这个过滤器工作得很好
snoop -vvx port 5858 and not port 22
但我看到一些“以太”标头
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 16 arrived at 13:01:37.43271
ETHER: Packet size = 60 bytes
ETHER: Destination = ***************,
ETHER: Source = ***************,
ETHER: Ethertype = 0800 (IP)
如何避免乙醚?
在 tcpdump 上我做了这个并工作,如何在 snoop 上获得相同的结果?
tcpdump -vvx -i net0 port 5858 and not stp
答案1
实际上这条线似乎可以解决
snoop -V -x host myhost and port 5858
据我了解 -v 将协议按顺序排列,ETHER 也是如此,然后是 ip,然后是 tcp(输出不完整,太长)
snoop -d net0 -v
Using device net0 (promiscuous mode)
ETHER: ----- Ether Header -----
ETHER: .........
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x48
IP: .......
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 22
TCP: Destination port = 55934
TCP: Sequence number = 52486020
TCP: Acknowledgement number = 676130111
TCP: Data offset = 20 bytes
TCP: Flags = 0x18
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement