Linux Certif

Toute la documentation sur la certification Linux LPI

tcpdump

̾Á°

tcpdump - ¥Í¥Ã¥È¥ï¡¼¥¯¤Î¥È¥é¥Õ¥£¥Ã¥¯¤ò¥À¥ó¥×¤¹¤ë

½ñ¼°

tcpdump [ -adeflnNOpqRStvxX ] [ -c count ] [ -F file ]

         [ -i interface ] [ -m module ] [ -r file ]

         [ -s snaplen ] [ -T type ] [ -w file ]

         [ expression ]

ÀâÌÀ

tcpdump ¤Ï¿¿µ¶ÃͤΠ¾ò·ï¼° ¤Ë°ìÃפ¹¤ë¥Í¥Ã¥È¥ï¡¼¥¯¥¤¥ó¥¿¡¼¥Õ¥§¥¤¥¹¾å¤Î¥Ñ¥±¥Ã¥È¤Î¥Ø¥Ã¥À¤òɽ¼¨¤¹¤ë¡£

nit ¤« bpf ¤òÍѤ¤¤ë SunOS¤Î¾ì¹ç: tcpdump ¤òÆ°ºî¤µ¤»¤ë¤¿¤á¤Ë¤Ï /dev/nit ¤« /dev/bpf* ¤ËÆɤ߹þ¤ß¸¢¸Â¤ò»ý¤Ã¤Æ¤¤¤ëɬÍפ¬¤¢¤ë¡£ dlpi ¤òÍøÍѤ¹¤ë Solaris ¤Î¾ì¹ç: ²¾Áۥͥåȥ¥¯¥Ç¥Ð¥¤¥¹¡¢¤¿¤È¤¨¤Ð /dev/le ¤È¤¤¤Ã¤¿¤â¤Î¤ËÆɤ߹þ¤ß¸¢¸Â¤ò»ý¤Ã¤Æ¤¤¤ëɬÍפ¬¤¢¤ë¡£ dlpi ¤òÍøÍѤ¹¤ë HP-UX ¤Î¾ì¹ç: ¼Â¹Ô¼Ô¤¬ root ¤Ç¤¢¤ë¤«¡¢¤Þ¤¿¤Ï root ¤Ë setuid ¤·¤Æ¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤ëɬÍפ¬¤¢¤ë¡£ snoop ¤òÍѤ¤¤ë IRIX ¤Î¾ì¹ç: ¼Â¹Ô¼Ô¤¬ root ¤Ç¤¢¤ë¤«¡¢¤Þ¤¿¤Ï root ¤Ë setuid ¤·¤Æ¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤ëɬÍפ¬¤¢¤ë¡£ Linux ¤Î¾ì¹ç: ¼Â¹Ô¼Ô¤¬ root ¤Ç¤¢¤ë¤«¡¢¤Þ¤¿¤Ï root ¤Ë setuid ¤·¤Æ¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤ëɬÍפ¬¤¢¤ë¡£ Ultrix ¤ª¤è¤Ó Digital UNIX ¤Î¾ì¹ç: ¤Þ¤º¡¢¥¹¡¼¥Ñ¡¼¥æ¡¼¥¶¤¬ pfconfig(8) ¤òÍѤ¤¤Æ̵º¹ÊÌÆ©²á¥â¡¼¥É(promicuous-mode)¤òÍ­¸ú¤Ë¤¹¤ëɬÍפ¬¤¢¤ë¡£ ¤½¤Î¸å¤Ï°ìÈ̥桼¥¶¤¬ tcpdump ¤ò¼Â¹Ô²Äǽ¤Ç¤¢¤ë¡£ BSD ¤Î¾ì¹ç: /dev/bpf* ¤ËÂФ¹¤ëÆɤ߹þ¤ß¸¢¸Â¤¬É¬Íס£

¥ª¥×¥·¥ç¥ó

-a

¥Í¥Ã¥È¥ï¡¼¥¯¤È¥Ö¥í¡¼¥É¥­¥ã¥¹¥È¥¢¥É¥ì¥¹¤ò DNS ̾¤ËÊÑ´¹¤¹¤ë¡£

-c

count ¸Ä¤Î¥Ñ¥±¥Ã¥È¤ò¼õ¿®¤·¤¿¤Î¤Á¤Ë½ªÎ»¤¹¤ë¡£

-d

¥³¥ó¥Ñ¥¤¥ë¤µ¤ì¤¿¥Ñ¥±¥Ã¥È¥Þ¥Ã¥Á¥ó¥°¥³¡¼¥É¤ò¿Í´Ö¤¬Æɤá¤ë·Á¼°¤Çɸ½à½ÐÎϤ˥À¥ó¥×¤·¡¢½ªÎ»¤¹¤ë¡£

-dd

¥Ñ¥±¥Ã¥È¥Þ¥Ã¥Á¥ó¥°¥³¡¼¥É¤ò C ¸À¸ì¤Î°ìÉô¤È¤·¤ÆÍøÍѲÄǽ¤Ê¤«¤¿¤Á¤Ç¥À¥ó¥×¤¹¤ë¡£

-ddd

¥Ñ¥±¥Ã¥È¥Þ¥Ã¥Á¥ó¥°¥³¡¼¥É¤ò ½½¿Ê¿ô¤Ç¥À¥ó¥×¤¹¤ë(count ¤¬Àè¹Ô¤¹¤ë)¡£

-e

³Æ¥À¥ó¥×¹Ô¤Ë¥ê¥ó¥¯¥ì¥Ù¥ë¥Ø¥Ã¥À¤òɽ¼¨¤¹¤ë¡£

-f

¡Ö³°Éô¤Î¡×¥¤¥ó¥¿¡¼¥Í¥Ã¥È¥¢¥É¥ì¥¹¤ò¥·¥ó¥Ü¥ë¤Ç¤Ï¤Ê¤¯¤Æ¿ôÃͤÇɽ¼¨¤¹¤ë (¤³¤Î¥ª¥×¥·¥ç¥ó¤ÏÇϼ¯¤Ê Sun ¤Î yp ¥µ¡¼¥Ó¥¹¤ò±ª²ó¤¹¤ë¤³¤È¤ò°Õ¿Þ¤·¤Æ¤¤¤ë --- Sun ¤Î yp ¥µ¡¼¥Ó¥¹¤Ï¥í¡¼¥«¥ë¤Ç¤Ï¤Ê¤¤¥¤¥ó¥¿¡¼¥Í¥Ã¥È¥¢¥É¥ì¥¹¤òÊÑ´¹¤·¤è¤¦¤È¤¹¤ë¤È ±Êµ×¤ËÆ°ºî¤¬Ää»ß¤·¤Æ¤·¤Þ¤¦¥Ð¥°¤¬¤¢¤ë)¡£

-F

¥Õ¥£¥ë¥¿¡¼¾ò·ï¼°¤Î»Ø¼¨ÆþÎϤȤ·¤Æ file ¤òÍѤ¤¤ë¡£ ¤³¤Î¸å¤í¤Ë¥³¥Þ¥ó¥É¥é¥¤¥ó¤Ç¾ò·ï¼°¤Ë¤è¤ë»Ø¼¨¤¬Í¿¤¨¤é¤ì¤Æ¤â̵»ë¤¹¤ë¡£

-i

interface ¤ò´Æ»ë¤¹¤ë¡£ »Ø¼¨¤Î¤Ê¤¤¾ì¹ç¤Ï tcpdump ¤Ï¥·¥¹¥Æ¥à¤Î¥¤¥ó¥¿¡¼¥Õ¥§¥¤¥¹¤Î¥ê¥¹¥È¤«¤é ºÇ¤â¾®¤µ¤¤ÈÖ¹æ¤ÇÍ­¸ú¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤â¤Î(⤷¥ë¡¼¥×¥Ð¥Ã¥¯¤Ï½ü¤¯)¤òõ¤·½Ð¤¹¡£ »Ø¼¨¤µ¤ì¤¿¥¤¥ó¥¿¡¼¥Õ¥§¥¤¥¹¤¬Â¸ºß¤·¤Ê¤¤¾ì¹ç¤Ï¤â¤Ã¤È¤â¶á¤¤¤â¤Î¤¬ÁªÂò¤µ¤ì¤ë¡£

-l

ɸ½à½ÐÎϤò¥Ð¥Ã¥Õ¥¡¥ê¥ó¥°¤¹¤ë¡£¥Ç¡¼¥¿¤òÃßÀѤ·¤Ê¤¬¤é´Æ»ë¤¹¤ë¾ì¹ç¤ËÍ­¸ú¤Ç ¤¢¤ë¡£»ÈÍÑÎã:
``tcpdump  -l  |  tee dat'' or ``tcpdump  -l   > dat  &  tail  -f  dat''.

-n

¥¢¥É¥ì¥¹(¥Û¥¹¥È¥¢¥É¥ì¥¹¡¢¥Ý¡¼¥ÈÈÖ¹æ¤Ê¤É)¤ò̾Á°¤ËÊÑ´¹¤·¤Ê¤¤¡£

-N

¥Û¥¹¥È¤Î¥É¥á¥¤¥ó̾¤òɽ¼¨¤·¤Ê¤¤¡£ ¤Ä¤Þ¤ê¤³¤ì¤ò»ÈÍѤ·¤¿¾ì¹ç tcpdump ¤Ï``nic.ddn.mil'' ¤Èɽ¼¨¤¹¤ë¤«¤ï¤ê¤Ë ``nic'' ¤Èɽ¼¨¤¹¤ë¡£

-m

SMI MIB ¥â¥¸¥å¡¼¥ë¤ò¥Õ¥¡¥¤¥ë module ¤«¤éÆɤ߹þ¤à¡£ Ê£¿ô¤Î MIB ¥â¥¸¥å¡¼¥ë¤òÆɤ߹þ¤àÌÜŪ¤Ç¡¢ ¤³¤Î¥ª¥×¥·¥ç¥ó¤òÊ£¿ô²ó»ÈÍѤ¹¤ë¤³¤È¤â½ÐÍè¤ë¡£

-O

¥Ñ¥±¥Ã¥È¥Þ¥Ã¥Á¥ó¥°¥³¡¼¥É¥ª¥×¥Æ¥£¥Þ¥¤¥¶¤òÄä»ß¤¹¤ë¡£ ¤³¤ì¤Ï¥ª¥×¥Æ¥£¥Þ¥¤¥¶¤Î¥Ð¥°¤òµ¿¤Ã¤Æ¤¤¤ë¾ì¹ç¤Ë¤Î¤ßÍ­±×¤Ç¤¢¤ë¡£

-p

̵º¹ÊÌÆ©²á¥â¡¼¥É¤ò ÍøÍѤ·¤Ê¤¤¡£¤·¤«¤·¤Ê¤¬¤é¡¢Â¾¤ÎÍýͳ¤Ç¥¤¥ó¥¿¡¼ ¥Õ¥§¥¤¥¹¤¬Ìµº¹ÊÌÆ©²á¥â¡¼¥É¤Ë¤Ê¤Ã¤Æ¤·¤Þ¤¦¤³¤È¤â¤¢¤ë¤³¤È¤ËÃí°Õ¤¹¤ë¤³¤È¡£ ¤³¤Î¤¿¤á `-p' ¥ª¥×¥·¥ç¥ó¤Ï `ether host {loca-lw-addr} or ether broadcast' ¤Î¾Êά·Á¤È¤·¤Æ¤Ï»ÈÍѤǤ­¤Ê¤¤¡£

-q

¤¹¤Ð¤ä¤¤(¤È¤¤¤¦¤«ÀŤ«¤Ê)½ÐÎÏ¡£¸ÂÄꤵ¤ì¤¿¥×¥í¥È¥³¥ë¤Î¾ðÊó¤·¤«½ÐÎϤ·¤Ê¤¤¤Î¤Ç¡¢½ÐÎϹԤÏû¤¤¤â¤Î¤È¤Ê¤ë¡£

-r

¥Ñ¥±¥Ã¥È¤ò(-w ¥ª¥×¥·¥ç¥ó¤ÇºîÀ®¤·¤¿)file¤«¤éÆɤ߹þ¤à¡£ file¤È¤·¤Æ ``-'' ¤ò»ØÄꤷ¤¿¾ì¹ç¤Ë¤Ïɸ½àÆþÎϤ¬ÍøÍѤµ¤ì¤ë¡£

-s

¥Ç¥Õ¥©¥ë¥È¤Î 68 ¥Ð¥¤¥È(SunOS ¤Î NIT ¤Ç¤ÏºÇ¾®¤Ï¼ÂºÝ¤Ë¤Ï 96 ¥Ð¥¤¥È)¤ËÂå¤ï¤Ã¤Æ snaplen ¥Ð¥¤¥È¤ò¤ª¤Î¤ª¤Î¤Î¥Ñ¥±¥Ã¥È¤«¤é¼è¤ê½Ð¤·ÍøÍѤ¹¤ë¡£ IP, ICMP, TCP, UDP ¤Ë¤Ä¤¤¤Æ¤Ï 68 ¥Ð¥¤¥È¤¢¤ì¤Ð½½Ê¬¤À¤¬¡¢¥Í¡¼¥à¥µ¡¼¥Ð¤ä NFS ¤Î¾ðÊó¤Ë¤Ï­¤ê¤Ê¤¤¤«¤â¤·¤ì¤Ê¤¤(¸å½Ò)¡£

snapshot À©¸Â¤Î¤¿¤á¤Ë¸å¤í¤¬ÀÚ¤ê¼Î¤Æ¤é¤ì¤¿¥Ñ¥±¥Ã¥È¤Ï½ÐÎÏ»þ¤Ë``[|proto]'' ¤Î·Á¼°¤Ç¼¨¤µ¤ì¤ë¡£ ¤³¤³¤Ç proto ¤ÏÀÚ¤ê¼Î¤Æ¤ÎÀ¸¤¸¤¿¥ì¥Ù¥ë¤ËÂбþ¤¹¤ë¥×¥í¥È¥³¥ë¤Î̾Á°¤Ç¤¢¤ë¡£ Â礭¤Ê snapshot ¤ò¼è¤í¤¦¤È¤¹¤ë¤È¥Ñ¥±¥Ã¥È¤ò½èÍý¤¹¤ë»þ´Ö¤ÏÁý²Ã¤·¡¢¤Þ¤¿¤³¤Á¤é¤Î¤Û¤¦¤¬½ÅÍפÀ¤¬¡¢¥Ð¥Ã¥Õ¥¡¤Ëί¤á¤ë¤³¤È¤¬¤Ç¤­¤ëÎ̤¬¸º¾¯¤·¤Æ¤·¤Þ¤¦ÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£ ¤¹¤Ê¤ï¤Á¥Ñ¥±¥Ã¥È¤¬¼º¤Ê¤ï¤ì¤ë²ÄǽÀ­¤â¤¢¤ë¡£¥×¥í¥È¥³¥ë¤Î¾ðÊó¤¬ÆÀ¤é¤ì¤ëɬÍ׺Ǿ®¸Â¤Î snaplen ¤È¤¹¤ë¤³¤È¡£

-T

"expression"(¾ò·ï¼°) ¤ÇÁªÂò¤µ¤ì¤¿¥Ñ¥±¥Ã¥È¤Ë»Ø¼¨¤µ¤ì¤¿ type ¤Ç¤ÎËÝÌõ¤ò»Ø¼¨¤¹¤ë¡£¸½ºßÍ­¸ú¤Ê type ¤Ï rpc (Remote Procedure Call)¡¢ rtp (Real-Time Applications protocol)¡¢ rtcp (Real-Time Applications control protocol)¡¢ snmp (Simple Network Management Protocol), vat (Visual Audio Tool)¡¢ wb (distributed White Board)¡£

-R

ESP/AH ¥Ñ¥±¥Ã¥È¤¬¸Å¤¤ÄêµÁ(RFC1825 ¡Á RFC1829)¤Ë½¾¤Ã¤Æ¤¤¤ë¤È²¾Äꤹ¤ë¡£ ¤³¤Î¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤ë¤È¡¢tcpdump ¤Ï relplay prevention ¥Õ¥£¡¼¥ë¥É¤òɽ¼¨¤·¤Ê¤¤¡£ ESP/AH ¤ÎÄêµÁ¤Ë¤Ï¥×¥í¥È¥³¥ë¥Ð¡¼¥¸¥ç¥ó¥Õ¥£¡¼¥ë¥É¤¬¤Ê¤¤¤Î¤Ç¡¢ tcpdump ¤Ï ESP/AH ¥×¥í¥È¥³¥ë¤Î¥Ð¡¼¥¸¥ç¥ó¤ò¿äÏÀ¤¹¤ë¤³¤È¤¬½ÐÍè¤Ê¤¤¡£

-S

TCP ¥·¡¼¥±¥ó¥¹ÈÖ¹æ¤òÁêÂÐÃͤǤϤʤ¯¤ÆÀäÂÐÃͤÇɽ¼¨¤¹¤ë¡£

-t

¥À¥ó¥×¹Ô¤Ë»þ´Ö¾ðÊó¤òɽ¼¨¤·¤Ê¤¤¡£

-tt

¥À¥ó¥×¹Ô¤Ëɽ¼¨¤¹¤ë»þ´Ö¾ðÊó¤òÀ°·Á¤·¤Ê¤¤¡£

-v

(¤Á¤ç¤Ã¤È¤À¤±)¾ÜºÙ¤Ê½ÐÎÏ¡£IP ¥Ñ¥±¥Ã¥È¤Ë¤ª¤±¤ë À¸Â¸»þ´Ö(TTL) ¤ä¥µ¡¼¥Ó¥¹¤Î¼ïÎà¤Î¾ðÊó¤Ê¤É¤òɽ¼¨¤¹¤ë¡£

-vv

¤â¤Ã¤È¾ÜºÙ¤Ê½ÐÎÏ¡£NFS±þÅú¥Ñ¥±¥Ã¥È¤Ë¤ª¤±¤ëÉղåե£¡¼¥ë¥É¤Ê¤É¤òɽ¼¨¤¹¤ë¡£

-vvv

¤µ¤é¤Ë¾ÜºÙ¤Ê½ÐÎÏ¡£ Î㤨¤Ð¡¢telnet SB ... SE ¥ª¥×¥·¥ç¥ó¤ÏÁ´¤Æɽ¼¨¤µ¤ì¤ë¡£ -X ¥ª¥×¥·¥ç¥ó¤â»ØÄꤵ¤ì¤ë¤È¡¢telnet ¥ª¥×¥·¥ç¥ó¤Ï 16 ¿Êɽ¼¨¤Ç¤âɽ¼¨¤µ¤ì¤ë¡£

-w

¥Ñ¥±¥Ã¥È¤ò²òÀÏ¡¢É½¼¨¤¹¤ë¤«¤ï¤ê¤ËÀ¸¤Î¤Þ¤Þ file ¤Ë½ñ¤­½Ð¤¹¡£ ¤³¤Î¥Õ¥¡¥¤¥ë¤Ï¤¢¤È¤Ç -r ¥ª¥×¥·¥ç¥ó¤òÍѤ¤¤ì¤Ðɽ¼¨¤¹¤ë¤³¤È¤¬¤Ç¤­¤ë¡£ file ¤È¤·¤Æ `-' ¤ò»Ø¼¨¤¹¤ë¤Èɸ½à½ÐÎϤòÍѤ¤¤ë¡£

-x

(¥ê¥ó¥¯¥ì¥Ù¥ë¥Ø¥Ã¥À¤ò½ü¤¯)¤¹¤Ù¤Æ¤Î¥Ñ¥±¥Ã¥È¤ò 16 ¿Ê¤Çɽ¼¨¤¹¤ë¡£¥Ñ¥±¥Ã¥ÈÁ´ÂÎ¤È snaplen ¥Ð¥¤¥È¤Î¾®¤µ¤¤Êý¤À¤±¤òɽ¼¨¤¹¤ë¡£

-X

16 ¿Êɽ¼¨¤µ¤ì¤ë¤È¤­¤Ë¡¢ ASCII ʸ»ú¤âɽ¼¨¤¹¤ë¡£ ½¾¤Ã¤Æ¡¢ -x ¥ª¥×¥·¥ç¥ó¤â¥»¥Ã¥È¤µ¤ì¤ë¤È¡¢¥Ñ¥±¥Ã¥È¤Ï 16 ¿Ê¤È ASCII ʸ»ú¤ÎξÊý¤Çɽ¼¨¤µ¤ì¤ë¡£ ¤³¤ì¤Ï¿·¤·¤¤¥×¥í¥È¥³¥ë¤ò²òÀϤ¹¤ë¤È¤­¤ËÈó¾ï¤ËÊØÍø¤Ç¤¢¤ë¡£ -x ¥ª¥×¥·¥ç¥ó¤¬ÀßÄꤵ¤ì¤Æ¤¤¤Ê¤¯¤Æ¤â¡¢ ¥Ñ¥±¥Ã¥È¤ÎÉôʬ¤Ë¤è¤Ã¤Æ¤Ï 16 ¿Ê¤È ASCII ʸ»ú¤ÎξÊý¤Çɽ¼¨¤µ¤ì¤ë¤³¤È¤â¤¢¤ë¡£

expression(¾ò·ï¼°)

¥À¥ó¥×¤¹¤ë¥Ñ¥±¥Ã¥È¤Î¼ïÎà¤òÁªÂò¤¹¤ë¡£ expression ¤¬Í¿¤¨¤é¤ì¤Ê¤¤¤È¤­¤Ï¡¢¥Í¥Ã¥È¥ï¡¼¥¯¾å¤Î¤¹¤Ù¤Æ¤Î¥Ñ¥±¥Ã¥È¤ò¥À¥ó¥×¤¹¤ë¡£ ¤½¤¦¤Ç¤Ê¤±¤ì¤Ð¡¢expression ¤¬`true'(¿¿) ¤È¤Ê¤ë¥Ñ¥±¥Ã¥È¤À¤±¤ò¥À¥ó¥×¤¹¤ë¡£
expression¤Ï°ì¤Ä°Ê¾å¤Î primitive(Í×ÁÇ) ¤«¤éÀ®¤ë¡£Í×ÁǤϰì¤Ä°Ê¾å¤Î½¤¾þ»Ò¤òÀè¹Ô¤¹¤ë°ì¸Ä¤Î id (̾Á°¤Ç¤âÈÖ¹æ¤Ç¤â¤è¤¤)¤Ç¤¢¤ë¡£½¤¾þ»Ò¤Ë¤Ï»°¤Ä¤Î¼ïÎब¤¢¤ë:

type

½¤¾þ»Ò¤Ï id̾¤Þ¤¿¤Ï id Èֹ椬»Ø¤¹¤â¤Î¤Î¼ïÎà¤ò¼¨¤¹¡£ÍøÍѲÄǽ¤Ê¤â¤Î¤Ï host, net, port ¤Ç¤¢¤ë¡£Îã: `host foo'¡¢`net 128.3'¡¢`port 20'¡£ type ½¤¾þ»Ò¤¬Ìµ¤¤¾ì¹ç¤Ï¡¢ host ¤¬»Ø¼¨¤µ¤ì¤Æ¤¤¤ë¤â¤Î¤È¤ß¤Ê¤¹¡£

dir

½¤¾þ»Ò¤Ï id ¤Ë¸þ¤±¤Æ¡¢¤Þ¤¿¤Ï id ¤Ø¡¢¤Î¤É¤Á¤é¤«¤¢¤ë¤¤¤ÏξÊý¤ÎÄÌ¿®Êý¸þ¤òÆÃÄꤹ¤ë¡£Êý¸þ¤È¤·¤Æ»Ø¼¨¤Ç¤­¤ë¤Î¤Ï src, dst, src or dst, src and dst ¤Ç¤¢¤ë¡£Îã¡¢ `src foo'¡¢`dst net 128.3'¡¢`src or dst port ftp-data'¡£ dir ½¤¾þ»Ò¤¬»ØÄꤵ¤ì¤Ê¤¤¾ì¹ç¤Ï src or dst ¤¬»Ø¼¨¤µ¤ì¤Æ¤¤¤ë¤â¤Î¤È¤ß¤Ê¤¹¡£`null' ¥ê¥ó¥¯ÁØ(¤¹¤Ê¤ï¤Á slip ¤Î¤è¤¦ ¤Ê¥Ý¥¤¥ó¥È¥Ä¡¼¥Ý¥¤¥ó¥È¥×¥í¥È¥³¥ë)¤Ë¤ª¤¤¤Æ¤Ï¡¢Êý¸þ¤ò»ØÄꤹ¤ë½¤¾þ»Ò¤È¤·¤Æ inbound ¤È outbound ¤âÍøÍѲÄǽ¤Ç¤¢¤ë¡£

proto

½¤¾þ»Ò¤Ï°ìÃפ¹¤ëÆÃÄê¤Î¥×¥í¥È¥³¥ë¤ËÀ©¸Â¤¹¤ë¡£ÍøÍѲÄǽ¤Ê¥×¥í¥È¥³¥ë¤Ï°Ê²¼¤ÎÄ̤ê: ether, fddi, mopdl, ip, ip6, arp, rarp, decnet, lat, sca, moprc, mopdl, icmp, icmp6, tcp, udp¡£ Îã: `ether src foor'¡¢`arp net 128.3'¡¢`tcp port 21'¡£ proto ½¤¾þ»Ò¤¬»Ø¼¨¤µ¤ì¤Ê¤¤¾ì¹ç¤Ï type ¤ÈÌ·½â¤·¤Ê¤¤ÈϰϤÇÁ´¤Æ¤Î¥×¥í¥È¥³ ¥ë¤¬»Ø¼¨¤µ¤ì¤Æ¤¤¤ë¤â¤Î¤È¤ß¤Ê¤¹¡£ Îã: `src foo' ¤Ï `(ip or arp or rarp) src foo' (¤³¤Î¤è¤¦¤Ê½ñ¤­Êý¤Ïʸˡ¤¢¤ä¤Þ¤ê¤À¤¬)¤ò°ÕÌ£¤·¡¢ `net bar' ¤Ï `(ip or arp or rarp) net bar' ¤ò°ÕÌ£¤·¡¢ ¤Þ¤¿ `port 53' ¤Ï `(tcp or udp) port 53' ¤ò°ÕÌ£¤¹¤ë¡£

[`fddi'¤Ï¼ÂºÝ¤Ë¤Ï `ether' ¤ÎÊÌ̾¤Ç¤¢¤ë;²òÀÏ»þ¤Ë``ÆÃÄê¤Î¥Í¥Ã¥È¥ï¡¼ ¥¯¥¤¥ó¥¿¡¼¥Õ¥§¥¤¥¹¤¬ÍøÍѤ¹¤ë¥Ç¡¼¥¿¥ê¥ó¥¯ÁØ''¤È¤·¤Æ°·¤ï¤ì¤ë¡£FDDI ¥Ø¥Ã ¥À¡¼¤Ï¥¤¡¼¥µ¥Í¥Ã¥ÈŪ¤Ê¥½¡¼¥¹¤ª¤è¤Ó¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥¢¥É¥ì¥¹¤ò´Þ¤ß¡¢¤Þ ¤¿¥¤¡¼¥µ¥Í¥Ã¥ÈŪ¤Ê¥Ñ¥±¥Ã¥È¥¿¥¤¥×¤â´Þ¤à¤Î¤Ç¡¢¤³¤ì¤é¤Î FDDI ¥Õ¥£¡¼¥ë¥É¤ò ¥¤¡¼¥µ¥Í¥Ã¥È¤ÎƱÎà¤È¤·¤ÆÁªÊ̤Ǥ­¤ë¡£FDDI ¥Ø¥Ã¥À¤Ë¤Ï¤½¤Î¾¤Î¥Õ¥£¡¼¥ë¥É ¤â´Þ¤Þ¤ì¤ë¤¬¡¢¤³¤ì¤Ë¤Ä¤¤¤Æ¤Ï¥Õ¥£¥ë¥¿¤Î¾ò·ï¼°¤ÇÌÀ¼¨Åª¤Ë»Ø¼¨¤¹¤ë¤³¤È¤Ï¤Ç ¤­¤Ê¤¤¡£]

¾åµ­¤Ë²Ã¤¨¤Æ¡¢ÆÃÊ̤Ê`Í×ÁÇ'¤ò¼¨¤¹¥­¡¼¥ï¡¼¥É¤¬¤¢¤ë¡£ gateway, broadcast, less, greater ¤Èarithmtic expression(¿ôÃͤˤè¤ë¾ò·ï¼°)¤Ç¤¢¤ë¡£¤³¤ì¤é¤Ë¤Ä¤¤¤Æ¤Ï¤³¤Î¤¢¤È¤Çµ­½Ò¤¹¤ë¡£

¤â¤Ã¤ÈÊ£»¨¤Ê¥Õ¥£¥ë¥¿¾ò·ï¼°¤Ï and, or, not ¤È³ÆÍ×ÁǤÎÁȹ礻¤Çɽ¸½¤Ç¤­¤ë¡£ Îã:`host foo and not port ftp and not port ftp-data'¡£ ÌÀ¼¨Åª¤Ê½¤¾þ»Ò¤Ï¾Êά¤·¤Æ¥¿¥¤¥×¿ô¤ò¸º¤é¤¹¤³¤È¤¬¤Ç¤­¤ë¡£ Îã:`tcp dst port ftp or ftp-data or domain' ¤Ï `tcp dst prot ftp or tcp dst port ftp-data or tcp dst prot domain'¤ÈÁ´¤¯Æ±¤¸°ÕÌ£¤Ç¤¢¤ë¡£

µöÍƤµ¤ì¤ëÍ×ÁǤÎÁȤ߹ç¤ï¤»¤Ï°Ê²¼¤ÎÄ̤ꡣ

dst host host

¥Ñ¥±¥Ã¥È¤Î IPv4/v6 ¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥Õ¥£¡¼¥ë¥É¤¬ host ¤Ç¤¢¤ë¤È¤­¿¿¡£¥¢¥É¥ì¥¹¤Ç¤â̾Á°¤Ç¤â¤è¤¤

src host host

¥Ñ¥±¥Ã¥È¤Î IPv4/v6 ¥½¡¼¥¹¥Õ¥£¡¼¥ë¥É¤¬ host ¤Ç¤¢¤ë¤È¤­¿¿¡£

host host

¥Ñ¥±¥Ã¥È¤Î IPv4/v6 ¥½¡¼¥¹¤Þ¤¿¤Ï IP/v4/v6 ¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥Õ¥£¡¼¥ë¥É¤¬ host ¤Ç¤¢¤ë¤È¤­¿¿¡£ ¾åµ­¤Î³Æ host ¤ò¼¨¤¹¾ò·ï¼°¤Ë¤Ï ip¡¢arp¡¢rarp¡¢ip6 ¤Î¤¤¤º¤ì¤«¤òÉղ䷤Ƥâ¤è¤¤¡£

ip host host

¤Ï²¼µ­¤ÈƱ¤¸¡£

ether proto \ip and host host

¤â¤· host ¤Î̾Á°¤¬Ê£¿ô¤Î IP ¥¢¥É¥ì¥¹¤ò»ý¤Ä»þ¤Ï¤½¤ì¤¾¤ì¤Î¥¢¥É¥ì¥¹¤Ë°ìÃפ¹¤ë¡£

ether dst ehost

¥¤¡¼¥µ¥Í¥Ã¥È¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥¢¥É¥ì¥¹¤¬ ehost ¤Ç¤¢¤ë¤È¤­¤Ë¿¿¡£ ehost ¤Ï /etc/ethers ¤«¿ôÃͤǤ¢¤ë(¿ôÃͤΥե©¡¼¥Þ¥Ã¥È¤Ë¤Ä¤¤¤Æ¤Ï ethers(3N) ¤ò»²¾È¤Î¤³¤È)¡£

ether src ehost

¥¤¡¼¥µ¥Í¥Ã¥È¥½¡¼¥¹¥¢¥É¥ì¥¹¤¬ ehost ¤Ç¤¢¤ë¤È¤­¤Ë¿¿¡£

ether host ehost

¥¤¡¼¥µ¥Í¥Ã¥È¥½¡¼¥¹¥¢¥É¥ì¥¹¤«¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥¢¥É¥ì¥¹¤¬ ehost ¤Ç¤¢¤ë¤È¤­¤Ë¿¿¡£

gateway host

¥Ñ¥±¥Ã¥È¤¬ host ¤ò¥²¡¼¥È¥¦¥§¥¤¤È¤·¤Æ¤¤¤ë¤È¤­¤Ë¿¿¡£ ¤¹¤Ê¤ï¤Á¡¢¥¤¡¼¥µ¥Í¥Ã¥È¥½¡¼¥¹/¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥¢¥É¥ì¥¹¤Ï host ¤Ç¤¢¤ë¤¬¡¢ IP ¥½¡¼¥¹/¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥¢¥É¥ì¥¹¤Ï host ¤Ç¤Ï¤Ê¤¤¤È¤­¤Î¤³¤È¡£ host ¤Ï̾Á°¤Ç¤¢¤ê¡¢¤Þ¤¿ /etc/hosts ¤È /etc/ethers ¤ÎξÊý¤Ëµ­ºÜ¤µ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤ (¤³¤Î¾ò·ï¼°¤Ï host / ehost ¤½¤ì¤¾¤ì¤ò̾Á°¤«ÈÖ¹æ¤Çµ­½Ò¤¹¤ë

ether host ehost and not host host

¤ÈƱÅù¤Ç¤¢¤ë)¡£ ¤³¤Îʸˡ¤Ïº£¤Î¤È¤³¤í IPv6 ¤òÍ­¸ú¤Ë¤·¤¿ÀßÄê¤Ç¤ÏÀµ¤·¤¯Æ°ºî¤·¤Ê¤¤¡£

dst net net

¥Ñ¥±¥Ã¥È¤Î IPv4/v6 ¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥¢¥É¥ì¥¹¤¬ net ¥Í¥Ã¥È¥ï¡¼¥¯¤ò ´Þ¤ó¤Ç¤¤¤ë¤È¤­¤Ë¿¿¡£net ¤Ï/etc/networks ¤Ëµ­ºÜ¤µ¤ì¤ë̾Á°¤«¥Í¥Ã¥È ¥ï¡¼¥¯ÈÖ¹æ¤Ç¤¢¤ë( networks(4) ¤ò»²¾È)¡£

src net net

¥Ñ¥±¥Ã¥È¤Î IPv4/v6 ¥½¡¼¥¹¥¢¥É¥ì¥¹¤¬ net ¥Í¥Ã¥È¥ï¡¼¥¯¤Î¤â¤Î¤Ç¤¢¤ë¤È¤­¤Ë¿¿¡£

net net

¥Ñ¥±¥Ã¥È¤Î IPv4/v6 ¥½¡¼¥¹/¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥¢¥É¥ì¥¹¤¬ net ¥Í¥Ã¥È¥ï¡¼¥¯¤Ç¤¢¤ë¤È¤­¤Ë¿¿¡£

net net mask mask

IP ¥¢¥É¥ì¥¹¤¬ netmask ¤Ç¥Þ¥¹¥¯¤·¤Æ net ¤Ë°ìÃפ¹¤ë¤È¤­¤Ë¿¿¡£src ¤« dst ¤Ç½¤¾þ¤·¤Æ¤â¤è¤¤¡£ ¤³¤Îʸˡ¤Ï net ¤¬ IPv6 ¤Î¤È¤­¤Ë¤ÏÉÔÀµ¤Ç¤¢¤ë¤³¤È¤ËÃí°Õ¡£

net net/len

IPv4/v6 ¥¢¥É¥ì¥¹¤¬ len ¥Ó¥Ã¥È¤Înetmask ¤Ç¥Þ¥¹¥¯¤·¤Æ net ¤Ë°ìÃפ¹¤ë¤È¤­¤Ë¿¿¡£src ¤« dst ¤Ç½¤¾þ¤·¤Æ¤â¤è¤¤¡£

dst port port

¥Ñ¥±¥Ã¥È¤¬ ip/tcp ¤« ip/udp ¤« ipv6/tcp ¤« ipv6/udp ¤Ç¤¢¤ë¾ì¹ç¤Ç¡¢ ¹Ô¤­Àè¤Î port Èֹ椬 port ¤Ç¤¢¤ë¤È¤­¤Ë¿¿¡£ Port ¤ÏÈÖ¹æ¤Î¿ôÃͤ« /etc/services ¤Ë¤è¤ë̾Á°¤òÍøÍѤǤ­¤ë( tcp(4P) ¤È udp(4P) ¤ò»²¾È¤Î¤³¤È)¡£Ì¾Á°¤¬ÍøÍѤµ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï port ÈÖ¹æ¤È protocol ¤ÎξÊý¤Ç¾È¹ç¤µ¤ì¤ë¡£ Èֹ椫¿½Å¤ËÄêµÁ¤µ¤ì¤Æ¤¤¤ë̾Á°¤¬ÍøÍѤµ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï port ÈÖ¹æ¤À¤±¤¬¾È¹ç¤µ¤ì¤ë (Îã: dst port 513 ¤Ï tcp/login ¤È udp/who ¤ÎξÊý¤ÎÄÌ¿®¤òɽ¼¨¤¹¤ë¤·¡¢ port domain ¤Ï tcp/domain ¤È udp/domain ¤ÎξÊý¤òɽ¼¨¤¹¤ë)¡£

src port port

¥Ñ¥±¥Ã¥È¤¬ port ÈÖ¹æ¤Î¥Ý¡¼¥È¤ò¥½¡¼¥¹¤Ë¤·¤Æ¤¤¤ë¤È¤­¿¿¡£

port port

¥Ñ¥±¥Ã¥È¤Î¥½¡¼¥¹¤«¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥Ý¡¼¥È¤¬ port ¤Ç¤¢¤ë¤È¤­¿¿¡£ ¤³¤Î port ¤ò»ØÄꤹ¤ë¾ò·ï¼°¤Ï tcp ¤È udp ¤Î¥­¡¼¥ï¡¼¥É¤òÉղ䷤Ƥâ¤è¤¤:

tcp src port port

¤Ï port ¤ò¥½¡¼¥¹¤È¤¹¤ë tcp ¤Î¥Ñ¥±¥Ã¥È¤Î¤ß¤Ë°ìÃפ¹¤ë¡£

less length

¥Ñ¥±¥Ã¥È¤¬ length °Ê²¼¤Î¤È¤­¤Ë¿¿¡£ ¤³¤ì¤Ï²¼µ­¤ÈƱ¤¸:

len <= length.

greater length

¥Ñ¥±¥Ã¥È¤¬ length °Ê¾å¤Î¤È¤­¤Ë¿¿¡£ ¤³¤ì¤Ï²¼µ­¤ÈƱ¤¸:

len >= length.

ip proto protocol

¥Ñ¥±¥Ã¥È¤¬ protocol ·¿¤Î¥×¥í¥È¥³¥ë¤Î IP ¥Ñ¥±¥Ã¥È( ip(4P) ¤ò»²¾È)¤Î¤â¤Î¤Ç¤¢¤ë¤È¤­¿¿¡£ protocol ¤È¤·¤ÆÍøÍѤǤ­¤ë¤Î¤Ï¿ôÃÍ¤È icmp¡¢ igrp¡¢udp¡¢nd¡¢tcp ¤Ç¤¢¤ë¡£tcp¡¢udp¡¢ icmp ¤Ï¥­¡¼¥ï¡¼¥É¤Ç¤â¤¢¤ë¤Î¤Ç¡¢¥Ð¥Ã¥¯¥¹¥é¥Ã¥·¥å(\)¤Ç¥­¡¼¥ï¡¼¥É ¤È¤·¤Æ²ò¼á¤µ¤ì¤ë¤Î¤ò²óÈò¤¹¤ëɬÍפ¬¤¢¤ë¡£C-Shell ¤Ç¤Ï \\ ¤ò»È¤¦¡£ ¤³¤ÎÍ×ÁǤϥץí¥È¥³¥ë¥Ø¥Ã¥À¥Á¥§¥¤¥ó¤òÄÉÀפ·¤Ê¤¤¤³¤È¤ËÃí°Õ¡£

ip6 proto protocol

¥Ñ¥±¥Ã¥È¤¬protocol·¿¤Î IPv6 ¥Ñ¥±¥Ã¥È¤Ç¤¢¤ë¤È¤­¤Ë¿¿¡£ ¤³¤ÎÍ×ÁǤϥץí¥È¥³¥ë¥Ø¥Ã¥À¥Á¥§¥¤¥ó¤òÄÉÀפ·¤Ê¤¤¤³¤È¤ËÃí°Õ¡£

ip6 protochain protocol

¥Ñ¥±¥Ã¥È¤¬ IPv6 ¥Ñ¥±¥Ã¥È¤Ç¤¢¤ê¡¢ ¤½¤Î¥×¥í¥È¥³¥ë¥Ø¥Ã¥À¥Á¥§¥¤¥ó¤ÎÃæ¤Ëprotocol·¿¤Î¥×¥í¥È¥³¥ë¥Ø¥Ã¥À¤¬¤¢¤ë¾ì¹ç¤Ë¿¿¡£ Î㤨¤Ð¡¢

ip6 protochain 6

¤Ï ¥×¥í¥È¥³¥ë¥Ø¥Ã¥À¥Á¥§¥¤¥ó¤Ë TCP ¥×¥í¥È¥³¥ë¤ò»ý¤Ä IPv6 ¥Ñ¥±¥Ã¥È¤Ë°ìÃפ¹¤ë¡£ ¥Ñ¥±¥Ã¥È¤Ë¤Ï¡¢Î㤨¤Ðǧ¾Ú¥Ø¥Ã¥À¡¢¥ë¡¼¥Æ¥£¥ó¥°¥Ø¥Ã¥À¡¢ hop-by-hop¥Ø¥Ã¥À¤Ê¤É¤¬IPv6 ¥Ø¥Ã¥À¤È TCP ¥Ø¥Ã¥À¤Î´Ö¤Ë´Þ¤Þ¤ì¤ë¤«¤â¤·¤ì¤Ê¤¤¡£ ¤³¤ÎÍ×ÁǤ¬ºî¤ê½Ð¤¹ BPF ¥³¡¼¥É¤ÏÊ£»¨¤Ç¡¢ tcpdump¤Î BPF ºÇŬ²½¥³¡¼¥É¤ÇºÇŬ²½¤Ç¤­¤Ê¤¤¡£ ¤½¤Î¤¿¤á¡¢¾¯¤·ÃÙ¤¤¤«¤â¤·¤ì¤Ê¤¤¡£

ip protochain protocol

ip6 protochain protocol ¤ÈƱÍͤÀ¤¬¡¢¤³¤ì¤Ï IPv4 ¤Î¤¿¤á¤Î¤â¤Î¤Ç¤¢¤ë¡£

ether broadcast

¥Ñ¥±¥Ã¥È¤¬¥¤¡¼¥µ¥Í¥Ã¥È¤Î¥Ö¥í¡¼¥É¥­¥ã¥¹¥È¤Ç¤¢¤ë¤È¤­¿¿¡£ether ¤Ï¤Ê¤¯¤Æ¤â¤è¤¤¡£

ip broadcast

¥Ñ¥±¥Ã¥È¤¬ IP ¥Ö¥í¡¼¥É¥­¥ã¥¹¥È¥Ñ¥±¥Ã¥È¤Ç¤¢¤ë¤È¤­¿¿¡£¤³¤ì¤ÏÁ´¤Æ 0 ¤È Á´¤Æ 1 ¤ÎξÊý¤Î¥Ö¥í¡¼¥É¥­¥ã¥¹¥È·Á¼°¤ËÂбþ¤·¡¢¤µ¤é¤Ë¥µ¥Ö¥Í¥Ã¥È¥Þ¥¹¥¯¤Ë¤âÂбþ¤·¤Æ¤¤¤ë¡£

ether multicast

¥Ñ¥±¥Ã¥È¤¬¥¤¡¼¥µ¥Í¥Ã¥È¤Î¥Þ¥ë¥Á¥­¥ã¥¹¥È¤Ç¤¢¤ë¤È¤­¿¿¡£ether ¤Ï¤Ê¤¯¤Æ ¤â¤è¤¤¡£¤³¤ì¤Ï `ether[0] & 1 != 0'¤Î¾Êάµ­Ë¡¤Ç¤¢¤ë¡£

ip multicast

¥Ñ¥±¥Ã¥È¤¬ IP ¤Î¥Þ¥ë¥Á¥­¥ã¥¹¥È¤Ç¤¢¤ë¤È¤­¿¿¡£

ip6 multicast

¥Ñ¥±¥Ã¥È¤¬ IPv6 ¥Þ¥ë¥Á¥­¥ã¥¹¥È¥Ñ¥±¥Ã¥È¤Ç¤¢¤ë¤È¤­¿¿¡£

ether proto protocol

¥Ñ¥±¥Ã¥È¤¬ ether ¤Î protocol ·¿¤Î¤â¤Î¤Ç¤¢¤ë¤È¤­¿¿¡£ protocol ¤Ë¤ÏÈֹ椫 ip¡¢ip6¡¢arp¡¢rarp ¤Î̾Á°¤¬Íø ÍѲÄǽ¡£¤³¤ì¤é¤Î¼±Ê̻Ҥϥ­¡¼¥ï¡¼¥É¤Ç¤â¤¢¤ë¤Î¤Ç¡¢¥Ð¥Ã¥¯¥¹¥é¥Ã¥·¥å(\)¤Ç ¥­¡¼¥ï¡¼¥É¤È¤·¤Æ²ò¼á¤µ¤ì¤ë¤Î¤ò²óÈò¤¹¤ëɬÍפ¬¤¢¤ë¡£ [ FDDI (¤¿¤È¤¨¤Ð `fddi protocol arp')¤Î¾ì¹ç¡¢¥×¥í¥È¥³¥ë¤Î¼±ÊÌÊýË¡¤Ï 802.2 Logical Link Control (LLC) ¥Ø¥Ã¥À¡¼¤Ë¤è¤ë¡£¤½¤ì¤ÏÄ̾ï¤Ï FDDI ¥Ø¥Ã¥À¡¼¤ÎÀèƬ¤ËÃÖ¤«¤ì¤Æ¤¤¤ë¡£tcpdump ¤Ï ¥×¥í¥È¥³¥ë¼±ÊÌ»Ò¤Ç ¥Õ¥£¥ë¥¿¡¼¤¹¤ë¾ì¹ç¤Ë¡¢Á´¤Æ¤Î FDDI ¥Ñ¥±¥Ã¥È¤Ï LLC ¥Ø¥Ã¥À¡¼¤ò»ý¤Ã¤Æ¤¤¤Æ¡¢ ¤½¤Î LLC ¥Ø¥Ã¥À¡¼¤Ï SNAP ¤È¸Æ¤Ð¤ì¤ë·Á¼°¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤â¤Î¤È¤ß¤Ê¤¹¡£ ]

decnet src host

DECNET ¤Ë¤ª¤¤¤Æ¥½¡¼¥¹¥¢¥É¥ì¥¹¤¬``10.123''¤Î¤è¤¦¤Ê¥¢¥É¥ì¥¹¤ä DECNET¤Î¥Û ¥¹¥È¥Í¡¼¥à¤Î·Á¼°¤Ç»Ø¼¨¤µ¤ì¤ë host ¤È°ìÃפ¹¤ë¤È¤­¿¿¡£[DECNET¤Î¥Û¥¹¥È¥Í¡¼¥à·Á¼°¤Ï DECNET¤ËÀܳ¤µ¤ì¤¿ ultrix ¥·¥¹¥Æ¥à¤Ë¤ª¤¤¤Æ¤Î¤ßÍøÍѲÄǽ¤Ç¤¢¤ë¡£]

decnet dst host

DECNET¤Ë¤ª¤¤¤Æ¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥¢¥É¥ì¥¹¤¬ host ¤Ë°ìÃפ¹¤ë¤È¤­¿¿¡£

decnet host host

DECNET¤Ë¤ª¤¤¤Æ¡¢¥½¡¼¥¹¤Þ¤¿¤Ï¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥¢¥É¥ì¥¹¤¬ host ¤Ë°ìÃפ¹¤ë¤È¤­¤Ë¿¿¡£

ip, ip6, arp, rarp, decnet

²¼µ­¤Ë¤ª¤¤¤Æ:

ether proto p

p ¤ò¤½¤Î¤¤¤º¤ì¤«¤Î¥×¥í¥È¥³¥ë¤È¤¹¤ë¤Î¤ÈƱÅù¤Ç¤¢¤ë¡£

lat, moprc, mopdl

²¼µ­¤Ë¤ª¤¤¤Æ:

ether proto p

p ¤ò¤½¤Î¤¤¤º¤ì¤«¤Î¥×¥í¥È¥³¥ë¤È¤¹¤ë¤Î¤ÈƱÅù¤Ç¤¢¤ë¡£ tcpdump ¤Ï¤³¤ì¤é¤Î¥×¥í¥È¥³¥ë¤Î²òÀÏÊýË¡¤ÏÀµ³Î¤Ë¤ÏÃΤé¤Ê¤¤ÅÀ¤ËÃí°Õ ¤¹¤ë¤³¤È¡£

tcp, udp, icmp

²¼µ­¤Ë¤ª¤¤¤Æ:

ip proto pip6 proto p

p ¤ò¤½¤Î¤¤¤º¤ì¤«¤Î¥×¥í¥È¥³¥ë¤È¤¹¤ë¤Î¤ÈƱÅù¤Ç¤¢¤ë¡£

expr relop expr

´Ø·¸¼°¤¬À®¤êΩ¤Æ¤Ð¿¿¡£relop(±é»»»Ò)¤Ï >¡¢<¡¢>=¡¢<=¡¢=¡¢!= ¤Î¤¤¤º ¤ì¤«°ì¤Ä¤Ç¤¢¤ê¡¢expr(ɽ¸½) ¤ÏÀ°Äê¿ô¤Ë¤è¤ë¿ôÃÍɽ¸½ (ɽ¸½ÊýË¡¤Ïɸ½à Ū¤Ê C ¤Îʸˡ¤Ë¤·¤¿¤¬¤¦)¡¢É¸½àŪ¤ÊÆó¹à±é»»»Ò[+¡¢-¡¢*¡¢/¡¢&¡¢|]¡¢Ä¹¤µ±é»»»Ò¡¢¥Ñ ¥±¥Ã¥È¥Ç¡¼¥¿¥¢¥¯¥»¥¹±é»»»Ò¤Î¤¤¤º¤ì¤«¡£¥Ñ¥±¥Ã¥ÈÆâ¤Î¥Ç¡¼¥¿¤ËÂФ·¤ÆŬÍѤ¹¤ë¤Ë¤Ï¤³¤Î¤è¤¦¤Ëµ­½Ò¤¹¤ë:

proto [ expr : size ]

proto ¤Ï ether¡¢fddi¡¢ip¡¢arp¡¢rarp¡¢tcp¡¢udp¡¢icmp¡¢ip6 ¤Î¤¤¤º¤ì¤«¤Ç ÁàºîÂоݤΥץí¥È¥³¥ëÁؤò»Ø¼¨¤¹¤ë¡£ tcp, udp ¤È¤½¤Î¾¤Î¾å°Ì¥×¥í¥È¥³¥ëÁØ¤Ï IPv4 ¤Ç¤Î¤ßÍøÍѤǤ­¡¢ IPv6¤Ç¤ÏÍøÍѤǤ­¤Ê¤¤¤³¤È¤ËÃí°Õ¡£(¤³¤ì¤Ï¾­Í轤Àµ¤µ¤ì¤ë¤À¤í¤¦) »Ø¼¨¤µ¤ì¤¿¥×¥í¥È¥³¥ëÁؤˤĤ¤¤Æ¤Î¥Ð¥¤¥È¥ª¥Õ¥»¥Ã¥È¤Ï expr ¤Ç»ØÄꤹ¤ë¡£ size ¤ò»Ø¼¨¤¹¤ë¾ì¹ç¤ÏÃíÌܤ¹¤ë¥Õ¥£¡¼¥ë¥É¤Ç¤Î¥Ð¥¤¥È¿ô¤Ç»Ø¼¨¤¹¤ë¤¬¡¢ ¤½¤ì¤Ï one¡¢two ¤Þ¤¿ four ¤Î¤¤¤º¤ì¤«¤òÍѤ¤¤ë¡£»Ø¼¨¤Î¤Ê¤¤¾ì¹ç¤Ï one ¤Ç ¤¢¤ë¤È¤ß¤Ê¤¹¡£Ä¹¤µ±é»»»Ò¤Ï¥­¡¼¥ï¡¼¥É len ¤Ç¼¨¤µ¤ì¡¢¥Ñ¥±¥Ã¥ÈŤòÍ¿¤¨¤ë¡£ ¤¿¤È¤¨¤Ð¡¢`ether[0] & 1 != 0'¤È¤¤¤¦¾ò·ï¼°¤Ï¤¹¤Ù¤Æ¤Î¥Þ¥ë¥Á¥­¥ã¥¹¥È ¤Ë¤è¤ëÄÌ¿®¤ò¤È¤é¤¨¤ë¡£`ip[0] & 0xf != 5' ¤È¤¤¤¦¾ò·ï¼°¤Ï¤¹¤Ù¤Æ¤Î¥ª ¥×¥·¥ç¥óÉÕ¤­¤Î IP ¥Ñ¥±¥Ã¥È¤ò¤È¤é¤¨¤ë¡£`ip[6:2] & 0x1fff = 0'¤Ï¥Õ¥é ¥°¥á¥ó¥È²½¤µ¤ì¤Æ¤¤¤Ê¤¤¥Ç¡¼¥¿¥°¥é¥à¤« 0 ÈÖ¤Î(ºÇ½é¤Î)¥Õ¥é¥°¥á¥ó¥È¤À¤±¤òɽ¼¨¤¹¤ë¡£ ¤Ê¤ª¡¢¤³¤Î¾ò·ï¤Ï tcp ¤È udp ¤Ø¤ÎŬÍѤò°Å¼¨¤·¤Æ¤¤¤ë¡£¤µ¤é ¤Ë tcp[0] ¤Ï TCP ¥Ø¥Ã¥À ¤ÎºÇ½é¤Î¥Ð¥¤¥È¤ò°ÕÌ£¤¹¤ë¤¬¡¢¥Õ¥é ¥°¥á¥ó¥È¤ÎÀèƬ¤Î¥Ð¥¤¥È¤Ç¤Ï¤¢¤ê¤¨¤Ê¤¤¡£

Í×ÁǤòÊ£¹ç¤µ¤»¤ÆÍѤ¤¤ë¾ì¹ç:

³ç¸Ì¤Ç¥°¥ë¡¼¥×ʬ¤±¤¹¤ëÍ×ÁǤȱ黻»Ò(³ç¸Ì¤Ï¥·¥§¥ë¤Ë¤È¤Ã¤Æ¤âÆÃÊ̤ʰÕÌ£¤ò»ý¤Ä¤Î¤Ç¤¿¤Ö¤ó¥¨¥¹¥±¡¼¥×¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¤À¤í¤¦)¡£

ÈÝÄê (`!' or `not').

·ë¹ç (`&&' or `and').

Âò°ì (`||' or `or').

ÈÝÄê¤Ï¤â¤Ã¤È¤â¹â¤¤Í¥ÀèÅÙ¤ò¤â¤Ä¡£Âò°ì¤È·ë¹ç¤ÏƱÅù¤ÎÍ¥ÀèÅÙ¤ò»ý¤Á¡¢ º¸¤«¤é±¦¤Øɾ²Á¤µ¤ì¤ë¡£ ·ë¹ç¤ÏÊ»µ­¤¹¤ë¤À¤±¤Ç¤Ê¤¯ÌÀ¼¨Åª¤Ê and ¥È¡¼¥¯¥ó¤¬É¬Íפʤ³¤È¤ËÃí°Õ¤¹¤ë¤³¤È¡£

¥­¡¼¥ï¡¼¥É¤Ê¤·¤Ç¼±Ê̻Ҥ¬¤¢¤é¤ï¤ì¤¿¾ì¹ç¡¢Ä¾Á°¤Ë¤¢¤é¤ï¤ì¤¿¥­¡¼¥ï¡¼¥É¤ò ȼ¤Ã¤Æ¤¤¤ë¤È¤ß¤Ê¤µ¤ì¤ë¡£ ¤¿¤È¤¨¤Ð¡¢

not host vs and ace

¤Ï

not host vs and host ace

¤Î¾Êά¤Ç¤¢¤ê¡¢¤³¤ì¤Ï

not ( host vs or ace )

¤È¤Ï°ã¤¦¡£

tcpdump ¤ËÅϤ¹¾ò·ï¼°¤ÏÅÔ¹ç¤Î¤è¤¤¤è¤¦¤Ë¡¢Ã±°ì¤È¤·¤Æ¤âÊ£¿ô¤È¤·¤Æ¤â¤è¤¤¡£ °ìÈ̤˥·¥§¥ë¤Î¥á¥¿¥­¥ã¥é¥¯¥¿¤ò´Þ¤à¤è¤¦¤Ê¾ò·ï¼°¤Î¾ì¹ç¤Ïñ°ì¤Î¥¯¥ª¡¼¥È¤·¤¿°ú¿ô¤È¤·¤ÆÅϤ¹¤Î¤¬¤è¤¤¡£ Ê£¿ô¤Î°ú¿ô¤Ïɾ²Á¤ÎľÁ°¤Ë¶õÇò¤Ç·ë¹ç¤µ¤ì¤ë¡£

Îã

¥Û¥¹¥È sundown ¤Ë¤«¤«¤ï¤ëÁ´¤Æ¤ÎÆþ½ÐÎϥѥ±¥Ã¥È¤òɽ¼¨¤¹¤ë:

tcpdump host sundown

¥Û¥¹¥È helios ¤È hot ¤¢¤ë¤¤¤Ï ace ¤È¤ÎÄÌ¿®¤òɽ¼¨¤¹¤ë:

tcpdump host helios and \( hot or ace \)

¥Û¥¹¥È ace ¤È helios ¤ò½ü¤¯Á´¤Æ¤Î¥Û¥¹¥È¤È¤ÎIP¥Ñ¥±¥Ã¥È¤òɽ¼¨¤¹¤ë:

tcpdump ip host ace and not helios

¥í¡¼¥«¥ë¥Í¥Ã¥È¤Î¥Û¥¹¥È·²¤È¥Í¥Ã¥È¥ï¡¼¥¯ Berkeley ¤Î¥Û¥¹¥È·²¤È¤ÎÄÌ¿®¤òɽ¼¨¤¹¤ë:

tcpdump net ucb-ether

¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤Ø¤Î¥²¡¼¥È¥¦¥§¥¤¤Î snup ¤òÄ̲᤹¤ëÁ´¤Æ¤Î ftp ÄÌ¿®¤òɽ¼¨¤¹¤ë(¾ò·ï¼°¤Ï¥·¥§¥ë¤¬³ç¸Ì¤ò(¸í¤Ã¤Æ)²ò¼á¤¹¤ë¤Î¤òÈò¤±¤ë¤¿¤á¤Ë¥¯¥ª¡¼¥È¤µ¤ì¤Æ¤¤¤ëÅÀ¤ËÃí°Õ¤»¤è):

tcpdump 'gateway snup and (port ftp or ftp-data)'

¥í¡¼¥«¥ë¥Û¥¹¥È¤Ø¤ÎÆþ½ÐÎϤÎÄÌ¿®¤ò½ü³°¤·¤Æɽ¼¨¤¹¤ë(¾¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Ø¤Î¥²¡¼¥È¥¦¥§¥¤¤Ç¤¢¤ë¤È¤·¤Æ¡¢¥í¡¼¥«¥ë¥Í¥Ã¥È¥ï¡¼¥¯¤ò½ü³°¤¹¤ëÎã):

tcpdump ip and not net localnet

¥í¡¼¥«¥ë¥Û¥¹¥È°Ê³°¤¬´Ø¤ï¤ë TCP ÄÌ¿®¤Î TCP ¥¹¥¿¡¼¥È¤È¥¨¥ó¥É¤Î¥Ñ¥±¥Ã¥È(SYN ¤È FIN ¤Î¥Ñ¥±¥Ã¥È)¤òɽ¼¨¤¹¤ë:

tcpdump 'tcp[13] & 3 != 0 and not src and dst net localnet'

¥²¡¼¥È¥¦¥§¥¤ snup ¤òÄ̲᤹¤ë 576 ¥Ð¥¤¥È°Ê¾å¤Î IP ¥Ñ¥±¥Ã¥È¤òɽ¼¨¤¹¤ë:

tcpdump 'gateway snup and ip[2:2] > 576'

¥¤¡¼¥µ¥Í¥Ã¥È¤Î¥Ö¥í¡¼¥É¥­¥ã¥¹¥È¤Þ¤¿¤Ï¥Þ¥ë¥Á¥­¥ã¥¹¥È¤ò ɬÍפȤ·¤Ê¤¤ IP ¤Î¥Ö¥í¡¼¥É¥­¥ã¥¹¥È¤Þ¤¿¤Ï¥Þ¥ë¥Á¥­¥ã¥¹¥È¤òɽ¼¨¤¹¤ë:

tcpdump 'ether[0] & 1 = 0 and ip[16] >= 224'

echo Í×µá/±þÅú(¤Ä¤Þ¤ê ping ¤Î¥Ñ¥±¥Ã¥È)°Ê³°¤Î¤¹¤Ù¤Æ¤Î ICMP ¥Ñ¥±¥Ã¥È¤òɽ¼¨¤¹¤ë:

tcpdump 'icmp[0] != 8 and icmp[0] != 0"

½ÐÎÏ·Á¼°

tcpdump ¤Î½ÐÎϤϥץí¥È¥³¥ë¤Ë°Í¸¤¹¤ë¡£²¼µ­¤ÏÂçÉôʬ¤ÎÍͼ°¤Î´Êñ¤Ê²òÀâ¤ÈÎã¤Ç¤¢¤ë¡£

¥ê¥ó¥¯¥ì¥Ù¥ë¥Ø¥Ã¥À

`-e' ¥ª¥×¥·¥ç¥ó¤¬»Ø¼¨¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢¥ê¥ó¥¯¥ì¥Ù¥ë¥Ø¥Ã¥À¤¬É½¼¨¤µ¤ì¤ë¡£ ¥¤¡¼¥µ¥Í¥Ã¥È¤Ç¤Ï¥½¡¼¥¹¤ª¤è¤Ó¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¤Î¥¢¥É¥ì¥¹¤È¥Ñ¥±¥Ã¥ÈŤ¬É½¼¨¤µ¤ì¤ë¡£

FDDI ¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Ë¤ª¤¤¤Æ¤Ï '-e' ¥ª¥×¥·¥ç¥ó¤Ë¤è¤ê tcpdump ¤Ï¡¢¥½ ¡¼¥¹¤ª¤è¤Ó¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¤Î¥¢¥É¥ì¥¹¤È¥Ñ¥±¥Ã¥ÈŤ«¤é¤Ê¤ë¥Õ¥ì¡¼¥àÀ©¸æ¥Õ¥£¡¼¥ë¥É¤òɽ¼¨¤¹¤ë¡£(¥Õ¥ì¡¼¥àÀ©¸æ¥Õ¥£¡¼¥ë¥É¤Ï¥Ñ¥±¥Ã¥È¤Î»Ä¤ê¤ÎÉôʬ¤Î²ò¼á ¤ÎÀ©¸æ¤ò¤ª¤³¤Ê¤¦)¡£(IP ¥Ç¡¼¥¿¥°¥é¥à¤ò´Þ¤à¤è¤¦¤Ê)Ä̾ï¤Î¥Ñ¥±¥Ã¥È¤ÏÍ¥ÀèÅÙ 0 ¤«¤é 7 ¤ò»ý¤Ä`async' ¥Ñ¥±¥Ã¥È¤Ç¤¢¤ë;¤¿¤È¤¨¤Ð `async 4'¡£¤³¤Î ¤è¤¦¤Ê¥Ñ¥±¥Ã¥È¤Ï 802.2 LLC ¤ò´Þ¤à¤È¤ß¤Ê¤µ¤ì¤ë¡£LLC¥Ø¥Ã¥À¤Ï¤½¤ì¤¬ ISO ¥Ç¡¼¥¿¥°¥é¥à¤ä¤¤¤ï¤æ¤ë SNAP ¥Ñ¥±¥Ã¥È ¤Ç¤Ê¤¤ ¤Ê¤é¤Ð¡¢É½¼¨¤µ¤ì¤ë¡£

(Ãí:°Ê²¼¤Îµ­½Ò¤Ï RFC-1144 ¤Ë¤è¤ë SLIP °µ½Ì¥¢¥ë¥´¥ê¥º¥à¤òÍý²ò¤·¤Æ¤¤¤ë¤â¤Î¤È ¤ß¤Ê¤·¤Æµ­½Ò¤·¤Æ¤¢¤ë)¡£

SLIP Àܳ¤Ç¤Ï¡¢Êý¸þ»Ø¼¨(``I''¤¬ÆþÎÏ¡¢``O''¤¬½ÐÎÏ)¡¢¥Ñ¥±¥Ã¥È¥¿¥¤¥×¤È°µ½Ì¾ðÊó¤¬É½¼¨¤µ¤ì¤ë¡£ ºÇ½é¤Ë¥Ñ¥±¥Ã¥È¥¿¥¤¥×¤¬É½¼¨¤µ¤ì¤ë¡£ ¥¿¥¤¥×¤Ë¤Ï ip¡¢utcp¡¢ctcp ¤Î»°¼ïÎब¤¢¤ë¡£ ip ¥Ñ¥±¥Ã¥È¤Ë¤Ä¤¤¤Æ¤³¤ì°Ê¾å¤Î¥ê¥ó¥¯¾ðÊó¤Ïɽ¼¨¤µ¤ì¤Ê¤¤¡£ TCP¥Ñ¥±¥Ã¥È¤ÏÀܳ¼±Ê̻Ҥ¬¼¡¤Ëɽ¼¨¤µ¤ì¤ë¡£ ¥Ñ¥±¥Ã¥È¤¬°µ½Ì¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï¤½¤ÎÉä¹æ²½¤µ¤ì¤¿¥Ø¥Ã¥À¤¬É½¼¨¤µ¤ì¤ë¡£ *S+n¡¢*SA+n ¤Èɽ¼¨¤µ¤ì¤ëÆÃÊ̤ʾõÂ֤⤢¤ë¡£¤³¤³¤Ç n ¤Ï¥·¡¼¥±¥ó¥¹ÈÖ¹æ(¤Þ¤¿¤Ï¥·¡¼¥±¥ó¥¹ÈÖ¹æ¤È ack)¤¬²¿²óÊѹ¹¤µ¤ì¤¿¤«¤ò¼¨¤¹¡£ ÆÃÊ̤ʾì¹ç¤Ç¤Ê¤±¤ì¤Ð¡¢¥¼¥í¤«¤Þ¤¿¤ÏÊѹ¹¤Î²ó¿ô¤¬½ÐÎϤµ¤ì¤ë¡£ Êѹ¹¤Ï U(urgent pointer)¡¢W(windows)¡¢A(ack)¡¢S(sequence number)¡¢I(packet ID)¤Ëº¹Ê¬(+n ¤« -n)¤Þ¤¿¤Ï¿·¤·¤¤ÃÍ(=n)¤ÎÁȹ礻¤Ç¼¨¤µ¤ì¤ë¡£ ºÇ¸å¤Ë¥Ñ¥±¥Ã¥È¤Î¥Ç¡¼¥¿¤¹¤Ù¤Æ¤È°µ½Ì¤µ¤ì¤¿¥Ø¥Ã¥À¤ÎŤµ¤¬É½¼¨¤µ¤ì¤ë¡£

¤³¤ÎÎã¤ÏÌÀ¼¨¤µ¤ì¤¿Àܳ¼±Ê̻Ҥò¤â¤Ä½ÐÎϤµ¤ì¤ë°µ½ÌTCP¥Ñ¥±¥Ã¥È¤ò¼¨¤¹¡£ ack ¤Ï 6²ó¹¹¿·¤µ¤ì¡¢¥·¡¼¥±¥ó¥¹ÈÖ¹æ¤Ï 49¤Ç¤¢¤ê ¥Ñ¥±¥Ã¥È¤Î ID¤Ï 6¤Ç¤¢¤ë; 3¥Ð¥¤¥È¤Î¥Ç¡¼¥¿¤È6¥Ð¥¤¥È¤Î°µ½Ì¥Ø¥Ã¥À¤ò»ý¤Ä

O ctcp * A+6 S+49 I+6 3 (6)

ARP/RARP ¥Ñ¥±¥Ã¥È

arp/rarp ½ÐÎϤÏÍ×µá¤Î¥¿¥¤¥×¤È¤½¤Î°ú¿ô¤òɽ¼¨¤¹¤ë¡£¥Õ¥©¡¼¥Þ¥Ã¥È¤½¤ì¼«ÂÎ ¤¬¼«¿È¤ÎÆâÍƤÎÀâÌÀ¤È¤Ê¤ë¡£¤³¤Îû¤¤Îã¤Ï¥Û¥¹¥È rtsg ¤«¤é csam ¤Ø¤Î `rlogin' ¤Î³«»Ï»þ¤Î¤â¤Î¤Ç¤¢¤ë¡£

arp who-has csam tell rtsg

arp reply csam is-at CSAM

°ì¹ÔÌÜ¤Ï rtsg ¤¬ ¥¤¥ó¥¿¡¼¥Í¥Ã¥È¥Û¥¹¥È csam ¤Î¥¤¡¼¥µ¥Í¥Ã¥È¥¢¥É¥ì¥¹¤ò¿Ò¤Í¤ë arp ¥Ñ¥±¥Ã¥È¤òÁ÷¿®¤·¤¿Íͻҡ£csam ¤Ï¥¤¡¼¥µ¥Í¥Ã¥È¥¢¥É¥ì¥¹¤òÊÖ¿®¤·¤Æ¤¤¤ë(¤³¤ÎÎã¤Ç¥¤¡¼¥µ¥Í¥Ã¥È¥¢¥É¥ì¥¹¤ÏÂçʸ»ú¤Ç¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥È¥¢¥É¥ì¥¹¤Ï¾®Ê¸»ú¤Çɽ¼¨¤µ¤ì¤Æ¤¤¤ë)¡£

¤³¤ÎÎã¤Ï tcpdump -n ¤Ç¼Â¹Ô¤¹¤ë¤È¤³¤Î¤è¤¦¤Ë´Êά²½¤µ¤ì¤ë:

arp who-has 128.3.254.6 tell 128.3.254.68

arp reply 128.3.254.6 is-at 02:07:01:00:01:c4

Tcpdump -e ¤Ç¼Â¹Ô¤¹¤ë¤ÈºÇ½é¤Î¥Ñ¥±¥Ã¥È¤¬¥Ö¥í¡¼¥É¥­¥ã¥¹¥È¤ÇÆóÈÖÌÜ¤Ï point-to-point ¤Ç¤¢¤ë¤³¤È¤¬¸«¤Æ¤È¤ì¤ë:

RTSG Broadcast 0806  64: arp who-has csam tell rtsg

CSAM RTSG 0806  64: arp reply csam is-at CSAM

ºÇ½é¤Î¥Ñ¥±¥Ã¥È¤Ï source ¤Î¥¤¡¼¥µ¥Í¥Ã¥È¥¢¥É¥ì¥¹¤¬ RTSG ¤Ç¡¢ ¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¤¬¥¤¡¼¥µ¥Í¥Ã¥È¤Î¥Ö¥í¡¼¥É¥­¥ã¥¹¥È¤Ç¤¢¤ê¡¢ ¥¿¥¤¥×¥Õ¥£¡¼¥ë¥É¤Ï 16 ¿Ê¤Î 0806(ETHER_ARP)¡¢Á´Ä¹¤¬ 64 ¥Ð¥¤¥È¤Ç¤¢¤ë¤³¤È¤¬¤ï¤«¤ë¡£

TCP ¥Ñ¥±¥Ã¥È

(Ãí: °Ê²¼¤Ï RFC-793 ¤Çµ­½Ò¤µ¤ì¤ë TCP¥×¥í¥È¥³¥ë¤òÍý²ò¤·¤Æ¤¤¤ë¤â¤Î¤È ¤ß¤Ê¤·¤Æµ­½Ò¤·¤Æ¤¢¤ë¡£¤â¤·¤³¤Î¥×¥í¥È¥³¥ë¤ËÄ̤¸¤Æ¤¤¤Ê¤¤¤è¤¦¤Ê¤é¡¢¤³¤Îµ­ ½Ò¤À¤±¤Ç¤Ê¤¯¡¢tcpdump ¤½¤Î¤â¤Î¤âÌò¤ËΩ¤¿¤Ê¤¤¤À¤í¤¦¤¬¡£)

°ìÈÌŪ¤Ê¥Õ¥©¡¼¥Þ¥Ã¥È¤Ï²¼µ­¤ÎÄ̤ê:

src > dst: flags data-seqno ack window urgent options

src ¤È dst ¤Ï ¥½¡¼¥¹¤È¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¤È¤Ê¤ë IP¥¢¥É¥ì¥¹¤È¥Ý¡¼¥ÈÈÖ¹æ¤Ç¤¢¤ë¡£ flags ¤Ï S(SYN)¡¢F(FIN)¡¢P(PUSH)¤« R(RST) ¤ÎÁȹ礻¤«°ì¤Ä¤Î `.'(¥Õ¥é¥°¤Ê¤·)¤Ç¤¢¤ë¡£ data-seqno ¤Ï¤³¤Î¥Ñ¥±¥Ã¥È¤Ë´Þ¤Þ¤ì¤ë¥Ç¡¼¥¿¤Î¥·¡¼¥±¥ó¥¹¶õ´Ö¤Î°ìÉô¤ò¼¨¤¹(²¼µ­¤ÎÎã¤ò»²¾È)¡£ ack ¤Ï¤³¤ÎÀܳ¤Ë¤ª¤±¤ë¼¡¤Î´üÂÔ¤µ¤ì¤ë±þÅú¥Ç¡¼¥¿¤Î¥·¡¼¥±¥ó¥¹Èֹ档 window ¤Ï¤³¤ÎÀܳ¤Ë¤ª¤±¤ë±þÅú¤ËÂФ·¤ÆÍÑ°Õ¤µ¤ì¤Æ¤¤¤ë¥Ð¥Ã¥Õ¥¡¶õ´Ö¤Î¥Ð¥¤¥È¿ô¡£ urg ¤Ï¤³¤Î¥Ñ¥±¥Ã¥È¤Ë `urgent' ¥Ç¡¼¥¿¤¬´Þ¤Þ¤ì¤ë¤³¤È¤ò¼¨¤¹¡£ options ¤Ï tcp ¤Î¥ª¥×¥·¥ç¥ó¤Ç <>¤Ç°Ï¤Þ¤ì¤ë(Îã<mss 1024>)¡£

src¡¢dst ¤È flags ¤Ï¤«¤Ê¤é¤ºÉ½¼¨¤µ¤ì¤ë¡£Â¾¤Î¥Õ¥£¡¼¥ë¥É¤Ï¥Ñ¥±¥Ã¥È¤Î TCP ¥×¥í¥È¥³¥ë¥Ø¥Ã¥À¤Ë°Í¸¤¹¤ë¤Î¤ÇɬÍפʾì¹ç¤Î¤ßɽ¼¨¤µ¤ì¤ë¡£

¤³¤ì¤Ï¥Û¥¹¥È rtsg ¤«¤é csam ¤Ø¤Îrlogin ¤Î³«»Ï»þ¤Î°ìÉô¡£

rtsg.1023 > csam.login: S 768512:768512(0) win 4096 <mss 1024>

csam.login > rtsg.1023: S 947648:947648(0) ack 768513 win 4096 <mss 1024>

rtsg.1023 > csam.login: . ack 1 win 4096

rtsg.1023 > csam.login: P 1:2(1) ack 1 win 4096

csam.login > rtsg.1023: . ack 2 win 4096

rtsg.1023 > csam.login: P 2:21(19) ack 1 win 4096

csam.login > rtsg.1023: P 1:2(1) ack 21 win 4077

csam.login > rtsg.1023: P 2:3(1) ack 21 win 4077 urg 1

csam.login > rtsg.1023: P 3:4(1) ack 21 win 4077 urg 1

°ì¹ÔÌÜ¤Ï rtsg ¤Î TCP ¥Ý¡¼¥ÈÈÖ¹æ 1023 ¤«¤é csam ¤Î login ¥Ý¡¼¥È¤Ø ¤ÎÁ÷¿®¥Ñ¥±¥Ã¥È¤Îɽ¼¨¤Ç¤¢¤ë¡£S ¤Ï SYN ¥Õ¥é¥°¤¬¥»¥Ã¥È¤µ¤ì¤Æ¤¤¤ë¤³ ¤È¤ò¼¨¤¹¡£¥Ñ¥±¥Ã¥È¤Î¥·¡¼¥±¥ó¥¹ÈÖ¹æ¤Ï 768512 ¤Ç¤³¤Î¥Ñ¥±¥Ã¥È¤Ï¥Ç¡¼¥¿¤ò ´Þ¤Þ¤Ê¤¤¡£(¤³¤Î¤è¤¦¤Ë nbytes ¥Ð¥¤¥È¤Î¥æ¡¼¥¶¥Ç¡¼¥¿¤ò´Þ¤à¥·¡¼¥± ¥ó¥¹ÈÖ¹æ first ¤«¤é¡¢last (last ¤Ï´Þ¤Þ¤ì¤Ê¤¤)¤ò¼¨¤¹¤¿¤á¤Ë `first:last(nbytes)'¤Èɽµ­¤¹¤ë)¡£¤Þ¤¿¤³¤Î¥Ñ¥±¥Ã¥È¤Ë¤Ï ack ¤ÏÀßÄꤵ¤ì¤Æ ¤ª¤é¤º¡¢¼õ¿® window ¤Ï 4096 ¥Ð¥¤¥È¡¢ºÇÂ祻¥°¥á¥ó¥È¥µ¥¤¥º(mss)¥ª¥×¥·¥ç ¥ó ¤¬ 1024 ¥Ð¥¤¥È¤ËÀßÄꤵ¤ì¤Æ¤¤¤¿¡£

¤³¤ì¤ËÂФ·¤Æ¡¢csam ¤Ï rtsg ¤Î SYN ¤ËÂФ¹¤ë ack ¤ò´Þ¤à¾¤ÏƱÅù¤ÎÆâÍƤΥѥ±¥Ã¥È¤òÊÖ¤·¤Æ¤¤¤ë¡£ ¤½¤³¤Ç¡¢rtsg ¤Ï csam ¤Î SYN ¤Ë ack ±þÅú¤òÊÖ¤¹¡£`.' ¤Ï¥Õ¥é¥°¤¬¥»¥Ã¥È¤µ¤ì¤Æ¤¤¤Ê¤¤¤³¤È¤ò¼¨¤¹¡£ ¤³¤Î¥Ñ¥±¥Ã¥È¤Ë¤Ï¥Ç¡¼¥¿¤¬´Þ¤Þ¤ì¤Ê¤¤¤Î¤Ç¡¢¥·¡¼¥±¥ó¥¹ÈÖ¹æ¤â¤Ê¤¤¡£ack ±þÅú¤Î¥·¡¼¥±¥ó¥¹ÈÖ¹æ¤Ï¾®¤µ¤ÊÀ°¿ô 1 ¤Ç¤¢¤ëÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£ ºÇ½é¤Ë tcp ¤Î¡Ö²ñÏáפò¸«¤¤¤À¤¹¤È¡¢tcpdump ¤Ï¤½¤Î¥Ñ¥±¥Ã¥È¤Î¥·¡¼ ¥±¥ó¥¹ÈÖ¹æ¤ò½ÐÎϤ¹¤ë¡£¤½¤Î²ñÏäΥѥ±¥Ã¥È¤«¤é¤Ï¡¢¤½¤Î¥·¡¼¥±¥ó¥¹ÈÖ¹æ¤È ½é´ü²½¤µ¤ì¤¿¥·¡¼¥±¥ó¥¹ÈÖ¹æ¤È¤Îº¹°Û¤¬É½¼¨¤µ¤ì¤ë¡£ ¤³¤ì¤ÏºÇ½é°Ê³°¤Î¥·¡¼¥±¥ó¥¹ÈÖ¹æ¤Ï¤½¤Î²ñÏäΥǡ¼¥¿¥°¥é¥à¤Ë¤ª¤±¤ëÁêÂÐŪ¤Ê ¥Ð¥¤¥È°ÌÃ֤Ȥ·¤Æ²ò¼á¤Ç¤­¤ë¤³¤È¤ò°ÕÌ£¤¹¤ë (³Æ¥Ç¡¼¥¿¥°¥é¥à¤Ï 1 ¤«¤é»Ï¤Þ ¤ë)¡£ '-S' ¥ª¥×¥·¥ç¥ó¤Ï¤³¤Îµ¡Ç½¤ò̵»ë¤·¤Æ¡¢ËÜÍè¤Î¥·¡¼¥±¥ó¥¹ÈÖ¹æ¤ò½ÐÎϤ¹¤ë¡£

6 ¹ÔÌÜ¤Ç rtsg ¤Ï scam ¤Ø 19 ¥Ð¥¤¥È(rtsg ¤«¤é csam ¤ÎÊý¸þ¤Ø¡¢2 ¥Ð¥¤¥ÈÌÜ ¤«¤é 20 ¥Ð¥¤¥ÈÌܤޤÇ) ¤Î¥Ç¡¼¥¿¤òÁ÷¤ë¡£¤³¤Î¥Ñ¥±¥Ã¥È¤Ë¤Ï PUSH ¥Õ¥é¥°¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë¡£7 ¹ÔÌܤǡ¢ csam ¤Ï rtsg ¤¬Á÷¿®¤·¤¿¥Ç¡¼¥¿¤ò¼õ¿®¤·¤¿¡¢¤È¸À¤Ã¤Æ¤¤¤ë¤¬¡¢¤³¤ì¤Ë¤Ï 21 ¥Ð¥¤¥ÈÌܤϴޤޤì¤Ê¤¤¡£csam ¤Î¼õ¿® window ¤¬ 19 ¥Ð¥¤¥È¾®¤µ¤¯¤Ê¤Ã¤Æ¤¤¤ë¤³¤È¤« ¤é¡¢¤³¤Î¥Ç¡¼¥¿¤Ï¥½¥±¥Ã¥È¥Ð¥Ã¥Õ¥¡¤Ëα¤Þ¤Ã¤Æ¤¤¤ë¤È¿ä¬¤µ¤ì¤ë¡£csam ¤Ï¤Þ ¤¿ 1¥Ð¥¤¥È¤Î¥Ç¡¼¥¿¤ò rtsg ¤ËÁ÷¿®¤¹¤ë¡£8 ¹ÔÌÜ¤È 9 ¹ÔÌÜ¤È¤Ç csam ¤Ï urgent ¤ª¤è¤Ó pushed ÉÕ¤­¤Î¥Ñ¥±¥Ã¥È 2¥Ð¥¤¥È ¤òrtsg ¤ØÁ÷¿®¤·¤Æ¤¤¤ë¡£

¤â¤·¡¢snapshot ¤¬¾®¤µ¤¹¤®¤Æ tcpdump ¤¬ TCP ¥Ø¥Ã¥À¤ÎÁ´¤Æ¤òª¤¨¤é¤ì¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢¤Ç¤­¤ë¤À¤± ¤Î²ò¼á¤ò¤·¤Æ¡¢¤½¤Î»Ä¤ê¤Ë¤Ï²ò¼áÉÔǽ¤À¤Ã¤¿¤â¤Î¤¬¤¢¤ë¤³¤È¤ò¼¨¤¹¤¿¤á¤Ë ``[|tcp]''¤Èɽ¼¨¤¹¤ë¡£¥Ø¥Ã¥À¤Ë°ÕÌ£ÉÔÌÀ¤Ê¥ª¥×¥·¥ç¥ó(¤¿¤È¤¨¤Ð¡¢¾® ¤µ¤¹¤®¤¿¤ê¡¢¥Ø¥Ã¥À¤è¤ê¤âŤ«¤Ã¤¿¤ê¤¹¤ë length ¤È¤«)¤¬ÀßÄꤵ¤ì¤Æ¤¤¤¿¾ì ¹ç¤Ï¡¢tcpdump ¤Ï ``[bad opt]''¤Èɽ¼¨¤·¡¢¤½¤ì°Ê¾å¤Î¥ª¥×¥·¥ç¥ó²òÀÏ ¤òÃæ»ß¤¹¤ë(¤½¤ì¤¬¤É¤³¤«¤é»Ï¤á¤é¤ì¤ë¤«¤ï¤«¤é¤Ê¤¤¤Î¤Ç)¡£ ¥Ø¥Ã¥ÀŤ¬¥ª¥×¥·¥ç¥ó¤òÁ÷¿®¤·¤¿¤³¤È¤ò¼¨¤·¤Æ¤¤¤ë¤Î¤Ë¡¢ IP ¥Ç¡¼¥¿¥°¥é¥àĹ¤Ï¤½¤³¤Ë¥ª¥×¥·¥ç¥ó¤ò´Þ¤á¤é¤ì¤Ê¤¤¤³¤È¤ò¼¨¤¹¾ì¹ç¤Ï tcpdump ¤Ï ``[bad hdr length]''¤Èɽ¼¨¤¹¤ë¡£

UDP ¥Ñ¥±¥Ã¥È

UDP ¤Ï¤³¤Î rwho ¤Î¥Ñ¥±¥Ã¥È¤ÇÀâÌÀ¤¹¤ë:

actinide.who > broadcast.who: udp 84

¤³¤ì¤Ï¥Û¥¹¥È actinide ¤Î who ¤Î¥Ý¡¼¥È¤«¤é UDP ¥Ç¡¼¥¿¥°¥é¥à¤¬ ¥Û¥¹¥È broadcast ¤¹¤Ê¤ï¤Á¥¤¥ó¥¿¡¼¥Í¥Ã¥È¥Ö¥í¡¼¥É¥­¥ã¥¹¥È¥¢¥É¥ì¥¹¤Î who ¤Î¥Ý¡¼¥È¤ØÁ÷¤é¤ì¤¿¤³¤È¤òɽ¼¨¤·¤Æ¤¤¤ë¡£ ¥Ñ¥±¥Ã¥È¤Ï¥æ¡¼¥¶¥Ç¡¼¥¿ 84 ¥Ð¥¤¥È¤ò´Þ¤ó¤Ç¤¤¤ë¡£

¤¤¤¯¤Ä¤Î¤«¤Î UDP ¥µ¡¼¥Ó¥¹¤Ë´Ø¤·¤Æ¤Ï(¤½¤Î¥½¡¼¥¹¤Þ¤¿¤Ï¥Ç¥£¥¹¥Í¡¼¥·¥ç¥ó ¤Î¥Ý¡¼¥ÈÈÖ¹æ¤è¤ê)²ò¼á¤¹¤ë¤³¤È¤¬¤Ç¤­¡¢¤è¤ê¾å°Ì¤ÎÁؤˤª¤±¤ë¥×¥í¥È¥³¥ë ¾ðÊó¤òɽ¼¨¤¹¤ë¡£Æä˥ɥᥤ¥ó¥Í¡¼¥à¥µ¡¼¥Ó¥¹Í×µá(RFC-1034/1035)¤ä NFS ¤Ë¤Ä¤¤¤Æ¤Î Sun RPC (RFC-1050)¤Ë¤Ä¤¤¤Æ½ÐÎϤµ¤ì¤ë¡£

UDP ¥Í¡¼¥à¥µ¡¼¥Ó¥¹Í×µá

(Ãí:°Ê²¼¤Ï RFC-1035 ¤Çµ­½Ò¤µ¤ì¤ë ¥É¥á¥¤¥ó¥Í¡¼¥à¥µ¡¼¥Ó¥¹¥×¥í¥È¥³¥ë¤ò Íý²ò¤·¤Æ¤¤¤ë¤â¤Î¤È¤ß¤Ê¤·¤Æµ­½Ò¤·¤Æ¤¤¤ë¡£ ¤â¤·¤³¤Î¥×¥í¥È¥³¥ë¤ËÄ̤¸¤Æ¤¤¤Ê¤¤¤è¤¦¤Ê¤é¡¢°Ê²¼¤Îµ­½Ò¤Ï¤Á¤ó¤×¤ó¤«¤ó¤×¤ó¤«¤â¤·¤ì¤Ê¤¤¡£)

¥Í¡¼¥à¥µ¡¼¥Ð¤ÎÍ×µá¤Ï¡¢

src > dst: id op? flags qtype qclass name (len)



h2opolo.1538 > helios.domain: 3+ A? ucbvax.berkeley.edu. (37)

¤Î¤è¤¦¤Ê·Á¼°¤Ç¤¢¤ë¡£

¥Û¥¹¥È h2opolo ¤Ï helios ¤Î¥É¥á¥¤¥ó¥Í¡¼¥à¥µ¡¼¥Ð¤ËÂФ·¤Æ¡¢ ucb-bax.berkeley.edu. ¤È¤¤¤¦Ì¾Á°¤Ë¤Ä¤¤¤Æ¤Î¥¢¥É¥ì¥¹¥ì¥³¡¼¥É(qtype=A)¤ò¿Ò¤Í¤ë¡£ Ì䤤¹ç¤ï¤»¤Î id ¤Ï `3'¡£`+'¤ÏºÆµ¢²Äǽ(recursion desired)¥Õ¥é¥°¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë¤³¤È¤ò¼¨¤¹¡£ Ì䤤¹ç¤ï¤»¤Ï UDP ¤È IP ¤Î¥Ø¥Ã¥À¤Ï´Þ¤Þ¤á¤º¤Ë 37¥Ð¥¤¥È¤¢¤ë¡£ Ìä¹ç¤»¤Ïɸ½àŪ¤Ê Query ¤Ê¤Î¤Ç op ¥Õ¥£¡¼¥ë¥É¤Ï¾Êά¤µ¤ì¤Æ¤¤¤ë¡£ ¤â¤·¡¢op ¥Õ¥£¡¼¥ë¥É¤ò»ý¤Ä¤Ê¤é¡¢¤½¤ì¤¬¤Ê¤ó¤Ç¤¢¤ì¡¢`3' ¤È `+' ¤Î´Ö¤Ëɽ¼¨¤¹¤ë¡£ ¤Þ¤¿Æ±Íͤˡ¢Ìä¹ç¤»¥¯¥é¥¹(qclass)¤âɸ½àŪ¤Ê C_IN ¤Ê¤Î¤Ç¡¢¾Êά¤µ¤ì¤Æ¤¤¤ë¡£ ¤Û¤«¤ÎÌä¹ç¤»¥¯¥é¥¹¤Î¾ì¹ç¤Ï `A' ¤Ë³¤¤¤Æɽ¼¨¤¹¤ë¡£

Î㳰Ū¤Ê¤â¤Î¤ò¸¡½Ð¤·¤¿¾ì¹ç¡¢ÄɲäΥե£¡¼¥ë¥É¤ò[ ] ¤Ç°Ï¤ó¤Çɽ¼¨¤¹¤ë¤À¤í ¤¦:¤â¤·Ìä¹ç¤»(query)¤Ë²óÅú¡¢¥Í¡¼¥à¥µ¡¼¥Ð¡¢¸¢°Ò¥»¥¯¥·¥ç¥ó¤¬´Þ¤Þ¤ì¤ë¾ì¹ç¡¢ ancount, nscount, arcount ¤Ï¤½¤ì¤¾¤ìn ¤ò¥«¥¦¥ó¥È¿ô¤È¤·¤Æ¡¢ `[na]'¡¢`[nn]' ¤« `[nau]' ¤Î¤è¤¦¤Ëɽ¼¨¤µ¤ì¤ë¡£ ¤â¤·¡¢ÂèÆ󤪤è¤ÓÂè»°¥Ð¥¤¥È¤Ë¤¤¤¯¤Ä¤«¤Î±þÅúbit¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë(AA¡¢RA ¤« ¤Þ¤¿¤Ï rcode)¾ì¹ç¤«¡¢`must be zero' ¥Ó¥Ã¥È¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï `[b2&3=x]'¤Èɽ¼¨¤¹¤ë¡£¤³¤³¤Ç x ¤Ï¥Ø¥Ã¥À¤ÎÂèÆ󤪤è¤ÓÂè»°¥Ð¥¤¥È¤Î 16 ¿Êɽ¸½¤Ç¤¢¤ë¡£

UDP ¥Í¡¼¥à¥µ¡¼¥Ð±þÅú

¥Í¡¼¥à¥µ¡¼¥Ð¤«¤é¤Î±þÅú¤Ï¡¢

src > dst:  id op rcode flags a/n/au type class data (len)



helios.domain > h2opolo.1538: 3 3/3/7 A 128.32.137.3 (273)

helios.domain > h2opolo.1537: 2 NXDomain* 0/1/0 (97)

¤Î¤è¤¦¤Ê·Á¼°¤Ç¤¢¤ë¡£

ºÇ½é¤ÎÎã¤Ç¤Ï¡¢helios ¤Ï h2opolo ¤Î id 3 ¤ÎÍ×µá¤Ë»°¸Ä¤Î²óÅú ¥ì¥³¡¼¥É¡¢»°¸Ä¤Î¥Í¡¼¥à¥µ¡¼¥Ð¥ì¥³¡¼¥É¤È¼·¸Ä¤Î¸¢°Ò¥ì¥³¡¼¥É¤òÊÖÅú¤·¤Æ¤¤¤ë¡£ ºÇ½é¤Î²óÅú¤Ï A ¥ì¥³¡¼¥É¤Ç¡¢¤³¤Î¥Ç¡¼¥¿¤Ï¥¤¥ó¥¿¡¼¥Í¥Ã¥È¥¢¥É¥ì¥¹¤Î 128.32.137.3 ¤Ç¤¢¤ë¡£ ±þÅú¤Î¥µ¥¤¥º¤Ï UDP ¤È IP ¤Î¥Ø¥Ã¥À¤Ï´Þ¤Þ¤º¤Ë 273 ¥Ð¥¤¥È¤Ç¤¢¤ë¡£ (query¤Î) op ¤È response code(¤³¤Î¾ì¹ç¤Ï NoError)¤Ï¡¢A ¥ì¥³¡¼¥É¤Î¥¯¥é ¥¹(C_IN)¤ÈƱÍͤ˾Êά¤µ¤ì¤Æ¤¤¤ë¡£

¼¡¤ÎÎã¤Ï helios ¤Ï¥É¥á¥¤¥ó¤¬Â¸ºß¤·¤Ê¤¤¡¢¤È¤¤¤¦ response code (NXDomain) ¤Ç²óÅú¤Ï¤Ê¤·¡¢¥Í¡¼¥à¥µ¡¼¥Ð¤Ï°ì¸Ä¡¢¸¢°Ò¥ì¥³¡¼¥É¤â¤Ê¤·¡¢¤È¤¤¤¦ÊÖÅú¤ò¤·¤Æ¤¤¤ë¡£ `*' ¤Ï authoritative answer ¥Ó¥Ã¥È¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë¤³¤È¤ò¼¨¤¹¡£ ²óÅú¤¬¤Ê¤¤¤Î¤Ç¡¢ type ¤È¥¯¥é¥¹¤ª¤è¤Ó¥Ç¡¼¥¿¤Ïɽ¼¨¤µ¤ì¤Ê¤¤¡£

¤Û¤«¤Î¥Õ¥é¥°¤Ï`-'(RA(ºÆµ¢²Ä)¤¬ÀßÄꤵ¤ì¤Æ¤¤¤Ê¤¤)¡¢`|'TC(¤Þ¤ë¤á¤é ¤ì¤¿¥á¥Ã¥»¡¼¥¸)¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë¡£`question' ¥»¥¯¥·¥ç¥ó¤¬°ì¤Ä¤Ç¤Ê¤¤¾ì¹ç ¤Ë¤Ï¡¢`[nq]'¤È½ÐÎϤ¹¤ë¡£

¥Í¡¼¥à¥µ¡¼¥Ð¤Î±þÅú¤Ï¥Ç¥Õ¥©¥ë¥È¤Î snaplen ¤Ç¤¢¤ë 68 ¥Ð¥¤¥È¤è¤ê¤âÂ礭¤¯¤Ê¤ê¤¬¤Á¤Ê¤Î¤Ç¡¢ ¤½¤Î¥Ñ¥±¥Ã¥È¤òɽ¼¨¤¹¤ë¤Î¤Ë½½Ê¬¤Ê¤À¤±¤Î¾ðÊó¤òª¤¨¤­¤ì¤Ê¤¤¤³¤È¤¬¤¢¤ë¡£ ¥Í¡¼¥à¥µ¡¼¥Ó¥¹¤ÎÄÌ¿®¤ò¸·Ì©¤Ë²òÀϤ·¤¿¤¤¤È¤­¤Ï¡¢-s ¥Õ¥é¥°¤òÍøÍѤ·¤Æ snaplen ¤ò³ÈÄ¥¤¹¤ë¤Ù¤­¤Ç¤¢¤ë¡£ `-s 128'¤¯¤é¤¤¤¬ÂÅÅö¤Ç¤¢¤í¤¦¡£

SMB/CIFS Ÿ³«

tcpdump ¤Ï UDP/137, UDP/138, TCP/139 ¤ËÂФ¹¤ëÈæ³ÓŪÂ絬ÌÏ¤Ê SMB/CIFS/NBT ¥Ç¥³¡¼¥Éµ¡Ç½¤ò»ý¤Ä¡£ IPX ¤È NetBEUI SMB ¤ò¥Ç¥³¡¼¥É¤¹¤ëÍ×ÁǤ⤢¤ë¡£

¥Ç¥Õ¥©¥ë¥È¤Ç¤ÏÈæ³ÓŪ¾®µ¬ÌϤʥǥ³¡¼¥É¤¬¹Ô¤ï¤ì¡¢ -v ¥ª¥×¥·¥ç¥ó¤òÍѤ¤¤ë¤ÈÍÚ¤«¤Ë¾ÜºÙ¤Ê¥Ç¥³¡¼¥É¤¬¹Ô¤ï¤ì¤ë¡£ -v ¥ª¥×¥·¥ç¥óÉÕ¤­¤Î¾ì¹ç¡¢¤Ò¤È¤Ä¤Î SMB ¥Ñ¥±¥Ã¥È¤¬ 1 ²èḬ̀ʾå¤Î¾ðÊó¤ò½Ð¤¹¾ì¹ç¤â¤¢¤ë¤Î¤Ç¡¢ ËÜÅö¤ËɬÍפʾì¹ç¤Î¤ß -v ¥ª¥×¥·¥ç¥ó¤ò¤Ä¤±¤ë¤³¤È¡£

UNICODE ʸ»úÎó¤ò´Þ¤à SMB ¥»¥Ã¥·¥ç¥ó¤ò¥Ç¥³¡¼¥É¤¹¤ë¾ì¹ç¤Ï¡¢ ´Ä¶­ÊÑ¿ô USE_UNICODE ¤Ë 1 ¤ò¥»¥Ã¥È¤·¤¿¤Û¤¦¤¬¤¤¤¤¤«¤â¤·¤ì¤Ê¤¤¡£ UNICODE ʸ»úÎó¤ò¼«Æ°¸¡½Ð¤¹¤ë¥Ñ¥Ã¥Á¤Ï´¿·Þ¤¹¤ë¡£

SMB ¥Ñ¥±¥Ã¥È¤Î·Á¼°¤ä all te¥Õ¥£¡¼¥ë¥É¤¬²¿¤ò°ÕÌ£¤¹¤ë¤«¤Î¾ðÊó¤Ï¡¢ www.cifs.org ¤« samba.org ¥ß¥é¡¼¥µ¥¤¥È¤Î pub/samba/specs/ ¥Ç¥£¥ì¥¯¥È¥ê¤ò»²¾È¤Î¤³¤È¡£ SMB ¥Ñ¥Ã¥Á¤Ï Andrew Tridgell (tridge@samba.org) ¤¬½ñ¤¤¤¿¡£

NFS Í×µá¤È²óÅú

Sun NFS(Network File System)¤ÎÍ×µá¤È±þÅú¤Ï¼¡¤Î¤è¤¦¤Ë½ÐÎϤµ¤ì¤ë:

src.xid > dst.nfs: len op args

src.nfs > dst.xid: reply stat len op results





sushi.6709 > wrl.nfs: 112 readlink fh 21,24/10.73165

wrl.nfs > sushi.6709: reply ok 40 readlink "../var"

sushi.201b > wrl.nfs:

        144 lookup fh 9,74/4096.6878 "xcolors"

wrl.nfs > sushi.201b:

        reply ok 128 lookup fh 9,74/4134.3150

°ì¹ÔÌܤϥۥ¹¥È sushi ¤¬ id 6709 ¤Ç¥È¥é¥ó¥¶¥¯¥·¥ç¥óÍ×µá¤ò wrl ¤ËÁ÷¿®¤·¤Æ¤¤¤ë (src ¥Û¥¹¥È¤Ë³¤¯¿ô»ú¤Ï port ÈÖ¹æ ¤Ç¤Ï¤Ê¤¯¤Æ ¥È¥é¥ó¥¶¥¯¥·¥ç¥ó id ¤Ç¤¢¤ëÅÀ¤ËÃí°Õ¤»¤è)¡£ Í×µá¤Ï UDP ¤È IP ¤Î¥Ø¥Ã¥À¤ò½ü¤¤¤Æ 112 ¥Ð¥¤¥È¤Ç¤¢¤ë¡£Æ°ºîÍ×µá¤Ï¥Õ¥¡¥¤¥ë¥Ï¥ó¥É¥ë(fh) 21,24/10.731657119 ¤ËÂФ¹¤ë readlink (¥·¥ó¥Ü¥ê¥Ã¥¯¥ê¥ó¥¯¤ÎÃͤòÆɤà)¤Ç¤¢¤ë¡£ (¤³¤ÎÎã¤Ç¤Ï¡¢¹¬±¿¤Ê¤³¤È¤Ë¡¢¥Ç¥Ð¥¤¥¹¤Î major ¤ª¤è¤Ó minor ÈÖ¹æ¤ÎÂÐ¤È inode Èֹ桢generation Èֹ椬¥Õ¥¡¥¤¥ë¥Ï¥ó¥É¥ë¤«¤éÃê½Ð¤Ç¤­¤Æ¤¤¤ë) Wrl ¤Ï¥ê¥ó¥¯¤ÎÆâÍÆ¤È `ok' ¤òÊÖÅú¤·¤Æ¤¤¤ë¡£

»°¹ÔÌÜ¤Ç¤Ï sushi ¤Ï wrl ¤ËÂФ· ¥Ç¥£¥ì¥¯¥È¥ê¥Õ¥¡¥¤¥ë 9,74/4096.8678 ¤«¤é `xcolors' ¤òõ¤·½Ð¤¹¤è¤¦¤ËÍ׵ᤷ¤Æ¤¤¤ë¡£ ½ÐÎϤµ¤ì¤ë¥Ç¡¼¥¿¤ÏÁàºî¤Î¼ïÎà¤Ë¤è¤Ã¤Æ°Í¸¤·¤Æ¤¤¤ë¤³¤È¤ËÃí°Õ¤¹¤ë¤³¤È¡£ ¤³¤Î½ÐÎÏ·Á¼°¤Ï NFS ¥×¥í¥È¥³¥ë»ÅÍͤȤȤâ¤ËÆɤó¤À¾ì¹ç¤Ë¼«¸ÊÀâÌÀ¤Ë¤Ê¤ë¤è¤¦°Õ¿Þ¤µ¤ì¤¿·Á¼°¤Ç¤¢¤ë¡£

-v(verbose) ¥Õ¥é¥°¤¬Í¿¤¨¤é¤ì¤Æ¤¤¤ë¾ì¹ç¡¢ÄɲäξðÊó¤â½ÐÎϤµ¤ì¤ë¡£Îã:

sushi.1372a > wrl.nfs:

        148 read fh 21,11/12.195 8192 bytes @ 24576

wrl.nfs > sushi.1372a:

        reply ok 1472 read REG 100664 ids 417/0 sz 29388

(-v ¤Ï IP ¥Ø¥Ã¥À¤Î TTL ¤È ID¡¢¥Õ¥é¥°¥á¥ó¥Æ¡¼¥·¥ç¥ó¥Õ¥£¡¼¥ë¥É¤âɽ¼¨¤¹¤ë ¤¬¡¢¤³¤ÎÎã¤Ç¤Ï¾Êά¤·¤Æ¤¤¤ë)¡£°ì¹ÔÌܤǤϡ¢sushi ¤Ï wrl ¤ËÂФ·¤Æ¡¢ file 21,11/12.195 ¤Î¥Ð¥¤¥È¥ª¥Õ¥»¥Ã¥È 24576 ¤«¤é 8192 ¥Ð¥¤¥ÈÆɤ߽Ф·Í×µá¤ò½Ð ¤·¤Æ¤¤¤ë¡£Wrl ¤Ï `ok' ¤òÊÖ¤·¤Æ¤¤¤ë; Æó¹ÔÌܤËɽ¼¨¤µ¤ì¤Æ¤¤¤ë¤³¤Î¥Ñ ¥±¥Ã¥È¤Ï¥Õ¥é¥°¥á¥ó¥È²½¤µ¤ì¤¿ÊÖÅú¤Î°ìÈÖÌܤΥѥ±¥Ã¥È¤Ç¤¢¤ë¤¿¤á¡¢1472 ¥Ð ¥¤¥È¤Î¤ß¤Ç¤¢¤ë(»Ä¤ê¤Î¥Ð¥¤¥È¤Ï¤½¤Î¸å¤Î¥Õ¥é¥°¥á¥ó¥È¤È¤·¤Æ³¤¯¤¬¡¢¤½¤ì¤é ¤Î¥Õ¥é¥°¥á¥ó¥È¤Ï NFS ¥Ø¥Ã¥À¤â UDP ¥Ø¥Ã¥À¤â»ý¤¿¤Ê¤¤¤Î¤Ç¡¢¥Õ¥£¥ë¥¿¾ò·ï¼°¤Î»ØÄ꼡Âè¤Çɽ¼¨¤µ¤ì¤Ê¤¤¤³¤È¤¬¤¢¤ë)¡£ ¤Þ¤¿ -v ¥Õ¥é¥°¤¬¤¢¤¿¤¨¤é¤ì¤Æ¤¤¤ë¤³¤È¤Ë¤è¤ê¡¢¤¤¤¯¤Ä¤«¤Î¥Õ¥¡¥¤¥ë¤Î°À­ ¤âɽ¼¨¤µ¤ì¤ë(¥Õ¥¡¥¤¥ë¥Ç¡¼¥¿¤ËÉղä·¤ÆÊÖÅú¤µ¤ì¤ë): ¥Õ¥¡¥¤¥ë¤Î¥¿¥¤¥× (``REG'' ¤ÏÉáÄ̤Υե¡¥¤¥ë)¡¢¥Õ¥¡¥¤¥ë¤Î¥â¡¼¥É(Ȭ¿Ê¤Ç)¡¢uid ¤È gid¡¢¤Þ¤¿¥Õ¥¡¥¤¥ë¤Î¥µ¥¤¥º¤Ê¤É¡£

-v ¥Õ¥é¥°¤¬Ê£¿ôÍ¿¤¨¤é¤ì¤ë¤È(-vv¤Î¤³¤È)¤â¤Ã¤È¾ÜºÙ¤Ê¾ðÊ󤬽ÐÎϤµ¤ì¤ë¡£

NFS ¤ÎÍ×µá¤Ï¤È¤Æ¤âÂ礭¤¤¤Î¤Ç¡¢snaplen ¤òÁý²Ã¤·¤Ê¤¤¤È½½Ê¬¤Ê¾ðÊó¤¬É½¼¨¤Ç ¤­¤Ê¤¤¤«¤â¤·¤ì¤Ê¤¤¤³¤È¤ËÃí°Õ¤¹¤ë¤³¤È¡£ NFS ¤ÎÄÌ¿®¤ò´Æ»ë¤¹¤ë¾ì¹ç¤Ï `-s 192' ¤ò»î¤·¤Æ¤ß¤ë¤È¤è¤¤¡£

NFS¤ÎÊÖÅú¥Ñ¥±¥Ã¥È¤Ï RPCÁàºî¤Ë¤è¤Ã¤Æ¼±Ê̤¹¤ë¤³¤È¤¬¤Ç¤­¤Ê¤¤¡£¤·¤«¤·¤Ê¤¬ ¤é¡¢tcpdump ¤Ï ``ºÇ¶á¤Î''Í×µá¤ò³Ð¤¨¤Æ¤ª¤¤¤Æ¡¢ÊÖÅú¤¬¤½¤Î¥È¥é¥ó¥¶ ¥¯¥·¥ç¥ó ID¤Ë°ìÃפ¹¤ë¤«Ä´¤Ù¤ë¡£±þÅú¤¬Âбþ¤¹¤ëÍ×µá¤Î¶á¤¯¤ËÄÌ¿®¤µ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¤­¤Á¤ó¤È²òÀϤǤ­¤Ê¤¤¤«¤â¤·¤ì¤Ê¤¤¡£

AFS Í×µá¤È±þÅú

Transarc AFS (Andrew File System) Í×µá¤È±þÅú¤Ï°Ê²¼¤Î¤è¤¦¤Ëɽ¼¨¤µ¤ì¤ë¡£

src.sport > dst.dport: rx packet-type

src.sport > dst.dport: rx packet-type service call call-name args

src.sport > dst.dport: rx packet-type service reply call-name args





elvis.7001 > pike.afsfs:

        rx data fs call rename old fid 536876964/1/1 ".newsrc.new"

        new fid 536876964/1/1 ".newsrc"

pike.afsfs > elvis.7001: rx data fs reply rename

ºÇ½é¤Î¹Ô¤Ç¡¢¥Û¥¹¥È elvis ¤Ï RX ¥Ñ¥±¥Ã¥È¤ò pike ¤ËÁ÷¿®¤·¤Æ¤¤¤ë¡£ ¤³¤ì¤Ï fs (¥Õ¥¡¥¤¥ë¥µ¡¼¥Ð) ¥µ¡¼¥Ó¥¹¤Ø¤Î RX ¥Ç¡¼¥¿¥Ñ¥±¥Ã¥È¤Ç¡¢ RPC ¸Æ¤Ó½Ð¤·¤Î³«»Ï¤Ç¤¢¤ë¡£ RPC ¸Æ¤Ó½Ð¤·¤Ï¥ê¥Í¡¼¥à¤Ç¡¢¸Å¤¤¥Ç¥£¥ì¥¯¥È¥ê¥Õ¥¡¥¤¥ë ID ¤Ï 536876964/1/1¡¢ ¸Å¤¤¥Õ¥¡¥¤¥ë̾¤Ï`.newsrc.new'¡¢ ¿·¤·¤¤¥Ç¥£¥ì¥¯¥È¥ê¥Õ¥¡¥¤¥ë ID ¤Ï 536876964/1/1¡¢ ¿·¤·¤¤¥Õ¥¡¥¤¥ë̾¤Ï `.newsrc' ¤Ç¤¢¤ë¡£ ¥Û¥¹¥È pike ¤Ï ¥ê¥Í¡¼¥à¸Æ¤Ó½Ð¤·¤ËÂФ¹¤ë RPC ±þÅú¥Ñ¥±¥Ã¥È (¥Ç¡¼¥¿¥Ñ¥±¥Ã¥È¤Ç¤¢¤ê¡¢ÃæÃǥѥ±¥Ã¥È¤Ç¤Ï¤Ê¤¤¤Î¤ÇÀ®¸ù¤ò°ÕÌ£¤¹¤ë) ¤òÊÖ¿®¤·¤Æ¤¤¤ë¡£

°ìÈ̤ˡ¢Á´¤Æ¤Î AFS RPC ¤Ï¾¯¤Ê¤¯¤È¤â RPC ¸Æ¤Ó½Ð¤·Ì¾¤Ï¥Ç¥³¡¼¥É¤µ¤ì¤ë¡£ ¤Û¤È¤ó¤É¤Î AFC RPC ¤Ï¾¯¤Ê¤¯¤È¤â¤¤¤¯¤Ä¤«¤Î°ú¿ô¤Ï¥Ç¥³¡¼¥É¤µ¤ì¤ë (°ìÈÌ¤Ë `¶½Ì£¿¼¤¤' °ú¿ô¤Î¤ß¤¬¥Ç¥³¡¼¥É¤µ¤ì¤ë)¡£

ɽ¼¨¥Õ¥©¡¼¥Þ¥Ã¥È¤Ï¼«¸ÊÀâÌÀŪ¤Ê¤â¤Î¤òÌܻؤ·¤Æ¤¤¤ë¤¬¡¢ AFS ¤È RX ¤ÎÆ°ºî¤Ë¾Ü¤·¤¯¤Ê¤¤¿Í¡¹¤Ë¤È¤Ã¤Æ¤Ï¤ª¤½¤é¤¯ÊØÍø¤Ç¤Ï¤Ê¤¤¤À¤í¤¦¡£

-v (¾ÜºÙ) ¥ª¥×¥·¥ç¥ó¤¬ 2 ²ó»ØÄꤵ¤ì¤ë¤È¡¢ÄɲþðÊó¤¬É½¼¨¤µ¤ì¤ë¡£ ¤³¤ì¤Ï RX ¸Æ¤Ó½Ð¤· ID¡¢¸Æ¤Ó½Ð¤·Èֹ桢¥·¡¼¥±¥ó¥¹Èֹ桢¥·¥ê¥¢¥ëÈֹ桢RX ¥Ñ¥±¥Ã¥È¥Õ¥é¥°¤Ê¤É¤Ç¤¢¤ë¡£

¤µ¤é¤Ë -v ¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤ë¤È¡¢¥»¥­¥å¥ê¥Æ¥£¥¤¥ó¥Ç¥Ã¥¯¥¹¤È¥µ¡¼¥Ó¥¹ ID ¤¬É½¼¨¤µ¤ì¤ë¡£

ÃæÃǥѥ±¥Ã¥È¤Î¥¨¥é¡¼¥³¡¼¥É¤âɽ¼¨¤µ¤ì¤ë¡£ ⤷¡¢Ubik ¥Ó¡¼¥³¥ó¥Ñ¥±¥Ã¥È¤ÏÎã³°¤Ç¤¢¤ë¡£ (¤Ê¤¼¤Ê¤é¡¢Ubik ¥×¥í¥È¥³¥ë¤Ë¤ª¤±¤ëÃæÃǥѥ±¥Ã¥È¤Ï»¿À®É¼¤ò°ÕÌ£¤¹¤ë¤«¤é¤Ç¤¢¤ë)¡£

AFS Í×µá¤ÏÈó¾ï¤ËÂ礭¤¯¡¢ ¿¤¯¤Î°ú¿ô¤Ïsnaplen¤òÁý¤ä¤µ¤Ê¤¤¤È¤ª¤½¤é¤¯É½¼¨¤µ¤ì¤Ê¤¤¤³¤È¤ËÃí°Õ¤¹¤ë¤³¤È¡£ AFS ÄÌ¿®¤ò´Æ»ë¤¹¤ë¾ì¹ç¤Ï `-s 256' ¤ò»î¤·¤Æ¤ß¤ë¤È¤è¤¤¡£

AFS ±þÅú¥Ñ¥±¥Ã¥È¤ÏÌÀ¼¨Åª¤Ë RPC Áàºî¤ò¼±Ê̤·¤Ê¤¤¡£ Âå¤ï¤ê¤Ë¡¢tcpdump¤Ï``ºÇ¶á¤Î''Í×µá¤ò³Ð¤¨¤Æ¤¤¤Æ¡¢ ¤½¤ì¤ò¸Æ¤Ó½Ð¤·ÈÖ¹æ¤È¥µ¡¼¥Ó¥¹ ID ¤òÍѤ¤¤Æ±þÅú¤È¾È¹ç¤µ¤»¤ë¡£ ¤â¤·±þÅú¤¬Âбþ¤¹¤ëÍ×µá¤È·ë¤ÓÉÕ¤±¤é¤ì¤Ê¤«¤Ã¤¿¾ì¹ç¡¢¤½¤Î¥Ñ¥±¥Ã¥È¤Ï¥Ñ¡¼¥º¤Ç¤­¤Ê¤¤¡£

KIP Appletalk (UDP Æâ DDP)

UDP ¥Ç¡¼¥¿¥°¥é¥àÆâ¤Ë³ÊǼ¤µ¤ì¤¿¥¢¥Ã¥×¥ë¥È¡¼¥¯¤Î DDP ¥Ñ¥±¥Ã¥È¤Ï¼è¤ê½Ð¤µ¤ì¤Æ¡¢ DDP ¥Ñ¥±¥Ã¥È¤È¤·¤Æɽ¼¨¤µ¤ì¤ë(¤¹¤Ê¤ï¤Á¤¹¤Ù¤Æ¤Î UDP ¥Ø¥Ã¥À¾ðÊó¤Ï¼Î¤Æ¤é¤ì¤ë)¡£ /etc/atalk.names ¥Õ¥¡¥¤¥ë¤¬ ¥¢¥Ã¥×¥ë¥È¡¼¥¯¥Í¥Ã¥È¤È¥Î¡¼¥ÉÈÖ¹æ¤ò̾Á°¤ËÊÑ´¹¤¹¤ë¤Î¤ËÍøÍѤµ¤ì¤ë¡£ ¥Õ¥¡¥¤¥ë¤Î·Á¼°¤Ï²¼µ­¤ÎÄ̤ꡣ

ÈÖ¹æ            ̾Á°



1.254   ether

16.1            icsd-net

1.254.110       ace

ºÇ½é¤ÎÆó¹Ô¤Ï¥¢¥Ã¥×¥ë¥È¡¼¥¯¥Í¥Ã¥È¥ï¡¼¥¯¤Ë̾Á°¤òÍ¿¤¨¤ë¡£»°¹ÔÌܤÏÆÃÄê¤Î¥Û¥¹¥È¤Î̾Á°¤òÍ¿¤¨¤ë(¥Û¥¹¥È¤Ï¥Í¥Ã¥È¥ï¡¼¥¯ÈÖ¹æ¤ÎÂè»°¥ª¥¯¥Æ¥Ã¥È¤Ç¼±Ê̤µ¤ì¤ë - ¥Í¥Ã¥È¥ï¡¼¥¯ÈÖ¹æ¤ÏÆ󥪥¯¥Æ¥Ã¥È¤Ç ¤Ê¤±¤ì¤Ð¤Ê¤é¤º¡¢¤Þ¤¿¥Û¥¹¥ÈÈÖ ¹æ¤Ï»°¥ª¥¯¥Æ¥Ã¥È¤Ç ¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¡£ÈÖ¹æ¤È̾Á°¤Ï¶õÇòʸ»ú¤Ç¶èÀÚ¤é¤ì¤ë(blank ¤« tab)¡£ /etc/atalk.names ¥Õ¥¡¥¤¥ë¤Ï¶õ¹Ô¤È¥³¥á¥ó¥È¹Ô(`#'¤Ç»Ï¤Þ¤ë¹Ô)¤ò´Þ¤ó¤Ç¤â¤è¤¤¡£

¥¢¥Ã¥×¥ë¥È¡¼¥¯¤Î¥¢¥É¥ì¥¹¤Ï¼¡¤Î·Á¼°¤Çɽ¼¨¤µ¤ì¤ë¡£

net.host.port



144.1.209.2 > icsd-net.112.220

office.2 > icsd-net.112.220

jssmag.149.235 > icsd-net.2

( /etc/atalk.names ¤¬¤Ê¤¤¾ì¹ç¤Þ¤¿¤Ï¤½¤ì¤ËŬÀڤʥ¢¥Ã¥×¥ë¥È¡¼¥¯¤Î¥Í¥Ã¥ÈÈֹ桢¥Û¥¹¥ÈÈֹ椬´Þ¤Þ¤ì¤Ê¤¤¾ì¹ç¤Ï¡¢¥¢¥É¥ì¥¹¤Ï¿ô»ú¤Çɽ¼¨¤µ¤ì¤ë)¡£ ºÇ½é¤ÎÎã¤Ï ¥Í¥Ã¥È¥ï¡¼¥¯ 144.1 ¤Î¥Î¡¼¥É 209 ¤Î NBP(DDP ¤Î¥Ý¡¼¥ÈÈÖ¹æ 2 )¤«¤é¥Í¥Ã¥È¥ï¡¼¥¯ icsd ¤Î¥Î¡¼¥É 112 ¥Ý¡¼¥ÈÈÖ¹æ220 È֤ؤÎÁ÷¿®¤ò¼¨¤¹¡£ ÆóÈÖÌܤâƱÍͤÀ¤¬¡¢¥Î¡¼¥É̾(`office') ¤¬¤ï¤«¤Ã¤Æ¤¤¤ë¾ì¹ç¤ÎÎã¡£ »°¹ÔÌܤϥͥåȥ¥¯ jssmag ¤Î¥Î¡¼¥É 149 ¤Î 235 È֥ݡ¼¥È¤«¤é icsd-net ¤Î NBP¥Ý¡¼¥È¤Ø¤Î¥Ö¥í¡¼¥É¥­¥ã¥¹¥È¤ò¼¨¤¹¡£ ¥Ö¥í¡¼¥É¥­¥ã¥¹¥È¥¢¥É¥ì¥¹(255)¤Ï¥Û¥¹¥ÈÈÖ¹æ¤òȼ¤ï¤Ê¤¤¥Í¥Ã¥È¥ï¡¼¥¯Ì¾¤À¤±¤Î½Ð ÎϤǼ±Ê̤Ǥ­¤ë¤³¤È¤ËÃí°Õ¤¹¤ë¤³¤È - /etc/atalk.names ¤Ë¥Î¡¼¥É̾¤È¥Í¥Ã ¥È¥ï¡¼¥¯Ì¾¤òµ­½Ò¤·¤Æ¤ª¤¯¤Î¤Ï¤è¤¤¹Í¤¨¤Ç¤¢¤ë)¡£

NBP(̾Á°²ò·è¥×¥í¥È¥³¥ë)¤È ATP(¥¢¥Ã¥×¥ë¥È¡¼¥¯¥È¥é¥ó¥¶¥¯¥·¥ç¥ó¥×¥í¥È¥³¥ë)¥Ñ¥±¥Ã¥È¤Ë¤Ä¤¤¤Æ¤Ï¡¢¤½¤ÎÆâÍƤâ²òÀϤµ¤ì¤ë¡£ ¤½¤Î¾¤Î¥×¥í¥È¥³¥ë¤Ï¥×¥í¥È¥³¥ë̾(̾Á°¤¬¤ï¤«¤é¤Ê¤±¤ì¤ÐÈÖ¹æ)¤È¥Ñ¥±¥Ã¥È¤Î¥µ¥¤¥º¤¬É½¼¨¤µ¤ì¤ë¤À¤±¤Ç¤¢¤ë¡£

NBP ¥Ñ¥±¥Ã¥È ¤Ï¼¡¤ÎÎã¤Î¤è¤¦¤Ëɽ¼¨¤µ¤ì¤ë:

icsd-net.112.220 > jssmag.2: nbp-lkup 190: "=:LaserWriter@*"

jssmag.209.2 > icsd-net.112.220: nbp-reply 190: "RM1140:LaserWriter@*" 250

techpit.2 > icsd-net.112.220: nbp-reply 190: "techpit:LaserWriter@*" 186

°ì¹ÔÌܤϥͥåȥ¥¯ icsd ¤Î ¥Û¥¹¥È 112 ¤«¤é ¥Í¥Ã¥È¥ï¡¼¥¯jssmag ¤Ø¥Ö¥í¡¼¥É¥­¥ã¥¹¥È¤µ¤ì¤ë¥ì¡¼¥¶¥é¥¤¥¿¤òõ¤¹Í×µáÁ÷¿®¤Ç¤¢¤ë¡£nbp ¤Î id ¤Ï 190 ¡£ Æó¹ÔÌܤϤ½¤ÎÍ×µá¤Ø¤Î¥Û¥¹¥È jssmag.209 ¤«¤é¤Î±þÅú(id Èֹ椬Ʊ¤¸¤Ç¤¢¤ë¤³¤È¤ËÃí°Õ)¤Ç¡¢``RM1140''¤È¤¤¤¦Ì¾Á°¤Î¥ì¡¼¥¶¥é¥¤¥¿¤ò 250 È֥ݡ¼¥È¤Ë»ý¤Ã¤Æ¤¤¤ë¤³¤È¤òÅú¤¨¤Æ¤¤¤ë¡£ »°¹ÔÌܤÏƱ¤¸Í×µá¤ËÂФ¹¤ëÊ̤ÎÊÖÅú¤Ç¥Û¥¹¥È techpit ¤¬186È֥ݡ¼¥È¤Ë "tecpit" ¤¬ÅÐÏ¿¤µ¤ì¤Æ¤¤¤ë¤³¤È¤òÅú¤¨¤Æ¤¤¤ë¡£

ATP ¥Ñ¥±¥Ã¥È ¤Ï¼¡¤Î¤è¤¦¤Ëɽ¼¨¤µ¤ì¤ë:

jssmag.209.165 > helios.132: atp-req  12266<0-7> 0xae030001

helios.132 > jssmag.209.165: atp-resp 12266:0 (512) 0xae040000

helios.132 > jssmag.209.165: atp-resp 12266:1 (512) 0xae040000

helios.132 > jssmag.209.165: atp-resp 12266:2 (512) 0xae040000

helios.132 > jssmag.209.165: atp-resp 12266:3 (512) 0xae040000

helios.132 > jssmag.209.165: atp-resp 12266:4 (512) 0xae040000

helios.132 > jssmag.209.165: atp-resp 12266:5 (512) 0xae040000

helios.132 > jssmag.209.165: atp-resp 12266:6 (512) 0xae040000

helios.132 > jssmag.209.165: atp-resp*12266:7 (512) 0xae040000

jssmag.209.165 > helios.132: atp-req  12266<3,5> 0xae030001

helios.132 > jssmag.209.165: atp-resp 12266:3 (512) 0xae040000

helios.132 > jssmag.209.165: atp-resp 12266:5 (512) 0xae040000

jssmag.209.165 > helios.132: atp-rel  12266<0-7> 0xae030001

jssmag.209.133 > helios.132: atp-req* 12267<0-7> 0xae030002

jssmga.209 ¤Ï¥Û¥¹¥È helios ¤ËÂФ·¤Æ id 12266 ¤Ç¥È¥é¥ó¥¶¥¯¥·¥ç¥ó¤ò³«»Ï¤·ºÇÂç 8¥Ñ¥±¥Ã¥È(`<0-7>'¤È¼¨¤¹)¤òÍ׵᤹¤ë¡£ ¹ÔËö¤Î 16 ¿Ê¿ô»ú¤ÏÍ×µá¤Ë´Þ¤Þ¤ì¤ë `userdata'¤Î¥Õ¥£¡¼¥ë¥É¤Ç¤¢¤ë¡£

helios ¤ÏȬ¸Ä¤Î 512 ¥Ð¥¤¥È¤Î¥Ñ¥±¥Ã¥È¤òÊÖÅú¤·¤Æ¤¤¤ë¡£¥È¥é¥ó¥¶¥¯¥·¥ç¥óid ¤Ë³¤¯ `:¿ô»ú' ɽ¸½¤Ï¥È¥é¥ó¥¶¥¯¥·¥ç¥ó¤Ë¤ª¤±¤ë¥Ñ¥±¥Ã¥È¤Î¥·¡¼¥±¥ó¥¹ÈÖ¹æ¤Ç¡¢¥«¥Ã¥³¤Ë°Ï¤Þ¤ì¤¿¿ô»ú¤Ï atp ¥Ø¥Ã¥À¤ò½ü¤¤¤¿¥Ñ¥±¥Ã¥È¤Î¥Ç¡¼¥¿Î̤Ǥ¢¤ë¡£¥Ñ¥±¥Ã¥È 7 È֤Π`*' ¤Ï EOM ¥Ó¥Ã¥È¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë¤³¤È¤ò¼¨¤¹¡£

jssmag.209 ¤Ï¥Ñ¥±¥Ã¥È 3 È֤ȥѥ±¥Ã¥È 5 È֤κÆÁ÷¤òÍ׵ᤷ¤Æ¤¤¤ë¡£helios ¤Ï¤½¤ì¤é¤òºÆÁ÷¤·¡¢jssmag ¤Ï¥È¥é¥ó¥¶¥¯¥·¥ç¥ó¤ò½ªÎ»¤¹¤ë¡£¤½¤·¤Æ¡¢ jssmag.209 ¤Ï¼¡¤ÎÍ×µá¤ò³«»Ï¤¹¤ë¡£Í×µá¤Î `*' ¤Ï XO (`°ì²ó¤À¤±')¤ÏÀßÄê ¤µ¤ì¤Æ¤¤¤Ê¤¤ ¤³¤È¤ò¼¨¤¹¡£

IP ¥Õ¥é¥°¥á¥ó¥È²½(fragmentation)

¥¤¥ó¥¿¡¼¥Í¥Ã¥È¥Ç¡¼¥¿¥°¥é¥à¤Î¥Õ¥é¥°¥á¥ó¥È²½¤µ¤ì¤¿¤â¤Î¤Ï¼¡¤Î¤è¤¦¤Ëɽ¼¨¤¹¤ë¡£

(frag id:size@offset+)

(frag id:size@offset)

(ºÇ½é¤Î·Á¼°¤Ï¤Þ¤À³¤¯¥Õ¥é¥°¥á¥ó¥È¤¬¤¢¤ë¤³¤È¤ò¼¨¤·¡¢ÆóÈÖÌܤηÁ¼°¤Ï¤½ ¤ì¤¬ºÇ¸å¤Î¥Õ¥é¥°¥á¥ó¥È¤Ç¤¢¤ë¤³¤È¤ò¼¨¤¹)

id ¤Ï¥Õ¥é¥°¥á¥ó¥È¤Î id ¡£size ¤Ï¥Õ¥é¥°¥á¥ó¥È¤Î IP ¥Ø¥Ã¥À¤ò½ü¤¯¥µ¥¤¥º(¥Ð¥¤¥È¤Ç)¡£offset ¤Ï¥Õ¥é¥°¥á¥ó¥È¤Î¤â¤È¤â¤È¤Î¥Ç¡¼¥¿¥°¥é¥àÆâ¤Ç¤Î¥ª¥Õ¥»¥Ã¥È(¥Ð¥¤¥È¤Ç)¡£

¥Õ¥é¥°¥á¥ó¥È¤Î¾ðÊó¤Ï¥Õ¥é¥°¥á¥ó¥ÈËè¤Ëɽ¼¨¤µ¤ì¤ë¡£ºÇ½é¤Î¥Õ¥é¥°¥á¥ó¥È¤Ë¤Ï ¾å°Ì¥×¥í¥È¥³¥ë¤Î¥Ø¥Ã¥À¤ò´Þ¤ß¡¢¥Õ¥é¥°¥á¥ó¥È¾ðÊó¤Ï¥×¥í¥È¥³¥ë¾ðÊó¤Ë³¤¤¤Æ ɽ¼¨¤µ¤ì¤ë¡£ÆóÈÖÌܰʹߤΥե饰¥á¥ó¥È¤Ë¤Ï¾å°Ì¥×¥í¥È¥³¥ë¤Î¾ðÊó¤ò´Þ¤Þ¤Ê¤¤ ¤Î¤Ç¡¢¥Õ¥é¥°¥á¥ó¥È¾ðÊó¤Ï¥½¡¼¥¹¤ª¤è¤Ó¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥¢¥É¥ì¥¹¤Ë³¤¤¤Æɽ¼¨¤µ¤ì¤ë¡£ °Ê²¼¤ÎÎã¤Ï CSNET ¤ÇÀܳ¤µ¤ì¤¿ arizona.edu ¤«¤é lbl-rtsg.arpa ¤Ø¤Î ftp Àܳ¤Î°ìÉô¤ò¼¨¤¹¤¬¡¢¤³¤ì¤Ë¤Ï 576 ¥Ð¥¤¥È¤Î¥Ç¡¼¥¿¥°¥é¥à¤Ï¤¢¤é¤ï¤ì¤Æ¤¤¤Ê¤¤:

arizona.ftp-data > rtsg.1170: . 1024:1332(308) ack 1 win 4096 (frag 595a:328@0+)

arizona > rtsg: (frag 595a:204@328)

rtsg.1170 > arizona.ftp-data: . ack 1536 win 2560

Æó¤Ä¤ÎÃí°ÕÅÀ¤¬¤¢¤ë: °ì¤ÄÌܤȤ·¤Æ¡¢Æó¹ÔÌܤǼ¨¤µ¤ì¤ë¥¢¥É¥ì¥¹¤Ë¤Ï¥Ý¡¼¥È ÈÖ¹æ¤Ï´Þ¤Þ¤ì¤Æ¤¤¤Ê¤¤ÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£ TCP ¥×¥í¥È¥³¥ë¤Î¾ðÊó¤ÏºÇ½é¤Î¥Õ¥é¥°¥á¥ó¥È¤Ë´Þ¤Þ¤ì¤ë¤¿¤á¡¢ »Ä¤ê¤Î¥Õ¥é¥°¥á¥ó¥È¤«¤é¤Ïɽ¼¨¤¹¤Ù¤­¥Ý¡¼¥ÈÈÖ¹æ¤ä¥·¡¼¥±¥ó¥¹Èֹ椬¤ï¤«¤é¤Ê¤¤¤¿¤á¤Ç¤¢¤ë¡£ Æó¤ÄÌܤϡ¢°ì¹ÔÌܤΠTCP ¤Î¥·¡¼¥±¥ó¥¹¾ðÊó ¤Ë¤Ï¼ÂºÝ¤Ë¤Ï 512 ¥Ð¥¤¥È(ºÇ½é¤Î¥Õ¥é¥°¥á¥ó¥È¤Ç 308 ¥Ð¥¤¥È¡¢ÆóÈÖÌÜ¤Î¥Õ¥é ¥°¥á¥ó¥È¤Ç204 ¥Ð¥¤¥È¤Î¾ì¹ç)¤Î¥æ¡¼¥¶¥Ç¡¼¥¿¤¬ 308 ¥Ð¥¤¥È¤Ç¤¢¤ë¤«¤Î¤è¤¦¤Ë ɽ¼¨¤µ¤ì¤Æ¤¤¤ëÅÀ¤Ç¤¢¤ë¡£¥·¡¼¥±¥ó¥¹¤Îϳ¤ì¤ä¥Ñ¥±¥Ã¥È¤Î ack ¤ÎÂбþ¤òÄ´ºº ¤¹¤ë¤È¤­¡¢¤³¤³¤ËǺ¤Þ¤µ¤ì¤ë¤³¤È¤¬¤¢¤ë¤«¤â¤·¤ì¤Ê¤¤¡£

¥Õ¥é¥°¥á¥ó¥È²½¶Ø»ß¥Õ¥é¥° ¤ÎÀßÄꤵ¤ì¤¿¥Ñ¥±¥Ã¥È¤Î¾ì¹ç¡¢¹ÔËö¤Ë (DF)¤Èɽ¼¨¤¹¤ë¡£

»þ´Öɽ¼¨

¥Ç¥Õ¥©¥ë¥È¤Ç¤ÏÁ´¤Æ¤Î½ÐÎϹԤÎÀèƬ¤Ë¥¿¥¤¥à¥¹¥¿¥ó¥×¤¬¤Ä¤¯¡£¥¿¥¤¥à¥¹¥¿¥ó¥×¤Ï¸½ºß¤Î»þ¹ï¤ò¼¡¤Î·Á¼°¤Çɽ¼¨¤·¡¢

hh:mm:ss.frac

¤³¤ì¤Ï¡¢kernel ¤Î»þ´Ö¾ðÊóƱÍͤËÀµ³Î¤Ç¤¢¤ë¡£¥¿¥¤¥à¥¹¥¿¥ó¥×¤Ï kernel ¤¬ ¥Ñ¥±¥Ã¥È¤ò³Îǧ¤·¤¿»þÅÀ¤Î»þ¹ï¤òÈ¿±Ç¤·¤Æ¤¤¤ë¡£¥¤¡¼¥µ¥Í¥Ã¥È¥¤¥ó¥¿¡¼¥Õ¥§¥¤¥¹ ¤¬²óÀþ¤«¤é¥Ñ¥±¥Ã¥È¤ò¼èÆÀ¤·¤¿»þÅÀ¤«¤é¥«¡¼¥Í¥ë¤¬ `¿·¤·¤¤¥Ñ¥±¥Ã¥È' ¤Ë¤è¤ë ³ä¤ê¹þ¤ß¤ò¼õ¤±¤ë»þÅÀ¤Þ¤Ç¤Î»þ´Öº¹¤ÏÈ¿±Ç¤µ¤ì¤Æ¤¤¤Ê¤¤¡£

´ØÏ¢¹àÌÜ

traffic(1C), nit(4P), bpf(4), pcap(3)

Ãø¼Ô

¸¶Ãø¼Ô¤Ï:

Van Jacobson, Craig Leres and Steven McCanne, all of the Lawrence Berkeley National Laboratory, University of California, Berkeley, CA.

ºÇ¿·ÈÇ¤Ï tcpdump.org ¤Ë¤è¤Ã¤Æ´ÉÍý¤µ¤ì¤Æ¤¤¤ë¡£

http://www.tcpdump.org/

IPv6/IPsec ¤Î¥µ¥Ý¡¼¥È¤Ï WIDE/KAME ¥×¥í¥¸¥§¥¯¥È¤Ë¤è¤Ã¤ÆÄɲ䵤줿¡£ ¤³¤Î¥×¥í¥°¥é¥à¤Ï Eric Young ¤Î SSLeay ¥é¥¤¥Ö¥é¥ê¤òÆÃÄê¤ÎÀßÄê¤Î¸µ¤Ë»ÈÍѤ·¤Æ¤¤¤ë¡£

¥Ð¥°

ÌäÂêÅÀ¡¢¥Ð¥°¡¢¼ÁÌä¡¢³ÈÄ¥¤Î¤ª´ê¤¤¤Ê¤É¤Ï¡¢°Ê²¼¤Î¥¢¥É¥ì¥¹¤ËÁ÷¤Ã¤Æ¤Û¤·¤¤¡£

tcpdump-workers@tcpdump.org

¥½¡¼¥¹¥³¡¼¥É¤Î´ó£¤Ê¤É¤Ï°Ê²¼¤Î¥¢¥É¥ì¥¹¤ØÁ÷¤Ã¤Æ¤Û¤·¤¤¡£

patches@tcpdump.org

NIT ¤Ï³°¤Ø½Ð¤Æ¤¤¤¯ÄÌ¿®¤Ï¸«¤ë¤³¤È¤¬¤Ç¤­¤Ê¤¤¡£BPF ¤Ï¤½¤ì¤¬²Äǽ¤Ç¤¢¤ë¡£¸å¼Ô¤ÎÍøÍѤò¿ä¾©¤¹¤ë¡£

ÍÑÅӤˤè¤Ã¤Æ¤Ï¡¢IP¥Õ¥é¥°¥á¥ó¥È¤òºÆ¹½ÃÛ¤·¤¿¤ê¡¢¾å°Ì¥×¥í¥È¥³¥ë¤ÎŤµ¤ò·×»»¤¹¤ë¤¯¤é¤¤¤Î¤³¤È¤ÏɬÍפȤʤë¤À¤í¤¦¡£

¥Í¡¼¥à¥µ¡¼¥Ð¤ÎµÕ°ú¤­Í×µá¤ÏÀµ³Î¤Ëɽ¼¨¤Ç¤­¤Ê¤¤¡£(¶õ¤Î)¼ÁÌä¤Ï¤à¤·¤í²óÅú¤Î Ãæ¤Ë´Þ¤Þ¤ì¤ëÍ×µá¤È¤·¤Æɽ¼¨¤µ¤ì¤ë¡£µÕ°ú¤­Í×µá¤Ë¤Ï¥Ð¥°¤¬¤Õ¤¯¤Þ¤ì¤Æ¤¤¤Æ¡¢ ¤½¤ì¤ò½¤Àµ¤¹¤ë¤Î¤Ï tcpdump ¤Ç¤Ï¤Ê¤¯¤Æ¥Í¡¼¥à¥µ¡¼¥Ó¥¹¤ÎÊý¤Ç¤¢¤ë¤Ù¤­¤È¹Í ¤¨¤Æ¤¤¤ë¿Í¤â¤¤¤ë¡£

¥¢¥Ã¥×¥ë¤Î EtherTalk ¤Î DDP ¥Ñ¥±¥Ã¥È¤Ï KIP DDP ¥Ñ¥±¥Ã¥È¤Î¤è¤¦¤ËÍÆ°×¤Ë dump ¤Ç¤­¤ë¤Ï¤º¤À¤¬¡¢¹Ô¤Ê¤ï¤Ê¤¤¡£¤¿¤È¤¨ ethertalk ¤ò°·¤ª¤¦¤È¤¤¤¦µ¤¤Ë¤Ê¤Ã ¤Æ¤â(¤Ê¤Ã¤Æ¤Ê¤¤¤¬)¡¢LBL¤¬ ¥Í¥Ã¥È¥ï¡¼¥¯¾å¤Îethertalk ¤Ø¤Î¥¢¥¯¥»¥¹¤òµö¤µ ¤Ê¤¤¤Î¤Ç¡¢¥³¡¼¥É¤Î¥Æ¥¹¥È¤¬¤Ç¤­¤Ê¤¤¤Î¤À¡£

²Æ»þ´Ö¤ËÀÚ¤êÂؤï¤ë¤È¤­¤Ë¥Ñ¥±¥Ã¥È¥È¥ì¡¼¥¹¤ò¹Ô¤Ê¤Ã¤Æ¤¤¤ë¤È»þ´Ö¤¬¤º¤ì¤Æ¤· ¤Þ¤¦(»þ´Ö¤ÎÊѹ¹¤Ï̵»ë¤µ¤ì¤ë)¡£

FDDI ¥Ø¥Ã¥À¤ËÂФ¹¤ë¥Õ¥£¥ë¥¿¤Î¾ò·ï¼°¤Ï¤¹¤Ù¤Æ¤Î FDDI ¥Ñ¥±¥Ã¥È¤¬¥¤¡¼¥µ¥Í¥Ã¥È ¤Î¥Ñ¥±¥Ã¥È¤ò¥«¥×¥»¥ë²½¤·¤Æ¤¤¤ë¤â¤Î¤È¤ß¤Ê¤·¤ÆŬÍѤµ¤ì¤ë¡£ ¤³¤ì¤Ï¡¢IP,ARP ¤È DECNET PhaseIV ¤Ë¤Ä¤¤¤Æ¤ÏÀµ¤·¤¯Æ°ºî¤¹¤ë¤¬¡¢ ISO CLNS ¤Î¤è¤¦¤Ê¥×¥í¥È¥³¥ë¤Ç¤Ï¤¦¤Þ¤¯¤¤¤«¤Ê¤¤¤À¤í¤¦¡£ ¤½¤ì¤æ¤¨¤Ë¥Õ¥£¥ë¥¿¡¼¤Ï¾ò·ï¼°¤Ë°ìÃפ·¤Ê¤¤¤è¤¦¤Ê¥Ñ¥±¥Ã¥È¤ò¤¢¤ä¤Þ¤Ã¤Æ ¤¢¤Ä¤«¤Ã¤Æ¤·¤Þ¤¦¤«¤â¤·¤ì¤Ê¤¤¡£

ip6 proto ¤Ï¥Ø¥Ã¥À¥Á¥§¥¤¥ó¤òÄÉÀפ¹¤ë¤Ù¤­¤À¤¬¡¢º£¤Î¤È¤³¤í¤½¤¦¤Ï¤Ê¤Ã¤Æ¤¤¤Ê¤¤¡£ tcp ¤ä udp ¤â¥Ø¥Ã¥À¥Á¥§¥¤¥ó¤òÄÉÀפ¹¤ë¤Ù¤­¤Ç¤¢¤ë¡£

tcp[0]¤Î¤è¤¦¤Ê¥È¥é¥ó¥¹¥Ý¡¼¥ÈÁإإåÀ¤ËÂФ¹¤ë»»½Ñɽ¸½¤Ï¡¢ IPv6 ¥Ñ¥±¥Ã¥È¤ËÂФ·¤Æ¤Ï¤¦¤Þ¤¯Æ¯¤«¤Ê¤¤¡£ IPv4 ¥Ñ¥±¥Ã¥È¤ËÂФ·¤Æ¤Î¤ßƯ¤¯¡£