeze kuti tikufuna kuyang'ana mapaketi omwe amagwiritsidwa ntchito pokonza mgwirizano wa TCP. Kumbukirani kuti TCP imagwiritsa ntchito protocol yolumikizira dzanja la 3 pamene ikuyambitsa kulumikizana kwatsopano; Mndandanda wa mgwirizano wokhudzana ndi zigawo za TCP ndizo
1) Caller akutumiza SYN
2) Wowalandira amalandira ndi SYN, ACK
3) Caller amatumiza ACK
Tsopano tikufuna kutenga mapaketi omwe ali ndi SYN okhazikika (Step 1). Onani kuti sitikufuna mapaketi kuchokera ku gawo 2 (SYN-ACK), basi SYN yoyamba yoyamba. Chomwe tikusowa ndi chithunzi cholondola cha tcpdump .
Kumbukirani maonekedwe a mutu wa TCP wopanda zosankha:
0 15 31 ----------------------------------------------- ------------------ | chitukuko cha chitsime | Gombe lakumalo | | -------------------------------------------------- --------------- | Kuwerengera nambala | -------------------------------------------------- --------------- | kuvomereza nambala | -------------------------------------------------- --------------- | HL | rsvd | C | E | U | A | P | R | S | F | kukula kwawindo | -------------------------------------------------- --------------- | TCP checksum | mwamsanga pointer | -------------------------------------------------- ---------------Mutu wa TCP kawirikawiri umagwira ma octet 20 a deta, pokhapokha ngati pali zosankha. Mzere woyamba wa graph uli ndi ma octets 0 - 3, mzere wachiwiri umasonyeza ma oiti 4 - 7 ndi zina zotero.
Kuyambira kuwerengera 0, zigawo zoyenera zogwiritsira ntchito TCP zili mu octet 13:
0 7 | 15 | 23 | 31 ---------------- | --------------- | --------------- | ---------------- | HL | rsvd | C | E | U | A | P | R | S | F | kukula kwawindo | ---------------- | --------------- | --------------- | - --------------- | | | 13th octet | | | | |Tiyeni tione bwinobwino octet no. 13:
| | | | | --------------- | C | E | U | A | P | R | S | F | | --------------- | | 7 5 3 0 |Izi ndi mabotolo oyendetsa TCP omwe timakondwera nawo. Takhala tikuwerengera mabotolo mu octet iyi kuchokera ku 0 mpaka 7, kumanzere, kotero PSH ili ndi nambala 3, pamene URG yayamba ndi nambala 5.
Kumbukirani kuti tikufuna kutenga mapaketi ndi SYN okha. Tiyeni tiwone zomwe zimachitika pa octet 13 ngati TCP datagram ikufika ndi SYN bit bitchulidwa pamutu:
C | E | U | A | P | R | S | F | | --------------- | | 0 0 0 0 0 0 0 0 | | --------------- | | 7 6 5 4 3 2 1 0 |Kuyang'ana pa gawo loyendetsa gawo tikuwona kuti nambala yokha 1 (SYN) yakhazikitsidwa.
Poganiza kuti octet nambala 13 ndi 8-bit osatumizidwa mu intaneti, mwachindunji wa octet iyi ndi
00000010
ndipo chiwerengero chake choyimira chiri
7 6 5 4 3 2 1 0 0 * 2 + 0 * 2 + 0 * 2 + 0 * 2 + 0 * 2 + 0 * 2 + 1 * 2 + 0 * 2 = 2Tatsala pang'ono kuchitapo kanthu, chifukwa tsopano tikudziwa kuti ngati SYN idaikidwa, mtengo wa octet 13 pa mutu wa TCP, pamene utanthauzira ngati 8-bit osatumizidwa mu intaneti, muyenera kukhala ndendende 2.
Ubale umenewu ukhoza kufotokozedwa monga
tcp [13] == 2
Tingagwiritse ntchito mawuwa ngati fyuluta ya tcpdump kuti tiwone mapaketi omwe SYN okha aikidwa:
tcpdump -i xl0 tcp [13] == 2
Mawu akuti "lolani octet 13 wa TCP datagram ali ndi mtengo wapatali 2", zomwe ndizo zomwe tikufuna.
Tsopano, tiyeni tiganize kuti tikufunika kulanda mapaketi a SYN, koma sitikusamala ngati ACK kapena china chilichonse cha TCP chinayikidwa panthawi yomweyo. Tiyeni tiwone zomwe zimachitika pa octet 13 pamene TCP deta ndi dongosolo la SYN-ACK lifika:
C | E | U | A | P | R | S | F | | --------------- | | 0 0 0 1 0 0 1 0 | | --------------- | | 7 6 5 4 3 2 1 0 |Tsopano bits 1 ndi 4 zili mu octet 13. Mtengo wamakina wa octet 13 ndi wofanana
00010010
lomwe limamasulira ku decimal
7 6 5 4 3 2 1 0 0 * 2 + 0 * 2 + 0 * 2 + 1 * 2 + 0 * 2 + 0 * 2 + 1 * 2 + 0 * 2 = 18Tsopano sitingagwiritse ntchito 'tcp [13] == 18' muzithunzi zosonyeza tcpdump , chifukwa izo zingasankhe okha mapaketi omwe ali ndi SYN-ACK, koma osati omwe ali ndi SYN okha. Kumbukirani kuti sitikusamala ngati ACK kapena china chilichonse chidaikidwa pokhapokha SYN yakhazikitsidwa.
Kuti tikwaniritse zolinga zathu, tifunikira kumvetsetsa ndi kufunika kwapakati pa octet 13 ndi phindu lina kuti tisunge kachilombo ka SYN. Tikudziwa kuti tikufuna kuti SYN ikhale yoyenera, motero tidzakhala ndi chidziwitso ndi kufunika kwa octet 13 ndi kuwerengera kwa SYN:
00010010 SYN-ACK 00000010 SYN NDI 00000010 (tikufuna SYN) NDI 00000010 (tikufuna SYN) -------- -------- = 00000010 = 00000010Tikuwona kuti izi ndi NTCHITO zimapereka zotsatira zomwe ziribe kanthu ngakhale kuti ACK kapena zina za TCP zidawongolera. Chiwerengero cha chiwonetsero cha mtengo ndi mtengo ndi zotsatira za ntchitoyi ndi 2 (binary 00000010), kotero tikudziwa kuti pa mapaketi ndi SYN anakhazikitsa chiyanjano chotsatirachi:
((mtengo wa octet 13) NDI (2)) == (2)
Izi zikutisonyeza ife kufotokozera fayilo ya tcpdump
tcpdump -i xl0 'tcp [13] & 2 == 2'
Dziwani kuti muyenera kugwiritsira ntchito ndemanga imodzi kapena kubwereza kumbuyo kwa mawu kuti mubisele NDI ('&') khalidwe lapadera kuchokera ku chipolopolo.
Ma Packets UDP
Fomu ya UDP ikuwonetsedwa ndi iyi pack packet:
actinide.who> broadcast.who: udp 84Izi zikutanthauza kuti phukusi lomwe pamtundu wa actinide watumizira udp datagram ku doko yomwe akuyitanira ku intaneti, pa intaneti. Phukusili munali maola 84 a deta.
Mautumiki ena a UDP amadziwika (kuchokera ku chiwongoladzanja choyambira kapena chiwongoladzanja) ndipo mauthenga apamwamba a protokiti amasindikizidwa. Makamaka, Ma request Name Domain Service (RFC-1034/1035) ndi Sun RPC amaitana (RFC-1050) ku NFS.
Mayankho a Zopempherera a UDP
(NB: Malongosoledwe otsatirawa akudziwika bwino ndi Domain Domain protocol yomwe ikufotokozedwa mu RFC-1035. Ngati simukudziwa bwino malamulowa, kufotokozera kwotsatira kudzawoneka kuti kunalembedwa m'Chigiriki.)
Zopempha za seva ya dzina zimapangidwa monga
src> dst: id op? Flags qtype qclass dzina (len) h2opolo.1538> helios.domain: 3+ A? ucvhax.berkeley.edu. (37)Wokondedwa h2opolo anapempha seva yachinsinsi pa helios kwa rekodi ya adiresi (qtype = A) yogwirizana ndi dzina ucvhax.berkeley.edu. Funso id linali `3 '. '`' Imasonyeza kuti mbendera yoyenera yowonongeka inayikidwa. Kutalika kwa query kunali 37 bytes, osati kuphatikizapo UDP ndi IP protocol headers. Ntchito yofunsira inali yachilendo, Kufunsako , kotero malo osatsegula anasiya. Ngati op itakhala chinthu china, ikanasindikizidwa pakati pa `3 'ndi` +'. Mofananamo, qclass inali yachilendo, C_IN , ndipo inasiya. Chinthu china chilichonse chikanasindikizidwa mwamsanga pambuyo pa `A '.
Zolakwika zochepa zimayang'aniridwa ndipo zingayambitse minda yowonjezera yomwe ili mkati mwa mabakiteriya angapo: Ngati funso liri ndi yankho, mauthenga apamwamba kapena zigawo zina zolembera, anccount , nscount , kapena ochuluka amasindikizidwa monga `[ n a] ',` n `[ n n ] 'kapena `[ n ]] pamene n nambala yoyenera. Ngati bits limodzi limayankhidwa (AA, RA kapena rcode) kapena chilichonse cha 'ziyenera kukhala zero' zimayikidwa ndi byte awiri ndi atatu, '[b2 & 3 = x ]' amasindikizidwa, pamene x ndi mtengo wa hex mutu wa bytes awiri ndi atatu.
Dzina la UDP Pakompyuta
Mayankho a seva la dzina apangidwa ngati
src> dst: id op rcode flags a / n / kapena mtundu wa deta (len) helios.domain> h2opolo.1538: 3 3/3/7 A 128.32.137.3 (273) helios.domain> h2opolo.1537: 2 NXDomain * 0/1/0 (97)Mu chitsanzo choyamba, helios imayankha kufunso id 3 kuchokera ku h2opolo ndi marekodi atatu a yankho, ma rekodi 3 a seva ndi zolemba zina zina. Nkhani yoyamba yankho ndi mtundu A (aderi) ndipo deta yake ndi adiresi ya intaneti 128.32.137.3. Kukula kwathunthu kwayankhidwe kunali 273 bytes, kuphatikizapo UDP ndi aperesi a IP. Kutsatsa (Query) ndi code reply (NoError) zinasiyidwa, monga momwe analembera (C_IN) ya mbiri ya A.
M'chiwiri chachiwiri, helios imayankha funso 2 ndi ndondomeko yoyankhira ya malo osakhalapo (NXDomain) popanda yankho, seva limodzi ndi palibe mauthenga apamwamba. '`' Ikusonyeza kuti yankho lovomerezeka linayikidwa. Popeza panalibe mayankho, palibe mtundu, kalasi kapena deta losindikizidwa.
Zithunzi zina za mbendera zomwe zingawonekere ndi `- '(kubwezeretsa kulipo, RA, osati ) ndi` |' (uthenga wapadera, TC, yakhazikika). Ngati gawo la 'funso' liribe cholowa chimodzi, '[nq]' yasindikizidwa.
Dziwani kuti pempho la seva la mayina ndi mayankho amakhala aakulu ndipo zosinthika zosasinthika pa 68 ndi bytes sangathe kutenga mapupala okwanira kuti asindikize. Gwiritsani ntchito -bendera kuti muwonjezere chingwe ngati mukufunika kufufuza mosamala dzina la seva lachinsinsi. ` -samba 128 'zandichitira bwino ine.
SMB / CIFS kulemba
tcpdump tsopano ikuphatikizapo kufotokoza kwakukulu kwa SMB / CIFS / NBT kulengeza kwa data pa UDP / 137, UDP / 138 ndi TCP / 139. Zina mwazinthu zakale za IPX ndi NetBEUI SMB deta zikuchitanso.
Mwachidziwitso ndondomeko yochepa yachitidwa, ndizofotokozedwa bwino kwambiri ngati -kugwiritsidwa ntchito. Achenjezedwe kuti pokhapokha -pakati SMB imodzi yokha ingatenge tsamba kapena zambiri, choncho gwiritsani ntchito-ngati mukufunadi zonse zowonjezera.
Ngati mukulemba ma SMB magawo okhala ndi zingwe za unicode ndiye mutha kuyika chilengedwe chosasinthika USE_UNICODE kuti 1. Chigamba chodziwiratu chingwe cha unicode chingakhale cholandiridwa.
Kuti mudziwe zambiri pa mawonekedwe a pakiti la SMB ndi zomwe masamba onse akunena muwone www.cifs.org kapena bukhu la pub / samba / specs / tsamba pa tsamba lanu lokonda masewera la samba.org. Zolemba za SMB zinalembedwa ndi Andrew Tridgell (tridge@samba.org).
Zopempha za NFS ndi Replies
Dzuwa la NFS (Network File System) zopempha ndi mayankho zimasindikizidwa monga:
src.xid> dst.nfs: len op args src.nfs> dst.xid: reply stat len zotsatira zotsatira sushi.6709> wrl.nfs: 112 readlink fh 21,24 / 10.73165 wrl.nfs> sushi.6709: yankhani ok 40 readlink "../var" sushi.201b> wrl.nfs: 144 lookup fh 9,74 / 4096.6878 "xcolors" wrl.nfs> sushi.201b: yankhani ok 128 lookup fh 9,74 / 4134.3150Mu mzere woyamba, sushi yamuitanitsa kugulitsa ndi id 6709 kuti ikani (onani kuti chiwerengero chotsatira src host ndi id transaction, osati chitukuko chochokera). Pempholi linali maofesi 112, kuphatikizapo UDP ndi apamutu a IP. Opaleshoniyi inali yowerengedwa ( yowunikira kugwirizana) pa fayilo ya fayilo ( fh ) 21,24 / 10.731657119. (Ngati wina ali ndi mwayi, monga momwe zilirimu, chojambula chojambula chikhoza kutanthauzidwa ngati galasi lalikulu, laling'ono lamakono, lotsatiridwa ndi chiwerengero cha inode ndi chiwerengero cha chibadwidwe.) Wrl amayankha `ok 'ndi zomwe zili mu mgwirizano.
Mu mzere wachitatu, sushi akufunsa wrl kuti afotokoze dzina ` xcolors 'mu file file 9,74 / 4096.6878. Onani kuti deta yosindikizidwa imadalira mtundu wa opaleshoni. Mapangidwewa apangidwa kukhala odzifotokozera okha ngati awerengedwa mogwirizana ndi NFS protocol spec.
Ngati mbendera ya -v (verbose) imaperekedwa, zowonjezereka zimasindikizidwa. Mwachitsanzo:
sushi.1372a> wrl.nfs: 148 read fh 21,11 / 12.195 8192 bytes @ 24576 wrl.nfs> sushi.1372a: reply ok 1472 read REG 100664 ids 417/0 sz 29388(-ndipangitsanso mapepala apamutu a TTL, ID, kutalika, ndi kugawanitsa, zomwe zasiyidwa pa chitsanzo ichi.) Mu mzere woyamba, sushi akufunsa kuti awerenge 8192 byte kuchokera pa fayilo 21,11 / 12.195, payekha 24576. Wrl amayankha `ok '; paketi yomwe ikuwonetsedwa pa mzere wachiwiri ndi chidutswa choyamba cha yankho, ndipo kotero ndi 1472 bytes nthawi yaitali (zina zothamanga zidzatsatizana mu zidutswa zotsatizana, koma zidutswa izi ziribe NFS kapena UDP zolemba ndipo kotero sizingasindikizidwe, malingana ndi momwe mafayilo amagwiritsiridwa ntchito). Chifukwa fayilo -v imaperekedwa, zina mwa mafayilo (zomwe zimabweretsedwa kuphatikizapo deta) zimasindikizidwa: mtundu wa fayilo (`` REG '', kawirikawiri fayilo), fayilo yojambula (mu octal), chiwindi ndi gid, ndi kukula kwa fayilo.
Ngati mbendera idzaperekedwa kangapo, mfundo zambiri zimasindikizidwa.
Dziwani kuti zopempha za NFS ndizokulu kwambiri ndipo zambiri mwazomwezi sizidzasindikizidwa kupatula ngati snaplen ikuwonjezeka. Yesani kugwiritsa ntchito ` -s 192 'kuti muwone zamtundu wa NFS.
NFS yankho la mapepala silimatchula bwinobwino ntchito ya RPC. M'malo mwake, tcpdump imayang'anitsitsa zopempha za `` posachedwa ', ndipo zimayenderana nazo ku mayankho pogwiritsa ntchito chiphaso chogulitsa. Ngati yankho silikutsatira mwatsatanetsatane pempho loyenera, izo sizingatheke.
AFS Amafunsa ndi Mayankho
Transarc AFS (Andrew File System) zopempha ndi mayankho zimasindikizidwa monga:
src.sport> dst.dport: rx packet-type src.sport> dst.dport: pulogalamu ya pulogalamu ya rx paket call-name args src.sport> dst.dport: mtundu wa pulogalamu ya pulogalamu ya reply answer-name args elvis. 7001> pike.afsfs: rx data fs kutchula dzina lachikale wakale 536876964/1/1 ".newsrc.new" new fid 536876964/1/1 ".newsrc" pike.afsfs> elvis.7001: rx data fs reply renameMzere woyamba, wolandira elvis akutumiza pakiti ya RX kuti ayende. Iyi inali RX data packet ku fs (fileserver) service, ndipo ndi kuyamba kwa kuyitana kwa RPC. Mayitanidwe a RPC anali otchuka, ndi fayilo yakale ya fayilo ya 536876964/1/1 ndi dzina lakale la "` .newsrc.new ', ndi chidziwitso chatsopano cha fayilo cha 536876964/1/1 ndi dzina latsopano la "`. newsrc '. Wopanga pike akuyankha ndi RPC yankho ku mayitanidwe odziwika (omwe anali opambana, chifukwa anali phukusi la deta osati phukusi loponyera).
Kawirikawiri, onse a AFS RPC amalembedwa ndi dzina la RPC. Ambiri a AFS RPC ali ndi zina mwazifukwa zosamveka (mwachidziwikire zokhazokha 'zokondweretsa', kutanthauzira kwina kosangalatsa).
Maonekedwewa akufunira kuti adzifotokoze, koma sangakhale othandiza kwa anthu omwe sadziwa bwino ntchito za AFS ndi RX.
Ngati mbendera ya -v (verbose) imapatsidwa kawiri, kuvomereza mapaketi ndi zina zowonjezera mutu zimasindikizidwa, monga RX foni ya ID, nambala ya foni, nambala yotsatira, nambala ya serial, ndi mafologalamu a pakiti a RX.
Ngati bomba -v limapatsidwa kawiri, zidziwitso zowonjezereka zimasindikizidwa, monga RX foni ya ID, nambala ya serie, ndi mafologalamu a RX paket. Mauthenga a MTU kukambirana amasindikizidwanso kuchokera pa pack RX ack.
Ngati bendera -p lipatsidwa katatu, ndondomeko ya chitetezo ndi id idasindikizidwa.
Zosokoneza zizindikiro zimasindikizidwa polemba mapaketi, kupatulapo ma pack pakiti a Ubik (chifukwa zolemba mapepala zimagwiritsidwa ntchito kusonyeza voti yovomerezeka ku proxy Ubik).
Dziwani kuti zopempha za AFS ndi zazikulu kwambiri ndipo zifukwa zambiri sizidzasindikizidwa kupatula ngati snaplen ikuwonjezeka. Yesani kugwiritsa ntchito ` -s 256 'kuti muwone zamtundu wa AFS.
AFS amayankha mapaketi safotokoza momveka bwino ntchito ya RPC. M'malo mwake, tcpdump imayang'anitsitsa zopempha za `` posachedwa ', ndipo zimayenderana nazo ku mayankho pogwiritsa ntchito nambala yothandizira ndi ID yothandizira. Ngati yankho silikutsatira mwatsatanetsatane pempho loyenera, izo sizingatheke.
KIP Appletalk (DDP mu UDP)
Ma packets a DP applet encapsulated mu UDP datagrams amalowetsedwera ndi kutayidwa ngati mapaketi a DDP (mwachitsanzo, nkhani zonse za UDP zimatayidwa). Fayilo /etc/atalk.names imagwiritsidwa ntchito kumasulira appletalk net ndi nambala ya node kuti mayina. Mipata mu fayilo ili ndi mawonekedwe
Dzina la nambala 1.254 ether 16.1 icsd-net 1.254.110 aceMizere iwiri yoyamba imapatsa mayina a ma webusaiti a appletalk. Mzere wachitatu umapatsa dzina la munthu wothandizira (wothandizira amasiyanitsa ndi khoka ndi ototi 3 mwa nambala - nambala yaukonde iyenera kukhala ndi ma octets awiri ndi nambala yowonjezera ayenera kukhala ndi ma byte atatu.) Chiwerengero ndi dzina liyenera kupatulidwa ndi whitespace (zofanana kapena tabu). Fayilo /etc/atalk.names ikhoza kukhala ndi mizere yopanda kanthu kapena mizere ya ndemanga (mizere yoyamba ndi `# ').
Maadiresi a Appletalk amasindikizidwa mu mawonekedwe:
net.host.port 144.1.209.2> icsd-net.112.220 ofesi 2> icsd-net.112.220 jssmag.149.235> icsd-net.2(Ngati /etc/atalk.names palibe kapena mulibe cholembera cha appletalk host / net net, maadiresi amasindikizidwa mu mawonekedwe apamwamba.) Mu chitsanzo choyamba, NBP (DDP port 2) pa net 144.1 node 209 imatumiza ku chirichonse chomwe chiri kumvetsera pa doko 220 ya ukonde icsd node 112. Mzere wachiwiri ndi chimodzimodzi kupatula dzina lonse la node ya chitsimikizo amadziwika (`office '). Mzere wachitatu ndi kutumizidwa kuchokera pa doko 235 pa nambala ya jssmag node 149 yofalitsidwa pa doko la NSS-net NBP doko (cholemba kuti adesiyo (255) ikuwonetsedwa ndi dzina lachonde popanda nambala yolandira - chifukwa chake ndi lingaliro labwino kusunga maina a node ndi mayina achindunji mu /etc/atalk.names).
NBP (dzina lomanga protocol) ndi ATP (Appletalk transaction protocol) mapaketi ali ndi zomwe zili mkati mwake. Malamulo ena amataya dzina la protocol (kapena chiwerengero ngati palibe dzina lolembedwera pa protocol) ndi kukula kwa paketi.
Mapaketi a NBP apangidwa ngati zitsanzo zotsatirazi:
icsd-net.112.220> jssmag.2: nbp -kupkup 190: "=: LaserWriter @ *" jssmag.209.2> icsd-net.112.220: nbp-reply 190: "RM1140: LaserWriter @ *" 250 techpit.2> icsd -net.112.220: nbp-reply 190: "techpit: LaserWriter @ *" 186Mzere woyamba ndi pempho lakutsegulira dzina la omvera laser otumizidwa ndi ukonde wa icsd host 112 ndi kufalitsa pa net jssmag. Chizindikiro cha nbp cha lookup ndi 190. Mzere wachiwiri umasonyeza yankho la pempholi (lolemba kuti liri ndi id yemweyo) kuchokera kwa obwera jssmag.209 akunena kuti liri ndi chitsimikizo chotchedwa "RM1140" cholembetsedwa pa doko 250. Chachitatu mzere ndi yankho lina la pempho lomwelo loti techpit host imakhala ndi laserwriter "techpit" yolembedwera pa doko 186.
Mapangidwe a phukusi la ATP akuwonetsedwa ndi chitsanzo chotsatira:
jssmag.209.165> helios.132: atp-req 12266 <0-7> 0xae030001 helios.132> jssmag.209.165: atp-resp 12266: 0 (512) 0xae040000 helios.132> jssmag.209.165: atp-resp 12266: 1 (512) 0xae040000 helios.132> jssmag.209.165: atp-resp 12266: 2 (512) 0xae040000 helios.132> jssmag.209.165: atp-resp 12266: 3 (512) 0xae040000 helios.132> jssmag.209.165: atp- 12266: 4 (512) 0xae040000 helios.132> jssmag.209.165: atp-resp 12266: 5 (512) 0xae040000 helios.132> jssmag.209.165: atp-resp 12266: 6 (512) 0xae040000 helios.132> jssmag. 209.165: atp-resp * 12266: 7 (512) 0xae040000 jssmag.209.165> helios.132: pa-req 12266 <3,5> 0xae030001 helios.132> jssmag.209.165: atp-resp 12266: 3 (512) 0xae040000 helios .132> jssmag.209.165: atp-resp 12266: 5 (512) 0xae040000 jssmag.209.165> helios.132: atp-rel 12266 <0-7> 0xae030001 jssmag.209.133> helios.132: atp-req * 12267 <0 -7> 0xae030002Jssmag.209 amayamba id idandanda 12266 ndi ma helios okhala nawo popempha mapaketi mpaka 8 (`<0-7> '). Nambala ya hex kumapeto kwa mzere ndi phindu la munda `userdata 'mu pempho.
Helios akuyankha ndi mapepala 8 512-byte. '`Chiwerengero' chotsatira chidziwitso chogulitsa chimapereka chiwerengero cha phukusi chotsatira pachithunzicho ndipo chiwerengero cha parens ndi kuchuluka kwa deta mu paketi, kupatulapo mutu wa atp. '`' Pa paketi 7 ikuwonetsa kuti chidutswa cha EOM chinakhazikitsidwa.
Jssmag.209 ndiye amapempha kuti mapaketi 3 & 5 abwezeretsedwe. Helios amawayamikila ndiye jssmag.209 imatulutsa msonkho. Potsiriza, jssmag.209 ayambitsa pempho lotsatira. `` 'Pa pempholi likuwonetsa kuti XO (`chimodzimodzi kamodzi') siinayidwe.
Kusweka kwa IP
Zithunzi zolekanitsa za intaneti zimasindikizidwa monga
( id frag : kukula @ offset +) ( id frag : kukula @ offset )(Fomu yoyamba imasonyeza kuti pali zidutswa zambiri. Chachiwiri chimasonyeza ichi ndicho chidutswa chomaliza.)
Id ndi id idutswa. Kukula ndi kukula kwa fragment (mwa bytes) kupatulapo IP mutu. Kuperekera ndi chidutswa cha fragment (mwa bytes) mu chiyambi chojambula.
Chidutswachi chidziwitso chimachokera ku chidutswa chilichonse. Chidutswa choyamba chimakhala ndi mutu wapamwamba wamtundu wa protocol ndipo info frag imasindikizidwa pambuyo info protocol. Mipukutu itatha yoyamba ilibe mutu wapamwamba wa protokiti ndipo info frag imasindikizidwa pambuyo gwero ndi malo akupita. Mwachitsanzo, apa pali gawo la ftp kuchokera ku arizona.edu kupita ku lbl-rtsg.arpa pa mgwirizano wa CSNET umene suwoneka kuti ukugwira nawo ma data 576 byte:
arizona.ftp-data> rtsg.1170:. 1024: 1332 (308) ack 1 kupambana 4096 (frag 595a: 328 @ 0 +) arizona> rtsg: (frag 595a: 204 @ 328) rtsg.1170> arizona.ftp-data:. ack 1536 kupambana 2560Pali zinthu zingapo zomwe mungazizindikire apa: Choyamba, maadiresi mu mzere wachiwiri samaphatikizapo manambala a phukusi. Ichi ndi chifukwa chakuti chidziwitso cha TCP chotsatira chiri m'dutswa loyambirira ndipo sitidziwa zomwe zidole kapena ziwerengerozi zilipo pamene tinyindikiza zidutswa zakutali. Chachiwiri, chidule cha tcp zomwe zili mu mzere woyamba chimasindikizidwa ngati kuti pali 308 bytes of data pamene, paliponse pali 512 bytes (308 mu frag yoyamba ndi 204 m'chiwiri). Ngati mukuyang'ana mabowo mumalowero kapena kuyesa kufanana ndi acks ndi mapaketi, izi zingakupusitseni.
Phukusi lopangidwa ndi IP sizimagawaniza mbendera likudziwika ndi trailing (DF) .
Timastamps
Mwachindunji, mizere yonse yotulutsidwa imatsogoleredwa ndi timestampu. Timestamp ndi nthawi yamakono yomwe ili mu mawonekedwe
hh: mm: ss.fracndipo ndi yolondola monga koloko ya kernel. Timestamp ikuwonetsera nthawi yomwe kernel inayamba kuona pepalalo. Palibe kuyesayesa komwe kumapangidwira chifukwa cha kugwa kwa nthawi pakati pa mawonekedwe a ethernet atachotsa paketiyo kuchokera pa waya ndipo pamene kernel ikuthandizira 'phukusi latsopano' likudodometsa.
ONANI ZINA
traffic (1C), nit (4P), bpf (4), pcap (3)
Chofunika: Gwiritsani ntchito lamulo la munthu ( % munthu ) kuti muwone momwe lamulo likugwiritsira ntchito pa kompyuta yanu.