C.5 tcpdump ProgramAn invaluable tool when dealing with network programming is a tool like tcpdump . This program reads packets from a network and prints lots of information about the packets. It also has the capability of printing only those packets that match some criteria that we specify. For example, % tcpdump '(udp and port daytime) or icmp' prints only the UDP datagrams with a source or destination port of 13 (the daytime server), or ICMP packets. The following command: % tcpdump 'tcp and port 80 and tcp[13:1] & 2 != 0' prints only the TCP segments with a source or destination port of 80 (the HTTP server) that have the SYN flag set. The SYN flag has a value of 2 in the byte with an offset of 13 from the start of the TCP header. The following command: % tcpdump 'tcp and tcp[0:2] > 7000 and tcp[0:2] <= 7005' prints only TCP segments with a source port between 7001 and 7005. The source port starts at byte offset 0 in the TCP header and occupies 2 bytes. Appendix A of TCPv1 details the operation of this program in more detail.
|