Electronic Books

???
700
Practical Hacking Techniques and Countermeasures
Chapter Tool Syntax
Chapter 5
(continued)
Tcpdump -s Snarf snaplen bytes of data from each packet rather
than the default of 68 (with Sun OS??™s NIT, the minimum
is actually 96). 68 bytes is adequate for IP, ICMP, TCP,
and UDP but may truncate protocol information from
name server and NFS packets (see below). Packets
truncated because of a limited snapshot are indicated
in the output with ???[|proto],??? where proto is the name
of the protocol level at which the truncation has
occurred. Note that taking larger snapshots both
increases the amount of time it takes to process packets
and, effectively, decreases the amount of packet
buffering. This may cause packets to be lost. You should
limit snaplen to the smallest number that will capture
the protocol information you are interested in.
-T Force packets selected by expression to be
interpreted the specified type. Currently known types
are rpc (Remote Procedure Call), rtp (Real-Time
Applications protocol), rtcp (Real-Time Applications
control protocol), vat (Visual Audio Tool), wb
(distributed White Board), and snmp (Simple Network
Management Protocol).
-S Print absolute, rather than relative, TCP sequence
numbers.
-t Do not print a timestamp on each dump line.
-tt Print an unformatted timestamp on each dump line.
-v (Slightly more) verbose output. For example, the time
to live and type of service information in an IP packet
is printed.


Pages:
240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264