When using either -e or
-E, you enable the link-level packet injection and the
destination cannot be auto-defined while injecting in
this manner.
-E dst Ethernet address The Ethernet (hardware) of the
next routable interface the packet will cross while
making its way to the destination.
-ER Use a random destination Ethernet address.
The following two rules should be followed if you
actually want the destination to receive the packets you
are sending:
1) If the destination exists beyond your default route
(gateway), the destination Ethernet address should be
set to the default route??™s Ethernet address. This can
typically be found by using the arp(8) command.
2) If the destination exists on your subnet, the destination
Ethernet address should be set to its Ethernet address.
This can typically be found by using the arp command.
To print all TCP communications that do not revolve
around SSH (port 22): packit -m cap 'tcp and not port 22.'
To print the start and end packets (the SYN and FIN packets)
of each TCP conversation that involves a nonlocal
host, do not resolve addresses and display a hex/ascii
dump of the packet. packit -m cap -nX 'tcp[tcpflags] &
(tcp-syn|tcp-fin) != 0 and not src and dst net localnet.'
To write the first 10 ICMP packets captured to a file:
packit -m cap -c 10 -w /tmp/mylog 'icmp.'
VMware Syntax sets the MAC address. Refer to Lab 52.
Chapter 7 NETWOX/
NETWAG
netwox number [ parameters.
Pages:
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280