Rechercher une page de manuel
tcpdump
Langue: ja
Version: 30 June 1997 (openSuse - 09/10/07)
Section: 1 (Commandes utilisateur)
̾Á°
tcpdump - ¥Í¥Ã¥È¥ï¡¼¥¯¤Î¥È¥é¥Õ¥£¥Ã¥¯¤ò¥À¥ó¥×¤¹¤ë½ñ¼°
tcpdump [ -adeflnNOpqRStvxX ] [ -c count ] [ -F file ][ -i interface ] [ -m module ] [ -r file ]
[ -s snaplen ] [ -T type ] [ -w file ]
[ expression ]
ÀâÌÀ
tcpdump ¤Ï¿¿µ¶ÃͤΠ¾ò·ï¼° ¤Ë°ìÃפ¹¤ë¥Í¥Ã¥È¥ï¡¼¥¯¥¤¥ó¥¿¡¼¥Õ¥§¥¤¥¹¾å¤Î¥Ñ¥±¥Ã¥È¤Î¥Ø¥Ã¥À¤òɽ¼¨¤¹¤ë¡£
nit ¤« bpf ¤òÍѤ¤¤ë SunOS¤Î¾ì¹ç: tcpdump ¤òÆ°ºî¤µ¤»¤ë¤¿¤á¤Ë¤Ï /dev/nit ¤« /dev/bpf* ¤ËÆɤ߹þ¤ß¸¢¸Â¤ò»ý¤Ã¤Æ¤¤¤ëɬÍפ¬¤¢¤ë¡£ dlpi ¤òÍøÍѤ¹¤ë Solaris ¤Î¾ì¹ç: ²¾Áۥͥåȥ¥¯¥Ç¥Ð¥¤¥¹¡¢¤¿¤È¤¨¤Ð /dev/le ¤È¤¤¤Ã¤¿¤â¤Î¤ËÆɤ߹þ¤ß¸¢¸Â¤ò»ý¤Ã¤Æ¤¤¤ëɬÍפ¬¤¢¤ë¡£ dlpi ¤òÍøÍѤ¹¤ë HP-UX ¤Î¾ì¹ç: ¼Â¹Ô¼Ô¤¬ root ¤Ç¤¢¤ë¤«¡¢¤Þ¤¿¤Ï root ¤Ë setuid ¤·¤Æ¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤ëɬÍפ¬¤¢¤ë¡£ snoop ¤òÍѤ¤¤ë IRIX ¤Î¾ì¹ç: ¼Â¹Ô¼Ô¤¬ root ¤Ç¤¢¤ë¤«¡¢¤Þ¤¿¤Ï root ¤Ë setuid ¤·¤Æ¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤ëɬÍפ¬¤¢¤ë¡£ Linux ¤Î¾ì¹ç: ¼Â¹Ô¼Ô¤¬ root ¤Ç¤¢¤ë¤«¡¢¤Þ¤¿¤Ï root ¤Ë setuid ¤·¤Æ¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤ëɬÍפ¬¤¢¤ë¡£ Ultrix ¤ª¤è¤Ó Digital UNIX ¤Î¾ì¹ç: ¤Þ¤º¡¢¥¹¡¼¥Ñ¡¼¥æ¡¼¥¶¤¬ pfconfig(8) ¤òÍѤ¤¤Æ̵º¹ÊÌÆ©²á¥â¡¼¥É(promicuous-mode)¤ò͸ú¤Ë¤¹¤ëɬÍפ¬¤¢¤ë¡£ ¤½¤Î¸å¤Ï°ìÈ̥桼¥¶¤¬ tcpdump ¤ò¼Â¹Ô²Äǽ¤Ç¤¢¤ë¡£ BSD ¤Î¾ì¹ç: /dev/bpf* ¤ËÂФ¹¤ëÆɤ߹þ¤ß¸¢¸Â¤¬É¬Íס£
¥ª¥×¥·¥ç¥ó
- -a
- ¥Í¥Ã¥È¥ï¡¼¥¯¤È¥Ö¥í¡¼¥É¥¥ã¥¹¥È¥¢¥É¥ì¥¹¤ò DNS ̾¤ËÊÑ´¹¤¹¤ë¡£
- -c
- count ¸Ä¤Î¥Ñ¥±¥Ã¥È¤ò¼õ¿®¤·¤¿¤Î¤Á¤Ë½ªÎ»¤¹¤ë¡£
- -d
- ¥³¥ó¥Ñ¥¤¥ë¤µ¤ì¤¿¥Ñ¥±¥Ã¥È¥Þ¥Ã¥Á¥ó¥°¥³¡¼¥É¤ò¿Í´Ö¤¬Æɤá¤ë·Á¼°¤Çɸ½à½ÐÎϤ˥À¥ó¥×¤·¡¢½ªÎ»¤¹¤ë¡£
- -dd
- ¥Ñ¥±¥Ã¥È¥Þ¥Ã¥Á¥ó¥°¥³¡¼¥É¤ò C ¸À¸ì¤Î°ìÉô¤È¤·¤ÆÍøÍѲÄǽ¤Ê¤«¤¿¤Á¤Ç¥À¥ó¥×¤¹¤ë¡£
- -ddd
- ¥Ñ¥±¥Ã¥È¥Þ¥Ã¥Á¥ó¥°¥³¡¼¥É¤ò ½½¿Ê¿ô¤Ç¥À¥ó¥×¤¹¤ë(count ¤¬Àè¹Ô¤¹¤ë)¡£
- -e
- ³Æ¥À¥ó¥×¹Ô¤Ë¥ê¥ó¥¯¥ì¥Ù¥ë¥Ø¥Ã¥À¤òɽ¼¨¤¹¤ë¡£
- -f
- ¡Ö³°Éô¤Î¡×¥¤¥ó¥¿¡¼¥Í¥Ã¥È¥¢¥É¥ì¥¹¤ò¥·¥ó¥Ü¥ë¤Ç¤Ï¤Ê¤¯¤Æ¿ôÃͤÇɽ¼¨¤¹¤ë (¤³¤Î¥ª¥×¥·¥ç¥ó¤ÏÇϼ¯¤Ê Sun ¤Î yp ¥µ¡¼¥Ó¥¹¤ò±ª²ó¤¹¤ë¤³¤È¤ò°Õ¿Þ¤·¤Æ¤¤¤ë --- Sun ¤Î yp ¥µ¡¼¥Ó¥¹¤Ï¥í¡¼¥«¥ë¤Ç¤Ï¤Ê¤¤¥¤¥ó¥¿¡¼¥Í¥Ã¥È¥¢¥É¥ì¥¹¤òÊÑ´¹¤·¤è¤¦¤È¤¹¤ë¤È ±Êµ×¤ËÆ°ºî¤¬Ää»ß¤·¤Æ¤·¤Þ¤¦¥Ð¥°¤¬¤¢¤ë)¡£
- -F
- ¥Õ¥£¥ë¥¿¡¼¾ò·ï¼°¤Î»Ø¼¨ÆþÎϤȤ·¤Æ file ¤òÍѤ¤¤ë¡£ ¤³¤Î¸å¤í¤Ë¥³¥Þ¥ó¥É¥é¥¤¥ó¤Ç¾ò·ï¼°¤Ë¤è¤ë»Ø¼¨¤¬Í¿¤¨¤é¤ì¤Æ¤â̵»ë¤¹¤ë¡£
- -i
- interface ¤ò´Æ»ë¤¹¤ë¡£ »Ø¼¨¤Î¤Ê¤¤¾ì¹ç¤Ï tcpdump ¤Ï¥·¥¹¥Æ¥à¤Î¥¤¥ó¥¿¡¼¥Õ¥§¥¤¥¹¤Î¥ê¥¹¥È¤«¤é ºÇ¤â¾®¤µ¤¤ÈÖ¹æ¤Ç͸ú¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤â¤Î(⤷¥ë¡¼¥×¥Ð¥Ã¥¯¤Ï½ü¤¯)¤òõ¤·½Ð¤¹¡£ »Ø¼¨¤µ¤ì¤¿¥¤¥ó¥¿¡¼¥Õ¥§¥¤¥¹¤¬Â¸ºß¤·¤Ê¤¤¾ì¹ç¤Ï¤â¤Ã¤È¤â¶á¤¤¤â¤Î¤¬ÁªÂò¤µ¤ì¤ë¡£
- -l
- ɸ½à½ÐÎϤò¥Ð¥Ã¥Õ¥¡¥ê¥ó¥°¤¹¤ë¡£¥Ç¡¼¥¿¤òÃßÀѤ·¤Ê¤¬¤é´Æ»ë¤¹¤ë¾ì¹ç¤Ë͸ú¤Ç ¤¢¤ë¡£»ÈÍÑÎã:
``tcpdump -l | tee dat'' or ``tcpdump -l > dat & tail -f dat''. - -n
- ¥¢¥É¥ì¥¹(¥Û¥¹¥È¥¢¥É¥ì¥¹¡¢¥Ý¡¼¥ÈÈÖ¹æ¤Ê¤É)¤ò̾Á°¤ËÊÑ´¹¤·¤Ê¤¤¡£
- -N
- ¥Û¥¹¥È¤Î¥É¥á¥¤¥ó̾¤òɽ¼¨¤·¤Ê¤¤¡£ ¤Ä¤Þ¤ê¤³¤ì¤ò»ÈÍѤ·¤¿¾ì¹ç tcpdump ¤Ï``nic.ddn.mil'' ¤Èɽ¼¨¤¹¤ë¤«¤ï¤ê¤Ë ``nic'' ¤Èɽ¼¨¤¹¤ë¡£
- -m
- SMI MIB ¥â¥¸¥å¡¼¥ë¤ò¥Õ¥¡¥¤¥ë module ¤«¤éÆɤ߹þ¤à¡£ Ê£¿ô¤Î MIB ¥â¥¸¥å¡¼¥ë¤òÆɤ߹þ¤àÌÜŪ¤Ç¡¢ ¤³¤Î¥ª¥×¥·¥ç¥ó¤òÊ£¿ô²ó»ÈÍѤ¹¤ë¤³¤È¤â½ÐÍè¤ë¡£
- -O
- ¥Ñ¥±¥Ã¥È¥Þ¥Ã¥Á¥ó¥°¥³¡¼¥É¥ª¥×¥Æ¥£¥Þ¥¤¥¶¤òÄä»ß¤¹¤ë¡£ ¤³¤ì¤Ï¥ª¥×¥Æ¥£¥Þ¥¤¥¶¤Î¥Ð¥°¤òµ¿¤Ã¤Æ¤¤¤ë¾ì¹ç¤Ë¤Î¤ßͱפǤ¢¤ë¡£
- -p
- ̵º¹ÊÌÆ©²á¥â¡¼¥É¤ò ÍøÍѤ·¤Ê¤¤¡£¤·¤«¤·¤Ê¤¬¤é¡¢Â¾¤ÎÍýͳ¤Ç¥¤¥ó¥¿¡¼ ¥Õ¥§¥¤¥¹¤¬Ìµº¹ÊÌÆ©²á¥â¡¼¥É¤Ë¤Ê¤Ã¤Æ¤·¤Þ¤¦¤³¤È¤â¤¢¤ë¤³¤È¤ËÃí°Õ¤¹¤ë¤³¤È¡£ ¤³¤Î¤¿¤á `-p' ¥ª¥×¥·¥ç¥ó¤Ï `ether host {loca-lw-addr} or ether broadcast' ¤Î¾Êά·Á¤È¤·¤Æ¤Ï»ÈÍѤǤ¤Ê¤¤¡£
- -q
- ¤¹¤Ð¤ä¤¤(¤È¤¤¤¦¤«ÀŤ«¤Ê)½ÐÎÏ¡£¸ÂÄꤵ¤ì¤¿¥×¥í¥È¥³¥ë¤Î¾ðÊó¤·¤«½ÐÎϤ·¤Ê¤¤¤Î¤Ç¡¢½ÐÎϹԤÏû¤¤¤â¤Î¤È¤Ê¤ë¡£
- -r
- ¥Ñ¥±¥Ã¥È¤ò(-w ¥ª¥×¥·¥ç¥ó¤ÇºîÀ®¤·¤¿)file¤«¤éÆɤ߹þ¤à¡£ file¤È¤·¤Æ ``-'' ¤ò»ØÄꤷ¤¿¾ì¹ç¤Ë¤Ïɸ½àÆþÎϤ¬ÍøÍѤµ¤ì¤ë¡£
- -s
- ¥Ç¥Õ¥©¥ë¥È¤Î 68 ¥Ð¥¤¥È(SunOS ¤Î NIT ¤Ç¤ÏºÇ¾®¤Ï¼ÂºÝ¤Ë¤Ï 96 ¥Ð¥¤¥È)¤ËÂå¤ï¤Ã¤Æ snaplen ¥Ð¥¤¥È¤ò¤ª¤Î¤ª¤Î¤Î¥Ñ¥±¥Ã¥È¤«¤é¼è¤ê½Ð¤·ÍøÍѤ¹¤ë¡£ IP, ICMP, TCP, UDP ¤Ë¤Ä¤¤¤Æ¤Ï 68 ¥Ð¥¤¥È¤¢¤ì¤Ð½½Ê¬¤À¤¬¡¢¥Í¡¼¥à¥µ¡¼¥Ð¤ä NFS ¤Î¾ðÊó¤Ë¤Ï¤ê¤Ê¤¤¤«¤â¤·¤ì¤Ê¤¤(¸å½Ò)¡£
snapshot À©¸Â¤Î¤¿¤á¤Ë¸å¤í¤¬ÀÚ¤ê¼Î¤Æ¤é¤ì¤¿¥Ñ¥±¥Ã¥È¤Ï½ÐÎÏ»þ¤Ë``[|proto]'' ¤Î·Á¼°¤Ç¼¨¤µ¤ì¤ë¡£ ¤³¤³¤Ç proto ¤ÏÀÚ¤ê¼Î¤Æ¤ÎÀ¸¤¸¤¿¥ì¥Ù¥ë¤ËÂбþ¤¹¤ë¥×¥í¥È¥³¥ë¤Î̾Á°¤Ç¤¢¤ë¡£ Âç¤¤Ê snapshot ¤ò¼è¤í¤¦¤È¤¹¤ë¤È¥Ñ¥±¥Ã¥È¤ò½èÍý¤¹¤ë»þ´Ö¤ÏÁý²Ã¤·¡¢¤Þ¤¿¤³¤Á¤é¤Î¤Û¤¦¤¬½ÅÍפÀ¤¬¡¢¥Ð¥Ã¥Õ¥¡¤Ëί¤á¤ë¤³¤È¤¬¤Ç¤¤ëÎ̤¬¸º¾¯¤·¤Æ¤·¤Þ¤¦ÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£ ¤¹¤Ê¤ï¤Á¥Ñ¥±¥Ã¥È¤¬¼º¤Ê¤ï¤ì¤ë²ÄǽÀ¤â¤¢¤ë¡£¥×¥í¥È¥³¥ë¤Î¾ðÊó¤¬ÆÀ¤é¤ì¤ëɬÍ׺Ǿ®¸Â¤Î snaplen ¤È¤¹¤ë¤³¤È¡£
- -T
- "expression"(¾ò·ï¼°) ¤ÇÁªÂò¤µ¤ì¤¿¥Ñ¥±¥Ã¥È¤Ë»Ø¼¨¤µ¤ì¤¿ type ¤Ç¤ÎËÝÌõ¤ò»Ø¼¨¤¹¤ë¡£¸½ºß͸ú¤Ê type ¤Ï rpc (Remote Procedure Call)¡¢ rtp (Real-Time Applications protocol)¡¢ rtcp (Real-Time Applications control protocol)¡¢ snmp (Simple Network Management Protocol), vat (Visual Audio Tool)¡¢ wb (distributed White Board)¡£
- -R
- ESP/AH ¥Ñ¥±¥Ã¥È¤¬¸Å¤¤ÄêµÁ(RFC1825 ¡Á RFC1829)¤Ë½¾¤Ã¤Æ¤¤¤ë¤È²¾Äꤹ¤ë¡£ ¤³¤Î¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤ë¤È¡¢tcpdump ¤Ï relplay prevention ¥Õ¥£¡¼¥ë¥É¤òɽ¼¨¤·¤Ê¤¤¡£ ESP/AH ¤ÎÄêµÁ¤Ë¤Ï¥×¥í¥È¥³¥ë¥Ð¡¼¥¸¥ç¥ó¥Õ¥£¡¼¥ë¥É¤¬¤Ê¤¤¤Î¤Ç¡¢ tcpdump ¤Ï ESP/AH ¥×¥í¥È¥³¥ë¤Î¥Ð¡¼¥¸¥ç¥ó¤ò¿äÏÀ¤¹¤ë¤³¤È¤¬½ÐÍè¤Ê¤¤¡£
- -S
- TCP ¥·¡¼¥±¥ó¥¹ÈÖ¹æ¤òÁêÂÐÃͤǤϤʤ¯¤ÆÀäÂÐÃͤÇɽ¼¨¤¹¤ë¡£
- -t
- ¥À¥ó¥×¹Ô¤Ë»þ´Ö¾ðÊó¤òɽ¼¨¤·¤Ê¤¤¡£
- -tt
- ¥À¥ó¥×¹Ô¤Ëɽ¼¨¤¹¤ë»þ´Ö¾ðÊó¤òÀ°·Á¤·¤Ê¤¤¡£
- -v
- (¤Á¤ç¤Ã¤È¤À¤±)¾ÜºÙ¤Ê½ÐÎÏ¡£IP ¥Ñ¥±¥Ã¥È¤Ë¤ª¤±¤ë À¸Â¸»þ´Ö(TTL) ¤ä¥µ¡¼¥Ó¥¹¤Î¼ïÎà¤Î¾ðÊó¤Ê¤É¤òɽ¼¨¤¹¤ë¡£
- -vv
- ¤â¤Ã¤È¾ÜºÙ¤Ê½ÐÎÏ¡£NFS±þÅú¥Ñ¥±¥Ã¥È¤Ë¤ª¤±¤ëÉղåե£¡¼¥ë¥É¤Ê¤É¤òɽ¼¨¤¹¤ë¡£
- -vvv
- ¤µ¤é¤Ë¾ÜºÙ¤Ê½ÐÎÏ¡£ Î㤨¤Ð¡¢telnet SB ... SE ¥ª¥×¥·¥ç¥ó¤ÏÁ´¤Æɽ¼¨¤µ¤ì¤ë¡£ -X ¥ª¥×¥·¥ç¥ó¤â»ØÄꤵ¤ì¤ë¤È¡¢telnet ¥ª¥×¥·¥ç¥ó¤Ï 16 ¿Êɽ¼¨¤Ç¤âɽ¼¨¤µ¤ì¤ë¡£
- -w
- ¥Ñ¥±¥Ã¥È¤ò²òÀÏ¡¢É½¼¨¤¹¤ë¤«¤ï¤ê¤ËÀ¸¤Î¤Þ¤Þ file ¤Ë½ñ¤½Ð¤¹¡£ ¤³¤Î¥Õ¥¡¥¤¥ë¤Ï¤¢¤È¤Ç -r ¥ª¥×¥·¥ç¥ó¤òÍѤ¤¤ì¤Ðɽ¼¨¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¡£ file ¤È¤·¤Æ `-' ¤ò»Ø¼¨¤¹¤ë¤Èɸ½à½ÐÎϤòÍѤ¤¤ë¡£
- -x
- (¥ê¥ó¥¯¥ì¥Ù¥ë¥Ø¥Ã¥À¤ò½ü¤¯)¤¹¤Ù¤Æ¤Î¥Ñ¥±¥Ã¥È¤ò 16 ¿Ê¤Çɽ¼¨¤¹¤ë¡£¥Ñ¥±¥Ã¥ÈÁ´ÂÎ¤È snaplen ¥Ð¥¤¥È¤Î¾®¤µ¤¤Êý¤À¤±¤òɽ¼¨¤¹¤ë¡£
- -X
- 16 ¿Êɽ¼¨¤µ¤ì¤ë¤È¤¤Ë¡¢ ASCII ʸ»ú¤âɽ¼¨¤¹¤ë¡£ ½¾¤Ã¤Æ¡¢ -x ¥ª¥×¥·¥ç¥ó¤â¥»¥Ã¥È¤µ¤ì¤ë¤È¡¢¥Ñ¥±¥Ã¥È¤Ï 16 ¿Ê¤È ASCII ʸ»ú¤ÎξÊý¤Çɽ¼¨¤µ¤ì¤ë¡£ ¤³¤ì¤Ï¿·¤·¤¤¥×¥í¥È¥³¥ë¤ò²òÀϤ¹¤ë¤È¤¤ËÈó¾ï¤ËÊØÍø¤Ç¤¢¤ë¡£ -x ¥ª¥×¥·¥ç¥ó¤¬ÀßÄꤵ¤ì¤Æ¤¤¤Ê¤¯¤Æ¤â¡¢ ¥Ñ¥±¥Ã¥È¤ÎÉôʬ¤Ë¤è¤Ã¤Æ¤Ï 16 ¿Ê¤È ASCII ʸ»ú¤ÎξÊý¤Çɽ¼¨¤µ¤ì¤ë¤³¤È¤â¤¢¤ë¡£
- expression(¾ò·ï¼°)
-
- ¥À¥ó¥×¤¹¤ë¥Ñ¥±¥Ã¥È¤Î¼ïÎà¤òÁªÂò¤¹¤ë¡£ expression ¤¬Í¿¤¨¤é¤ì¤Ê¤¤¤È¤¤Ï¡¢¥Í¥Ã¥È¥ï¡¼¥¯¾å¤Î¤¹¤Ù¤Æ¤Î¥Ñ¥±¥Ã¥È¤ò¥À¥ó¥×¤¹¤ë¡£ ¤½¤¦¤Ç¤Ê¤±¤ì¤Ð¡¢expression ¤¬`true'(¿¿) ¤È¤Ê¤ë¥Ñ¥±¥Ã¥È¤À¤±¤ò¥À¥ó¥×¤¹¤ë¡£
expression¤Ï°ì¤Ä°Ê¾å¤Î primitive(Í×ÁÇ) ¤«¤éÀ®¤ë¡£Í×ÁǤϰì¤Ä°Ê¾å¤Î½¤¾þ»Ò¤òÀè¹Ô¤¹¤ë°ì¸Ä¤Î id (̾Á°¤Ç¤âÈÖ¹æ¤Ç¤â¤è¤¤)¤Ç¤¢¤ë¡£½¤¾þ»Ò¤Ë¤Ï»°¤Ä¤Î¼ïÎब¤¢¤ë: -
- type
- ½¤¾þ»Ò¤Ï id̾¤Þ¤¿¤Ï id Èֹ椬»Ø¤¹¤â¤Î¤Î¼ïÎà¤ò¼¨¤¹¡£ÍøÍѲÄǽ¤Ê¤â¤Î¤Ï host, net, port ¤Ç¤¢¤ë¡£Îã: `host foo'¡¢`net 128.3'¡¢`port 20'¡£ type ½¤¾þ»Ò¤¬Ìµ¤¤¾ì¹ç¤Ï¡¢ host ¤¬»Ø¼¨¤µ¤ì¤Æ¤¤¤ë¤â¤Î¤È¤ß¤Ê¤¹¡£
- dir
- ½¤¾þ»Ò¤Ï id ¤Ë¸þ¤±¤Æ¡¢¤Þ¤¿¤Ï id ¤Ø¡¢¤Î¤É¤Á¤é¤«¤¢¤ë¤¤¤ÏξÊý¤ÎÄÌ¿®Êý¸þ¤òÆÃÄꤹ¤ë¡£Êý¸þ¤È¤·¤Æ»Ø¼¨¤Ç¤¤ë¤Î¤Ï src, dst, src or dst, src and dst ¤Ç¤¢¤ë¡£Îã¡¢ `src foo'¡¢`dst net 128.3'¡¢`src or dst port ftp-data'¡£ dir ½¤¾þ»Ò¤¬»ØÄꤵ¤ì¤Ê¤¤¾ì¹ç¤Ï src or dst ¤¬»Ø¼¨¤µ¤ì¤Æ¤¤¤ë¤â¤Î¤È¤ß¤Ê¤¹¡£`null' ¥ê¥ó¥¯ÁØ(¤¹¤Ê¤ï¤Á slip ¤Î¤è¤¦ ¤Ê¥Ý¥¤¥ó¥È¥Ä¡¼¥Ý¥¤¥ó¥È¥×¥í¥È¥³¥ë)¤Ë¤ª¤¤¤Æ¤Ï¡¢Êý¸þ¤ò»ØÄꤹ¤ë½¤¾þ»Ò¤È¤·¤Æ inbound ¤È outbound ¤âÍøÍѲÄǽ¤Ç¤¢¤ë¡£
- proto
- ½¤¾þ»Ò¤Ï°ìÃפ¹¤ëÆÃÄê¤Î¥×¥í¥È¥³¥ë¤ËÀ©¸Â¤¹¤ë¡£ÍøÍѲÄǽ¤Ê¥×¥í¥È¥³¥ë¤Ï°Ê²¼¤ÎÄ̤ê: ether, fddi, mopdl, ip, ip6, arp, rarp, decnet, lat, sca, moprc, mopdl, icmp, icmp6, tcp, udp¡£ Îã: `ether src foor'¡¢`arp net 128.3'¡¢`tcp port 21'¡£ proto ½¤¾þ»Ò¤¬»Ø¼¨¤µ¤ì¤Ê¤¤¾ì¹ç¤Ï type ¤ÈÌ·½â¤·¤Ê¤¤ÈϰϤÇÁ´¤Æ¤Î¥×¥í¥È¥³ ¥ë¤¬»Ø¼¨¤µ¤ì¤Æ¤¤¤ë¤â¤Î¤È¤ß¤Ê¤¹¡£ Îã: `src foo' ¤Ï `(ip or arp or rarp) src foo' (¤³¤Î¤è¤¦¤Ê½ñ¤Êý¤Ïʸˡ¤¢¤ä¤Þ¤ê¤À¤¬)¤ò°ÕÌ£¤·¡¢ `net bar' ¤Ï `(ip or arp or rarp) net bar' ¤ò°ÕÌ£¤·¡¢ ¤Þ¤¿ `port 53' ¤Ï `(tcp or udp) port 53' ¤ò°ÕÌ£¤¹¤ë¡£
[`fddi'¤Ï¼ÂºÝ¤Ë¤Ï `ether' ¤ÎÊÌ̾¤Ç¤¢¤ë;²òÀÏ»þ¤Ë``ÆÃÄê¤Î¥Í¥Ã¥È¥ï¡¼ ¥¯¥¤¥ó¥¿¡¼¥Õ¥§¥¤¥¹¤¬ÍøÍѤ¹¤ë¥Ç¡¼¥¿¥ê¥ó¥¯ÁØ''¤È¤·¤Æ°·¤ï¤ì¤ë¡£FDDI ¥Ø¥Ã ¥À¡¼¤Ï¥¤¡¼¥µ¥Í¥Ã¥ÈŪ¤Ê¥½¡¼¥¹¤ª¤è¤Ó¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥¢¥É¥ì¥¹¤ò´Þ¤ß¡¢¤Þ ¤¿¥¤¡¼¥µ¥Í¥Ã¥ÈŪ¤Ê¥Ñ¥±¥Ã¥È¥¿¥¤¥×¤â´Þ¤à¤Î¤Ç¡¢¤³¤ì¤é¤Î FDDI ¥Õ¥£¡¼¥ë¥É¤ò ¥¤¡¼¥µ¥Í¥Ã¥È¤ÎƱÎà¤È¤·¤ÆÁªÊ̤Ǥ¤ë¡£FDDI ¥Ø¥Ã¥À¤Ë¤Ï¤½¤Î¾¤Î¥Õ¥£¡¼¥ë¥É ¤â´Þ¤Þ¤ì¤ë¤¬¡¢¤³¤ì¤Ë¤Ä¤¤¤Æ¤Ï¥Õ¥£¥ë¥¿¤Î¾ò·ï¼°¤ÇÌÀ¼¨Åª¤Ë»Ø¼¨¤¹¤ë¤³¤È¤Ï¤Ç ¤¤Ê¤¤¡£]
¾åµ¤Ë²Ã¤¨¤Æ¡¢ÆÃÊ̤Ê`Í×ÁÇ'¤ò¼¨¤¹¥¡¼¥ï¡¼¥É¤¬¤¢¤ë¡£ gateway, broadcast, less, greater ¤Èarithmtic expression(¿ôÃͤˤè¤ë¾ò·ï¼°)¤Ç¤¢¤ë¡£¤³¤ì¤é¤Ë¤Ä¤¤¤Æ¤Ï¤³¤Î¤¢¤È¤Çµ½Ò¤¹¤ë¡£
¤â¤Ã¤ÈÊ£»¨¤Ê¥Õ¥£¥ë¥¿¾ò·ï¼°¤Ï and, or, not ¤È³ÆÍ×ÁǤÎÁȹ礻¤Çɽ¸½¤Ç¤¤ë¡£ Îã:`host foo and not port ftp and not port ftp-data'¡£ ÌÀ¼¨Åª¤Ê½¤¾þ»Ò¤Ï¾Êά¤·¤Æ¥¿¥¤¥×¿ô¤ò¸º¤é¤¹¤³¤È¤¬¤Ç¤¤ë¡£ Îã:`tcp dst port ftp or ftp-data or domain' ¤Ï `tcp dst prot ftp or tcp dst port ftp-data or tcp dst prot domain'¤ÈÁ´¤¯Æ±¤¸°ÕÌ£¤Ç¤¢¤ë¡£
µöÍƤµ¤ì¤ëÍ×ÁǤÎÁȤ߹ç¤ï¤»¤Ï°Ê²¼¤ÎÄ̤ꡣ
- dst host host
- ¥Ñ¥±¥Ã¥È¤Î IPv4/v6 ¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥Õ¥£¡¼¥ë¥É¤¬ host ¤Ç¤¢¤ë¤È¤¿¿¡£¥¢¥É¥ì¥¹¤Ç¤â̾Á°¤Ç¤â¤è¤¤
- src host host
- ¥Ñ¥±¥Ã¥È¤Î IPv4/v6 ¥½¡¼¥¹¥Õ¥£¡¼¥ë¥É¤¬ host ¤Ç¤¢¤ë¤È¤¿¿¡£
- host host
- ¥Ñ¥±¥Ã¥È¤Î IPv4/v6 ¥½¡¼¥¹¤Þ¤¿¤Ï IP/v4/v6 ¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥Õ¥£¡¼¥ë¥É¤¬ host ¤Ç¤¢¤ë¤È¤¿¿¡£ ¾åµ¤Î³Æ host ¤ò¼¨¤¹¾ò·ï¼°¤Ë¤Ï ip¡¢arp¡¢rarp¡¢ip6 ¤Î¤¤¤º¤ì¤«¤òÉղ䷤Ƥâ¤è¤¤¡£
ip host host
¤Ï²¼µ¤ÈƱ¤¸¡£ether proto \ip and host host
¤â¤· host ¤Î̾Á°¤¬Ê£¿ô¤Î IP ¥¢¥É¥ì¥¹¤ò»ý¤Ä»þ¤Ï¤½¤ì¤¾¤ì¤Î¥¢¥É¥ì¥¹¤Ë°ìÃפ¹¤ë¡£ - ether dst ehost
- ¥¤¡¼¥µ¥Í¥Ã¥È¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥¢¥É¥ì¥¹¤¬ ehost ¤Ç¤¢¤ë¤È¤¤Ë¿¿¡£ ehost ¤Ï /etc/ethers ¤«¿ôÃͤǤ¢¤ë(¿ôÃͤΥե©¡¼¥Þ¥Ã¥È¤Ë¤Ä¤¤¤Æ¤Ï ethers(3N) ¤ò»²¾È¤Î¤³¤È)¡£
- ether src ehost
- ¥¤¡¼¥µ¥Í¥Ã¥È¥½¡¼¥¹¥¢¥É¥ì¥¹¤¬ ehost ¤Ç¤¢¤ë¤È¤¤Ë¿¿¡£
- ether host ehost
- ¥¤¡¼¥µ¥Í¥Ã¥È¥½¡¼¥¹¥¢¥É¥ì¥¹¤«¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥¢¥É¥ì¥¹¤¬ ehost ¤Ç¤¢¤ë¤È¤¤Ë¿¿¡£
- gateway host
- ¥Ñ¥±¥Ã¥È¤¬ host ¤ò¥²¡¼¥È¥¦¥§¥¤¤È¤·¤Æ¤¤¤ë¤È¤¤Ë¿¿¡£ ¤¹¤Ê¤ï¤Á¡¢¥¤¡¼¥µ¥Í¥Ã¥È¥½¡¼¥¹/¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥¢¥É¥ì¥¹¤Ï host ¤Ç¤¢¤ë¤¬¡¢ IP ¥½¡¼¥¹/¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥¢¥É¥ì¥¹¤Ï host ¤Ç¤Ï¤Ê¤¤¤È¤¤Î¤³¤È¡£ host ¤Ï̾Á°¤Ç¤¢¤ê¡¢¤Þ¤¿ /etc/hosts ¤È /etc/ethers ¤ÎξÊý¤ËµºÜ¤µ¤ì¤Æ¤¤¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤ (¤³¤Î¾ò·ï¼°¤Ï host / ehost ¤½¤ì¤¾¤ì¤ò̾Á°¤«ÈÖ¹æ¤Çµ½Ò¤¹¤ë
ether host ehost and not host host
¤ÈƱÅù¤Ç¤¢¤ë)¡£ ¤³¤Îʸˡ¤Ïº£¤Î¤È¤³¤í IPv6 ¤ò͸ú¤Ë¤·¤¿ÀßÄê¤Ç¤ÏÀµ¤·¤¯Æ°ºî¤·¤Ê¤¤¡£ - dst net net
- ¥Ñ¥±¥Ã¥È¤Î IPv4/v6 ¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥¢¥É¥ì¥¹¤¬ net ¥Í¥Ã¥È¥ï¡¼¥¯¤ò ´Þ¤ó¤Ç¤¤¤ë¤È¤¤Ë¿¿¡£net ¤Ï/etc/networks ¤ËµºÜ¤µ¤ì¤ë̾Á°¤«¥Í¥Ã¥È ¥ï¡¼¥¯ÈÖ¹æ¤Ç¤¢¤ë( networks(4) ¤ò»²¾È)¡£
- src net net
- ¥Ñ¥±¥Ã¥È¤Î IPv4/v6 ¥½¡¼¥¹¥¢¥É¥ì¥¹¤¬ net ¥Í¥Ã¥È¥ï¡¼¥¯¤Î¤â¤Î¤Ç¤¢¤ë¤È¤¤Ë¿¿¡£
- net net
- ¥Ñ¥±¥Ã¥È¤Î IPv4/v6 ¥½¡¼¥¹/¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥¢¥É¥ì¥¹¤¬ net ¥Í¥Ã¥È¥ï¡¼¥¯¤Ç¤¢¤ë¤È¤¤Ë¿¿¡£
- net net mask mask
- IP ¥¢¥É¥ì¥¹¤¬ netmask ¤Ç¥Þ¥¹¥¯¤·¤Æ net ¤Ë°ìÃפ¹¤ë¤È¤¤Ë¿¿¡£src ¤« dst ¤Ç½¤¾þ¤·¤Æ¤â¤è¤¤¡£ ¤³¤Îʸˡ¤Ï net ¤¬ IPv6 ¤Î¤È¤¤Ë¤ÏÉÔÀµ¤Ç¤¢¤ë¤³¤È¤ËÃí°Õ¡£
- net net/len
- IPv4/v6 ¥¢¥É¥ì¥¹¤¬ len ¥Ó¥Ã¥È¤Înetmask ¤Ç¥Þ¥¹¥¯¤·¤Æ net ¤Ë°ìÃפ¹¤ë¤È¤¤Ë¿¿¡£src ¤« dst ¤Ç½¤¾þ¤·¤Æ¤â¤è¤¤¡£
- dst port port
- ¥Ñ¥±¥Ã¥È¤¬ ip/tcp ¤« ip/udp ¤« ipv6/tcp ¤« ipv6/udp ¤Ç¤¢¤ë¾ì¹ç¤Ç¡¢ ¹Ô¤Àè¤Î port Èֹ椬 port ¤Ç¤¢¤ë¤È¤¤Ë¿¿¡£ Port ¤ÏÈÖ¹æ¤Î¿ôÃͤ« /etc/services ¤Ë¤è¤ë̾Á°¤òÍøÍѤǤ¤ë( tcp(4P) ¤È udp(4P) ¤ò»²¾È¤Î¤³¤È)¡£Ì¾Á°¤¬ÍøÍѤµ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï port ÈÖ¹æ¤È protocol ¤ÎξÊý¤Ç¾È¹ç¤µ¤ì¤ë¡£ Èֹ椫¿½Å¤ËÄêµÁ¤µ¤ì¤Æ¤¤¤ë̾Á°¤¬ÍøÍѤµ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï port ÈÖ¹æ¤À¤±¤¬¾È¹ç¤µ¤ì¤ë (Îã: dst port 513 ¤Ï tcp/login ¤È udp/who ¤ÎξÊý¤ÎÄÌ¿®¤òɽ¼¨¤¹¤ë¤·¡¢ port domain ¤Ï tcp/domain ¤È udp/domain ¤ÎξÊý¤òɽ¼¨¤¹¤ë)¡£
- src port port
- ¥Ñ¥±¥Ã¥È¤¬ port ÈÖ¹æ¤Î¥Ý¡¼¥È¤ò¥½¡¼¥¹¤Ë¤·¤Æ¤¤¤ë¤È¤¿¿¡£
- port port
- ¥Ñ¥±¥Ã¥È¤Î¥½¡¼¥¹¤«¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥Ý¡¼¥È¤¬ port ¤Ç¤¢¤ë¤È¤¿¿¡£ ¤³¤Î port ¤ò»ØÄꤹ¤ë¾ò·ï¼°¤Ï tcp ¤È udp ¤Î¥¡¼¥ï¡¼¥É¤òÉղ䷤Ƥâ¤è¤¤:
tcp src port port
¤Ï port ¤ò¥½¡¼¥¹¤È¤¹¤ë tcp ¤Î¥Ñ¥±¥Ã¥È¤Î¤ß¤Ë°ìÃפ¹¤ë¡£ - less length
- ¥Ñ¥±¥Ã¥È¤¬ length °Ê²¼¤Î¤È¤¤Ë¿¿¡£ ¤³¤ì¤Ï²¼µ¤ÈƱ¤¸:
len <= length.
- greater length
- ¥Ñ¥±¥Ã¥È¤¬ length °Ê¾å¤Î¤È¤¤Ë¿¿¡£ ¤³¤ì¤Ï²¼µ¤ÈƱ¤¸:
len >= length.
- ip proto protocol
- ¥Ñ¥±¥Ã¥È¤¬ protocol ·¿¤Î¥×¥í¥È¥³¥ë¤Î IP ¥Ñ¥±¥Ã¥È( ip(4P) ¤ò»²¾È)¤Î¤â¤Î¤Ç¤¢¤ë¤È¤¿¿¡£ protocol ¤È¤·¤ÆÍøÍѤǤ¤ë¤Î¤Ï¿ôÃÍ¤È icmp¡¢ igrp¡¢udp¡¢nd¡¢tcp ¤Ç¤¢¤ë¡£tcp¡¢udp¡¢ icmp ¤Ï¥¡¼¥ï¡¼¥É¤Ç¤â¤¢¤ë¤Î¤Ç¡¢¥Ð¥Ã¥¯¥¹¥é¥Ã¥·¥å(\)¤Ç¥¡¼¥ï¡¼¥É ¤È¤·¤Æ²ò¼á¤µ¤ì¤ë¤Î¤ò²óÈò¤¹¤ëɬÍפ¬¤¢¤ë¡£C-Shell ¤Ç¤Ï \\ ¤ò»È¤¦¡£ ¤³¤ÎÍ×ÁǤϥץí¥È¥³¥ë¥Ø¥Ã¥À¥Á¥§¥¤¥ó¤òÄÉÀפ·¤Ê¤¤¤³¤È¤ËÃí°Õ¡£
- ip6 proto protocol
- ¥Ñ¥±¥Ã¥È¤¬protocol·¿¤Î IPv6 ¥Ñ¥±¥Ã¥È¤Ç¤¢¤ë¤È¤¤Ë¿¿¡£ ¤³¤ÎÍ×ÁǤϥץí¥È¥³¥ë¥Ø¥Ã¥À¥Á¥§¥¤¥ó¤òÄÉÀפ·¤Ê¤¤¤³¤È¤ËÃí°Õ¡£
- ip6 protochain protocol
- ¥Ñ¥±¥Ã¥È¤¬ IPv6 ¥Ñ¥±¥Ã¥È¤Ç¤¢¤ê¡¢ ¤½¤Î¥×¥í¥È¥³¥ë¥Ø¥Ã¥À¥Á¥§¥¤¥ó¤ÎÃæ¤Ëprotocol·¿¤Î¥×¥í¥È¥³¥ë¥Ø¥Ã¥À¤¬¤¢¤ë¾ì¹ç¤Ë¿¿¡£ Î㤨¤Ð¡¢
ip6 protochain 6
¤Ï ¥×¥í¥È¥³¥ë¥Ø¥Ã¥À¥Á¥§¥¤¥ó¤Ë TCP ¥×¥í¥È¥³¥ë¤ò»ý¤Ä IPv6 ¥Ñ¥±¥Ã¥È¤Ë°ìÃפ¹¤ë¡£ ¥Ñ¥±¥Ã¥È¤Ë¤Ï¡¢Î㤨¤Ðǧ¾Ú¥Ø¥Ã¥À¡¢¥ë¡¼¥Æ¥£¥ó¥°¥Ø¥Ã¥À¡¢ hop-by-hop¥Ø¥Ã¥À¤Ê¤É¤¬IPv6 ¥Ø¥Ã¥À¤È TCP ¥Ø¥Ã¥À¤Î´Ö¤Ë´Þ¤Þ¤ì¤ë¤«¤â¤·¤ì¤Ê¤¤¡£ ¤³¤ÎÍ×ÁǤ¬ºî¤ê½Ð¤¹ BPF ¥³¡¼¥É¤ÏÊ£»¨¤Ç¡¢ tcpdump¤Î BPF ºÇŬ²½¥³¡¼¥É¤ÇºÇŬ²½¤Ç¤¤Ê¤¤¡£ ¤½¤Î¤¿¤á¡¢¾¯¤·ÃÙ¤¤¤«¤â¤·¤ì¤Ê¤¤¡£ - ip protochain protocol
- ip6 protochain protocol ¤ÈƱÍͤÀ¤¬¡¢¤³¤ì¤Ï IPv4 ¤Î¤¿¤á¤Î¤â¤Î¤Ç¤¢¤ë¡£
- ether broadcast
- ¥Ñ¥±¥Ã¥È¤¬¥¤¡¼¥µ¥Í¥Ã¥È¤Î¥Ö¥í¡¼¥É¥¥ã¥¹¥È¤Ç¤¢¤ë¤È¤¿¿¡£ether ¤Ï¤Ê¤¯¤Æ¤â¤è¤¤¡£
- ip broadcast
- ¥Ñ¥±¥Ã¥È¤¬ IP ¥Ö¥í¡¼¥É¥¥ã¥¹¥È¥Ñ¥±¥Ã¥È¤Ç¤¢¤ë¤È¤¿¿¡£¤³¤ì¤ÏÁ´¤Æ 0 ¤È Á´¤Æ 1 ¤ÎξÊý¤Î¥Ö¥í¡¼¥É¥¥ã¥¹¥È·Á¼°¤ËÂбþ¤·¡¢¤µ¤é¤Ë¥µ¥Ö¥Í¥Ã¥È¥Þ¥¹¥¯¤Ë¤âÂбþ¤·¤Æ¤¤¤ë¡£
- ether multicast
- ¥Ñ¥±¥Ã¥È¤¬¥¤¡¼¥µ¥Í¥Ã¥È¤Î¥Þ¥ë¥Á¥¥ã¥¹¥È¤Ç¤¢¤ë¤È¤¿¿¡£ether ¤Ï¤Ê¤¯¤Æ ¤â¤è¤¤¡£¤³¤ì¤Ï `ether[0] & 1 != 0'¤Î¾ÊάµË¡¤Ç¤¢¤ë¡£
- ip multicast
- ¥Ñ¥±¥Ã¥È¤¬ IP ¤Î¥Þ¥ë¥Á¥¥ã¥¹¥È¤Ç¤¢¤ë¤È¤¿¿¡£
- ip6 multicast
- ¥Ñ¥±¥Ã¥È¤¬ IPv6 ¥Þ¥ë¥Á¥¥ã¥¹¥È¥Ñ¥±¥Ã¥È¤Ç¤¢¤ë¤È¤¿¿¡£
- ether proto protocol
- ¥Ñ¥±¥Ã¥È¤¬ ether ¤Î protocol ·¿¤Î¤â¤Î¤Ç¤¢¤ë¤È¤¿¿¡£ protocol ¤Ë¤ÏÈֹ椫 ip¡¢ip6¡¢arp¡¢rarp ¤Î̾Á°¤¬Íø ÍѲÄǽ¡£¤³¤ì¤é¤Î¼±Ê̻Ҥϥ¡¼¥ï¡¼¥É¤Ç¤â¤¢¤ë¤Î¤Ç¡¢¥Ð¥Ã¥¯¥¹¥é¥Ã¥·¥å(\)¤Ç ¥¡¼¥ï¡¼¥É¤È¤·¤Æ²ò¼á¤µ¤ì¤ë¤Î¤ò²óÈò¤¹¤ëɬÍפ¬¤¢¤ë¡£ [ FDDI (¤¿¤È¤¨¤Ð `fddi protocol arp')¤Î¾ì¹ç¡¢¥×¥í¥È¥³¥ë¤Î¼±ÊÌÊýË¡¤Ï 802.2 Logical Link Control (LLC) ¥Ø¥Ã¥À¡¼¤Ë¤è¤ë¡£¤½¤ì¤ÏÄ̾ï¤Ï FDDI ¥Ø¥Ã¥À¡¼¤ÎÀèƬ¤ËÃÖ¤«¤ì¤Æ¤¤¤ë¡£tcpdump ¤Ï ¥×¥í¥È¥³¥ë¼±ÊÌ»Ò¤Ç ¥Õ¥£¥ë¥¿¡¼¤¹¤ë¾ì¹ç¤Ë¡¢Á´¤Æ¤Î FDDI ¥Ñ¥±¥Ã¥È¤Ï LLC ¥Ø¥Ã¥À¡¼¤ò»ý¤Ã¤Æ¤¤¤Æ¡¢ ¤½¤Î LLC ¥Ø¥Ã¥À¡¼¤Ï SNAP ¤È¸Æ¤Ð¤ì¤ë·Á¼°¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤â¤Î¤È¤ß¤Ê¤¹¡£ ]
- decnet src host
- DECNET ¤Ë¤ª¤¤¤Æ¥½¡¼¥¹¥¢¥É¥ì¥¹¤¬``10.123''¤Î¤è¤¦¤Ê¥¢¥É¥ì¥¹¤ä DECNET¤Î¥Û ¥¹¥È¥Í¡¼¥à¤Î·Á¼°¤Ç»Ø¼¨¤µ¤ì¤ë host ¤È°ìÃפ¹¤ë¤È¤¿¿¡£[DECNET¤Î¥Û¥¹¥È¥Í¡¼¥à·Á¼°¤Ï DECNET¤ËÀܳ¤µ¤ì¤¿ ultrix ¥·¥¹¥Æ¥à¤Ë¤ª¤¤¤Æ¤Î¤ßÍøÍѲÄǽ¤Ç¤¢¤ë¡£]
- decnet dst host
- DECNET¤Ë¤ª¤¤¤Æ¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥¢¥É¥ì¥¹¤¬ host ¤Ë°ìÃפ¹¤ë¤È¤¿¿¡£
- decnet host host
- DECNET¤Ë¤ª¤¤¤Æ¡¢¥½¡¼¥¹¤Þ¤¿¤Ï¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥¢¥É¥ì¥¹¤¬ host ¤Ë°ìÃפ¹¤ë¤È¤¤Ë¿¿¡£
- ip, ip6, arp, rarp, decnet
- ²¼µ¤Ë¤ª¤¤¤Æ:
ether proto p
p ¤ò¤½¤Î¤¤¤º¤ì¤«¤Î¥×¥í¥È¥³¥ë¤È¤¹¤ë¤Î¤ÈƱÅù¤Ç¤¢¤ë¡£ - lat, moprc, mopdl
- ²¼µ¤Ë¤ª¤¤¤Æ:
ether proto p
p ¤ò¤½¤Î¤¤¤º¤ì¤«¤Î¥×¥í¥È¥³¥ë¤È¤¹¤ë¤Î¤ÈƱÅù¤Ç¤¢¤ë¡£ tcpdump ¤Ï¤³¤ì¤é¤Î¥×¥í¥È¥³¥ë¤Î²òÀÏÊýË¡¤ÏÀµ³Î¤Ë¤ÏÃΤé¤Ê¤¤ÅÀ¤ËÃí°Õ ¤¹¤ë¤³¤È¡£ - tcp, udp, icmp
- ²¼µ¤Ë¤ª¤¤¤Æ:
ip proto pip6 proto p
p ¤ò¤½¤Î¤¤¤º¤ì¤«¤Î¥×¥í¥È¥³¥ë¤È¤¹¤ë¤Î¤ÈƱÅù¤Ç¤¢¤ë¡£ - expr relop expr
- ´Ø·¸¼°¤¬À®¤êΩ¤Æ¤Ð¿¿¡£relop(±é»»»Ò)¤Ï >¡¢<¡¢>=¡¢<=¡¢=¡¢!= ¤Î¤¤¤º ¤ì¤«°ì¤Ä¤Ç¤¢¤ê¡¢expr(ɽ¸½) ¤ÏÀ°Äê¿ô¤Ë¤è¤ë¿ôÃÍɽ¸½ (ɽ¸½ÊýË¡¤Ïɸ½à Ū¤Ê C ¤Îʸˡ¤Ë¤·¤¿¤¬¤¦)¡¢É¸½àŪ¤ÊÆó¹à±é»»»Ò[+¡¢-¡¢*¡¢/¡¢&¡¢|]¡¢Ä¹¤µ±é»»»Ò¡¢¥Ñ ¥±¥Ã¥È¥Ç¡¼¥¿¥¢¥¯¥»¥¹±é»»»Ò¤Î¤¤¤º¤ì¤«¡£¥Ñ¥±¥Ã¥ÈÆâ¤Î¥Ç¡¼¥¿¤ËÂФ·¤ÆŬÍѤ¹¤ë¤Ë¤Ï¤³¤Î¤è¤¦¤Ëµ½Ò¤¹¤ë:
proto [ expr : size ]
proto ¤Ï ether¡¢fddi¡¢ip¡¢arp¡¢rarp¡¢tcp¡¢udp¡¢icmp¡¢ip6 ¤Î¤¤¤º¤ì¤«¤Ç ÁàºîÂоݤΥץí¥È¥³¥ëÁؤò»Ø¼¨¤¹¤ë¡£ tcp, udp ¤È¤½¤Î¾¤Î¾å°Ì¥×¥í¥È¥³¥ëÁØ¤Ï IPv4 ¤Ç¤Î¤ßÍøÍѤǤ¡¢ IPv6¤Ç¤ÏÍøÍѤǤ¤Ê¤¤¤³¤È¤ËÃí°Õ¡£(¤³¤ì¤Ï¾Í轤Àµ¤µ¤ì¤ë¤À¤í¤¦) »Ø¼¨¤µ¤ì¤¿¥×¥í¥È¥³¥ëÁؤˤĤ¤¤Æ¤Î¥Ð¥¤¥È¥ª¥Õ¥»¥Ã¥È¤Ï expr ¤Ç»ØÄꤹ¤ë¡£ size ¤ò»Ø¼¨¤¹¤ë¾ì¹ç¤ÏÃíÌܤ¹¤ë¥Õ¥£¡¼¥ë¥É¤Ç¤Î¥Ð¥¤¥È¿ô¤Ç»Ø¼¨¤¹¤ë¤¬¡¢ ¤½¤ì¤Ï one¡¢two ¤Þ¤¿ four ¤Î¤¤¤º¤ì¤«¤òÍѤ¤¤ë¡£»Ø¼¨¤Î¤Ê¤¤¾ì¹ç¤Ï one ¤Ç ¤¢¤ë¤È¤ß¤Ê¤¹¡£Ä¹¤µ±é»»»Ò¤Ï¥¡¼¥ï¡¼¥É len ¤Ç¼¨¤µ¤ì¡¢¥Ñ¥±¥Ã¥ÈŤòÍ¿¤¨¤ë¡£ ¤¿¤È¤¨¤Ð¡¢`ether[0] & 1 != 0'¤È¤¤¤¦¾ò·ï¼°¤Ï¤¹¤Ù¤Æ¤Î¥Þ¥ë¥Á¥¥ã¥¹¥È ¤Ë¤è¤ëÄÌ¿®¤ò¤È¤é¤¨¤ë¡£`ip[0] & 0xf != 5' ¤È¤¤¤¦¾ò·ï¼°¤Ï¤¹¤Ù¤Æ¤Î¥ª ¥×¥·¥ç¥óÉÕ¤¤Î IP ¥Ñ¥±¥Ã¥È¤ò¤È¤é¤¨¤ë¡£`ip[6:2] & 0x1fff = 0'¤Ï¥Õ¥é ¥°¥á¥ó¥È²½¤µ¤ì¤Æ¤¤¤Ê¤¤¥Ç¡¼¥¿¥°¥é¥à¤« 0 ÈÖ¤Î(ºÇ½é¤Î)¥Õ¥é¥°¥á¥ó¥È¤À¤±¤òɽ¼¨¤¹¤ë¡£ ¤Ê¤ª¡¢¤³¤Î¾ò·ï¤Ï tcp ¤È udp ¤Ø¤ÎŬÍѤò°Å¼¨¤·¤Æ¤¤¤ë¡£¤µ¤é ¤Ë tcp[0] ¤Ï TCP ¥Ø¥Ã¥À ¤ÎºÇ½é¤Î¥Ð¥¤¥È¤ò°ÕÌ£¤¹¤ë¤¬¡¢¥Õ¥é ¥°¥á¥ó¥È¤ÎÀèƬ¤Î¥Ð¥¤¥È¤Ç¤Ï¤¢¤ê¤¨¤Ê¤¤¡£
Í×ÁǤòÊ£¹ç¤µ¤»¤ÆÍѤ¤¤ë¾ì¹ç:
- ³ç¸Ì¤Ç¥°¥ë¡¼¥×ʬ¤±¤¹¤ëÍ×ÁǤȱ黻»Ò(³ç¸Ì¤Ï¥·¥§¥ë¤Ë¤È¤Ã¤Æ¤âÆÃÊ̤ʰÕÌ£¤ò»ý¤Ä¤Î¤Ç¤¿¤Ö¤ó¥¨¥¹¥±¡¼¥×¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤Ê¤¤¤À¤í¤¦)¡£
- ÈÝÄê (`!' or `not').
- ·ë¹ç (`&&' or `and').
- Âò°ì (`||' or `or').
ÈÝÄê¤Ï¤â¤Ã¤È¤â¹â¤¤Í¥ÀèÅÙ¤ò¤â¤Ä¡£Âò°ì¤È·ë¹ç¤ÏƱÅù¤ÎÍ¥ÀèÅÙ¤ò»ý¤Á¡¢ º¸¤«¤é±¦¤Øɾ²Á¤µ¤ì¤ë¡£ ·ë¹ç¤ÏÊ»µ¤¹¤ë¤À¤±¤Ç¤Ê¤¯ÌÀ¼¨Åª¤Ê and ¥È¡¼¥¯¥ó¤¬É¬Íפʤ³¤È¤ËÃí°Õ¤¹¤ë¤³¤È¡£
¥¡¼¥ï¡¼¥É¤Ê¤·¤Ç¼±Ê̻Ҥ¬¤¢¤é¤ï¤ì¤¿¾ì¹ç¡¢Ä¾Á°¤Ë¤¢¤é¤ï¤ì¤¿¥¡¼¥ï¡¼¥É¤ò ȼ¤Ã¤Æ¤¤¤ë¤È¤ß¤Ê¤µ¤ì¤ë¡£ ¤¿¤È¤¨¤Ð¡¢
not host vs and ace
¤Ïnot host vs and host ace
¤Î¾Êά¤Ç¤¢¤ê¡¢¤³¤ì¤Ïnot ( host vs or ace )
¤È¤Ï°ã¤¦¡£tcpdump ¤ËÅϤ¹¾ò·ï¼°¤ÏÅÔ¹ç¤Î¤è¤¤¤è¤¦¤Ë¡¢Ã±°ì¤È¤·¤Æ¤âÊ£¿ô¤È¤·¤Æ¤â¤è¤¤¡£ °ìÈ̤˥·¥§¥ë¤Î¥á¥¿¥¥ã¥é¥¯¥¿¤ò´Þ¤à¤è¤¦¤Ê¾ò·ï¼°¤Î¾ì¹ç¤Ïñ°ì¤Î¥¯¥ª¡¼¥È¤·¤¿°ú¿ô¤È¤·¤ÆÅϤ¹¤Î¤¬¤è¤¤¡£ Ê£¿ô¤Î°ú¿ô¤Ïɾ²Á¤ÎľÁ°¤Ë¶õÇò¤Ç·ë¹ç¤µ¤ì¤ë¡£
- ¥À¥ó¥×¤¹¤ë¥Ñ¥±¥Ã¥È¤Î¼ïÎà¤òÁªÂò¤¹¤ë¡£ expression ¤¬Í¿¤¨¤é¤ì¤Ê¤¤¤È¤¤Ï¡¢¥Í¥Ã¥È¥ï¡¼¥¯¾å¤Î¤¹¤Ù¤Æ¤Î¥Ñ¥±¥Ã¥È¤ò¥À¥ó¥×¤¹¤ë¡£ ¤½¤¦¤Ç¤Ê¤±¤ì¤Ð¡¢expression ¤¬`true'(¿¿) ¤È¤Ê¤ë¥Ñ¥±¥Ã¥È¤À¤±¤ò¥À¥ó¥×¤¹¤ë¡£
Îã
¥Û¥¹¥È sundown ¤Ë¤«¤«¤ï¤ëÁ´¤Æ¤ÎÆþ½ÐÎϥѥ±¥Ã¥È¤òɽ¼¨¤¹¤ë:
-
tcpdump host sundown
¥Û¥¹¥È helios ¤È hot ¤¢¤ë¤¤¤Ï ace ¤È¤ÎÄÌ¿®¤òɽ¼¨¤¹¤ë:
-
tcpdump host helios and \( hot or ace \)
¥Û¥¹¥È ace ¤È helios ¤ò½ü¤¯Á´¤Æ¤Î¥Û¥¹¥È¤È¤ÎIP¥Ñ¥±¥Ã¥È¤òɽ¼¨¤¹¤ë:
-
tcpdump ip host ace and not helios
¥í¡¼¥«¥ë¥Í¥Ã¥È¤Î¥Û¥¹¥È·²¤È¥Í¥Ã¥È¥ï¡¼¥¯ Berkeley ¤Î¥Û¥¹¥È·²¤È¤ÎÄÌ¿®¤òɽ¼¨¤¹¤ë:
-
tcpdump net ucb-ether
¥¤¥ó¥¿¡¼¥Í¥Ã¥È¤Ø¤Î¥²¡¼¥È¥¦¥§¥¤¤Î snup ¤òÄ̲᤹¤ëÁ´¤Æ¤Î ftp ÄÌ¿®¤òɽ¼¨¤¹¤ë(¾ò·ï¼°¤Ï¥·¥§¥ë¤¬³ç¸Ì¤ò(¸í¤Ã¤Æ)²ò¼á¤¹¤ë¤Î¤òÈò¤±¤ë¤¿¤á¤Ë¥¯¥ª¡¼¥È¤µ¤ì¤Æ¤¤¤ëÅÀ¤ËÃí°Õ¤»¤è):
-
tcpdump 'gateway snup and (port ftp or ftp-data)'
¥í¡¼¥«¥ë¥Û¥¹¥È¤Ø¤ÎÆþ½ÐÎϤÎÄÌ¿®¤ò½ü³°¤·¤Æɽ¼¨¤¹¤ë(¾¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Ø¤Î¥²¡¼¥È¥¦¥§¥¤¤Ç¤¢¤ë¤È¤·¤Æ¡¢¥í¡¼¥«¥ë¥Í¥Ã¥È¥ï¡¼¥¯¤ò½ü³°¤¹¤ëÎã):
-
tcpdump ip and not net localnet
¥í¡¼¥«¥ë¥Û¥¹¥È°Ê³°¤¬´Ø¤ï¤ë TCP ÄÌ¿®¤Î TCP ¥¹¥¿¡¼¥È¤È¥¨¥ó¥É¤Î¥Ñ¥±¥Ã¥È(SYN ¤È FIN ¤Î¥Ñ¥±¥Ã¥È)¤òɽ¼¨¤¹¤ë:
-
tcpdump 'tcp[13] & 3 != 0 and not src and dst net localnet'
¥²¡¼¥È¥¦¥§¥¤ snup ¤òÄ̲᤹¤ë 576 ¥Ð¥¤¥È°Ê¾å¤Î IP ¥Ñ¥±¥Ã¥È¤òɽ¼¨¤¹¤ë:
-
tcpdump 'gateway snup and ip[2:2] > 576'
¥¤¡¼¥µ¥Í¥Ã¥È¤Î¥Ö¥í¡¼¥É¥¥ã¥¹¥È¤Þ¤¿¤Ï¥Þ¥ë¥Á¥¥ã¥¹¥È¤ò ɬÍפȤ·¤Ê¤¤ IP ¤Î¥Ö¥í¡¼¥É¥¥ã¥¹¥È¤Þ¤¿¤Ï¥Þ¥ë¥Á¥¥ã¥¹¥È¤òɽ¼¨¤¹¤ë:
-
tcpdump 'ether[0] & 1 = 0 and ip[16] >= 224'
echo Í×µá/±þÅú(¤Ä¤Þ¤ê ping ¤Î¥Ñ¥±¥Ã¥È)°Ê³°¤Î¤¹¤Ù¤Æ¤Î ICMP ¥Ñ¥±¥Ã¥È¤òɽ¼¨¤¹¤ë:
-
tcpdump 'icmp[0] != 8 and icmp[0] != 0"
½ÐÎÏ·Á¼°
tcpdump ¤Î½ÐÎϤϥץí¥È¥³¥ë¤Ë°Í¸¤¹¤ë¡£²¼µ¤ÏÂçÉôʬ¤ÎÍͼ°¤Î´Êñ¤Ê²òÀâ¤ÈÎã¤Ç¤¢¤ë¡£
¥ê¥ó¥¯¥ì¥Ù¥ë¥Ø¥Ã¥À
`-e' ¥ª¥×¥·¥ç¥ó¤¬»Ø¼¨¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¡¢¥ê¥ó¥¯¥ì¥Ù¥ë¥Ø¥Ã¥À¤¬É½¼¨¤µ¤ì¤ë¡£ ¥¤¡¼¥µ¥Í¥Ã¥È¤Ç¤Ï¥½¡¼¥¹¤ª¤è¤Ó¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¤Î¥¢¥É¥ì¥¹¤È¥Ñ¥±¥Ã¥ÈŤ¬É½¼¨¤µ¤ì¤ë¡£
FDDI ¤Î¥Í¥Ã¥È¥ï¡¼¥¯¤Ë¤ª¤¤¤Æ¤Ï '-e' ¥ª¥×¥·¥ç¥ó¤Ë¤è¤ê tcpdump ¤Ï¡¢¥½ ¡¼¥¹¤ª¤è¤Ó¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¤Î¥¢¥É¥ì¥¹¤È¥Ñ¥±¥Ã¥ÈŤ«¤é¤Ê¤ë¥Õ¥ì¡¼¥àÀ©¸æ¥Õ¥£¡¼¥ë¥É¤òɽ¼¨¤¹¤ë¡£(¥Õ¥ì¡¼¥àÀ©¸æ¥Õ¥£¡¼¥ë¥É¤Ï¥Ñ¥±¥Ã¥È¤Î»Ä¤ê¤ÎÉôʬ¤Î²ò¼á ¤ÎÀ©¸æ¤ò¤ª¤³¤Ê¤¦)¡£(IP ¥Ç¡¼¥¿¥°¥é¥à¤ò´Þ¤à¤è¤¦¤Ê)Ä̾ï¤Î¥Ñ¥±¥Ã¥È¤ÏÍ¥ÀèÅÙ 0 ¤«¤é 7 ¤ò»ý¤Ä`async' ¥Ñ¥±¥Ã¥È¤Ç¤¢¤ë;¤¿¤È¤¨¤Ð `async 4'¡£¤³¤Î ¤è¤¦¤Ê¥Ñ¥±¥Ã¥È¤Ï 802.2 LLC ¤ò´Þ¤à¤È¤ß¤Ê¤µ¤ì¤ë¡£LLC¥Ø¥Ã¥À¤Ï¤½¤ì¤¬ ISO ¥Ç¡¼¥¿¥°¥é¥à¤ä¤¤¤ï¤æ¤ë SNAP ¥Ñ¥±¥Ã¥È ¤Ç¤Ê¤¤ ¤Ê¤é¤Ð¡¢É½¼¨¤µ¤ì¤ë¡£
(Ãí:°Ê²¼¤Îµ½Ò¤Ï RFC-1144 ¤Ë¤è¤ë SLIP °µ½Ì¥¢¥ë¥´¥ê¥º¥à¤òÍý²ò¤·¤Æ¤¤¤ë¤â¤Î¤È ¤ß¤Ê¤·¤Æµ½Ò¤·¤Æ¤¢¤ë)¡£
SLIP Àܳ¤Ç¤Ï¡¢Êý¸þ»Ø¼¨(``I''¤¬ÆþÎÏ¡¢``O''¤¬½ÐÎÏ)¡¢¥Ñ¥±¥Ã¥È¥¿¥¤¥×¤È°µ½Ì¾ðÊó¤¬É½¼¨¤µ¤ì¤ë¡£ ºÇ½é¤Ë¥Ñ¥±¥Ã¥È¥¿¥¤¥×¤¬É½¼¨¤µ¤ì¤ë¡£ ¥¿¥¤¥×¤Ë¤Ï ip¡¢utcp¡¢ctcp ¤Î»°¼ïÎब¤¢¤ë¡£ ip ¥Ñ¥±¥Ã¥È¤Ë¤Ä¤¤¤Æ¤³¤ì°Ê¾å¤Î¥ê¥ó¥¯¾ðÊó¤Ïɽ¼¨¤µ¤ì¤Ê¤¤¡£ TCP¥Ñ¥±¥Ã¥È¤ÏÀܳ¼±Ê̻Ҥ¬¼¡¤Ëɽ¼¨¤µ¤ì¤ë¡£ ¥Ñ¥±¥Ã¥È¤¬°µ½Ì¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï¤½¤ÎÉä¹æ²½¤µ¤ì¤¿¥Ø¥Ã¥À¤¬É½¼¨¤µ¤ì¤ë¡£ *S+n¡¢*SA+n ¤Èɽ¼¨¤µ¤ì¤ëÆÃÊ̤ʾõÂ֤⤢¤ë¡£¤³¤³¤Ç n ¤Ï¥·¡¼¥±¥ó¥¹ÈÖ¹æ(¤Þ¤¿¤Ï¥·¡¼¥±¥ó¥¹ÈÖ¹æ¤È ack)¤¬²¿²óÊѹ¹¤µ¤ì¤¿¤«¤ò¼¨¤¹¡£ ÆÃÊ̤ʾì¹ç¤Ç¤Ê¤±¤ì¤Ð¡¢¥¼¥í¤«¤Þ¤¿¤ÏÊѹ¹¤Î²ó¿ô¤¬½ÐÎϤµ¤ì¤ë¡£ Êѹ¹¤Ï U(urgent pointer)¡¢W(windows)¡¢A(ack)¡¢S(sequence number)¡¢I(packet ID)¤Ëº¹Ê¬(+n ¤« -n)¤Þ¤¿¤Ï¿·¤·¤¤ÃÍ(=n)¤ÎÁȹ礻¤Ç¼¨¤µ¤ì¤ë¡£ ºÇ¸å¤Ë¥Ñ¥±¥Ã¥È¤Î¥Ç¡¼¥¿¤¹¤Ù¤Æ¤È°µ½Ì¤µ¤ì¤¿¥Ø¥Ã¥À¤ÎŤµ¤¬É½¼¨¤µ¤ì¤ë¡£
¤³¤ÎÎã¤ÏÌÀ¼¨¤µ¤ì¤¿Àܳ¼±Ê̻Ҥò¤â¤Ä½ÐÎϤµ¤ì¤ë°µ½ÌTCP¥Ñ¥±¥Ã¥È¤ò¼¨¤¹¡£ ack ¤Ï 6²ó¹¹¿·¤µ¤ì¡¢¥·¡¼¥±¥ó¥¹ÈÖ¹æ¤Ï 49¤Ç¤¢¤ê ¥Ñ¥±¥Ã¥È¤Î ID¤Ï 6¤Ç¤¢¤ë; 3¥Ð¥¤¥È¤Î¥Ç¡¼¥¿¤È6¥Ð¥¤¥È¤Î°µ½Ì¥Ø¥Ã¥À¤ò»ý¤Ä
-
O ctcp * A+6 S+49 I+6 3 (6)
ARP/RARP ¥Ñ¥±¥Ã¥È
arp/rarp ½ÐÎϤÏÍ×µá¤Î¥¿¥¤¥×¤È¤½¤Î°ú¿ô¤òɽ¼¨¤¹¤ë¡£¥Õ¥©¡¼¥Þ¥Ã¥È¤½¤ì¼«ÂÎ ¤¬¼«¿È¤ÎÆâÍƤÎÀâÌÀ¤È¤Ê¤ë¡£¤³¤Îû¤¤Îã¤Ï¥Û¥¹¥È rtsg ¤«¤é csam ¤Ø¤Î `rlogin' ¤Î³«»Ï»þ¤Î¤â¤Î¤Ç¤¢¤ë¡£
-
arp who-has csam tell rtsg arp reply csam is-at CSAM
¤³¤ÎÎã¤Ï tcpdump -n ¤Ç¼Â¹Ô¤¹¤ë¤È¤³¤Î¤è¤¦¤Ë´Êά²½¤µ¤ì¤ë:
-
arp who-has 128.3.254.6 tell 128.3.254.68 arp reply 128.3.254.6 is-at 02:07:01:00:01:c4
Tcpdump -e ¤Ç¼Â¹Ô¤¹¤ë¤ÈºÇ½é¤Î¥Ñ¥±¥Ã¥È¤¬¥Ö¥í¡¼¥É¥¥ã¥¹¥È¤ÇÆóÈÖÌÜ¤Ï point-to-point ¤Ç¤¢¤ë¤³¤È¤¬¸«¤Æ¤È¤ì¤ë:
-
RTSG Broadcast 0806 64: arp who-has csam tell rtsg CSAM RTSG 0806 64: arp reply csam is-at CSAM
TCP ¥Ñ¥±¥Ã¥È
(Ãí: °Ê²¼¤Ï RFC-793 ¤Çµ½Ò¤µ¤ì¤ë TCP¥×¥í¥È¥³¥ë¤òÍý²ò¤·¤Æ¤¤¤ë¤â¤Î¤È ¤ß¤Ê¤·¤Æµ½Ò¤·¤Æ¤¢¤ë¡£¤â¤·¤³¤Î¥×¥í¥È¥³¥ë¤ËÄ̤¸¤Æ¤¤¤Ê¤¤¤è¤¦¤Ê¤é¡¢¤³¤Îµ ½Ò¤À¤±¤Ç¤Ê¤¯¡¢tcpdump ¤½¤Î¤â¤Î¤âÌò¤ËΩ¤¿¤Ê¤¤¤À¤í¤¦¤¬¡£)
°ìÈÌŪ¤Ê¥Õ¥©¡¼¥Þ¥Ã¥È¤Ï²¼µ¤ÎÄ̤ê:
-
src > dst: flags data-seqno ack window urgent options
src¡¢dst ¤È flags ¤Ï¤«¤Ê¤é¤ºÉ½¼¨¤µ¤ì¤ë¡£Â¾¤Î¥Õ¥£¡¼¥ë¥É¤Ï¥Ñ¥±¥Ã¥È¤Î TCP ¥×¥í¥È¥³¥ë¥Ø¥Ã¥À¤Ë°Í¸¤¹¤ë¤Î¤ÇɬÍפʾì¹ç¤Î¤ßɽ¼¨¤µ¤ì¤ë¡£
¤³¤ì¤Ï¥Û¥¹¥È rtsg ¤«¤é csam ¤Ø¤Îrlogin ¤Î³«»Ï»þ¤Î°ìÉô¡£
-
rtsg.1023 > csam.login: S 768512:768512(0) win 4096 <mss 1024> csam.login > rtsg.1023: S 947648:947648(0) ack 768513 win 4096 <mss 1024> rtsg.1023 > csam.login: . ack 1 win 4096 rtsg.1023 > csam.login: P 1:2(1) ack 1 win 4096 csam.login > rtsg.1023: . ack 2 win 4096 rtsg.1023 > csam.login: P 2:21(19) ack 1 win 4096 csam.login > rtsg.1023: P 1:2(1) ack 21 win 4077 csam.login > rtsg.1023: P 2:3(1) ack 21 win 4077 urg 1 csam.login > rtsg.1023: P 3:4(1) ack 21 win 4077 urg 1
¤³¤ì¤ËÂФ·¤Æ¡¢csam ¤Ï rtsg ¤Î SYN ¤ËÂФ¹¤ë ack ¤ò´Þ¤à¾¤ÏƱÅù¤ÎÆâÍƤΥѥ±¥Ã¥È¤òÊÖ¤·¤Æ¤¤¤ë¡£ ¤½¤³¤Ç¡¢rtsg ¤Ï csam ¤Î SYN ¤Ë ack ±þÅú¤òÊÖ¤¹¡£`.' ¤Ï¥Õ¥é¥°¤¬¥»¥Ã¥È¤µ¤ì¤Æ¤¤¤Ê¤¤¤³¤È¤ò¼¨¤¹¡£ ¤³¤Î¥Ñ¥±¥Ã¥È¤Ë¤Ï¥Ç¡¼¥¿¤¬´Þ¤Þ¤ì¤Ê¤¤¤Î¤Ç¡¢¥·¡¼¥±¥ó¥¹ÈÖ¹æ¤â¤Ê¤¤¡£ack ±þÅú¤Î¥·¡¼¥±¥ó¥¹ÈÖ¹æ¤Ï¾®¤µ¤ÊÀ°¿ô 1 ¤Ç¤¢¤ëÅÀ¤ËÃí°Õ¤¹¤ë¤³¤È¡£ ºÇ½é¤Ë tcp ¤Î¡Ö²ñÏáפò¸«¤¤¤À¤¹¤È¡¢tcpdump ¤Ï¤½¤Î¥Ñ¥±¥Ã¥È¤Î¥·¡¼ ¥±¥ó¥¹ÈÖ¹æ¤ò½ÐÎϤ¹¤ë¡£¤½¤Î²ñÏäΥѥ±¥Ã¥È¤«¤é¤Ï¡¢¤½¤Î¥·¡¼¥±¥ó¥¹ÈÖ¹æ¤È ½é´ü²½¤µ¤ì¤¿¥·¡¼¥±¥ó¥¹ÈÖ¹æ¤È¤Îº¹°Û¤¬É½¼¨¤µ¤ì¤ë¡£ ¤³¤ì¤ÏºÇ½é°Ê³°¤Î¥·¡¼¥±¥ó¥¹ÈÖ¹æ¤Ï¤½¤Î²ñÏäΥǡ¼¥¿¥°¥é¥à¤Ë¤ª¤±¤ëÁêÂÐŪ¤Ê ¥Ð¥¤¥È°ÌÃ֤Ȥ·¤Æ²ò¼á¤Ç¤¤ë¤³¤È¤ò°ÕÌ£¤¹¤ë (³Æ¥Ç¡¼¥¿¥°¥é¥à¤Ï 1 ¤«¤é»Ï¤Þ ¤ë)¡£ '-S' ¥ª¥×¥·¥ç¥ó¤Ï¤³¤Îµ¡Ç½¤ò̵»ë¤·¤Æ¡¢ËÜÍè¤Î¥·¡¼¥±¥ó¥¹ÈÖ¹æ¤ò½ÐÎϤ¹¤ë¡£
6 ¹ÔÌÜ¤Ç rtsg ¤Ï scam ¤Ø 19 ¥Ð¥¤¥È(rtsg ¤«¤é csam ¤ÎÊý¸þ¤Ø¡¢2 ¥Ð¥¤¥ÈÌÜ ¤«¤é 20 ¥Ð¥¤¥ÈÌܤޤÇ) ¤Î¥Ç¡¼¥¿¤òÁ÷¤ë¡£¤³¤Î¥Ñ¥±¥Ã¥È¤Ë¤Ï PUSH ¥Õ¥é¥°¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë¡£7 ¹ÔÌܤǡ¢ csam ¤Ï rtsg ¤¬Á÷¿®¤·¤¿¥Ç¡¼¥¿¤ò¼õ¿®¤·¤¿¡¢¤È¸À¤Ã¤Æ¤¤¤ë¤¬¡¢¤³¤ì¤Ë¤Ï 21 ¥Ð¥¤¥ÈÌܤϴޤޤì¤Ê¤¤¡£csam ¤Î¼õ¿® window ¤¬ 19 ¥Ð¥¤¥È¾®¤µ¤¯¤Ê¤Ã¤Æ¤¤¤ë¤³¤È¤« ¤é¡¢¤³¤Î¥Ç¡¼¥¿¤Ï¥½¥±¥Ã¥È¥Ð¥Ã¥Õ¥¡¤Ëα¤Þ¤Ã¤Æ¤¤¤ë¤È¿ä¬¤µ¤ì¤ë¡£csam ¤Ï¤Þ ¤¿ 1¥Ð¥¤¥È¤Î¥Ç¡¼¥¿¤ò rtsg ¤ËÁ÷¿®¤¹¤ë¡£8 ¹ÔÌÜ¤È 9 ¹ÔÌÜ¤È¤Ç csam ¤Ï urgent ¤ª¤è¤Ó pushed ÉÕ¤¤Î¥Ñ¥±¥Ã¥È 2¥Ð¥¤¥È ¤òrtsg ¤ØÁ÷¿®¤·¤Æ¤¤¤ë¡£
¤â¤·¡¢snapshot ¤¬¾®¤µ¤¹¤®¤Æ tcpdump ¤¬ TCP ¥Ø¥Ã¥À¤ÎÁ´¤Æ¤òª¤¨¤é¤ì¤Ê¤«¤Ã¤¿¾ì¹ç¤Ï¡¢¤Ç¤¤ë¤À¤± ¤Î²ò¼á¤ò¤·¤Æ¡¢¤½¤Î»Ä¤ê¤Ë¤Ï²ò¼áÉÔǽ¤À¤Ã¤¿¤â¤Î¤¬¤¢¤ë¤³¤È¤ò¼¨¤¹¤¿¤á¤Ë ``[|tcp]''¤Èɽ¼¨¤¹¤ë¡£¥Ø¥Ã¥À¤Ë°ÕÌ£ÉÔÌÀ¤Ê¥ª¥×¥·¥ç¥ó(¤¿¤È¤¨¤Ð¡¢¾® ¤µ¤¹¤®¤¿¤ê¡¢¥Ø¥Ã¥À¤è¤ê¤âŤ«¤Ã¤¿¤ê¤¹¤ë length ¤È¤«)¤¬ÀßÄꤵ¤ì¤Æ¤¤¤¿¾ì ¹ç¤Ï¡¢tcpdump ¤Ï ``[bad opt]''¤Èɽ¼¨¤·¡¢¤½¤ì°Ê¾å¤Î¥ª¥×¥·¥ç¥ó²òÀÏ ¤òÃæ»ß¤¹¤ë(¤½¤ì¤¬¤É¤³¤«¤é»Ï¤á¤é¤ì¤ë¤«¤ï¤«¤é¤Ê¤¤¤Î¤Ç)¡£ ¥Ø¥Ã¥ÀŤ¬¥ª¥×¥·¥ç¥ó¤òÁ÷¿®¤·¤¿¤³¤È¤ò¼¨¤·¤Æ¤¤¤ë¤Î¤Ë¡¢ IP ¥Ç¡¼¥¿¥°¥é¥àĹ¤Ï¤½¤³¤Ë¥ª¥×¥·¥ç¥ó¤ò´Þ¤á¤é¤ì¤Ê¤¤¤³¤È¤ò¼¨¤¹¾ì¹ç¤Ï tcpdump ¤Ï ``[bad hdr length]''¤Èɽ¼¨¤¹¤ë¡£
UDP ¥Ñ¥±¥Ã¥È
UDP ¤Ï¤³¤Î rwho ¤Î¥Ñ¥±¥Ã¥È¤ÇÀâÌÀ¤¹¤ë:
-
actinide.who > broadcast.who: udp 84
¤¤¤¯¤Ä¤Î¤«¤Î UDP ¥µ¡¼¥Ó¥¹¤Ë´Ø¤·¤Æ¤Ï(¤½¤Î¥½¡¼¥¹¤Þ¤¿¤Ï¥Ç¥£¥¹¥Í¡¼¥·¥ç¥ó ¤Î¥Ý¡¼¥ÈÈÖ¹æ¤è¤ê)²ò¼á¤¹¤ë¤³¤È¤¬¤Ç¤¡¢¤è¤ê¾å°Ì¤ÎÁؤˤª¤±¤ë¥×¥í¥È¥³¥ë ¾ðÊó¤òɽ¼¨¤¹¤ë¡£Æä˥ɥᥤ¥ó¥Í¡¼¥à¥µ¡¼¥Ó¥¹Í×µá(RFC-1034/1035)¤ä NFS ¤Ë¤Ä¤¤¤Æ¤Î Sun RPC (RFC-1050)¤Ë¤Ä¤¤¤Æ½ÐÎϤµ¤ì¤ë¡£
UDP ¥Í¡¼¥à¥µ¡¼¥Ó¥¹Í×µá
(Ãí:°Ê²¼¤Ï RFC-1035 ¤Çµ½Ò¤µ¤ì¤ë ¥É¥á¥¤¥ó¥Í¡¼¥à¥µ¡¼¥Ó¥¹¥×¥í¥È¥³¥ë¤ò Íý²ò¤·¤Æ¤¤¤ë¤â¤Î¤È¤ß¤Ê¤·¤Æµ½Ò¤·¤Æ¤¤¤ë¡£ ¤â¤·¤³¤Î¥×¥í¥È¥³¥ë¤ËÄ̤¸¤Æ¤¤¤Ê¤¤¤è¤¦¤Ê¤é¡¢°Ê²¼¤Îµ½Ò¤Ï¤Á¤ó¤×¤ó¤«¤ó¤×¤ó¤«¤â¤·¤ì¤Ê¤¤¡£)
¥Í¡¼¥à¥µ¡¼¥Ð¤ÎÍ×µá¤Ï¡¢
-
src > dst: id op? flags qtype qclass name (len) h2opolo.1538 > helios.domain: 3+ A? ucbvax.berkeley.edu. (37)
¤Î¤è¤¦¤Ê·Á¼°¤Ç¤¢¤ë¡£
Î㳰Ū¤Ê¤â¤Î¤ò¸¡½Ð¤·¤¿¾ì¹ç¡¢ÄɲäΥե£¡¼¥ë¥É¤ò[ ] ¤Ç°Ï¤ó¤Çɽ¼¨¤¹¤ë¤À¤í ¤¦:¤â¤·Ìä¹ç¤»(query)¤Ë²óÅú¡¢¥Í¡¼¥à¥µ¡¼¥Ð¡¢¸¢°Ò¥»¥¯¥·¥ç¥ó¤¬´Þ¤Þ¤ì¤ë¾ì¹ç¡¢ ancount, nscount, arcount ¤Ï¤½¤ì¤¾¤ìn ¤ò¥«¥¦¥ó¥È¿ô¤È¤·¤Æ¡¢ `[na]'¡¢`[nn]' ¤« `[nau]' ¤Î¤è¤¦¤Ëɽ¼¨¤µ¤ì¤ë¡£ ¤â¤·¡¢ÂèÆ󤪤è¤ÓÂè»°¥Ð¥¤¥È¤Ë¤¤¤¯¤Ä¤«¤Î±þÅúbit¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë(AA¡¢RA ¤« ¤Þ¤¿¤Ï rcode)¾ì¹ç¤«¡¢`must be zero' ¥Ó¥Ã¥È¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï `[b2&3=x]'¤Èɽ¼¨¤¹¤ë¡£¤³¤³¤Ç x ¤Ï¥Ø¥Ã¥À¤ÎÂèÆ󤪤è¤ÓÂè»°¥Ð¥¤¥È¤Î 16 ¿Êɽ¸½¤Ç¤¢¤ë¡£
UDP ¥Í¡¼¥à¥µ¡¼¥Ð±þÅú
¥Í¡¼¥à¥µ¡¼¥Ð¤«¤é¤Î±þÅú¤Ï¡¢
-
src > dst: id op rcode flags a/n/au type class data (len) helios.domain > h2opolo.1538: 3 3/3/7 A 128.32.137.3 (273) helios.domain > h2opolo.1537: 2 NXDomain* 0/1/0 (97)
¤Î¤è¤¦¤Ê·Á¼°¤Ç¤¢¤ë¡£
¼¡¤ÎÎã¤Ï helios ¤Ï¥É¥á¥¤¥ó¤¬Â¸ºß¤·¤Ê¤¤¡¢¤È¤¤¤¦ response code (NXDomain) ¤Ç²óÅú¤Ï¤Ê¤·¡¢¥Í¡¼¥à¥µ¡¼¥Ð¤Ï°ì¸Ä¡¢¸¢°Ò¥ì¥³¡¼¥É¤â¤Ê¤·¡¢¤È¤¤¤¦ÊÖÅú¤ò¤·¤Æ¤¤¤ë¡£ `*' ¤Ï authoritative answer ¥Ó¥Ã¥È¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë¤³¤È¤ò¼¨¤¹¡£ ²óÅú¤¬¤Ê¤¤¤Î¤Ç¡¢ type ¤È¥¯¥é¥¹¤ª¤è¤Ó¥Ç¡¼¥¿¤Ïɽ¼¨¤µ¤ì¤Ê¤¤¡£
¤Û¤«¤Î¥Õ¥é¥°¤Ï`-'(RA(ºÆµ¢²Ä)¤¬ÀßÄꤵ¤ì¤Æ¤¤¤Ê¤¤)¡¢`|'TC(¤Þ¤ë¤á¤é ¤ì¤¿¥á¥Ã¥»¡¼¥¸)¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë¡£`question' ¥»¥¯¥·¥ç¥ó¤¬°ì¤Ä¤Ç¤Ê¤¤¾ì¹ç ¤Ë¤Ï¡¢`[nq]'¤È½ÐÎϤ¹¤ë¡£
¥Í¡¼¥à¥µ¡¼¥Ð¤Î±þÅú¤Ï¥Ç¥Õ¥©¥ë¥È¤Î snaplen ¤Ç¤¢¤ë 68 ¥Ð¥¤¥È¤è¤ê¤âÂ礤¯¤Ê¤ê¤¬¤Á¤Ê¤Î¤Ç¡¢ ¤½¤Î¥Ñ¥±¥Ã¥È¤òɽ¼¨¤¹¤ë¤Î¤Ë½½Ê¬¤Ê¤À¤±¤Î¾ðÊó¤òª¤¨¤¤ì¤Ê¤¤¤³¤È¤¬¤¢¤ë¡£ ¥Í¡¼¥à¥µ¡¼¥Ó¥¹¤ÎÄÌ¿®¤ò¸·Ì©¤Ë²òÀϤ·¤¿¤¤¤È¤¤Ï¡¢-s ¥Õ¥é¥°¤òÍøÍѤ·¤Æ snaplen ¤ò³ÈÄ¥¤¹¤ë¤Ù¤¤Ç¤¢¤ë¡£ `-s 128'¤¯¤é¤¤¤¬ÂÅÅö¤Ç¤¢¤í¤¦¡£
SMB/CIFS Ÿ³«
tcpdump ¤Ï UDP/137, UDP/138, TCP/139 ¤ËÂФ¹¤ëÈæ³ÓŪÂ絬ÌÏ¤Ê SMB/CIFS/NBT ¥Ç¥³¡¼¥Éµ¡Ç½¤ò»ý¤Ä¡£ IPX ¤È NetBEUI SMB ¤ò¥Ç¥³¡¼¥É¤¹¤ëÍ×ÁǤ⤢¤ë¡£
¥Ç¥Õ¥©¥ë¥È¤Ç¤ÏÈæ³ÓŪ¾®µ¬ÌϤʥǥ³¡¼¥É¤¬¹Ô¤ï¤ì¡¢ -v ¥ª¥×¥·¥ç¥ó¤òÍѤ¤¤ë¤ÈÍÚ¤«¤Ë¾ÜºÙ¤Ê¥Ç¥³¡¼¥É¤¬¹Ô¤ï¤ì¤ë¡£ -v ¥ª¥×¥·¥ç¥óÉÕ¤¤Î¾ì¹ç¡¢¤Ò¤È¤Ä¤Î SMB ¥Ñ¥±¥Ã¥È¤¬ 1 ²èḬ̀ʾå¤Î¾ðÊó¤ò½Ð¤¹¾ì¹ç¤â¤¢¤ë¤Î¤Ç¡¢ ËÜÅö¤ËɬÍפʾì¹ç¤Î¤ß -v ¥ª¥×¥·¥ç¥ó¤ò¤Ä¤±¤ë¤³¤È¡£
UNICODE ʸ»úÎó¤ò´Þ¤à SMB ¥»¥Ã¥·¥ç¥ó¤ò¥Ç¥³¡¼¥É¤¹¤ë¾ì¹ç¤Ï¡¢ ´Ä¶ÊÑ¿ô USE_UNICODE ¤Ë 1 ¤ò¥»¥Ã¥È¤·¤¿¤Û¤¦¤¬¤¤¤¤¤«¤â¤·¤ì¤Ê¤¤¡£ UNICODE ʸ»úÎó¤ò¼«Æ°¸¡½Ð¤¹¤ë¥Ñ¥Ã¥Á¤Ï´¿·Þ¤¹¤ë¡£
SMB ¥Ñ¥±¥Ã¥È¤Î·Á¼°¤ä all te¥Õ¥£¡¼¥ë¥É¤¬²¿¤ò°ÕÌ£¤¹¤ë¤«¤Î¾ðÊó¤Ï¡¢ www.cifs.org ¤« samba.org ¥ß¥é¡¼¥µ¥¤¥È¤Î pub/samba/specs/ ¥Ç¥£¥ì¥¯¥È¥ê¤ò»²¾È¤Î¤³¤È¡£ SMB ¥Ñ¥Ã¥Á¤Ï Andrew Tridgell (tridge@samba.org) ¤¬½ñ¤¤¤¿¡£
NFS Í×µá¤È²óÅú
Sun NFS(Network File System)¤ÎÍ×µá¤È±þÅú¤Ï¼¡¤Î¤è¤¦¤Ë½ÐÎϤµ¤ì¤ë:
-
src.xid > dst.nfs: len op args src.nfs > dst.xid: reply stat len op results sushi.6709 > wrl.nfs: 112 readlink fh 21,24/10.73165 wrl.nfs > sushi.6709: reply ok 40 readlink "../var" sushi.201b > wrl.nfs: 144 lookup fh 9,74/4096.6878 "xcolors" wrl.nfs > sushi.201b: reply ok 128 lookup fh 9,74/4134.3150
»°¹ÔÌÜ¤Ç¤Ï sushi ¤Ï wrl ¤ËÂФ· ¥Ç¥£¥ì¥¯¥È¥ê¥Õ¥¡¥¤¥ë 9,74/4096.8678 ¤«¤é `xcolors' ¤òõ¤·½Ð¤¹¤è¤¦¤ËÍ׵ᤷ¤Æ¤¤¤ë¡£ ½ÐÎϤµ¤ì¤ë¥Ç¡¼¥¿¤ÏÁàºî¤Î¼ïÎà¤Ë¤è¤Ã¤Æ°Í¸¤·¤Æ¤¤¤ë¤³¤È¤ËÃí°Õ¤¹¤ë¤³¤È¡£ ¤³¤Î½ÐÎÏ·Á¼°¤Ï NFS ¥×¥í¥È¥³¥ë»ÅÍͤȤȤâ¤ËÆɤó¤À¾ì¹ç¤Ë¼«¸ÊÀâÌÀ¤Ë¤Ê¤ë¤è¤¦°Õ¿Þ¤µ¤ì¤¿·Á¼°¤Ç¤¢¤ë¡£
-v(verbose) ¥Õ¥é¥°¤¬Í¿¤¨¤é¤ì¤Æ¤¤¤ë¾ì¹ç¡¢ÄɲäξðÊó¤â½ÐÎϤµ¤ì¤ë¡£Îã:
-
sushi.1372a > wrl.nfs: 148 read fh 21,11/12.195 8192 bytes @ 24576 wrl.nfs > sushi.1372a: reply ok 1472 read REG 100664 ids 417/0 sz 29388
-v ¥Õ¥é¥°¤¬Ê£¿ôÍ¿¤¨¤é¤ì¤ë¤È(-vv¤Î¤³¤È)¤â¤Ã¤È¾ÜºÙ¤Ê¾ðÊ󤬽ÐÎϤµ¤ì¤ë¡£
NFS ¤ÎÍ×µá¤Ï¤È¤Æ¤âÂ礤¤¤Î¤Ç¡¢snaplen ¤òÁý²Ã¤·¤Ê¤¤¤È½½Ê¬¤Ê¾ðÊó¤¬É½¼¨¤Ç ¤¤Ê¤¤¤«¤â¤·¤ì¤Ê¤¤¤³¤È¤ËÃí°Õ¤¹¤ë¤³¤È¡£ NFS ¤ÎÄÌ¿®¤ò´Æ»ë¤¹¤ë¾ì¹ç¤Ï `-s 192' ¤ò»î¤·¤Æ¤ß¤ë¤È¤è¤¤¡£
NFS¤ÎÊÖÅú¥Ñ¥±¥Ã¥È¤Ï RPCÁàºî¤Ë¤è¤Ã¤Æ¼±Ê̤¹¤ë¤³¤È¤¬¤Ç¤¤Ê¤¤¡£¤·¤«¤·¤Ê¤¬ ¤é¡¢tcpdump ¤Ï ``ºÇ¶á¤Î''Í×µá¤ò³Ð¤¨¤Æ¤ª¤¤¤Æ¡¢ÊÖÅú¤¬¤½¤Î¥È¥é¥ó¥¶ ¥¯¥·¥ç¥ó ID¤Ë°ìÃפ¹¤ë¤«Ä´¤Ù¤ë¡£±þÅú¤¬Âбþ¤¹¤ëÍ×µá¤Î¶á¤¯¤ËÄÌ¿®¤µ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¤¤Á¤ó¤È²òÀϤǤ¤Ê¤¤¤«¤â¤·¤ì¤Ê¤¤¡£
AFS Í×µá¤È±þÅú
Transarc AFS (Andrew File System) Í×µá¤È±þÅú¤Ï°Ê²¼¤Î¤è¤¦¤Ëɽ¼¨¤µ¤ì¤ë¡£
-
src.sport > dst.dport: rx packet-type src.sport > dst.dport: rx packet-type service call call-name args src.sport > dst.dport: rx packet-type service reply call-name args elvis.7001 > pike.afsfs: rx data fs call rename old fid 536876964/1/1 ".newsrc.new" new fid 536876964/1/1 ".newsrc" pike.afsfs > elvis.7001: rx data fs reply rename
°ìÈ̤ˡ¢Á´¤Æ¤Î AFS RPC ¤Ï¾¯¤Ê¤¯¤È¤â RPC ¸Æ¤Ó½Ð¤·Ì¾¤Ï¥Ç¥³¡¼¥É¤µ¤ì¤ë¡£ ¤Û¤È¤ó¤É¤Î AFC RPC ¤Ï¾¯¤Ê¤¯¤È¤â¤¤¤¯¤Ä¤«¤Î°ú¿ô¤Ï¥Ç¥³¡¼¥É¤µ¤ì¤ë (°ìÈÌ¤Ë `¶½Ì£¿¼¤¤' °ú¿ô¤Î¤ß¤¬¥Ç¥³¡¼¥É¤µ¤ì¤ë)¡£
ɽ¼¨¥Õ¥©¡¼¥Þ¥Ã¥È¤Ï¼«¸ÊÀâÌÀŪ¤Ê¤â¤Î¤òÌܻؤ·¤Æ¤¤¤ë¤¬¡¢ AFS ¤È RX ¤ÎÆ°ºî¤Ë¾Ü¤·¤¯¤Ê¤¤¿Í¡¹¤Ë¤È¤Ã¤Æ¤Ï¤ª¤½¤é¤¯ÊØÍø¤Ç¤Ï¤Ê¤¤¤À¤í¤¦¡£
-v (¾ÜºÙ) ¥ª¥×¥·¥ç¥ó¤¬ 2 ²ó»ØÄꤵ¤ì¤ë¤È¡¢ÄɲþðÊó¤¬É½¼¨¤µ¤ì¤ë¡£ ¤³¤ì¤Ï RX ¸Æ¤Ó½Ð¤· ID¡¢¸Æ¤Ó½Ð¤·Èֹ桢¥·¡¼¥±¥ó¥¹Èֹ桢¥·¥ê¥¢¥ëÈֹ桢RX ¥Ñ¥±¥Ã¥È¥Õ¥é¥°¤Ê¤É¤Ç¤¢¤ë¡£
¤µ¤é¤Ë -v ¥ª¥×¥·¥ç¥ó¤¬»ØÄꤵ¤ì¤ë¤È¡¢¥»¥¥å¥ê¥Æ¥£¥¤¥ó¥Ç¥Ã¥¯¥¹¤È¥µ¡¼¥Ó¥¹ ID ¤¬É½¼¨¤µ¤ì¤ë¡£
ÃæÃǥѥ±¥Ã¥È¤Î¥¨¥é¡¼¥³¡¼¥É¤âɽ¼¨¤µ¤ì¤ë¡£ ⤷¡¢Ubik ¥Ó¡¼¥³¥ó¥Ñ¥±¥Ã¥È¤ÏÎã³°¤Ç¤¢¤ë¡£ (¤Ê¤¼¤Ê¤é¡¢Ubik ¥×¥í¥È¥³¥ë¤Ë¤ª¤±¤ëÃæÃǥѥ±¥Ã¥È¤Ï»¿À®É¼¤ò°ÕÌ£¤¹¤ë¤«¤é¤Ç¤¢¤ë)¡£
AFS Í×µá¤ÏÈó¾ï¤ËÂ礤¯¡¢ ¿¤¯¤Î°ú¿ô¤Ïsnaplen¤òÁý¤ä¤µ¤Ê¤¤¤È¤ª¤½¤é¤¯É½¼¨¤µ¤ì¤Ê¤¤¤³¤È¤ËÃí°Õ¤¹¤ë¤³¤È¡£ AFS ÄÌ¿®¤ò´Æ»ë¤¹¤ë¾ì¹ç¤Ï `-s 256' ¤ò»î¤·¤Æ¤ß¤ë¤È¤è¤¤¡£
AFS ±þÅú¥Ñ¥±¥Ã¥È¤ÏÌÀ¼¨Åª¤Ë RPC Áàºî¤ò¼±Ê̤·¤Ê¤¤¡£ Âå¤ï¤ê¤Ë¡¢tcpdump¤Ï``ºÇ¶á¤Î''Í×µá¤ò³Ð¤¨¤Æ¤¤¤Æ¡¢ ¤½¤ì¤ò¸Æ¤Ó½Ð¤·ÈÖ¹æ¤È¥µ¡¼¥Ó¥¹ ID ¤òÍѤ¤¤Æ±þÅú¤È¾È¹ç¤µ¤»¤ë¡£ ¤â¤·±þÅú¤¬Âбþ¤¹¤ëÍ×µá¤È·ë¤ÓÉÕ¤±¤é¤ì¤Ê¤«¤Ã¤¿¾ì¹ç¡¢¤½¤Î¥Ñ¥±¥Ã¥È¤Ï¥Ñ¡¼¥º¤Ç¤¤Ê¤¤¡£
KIP Appletalk (UDP Æâ DDP)
UDP ¥Ç¡¼¥¿¥°¥é¥àÆâ¤Ë³ÊǼ¤µ¤ì¤¿¥¢¥Ã¥×¥ë¥È¡¼¥¯¤Î DDP ¥Ñ¥±¥Ã¥È¤Ï¼è¤ê½Ð¤µ¤ì¤Æ¡¢ DDP ¥Ñ¥±¥Ã¥È¤È¤·¤Æɽ¼¨¤µ¤ì¤ë(¤¹¤Ê¤ï¤Á¤¹¤Ù¤Æ¤Î UDP ¥Ø¥Ã¥À¾ðÊó¤Ï¼Î¤Æ¤é¤ì¤ë)¡£ /etc/atalk.names ¥Õ¥¡¥¤¥ë¤¬ ¥¢¥Ã¥×¥ë¥È¡¼¥¯¥Í¥Ã¥È¤È¥Î¡¼¥ÉÈÖ¹æ¤ò̾Á°¤ËÊÑ´¹¤¹¤ë¤Î¤ËÍøÍѤµ¤ì¤ë¡£ ¥Õ¥¡¥¤¥ë¤Î·Á¼°¤Ï²¼µ¤ÎÄ̤ꡣ
-
ÈÖ¹æ ̾Á° 1.254 ether 16.1 icsd-net 1.254.110 ace
¥¢¥Ã¥×¥ë¥È¡¼¥¯¤Î¥¢¥É¥ì¥¹¤Ï¼¡¤Î·Á¼°¤Çɽ¼¨¤µ¤ì¤ë¡£
-
net.host.port 144.1.209.2 > icsd-net.112.220 office.2 > icsd-net.112.220 jssmag.149.235 > icsd-net.2
NBP(̾Á°²ò·è¥×¥í¥È¥³¥ë)¤È ATP(¥¢¥Ã¥×¥ë¥È¡¼¥¯¥È¥é¥ó¥¶¥¯¥·¥ç¥ó¥×¥í¥È¥³¥ë)¥Ñ¥±¥Ã¥È¤Ë¤Ä¤¤¤Æ¤Ï¡¢¤½¤ÎÆâÍƤâ²òÀϤµ¤ì¤ë¡£ ¤½¤Î¾¤Î¥×¥í¥È¥³¥ë¤Ï¥×¥í¥È¥³¥ë̾(̾Á°¤¬¤ï¤«¤é¤Ê¤±¤ì¤ÐÈÖ¹æ)¤È¥Ñ¥±¥Ã¥È¤Î¥µ¥¤¥º¤¬É½¼¨¤µ¤ì¤ë¤À¤±¤Ç¤¢¤ë¡£
NBP ¥Ñ¥±¥Ã¥È ¤Ï¼¡¤ÎÎã¤Î¤è¤¦¤Ëɽ¼¨¤µ¤ì¤ë:
-
icsd-net.112.220 > jssmag.2: nbp-lkup 190: "=:LaserWriter@*" jssmag.209.2 > icsd-net.112.220: nbp-reply 190: "RM1140:LaserWriter@*" 250 techpit.2 > icsd-net.112.220: nbp-reply 190: "techpit:LaserWriter@*" 186
ATP ¥Ñ¥±¥Ã¥È ¤Ï¼¡¤Î¤è¤¦¤Ëɽ¼¨¤µ¤ì¤ë:
-
jssmag.209.165 > helios.132: atp-req 12266<0-7> 0xae030001 helios.132 > jssmag.209.165: atp-resp 12266:0 (512) 0xae040000 helios.132 > jssmag.209.165: atp-resp 12266:1 (512) 0xae040000 helios.132 > jssmag.209.165: atp-resp 12266:2 (512) 0xae040000 helios.132 > jssmag.209.165: atp-resp 12266:3 (512) 0xae040000 helios.132 > jssmag.209.165: atp-resp 12266:4 (512) 0xae040000 helios.132 > jssmag.209.165: atp-resp 12266:5 (512) 0xae040000 helios.132 > jssmag.209.165: atp-resp 12266:6 (512) 0xae040000 helios.132 > jssmag.209.165: atp-resp*12266:7 (512) 0xae040000 jssmag.209.165 > helios.132: atp-req 12266<3,5> 0xae030001 helios.132 > jssmag.209.165: atp-resp 12266:3 (512) 0xae040000 helios.132 > jssmag.209.165: atp-resp 12266:5 (512) 0xae040000 jssmag.209.165 > helios.132: atp-rel 12266<0-7> 0xae030001 jssmag.209.133 > helios.132: atp-req* 12267<0-7> 0xae030002
helios ¤ÏȬ¸Ä¤Î 512 ¥Ð¥¤¥È¤Î¥Ñ¥±¥Ã¥È¤òÊÖÅú¤·¤Æ¤¤¤ë¡£¥È¥é¥ó¥¶¥¯¥·¥ç¥óid ¤Ë³¤¯ `:¿ô»ú' ɽ¸½¤Ï¥È¥é¥ó¥¶¥¯¥·¥ç¥ó¤Ë¤ª¤±¤ë¥Ñ¥±¥Ã¥È¤Î¥·¡¼¥±¥ó¥¹ÈÖ¹æ¤Ç¡¢¥«¥Ã¥³¤Ë°Ï¤Þ¤ì¤¿¿ô»ú¤Ï atp ¥Ø¥Ã¥À¤ò½ü¤¤¤¿¥Ñ¥±¥Ã¥È¤Î¥Ç¡¼¥¿Î̤Ǥ¢¤ë¡£¥Ñ¥±¥Ã¥È 7 È֤Π`*' ¤Ï EOM ¥Ó¥Ã¥È¤¬ÀßÄꤵ¤ì¤Æ¤¤¤ë¤³¤È¤ò¼¨¤¹¡£
jssmag.209 ¤Ï¥Ñ¥±¥Ã¥È 3 È֤ȥѥ±¥Ã¥È 5 È֤κÆÁ÷¤òÍ׵ᤷ¤Æ¤¤¤ë¡£helios ¤Ï¤½¤ì¤é¤òºÆÁ÷¤·¡¢jssmag ¤Ï¥È¥é¥ó¥¶¥¯¥·¥ç¥ó¤ò½ªÎ»¤¹¤ë¡£¤½¤·¤Æ¡¢ jssmag.209 ¤Ï¼¡¤ÎÍ×µá¤ò³«»Ï¤¹¤ë¡£Í×µá¤Î `*' ¤Ï XO (`°ì²ó¤À¤±')¤ÏÀßÄê ¤µ¤ì¤Æ¤¤¤Ê¤¤ ¤³¤È¤ò¼¨¤¹¡£
IP ¥Õ¥é¥°¥á¥ó¥È²½(fragmentation)
¥¤¥ó¥¿¡¼¥Í¥Ã¥È¥Ç¡¼¥¿¥°¥é¥à¤Î¥Õ¥é¥°¥á¥ó¥È²½¤µ¤ì¤¿¤â¤Î¤Ï¼¡¤Î¤è¤¦¤Ëɽ¼¨¤¹¤ë¡£
-
(frag id:size@offset+) (frag id:size@offset)
id ¤Ï¥Õ¥é¥°¥á¥ó¥È¤Î id ¡£size ¤Ï¥Õ¥é¥°¥á¥ó¥È¤Î IP ¥Ø¥Ã¥À¤ò½ü¤¯¥µ¥¤¥º(¥Ð¥¤¥È¤Ç)¡£offset ¤Ï¥Õ¥é¥°¥á¥ó¥È¤Î¤â¤È¤â¤È¤Î¥Ç¡¼¥¿¥°¥é¥àÆâ¤Ç¤Î¥ª¥Õ¥»¥Ã¥È(¥Ð¥¤¥È¤Ç)¡£
¥Õ¥é¥°¥á¥ó¥È¤Î¾ðÊó¤Ï¥Õ¥é¥°¥á¥ó¥ÈËè¤Ëɽ¼¨¤µ¤ì¤ë¡£ºÇ½é¤Î¥Õ¥é¥°¥á¥ó¥È¤Ë¤Ï ¾å°Ì¥×¥í¥È¥³¥ë¤Î¥Ø¥Ã¥À¤ò´Þ¤ß¡¢¥Õ¥é¥°¥á¥ó¥È¾ðÊó¤Ï¥×¥í¥È¥³¥ë¾ðÊó¤Ë³¤¤¤Æ ɽ¼¨¤µ¤ì¤ë¡£ÆóÈÖÌܰʹߤΥե饰¥á¥ó¥È¤Ë¤Ï¾å°Ì¥×¥í¥È¥³¥ë¤Î¾ðÊó¤ò´Þ¤Þ¤Ê¤¤ ¤Î¤Ç¡¢¥Õ¥é¥°¥á¥ó¥È¾ðÊó¤Ï¥½¡¼¥¹¤ª¤è¤Ó¥Ç¥£¥¹¥Æ¥£¥Í¡¼¥·¥ç¥ó¥¢¥É¥ì¥¹¤Ë³¤¤¤Æɽ¼¨¤µ¤ì¤ë¡£ °Ê²¼¤ÎÎã¤Ï CSNET ¤ÇÀܳ¤µ¤ì¤¿ arizona.edu ¤«¤é lbl-rtsg.arpa ¤Ø¤Î ftp Àܳ¤Î°ìÉô¤ò¼¨¤¹¤¬¡¢¤³¤ì¤Ë¤Ï 576 ¥Ð¥¤¥È¤Î¥Ç¡¼¥¿¥°¥é¥à¤Ï¤¢¤é¤ï¤ì¤Æ¤¤¤Ê¤¤:
-
arizona.ftp-data > rtsg.1170: . 1024:1332(308) ack 1 win 4096 (frag 595a:328@0+) arizona > rtsg: (frag 595a:204@328) rtsg.1170 > arizona.ftp-data: . ack 1536 win 2560
¥Õ¥é¥°¥á¥ó¥È²½¶Ø»ß¥Õ¥é¥° ¤ÎÀßÄꤵ¤ì¤¿¥Ñ¥±¥Ã¥È¤Î¾ì¹ç¡¢¹ÔËö¤Ë (DF)¤Èɽ¼¨¤¹¤ë¡£
»þ´Öɽ¼¨
¥Ç¥Õ¥©¥ë¥È¤Ç¤ÏÁ´¤Æ¤Î½ÐÎϹԤÎÀèƬ¤Ë¥¿¥¤¥à¥¹¥¿¥ó¥×¤¬¤Ä¤¯¡£¥¿¥¤¥à¥¹¥¿¥ó¥×¤Ï¸½ºß¤Î»þ¹ï¤ò¼¡¤Î·Á¼°¤Çɽ¼¨¤·¡¢
-
hh:mm:ss.frac
´ØÏ¢¹àÌÜ
traffic(1C), nit(4P), bpf(4), pcap(3)Ãø¼Ô
¸¶Ãø¼Ô¤Ï:Van Jacobson, Craig Leres and Steven McCanne, all of the Lawrence Berkeley National Laboratory, University of California, Berkeley, CA.
ºÇ¿·ÈÇ¤Ï tcpdump.org ¤Ë¤è¤Ã¤Æ´ÉÍý¤µ¤ì¤Æ¤¤¤ë¡£
- http://www.tcpdump.org/
IPv6/IPsec ¤Î¥µ¥Ý¡¼¥È¤Ï WIDE/KAME ¥×¥í¥¸¥§¥¯¥È¤Ë¤è¤Ã¤ÆÄɲ䵤줿¡£ ¤³¤Î¥×¥í¥°¥é¥à¤Ï Eric Young ¤Î SSLeay ¥é¥¤¥Ö¥é¥ê¤òÆÃÄê¤ÎÀßÄê¤Î¸µ¤Ë»ÈÍѤ·¤Æ¤¤¤ë¡£
¥Ð¥°
ÌäÂêÅÀ¡¢¥Ð¥°¡¢¼ÁÌä¡¢³ÈÄ¥¤Î¤ª´ê¤¤¤Ê¤É¤Ï¡¢°Ê²¼¤Î¥¢¥É¥ì¥¹¤ËÁ÷¤Ã¤Æ¤Û¤·¤¤¡£- tcpdump-workers@tcpdump.org
¥½¡¼¥¹¥³¡¼¥É¤Î´ó£¤Ê¤É¤Ï°Ê²¼¤Î¥¢¥É¥ì¥¹¤ØÁ÷¤Ã¤Æ¤Û¤·¤¤¡£
- patches@tcpdump.org
NIT ¤Ï³°¤Ø½Ð¤Æ¤¤¤¯ÄÌ¿®¤Ï¸«¤ë¤³¤È¤¬¤Ç¤¤Ê¤¤¡£BPF ¤Ï¤½¤ì¤¬²Äǽ¤Ç¤¢¤ë¡£¸å¼Ô¤ÎÍøÍѤò¿ä¾©¤¹¤ë¡£
ÍÑÅӤˤè¤Ã¤Æ¤Ï¡¢IP¥Õ¥é¥°¥á¥ó¥È¤òºÆ¹½ÃÛ¤·¤¿¤ê¡¢¾å°Ì¥×¥í¥È¥³¥ë¤ÎŤµ¤ò·×»»¤¹¤ë¤¯¤é¤¤¤Î¤³¤È¤ÏɬÍפȤʤë¤À¤í¤¦¡£
¥Í¡¼¥à¥µ¡¼¥Ð¤ÎµÕ°ú¤Í×µá¤ÏÀµ³Î¤Ëɽ¼¨¤Ç¤¤Ê¤¤¡£(¶õ¤Î)¼ÁÌä¤Ï¤à¤·¤í²óÅú¤Î Ãæ¤Ë´Þ¤Þ¤ì¤ëÍ×µá¤È¤·¤Æɽ¼¨¤µ¤ì¤ë¡£µÕ°ú¤Í×µá¤Ë¤Ï¥Ð¥°¤¬¤Õ¤¯¤Þ¤ì¤Æ¤¤¤Æ¡¢ ¤½¤ì¤ò½¤Àµ¤¹¤ë¤Î¤Ï tcpdump ¤Ç¤Ï¤Ê¤¯¤Æ¥Í¡¼¥à¥µ¡¼¥Ó¥¹¤ÎÊý¤Ç¤¢¤ë¤Ù¤¤È¹Í ¤¨¤Æ¤¤¤ë¿Í¤â¤¤¤ë¡£
¥¢¥Ã¥×¥ë¤Î EtherTalk ¤Î DDP ¥Ñ¥±¥Ã¥È¤Ï KIP DDP ¥Ñ¥±¥Ã¥È¤Î¤è¤¦¤ËÍÆ°×¤Ë dump ¤Ç¤¤ë¤Ï¤º¤À¤¬¡¢¹Ô¤Ê¤ï¤Ê¤¤¡£¤¿¤È¤¨ ethertalk ¤ò°·¤ª¤¦¤È¤¤¤¦µ¤¤Ë¤Ê¤Ã ¤Æ¤â(¤Ê¤Ã¤Æ¤Ê¤¤¤¬)¡¢LBL¤¬ ¥Í¥Ã¥È¥ï¡¼¥¯¾å¤Îethertalk ¤Ø¤Î¥¢¥¯¥»¥¹¤òµö¤µ ¤Ê¤¤¤Î¤Ç¡¢¥³¡¼¥É¤Î¥Æ¥¹¥È¤¬¤Ç¤¤Ê¤¤¤Î¤À¡£
²Æ»þ´Ö¤ËÀÚ¤êÂؤï¤ë¤È¤¤Ë¥Ñ¥±¥Ã¥È¥È¥ì¡¼¥¹¤ò¹Ô¤Ê¤Ã¤Æ¤¤¤ë¤È»þ´Ö¤¬¤º¤ì¤Æ¤· ¤Þ¤¦(»þ´Ö¤ÎÊѹ¹¤Ï̵»ë¤µ¤ì¤ë)¡£
FDDI ¥Ø¥Ã¥À¤ËÂФ¹¤ë¥Õ¥£¥ë¥¿¤Î¾ò·ï¼°¤Ï¤¹¤Ù¤Æ¤Î FDDI ¥Ñ¥±¥Ã¥È¤¬¥¤¡¼¥µ¥Í¥Ã¥È ¤Î¥Ñ¥±¥Ã¥È¤ò¥«¥×¥»¥ë²½¤·¤Æ¤¤¤ë¤â¤Î¤È¤ß¤Ê¤·¤ÆŬÍѤµ¤ì¤ë¡£ ¤³¤ì¤Ï¡¢IP,ARP ¤È DECNET PhaseIV ¤Ë¤Ä¤¤¤Æ¤ÏÀµ¤·¤¯Æ°ºî¤¹¤ë¤¬¡¢ ISO CLNS ¤Î¤è¤¦¤Ê¥×¥í¥È¥³¥ë¤Ç¤Ï¤¦¤Þ¤¯¤¤¤«¤Ê¤¤¤À¤í¤¦¡£ ¤½¤ì¤æ¤¨¤Ë¥Õ¥£¥ë¥¿¡¼¤Ï¾ò·ï¼°¤Ë°ìÃפ·¤Ê¤¤¤è¤¦¤Ê¥Ñ¥±¥Ã¥È¤ò¤¢¤ä¤Þ¤Ã¤Æ ¤¢¤Ä¤«¤Ã¤Æ¤·¤Þ¤¦¤«¤â¤·¤ì¤Ê¤¤¡£
ip6 proto ¤Ï¥Ø¥Ã¥À¥Á¥§¥¤¥ó¤òÄÉÀפ¹¤ë¤Ù¤¤À¤¬¡¢º£¤Î¤È¤³¤í¤½¤¦¤Ï¤Ê¤Ã¤Æ¤¤¤Ê¤¤¡£ tcp ¤ä udp ¤â¥Ø¥Ã¥À¥Á¥§¥¤¥ó¤òÄÉÀפ¹¤ë¤Ù¤¤Ç¤¢¤ë¡£
tcp[0]¤Î¤è¤¦¤Ê¥È¥é¥ó¥¹¥Ý¡¼¥ÈÁإإåÀ¤ËÂФ¹¤ë»»½Ñɽ¸½¤Ï¡¢ IPv6 ¥Ñ¥±¥Ã¥È¤ËÂФ·¤Æ¤Ï¤¦¤Þ¤¯Æ¯¤«¤Ê¤¤¡£ IPv4 ¥Ñ¥±¥Ã¥È¤ËÂФ·¤Æ¤Î¤ßƯ¤¯¡£
Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre