Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Document the name forms of the ICMP and TCP field offsets/values

Browse Source 
recently added to libpcap's compiler.
This commit is contained in:
thorpej 2000-12-28 22:43:39 +00:00
parent 70692a9b20
commit 7490542205
1 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
usr.sbin/tcpdump/tcpdump.8
View File

@ -1,6 +1,6 @@
.\" $NetBSD: tcpdump.8,v 1.12 1999/12/28 02:54:51 mjl Exp $
.\" $NetBSD: tcpdump.8,v 1.13 2000/12/28 22:43:39 thorpej Exp $
.\"
.\" @(#) $Header: /cvsroot/src/usr.sbin/tcpdump/Attic/tcpdump.8,v 1.12 1999/12/28 02:54:51 mjl Exp $ (LBL)
.\" @(#) $Header: /cvsroot/src/usr.sbin/tcpdump/Attic/tcpdump.8,v 1.13 2000/12/28 22:43:39 thorpej Exp $ (LBL)
.\"
.\" Copyright (c) 1987, 1988, 1989, 1990, 1991, 1992, 1994, 1995, 1996, 1997
.\" The Regents of the University of California. All rights reserved.
@ -566,6 +566,22 @@ index operations.
For instance, \fBtcp[0]\fP always means the first
byte of the TCP \fIheader\fP, and never means the first byte of an
intervening fragment.
Some offsets and field values may be expressed as names rather than
as numeric values. The following protocol header field offsets are
available: \fBicmptype\fP (ICMP type field), \fBicmpcode\fP (ICMP
code field), and \fBtcpflags\fP (TCP flags field).
The following ICMP type field values are available: \fBicmp-echoreply\fP,
\fBicmp-unreach\fP, \fBicmp-sourcequench\fP, \fBicmp-redirect\fP,
\fBicmp-echo\fP, \fBicmp-routeradvert\fP, \fBicmp-routersolicit\fP,
\fBicmp-timxceed\fP, \fBicmp-paramprob\fP, \fBicmp-tstamp\fP,
\fBicmp-tstampreply\fP, \fBicmp-ireq\fP, \fBicmp-ireqreply\fP,
\fBicmp-maskreq\fP, \fBicmp-maskreply\fP.
The following TCP flags field values are available: \fBtcp-fin\fP,
\fBtcp-syn\fP, \fBtcp-rst\fP, \fBtcp-push\fP, \fBtcp-push\fP,
\fBtcp-ack\fP, \fBtcp-urg\fP.
.LP
Primitives may be combined using:
.IP
@ -665,7 +681,7 @@ TCP conversation that involves a non-local host.
.RS
.nf
.B
tcpdump 'tcp[13] & 3 != 0 and not src and dst net \fIlocalnet\fP'
tcpdump 'tcp[tcpflags] & (tcp-syn|tcp-fin) != 0 and not src and dst net \fIlocalnet\fP'
.fi
.RE
.LP
@ -692,7 +708,7 @@ ping packets):
.RS
.nf
.B
tcpdump 'icmp[0] != 8 and icmp[0] != 0'
tcpdump 'icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply'
.fi
.RE
.SH OUTPUT FORMAT