Electronic Books

ddn.mil.???
-O Do not run the packet-matching code optimizer. This
is useful only if you suspect a bug in the optimizer.
-p Do not put the interface into promiscuous mode.
Note that the interface might be in promiscuous mode
for some other reason; hence, -p cannot be used as an
abbreviation for ether host {local-hw-addr} or ether
broadcast.
-q Quick (quiet?) output. Print less protocol information
so output lines are shorter.
-R Assume ESP/AH packets to be based on old
specification (RFC1825 to RFC1829). If specified,
tcpdump will not print the replay prevention field.
Since there is no protocol version field in the ESP/AH
specification, tcpdump cannot deduce the version of
ESP/AH protocol.
-r Read packets from file (which was created with the
-w option). Standard input is used if file is ???-.???
-S Print absolute, rather than relative, TCP sequence
numbers.
704
Practical Hacking Techniques and Countermeasures
Chapter Tool Syntax
Chapter 5
(continued)
WinDump -s Snarf snaplen bytes of data from each packet rather
than the default of 68 (with Sun OS??™s NIT, the minimum
is actually 96). 68 bytes is adequate for IP, ICMP, TCP and
UDP but may truncate protocol information from name
server and NFS packets (see below). Packets truncated
because of a limited snapshot are indicated in the output
with ???[|proto],??? where proto is the name of the protocol
level at which the truncation has occurred. Note that
taking larger snapshots both increases the amount of
time it takes to process packets and, effectively,
decreases the amount of packet buffering.


Pages:
245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269