31. July 2007 · Comments Off on links for 2007-07-30 · Categories: 美味收藏
25. July 2007 · Comments Off on links for 2007-07-24 · Categories: 美味收藏

因为 tcpdump 默认情况下只抓取 68 个字节,我们可以在 tcpdump 的 man 手册中看到:
-s Snarf snaplen bytes of data from each packet rather than the
default of 68 (with SunOS’s NIT, the minimum is actually 96).
68 bytes is adequate for IP, ICMP, TCP and UDP but may truncate
protocol information from name server and NFS packets (see
below). Packets truncated because of a limited snapshot are
indicated in the output with ‘‘[|proto]’’, where proto is the
name of the protocol level at which the truncation has occurred.
Note that taking larger snapshots both increases the amount of
time it takes to process packets and, effectively, decreases the
amount of packet buffering. This may cause packets to be lost.
You should limit snaplen to the smallest number that will cap-
ture the protocol information you’re interested in. Setting
snaplen to 0 means use the required length to catch whole pack-
ets.
这大堆的英文大致意思就是说 68 个字节对于大部分的网络协议来说足够了,而且性能还不错。
但是我们在抓取数据包时,却想得到完整的数据包,那就添加一个参数 -s 0,就ok了。
比如这样子:
tcpdump -s 0 -c 200 -w filename.cap host www.google.com
抓取完整的(-s 0)数据包200(-c 200)个,写到文件 filename.cap中(-w filename.cap)去。

24. July 2007 · Comments Off on links for 2007-07-23 · Categories: 美味收藏
22. July 2007 · Comments Off on links for 2007-07-21 · Categories: 美味收藏
21. July 2007 · Comments Off on links for 2007-07-20 · Categories: 美味收藏
20. July 2007 · Comments Off on links for 2007-07-19 · Categories: 美味收藏
18. July 2007 · Comments Off on links for 2007-07-17 · Categories: 美味收藏
08. July 2007 · Comments Off on links for 2007-07-07 · Categories: 美味收藏
07. July 2007 · Comments Off on links for 2007-07-06 · Categories: 美味收藏