--- /dev/null
+# manage core stuff for LF normalization
+core.autocrlf=true
+
+# Auto detect text files and perform LF normalization
+* text=auto
+
+# Custom for Visual Studio
+*.cs diff=csharp
+*.sln merge=union
+*.csproj merge=union
+*.vbproj merge=union
+*.fsproj merge=union
+*.dbproj merge=union
+
+# Standard to msysgit
+*.doc diff=astextplain
+*.DOC diff=astextplain
+*.docx diff=astextplain
+*.DOCX diff=astextplain
+*.dot diff=astextplain
+*.DOT diff=astextplain
+*.pdf diff=astextplain
+*.PDF diff=astextplain
+*.rtf diff=astextplain
+*.RTF diff=astextplain
+#unix/linux stuff (tarballs)
tp->e_addr2 = k;
tp->e_bs = (u_char *) calloc(1, nlen + 1);
+ if (tp->e_bs == NULL)
+ error("lookup_bytestring: calloc");
+
memcpy(tp->e_bs, bs, nlen);
tp->e_nxt = (struct enamemem *)calloc(1, sizeof(*tp));
if (tp->e_nxt == NULL)
printf("Act#%d", (v)) \
)
+#define PRINT_MESH_ACTION(v) (\
+ (v) == 0 ? printf("MeshLink") : \
+ (v) == 1 ? printf("HWMP") : \
+ (v) == 2 ? printf("Gate Announcement") : \
+ (v) == 3 ? printf("Congestion Control") : \
+ (v) == 4 ? printf("MCCA Setup Request") : \
+ (v) == 5 ? printf("MCCA Setup Reply") : \
+ (v) == 6 ? printf("MCCA Advertisement Request") : \
+ (v) == 7 ? printf("MCCA Advertisement") : \
+ (v) == 8 ? printf("MCCA Teardown") : \
+ (v) == 9 ? printf("TBTT Adjustment Request") : \
+ (v) == 10 ? printf("TBTT Adjustment Response") : \
+ printf("Act#%d", (v)) \
+)
+#define PRINT_MULTIHOP_ACTION(v) (\
+ (v) == 0 ? printf("Proxy Update") : \
+ (v) == 1 ? printf("Proxy Update Confirmation") : \
+ printf("Act#%d", (v)) \
+)
+#define PRINT_SELFPROT_ACTION(v) (\
+ (v) == 1 ? printf("Peering Open") : \
+ (v) == 2 ? printf("Peering Confirm") : \
+ (v) == 3 ? printf("Peering Close") : \
+ (v) == 4 ? printf("Group Key Inform") : \
+ (v) == 5 ? printf("Group Key Acknowledge") : \
+ printf("Act#%d", (v)) \
+)
+
static int
handle_action(const struct mgmt_header_t *pmh, const u_char *p, u_int length)
{
case 2: printf("DLS Act#%d", p[1]); break;
case 3: printf("BA "); PRINT_BA_ACTION(p[1]); break;
case 7: printf("HT "); PRINT_HT_ACTION(p[1]); break;
- case 13: printf("MeshLMetric "); PRINT_MESHLINK_ACTION(p[1]); break;
- case 15: printf("Interwork Act#%d", p[1]); break;
- case 16: printf("Resource Act#%d", p[1]); break;
- case 17: printf("Proxy Act#%d", p[1]); break;
- case 30: printf("MeshPeering "); PRINT_MESHPEERING_ACTION(p[1]); break;
- case 32: printf("MeshPath "); PRINT_MESHPATH_ACTION(p[1]); break;
+ case 13: printf("MeshAction "); PRINT_MESH_ACTION(p[1]); break;
+ case 14:
+ printf("MultiohopAction ");
+ PRINT_MULTIHOP_ACTION(p[1]); break;
+ case 15:
+ printf("SelfprotectAction ");
+ PRINT_SELFPROT_ACTION(p[1]); break;
case 127: printf("Vendor Act#%d", p[1]); break;
default:
printf("Reserved(%d) Act#%d", p[0], p[1]);
#define MESSAGE_UPDATE 8
#define MESSAGE_REQUEST 9
#define MESSAGE_MH_REQUEST 10
-#define MESSAGE_PCTS 11
-#define MESSAGE_HD 12
+#define MESSAGE_TSPC 11
+#define MESSAGE_HMAC 12
static const char *
format_id(const u_char *id)
}
}
break;
- case MESSAGE_PCTS :
+ case MESSAGE_TSPC :
if(!vflag)
- printf(" pcts");
+ printf(" tspc");
else {
- printf("\n\tPC/TS ");
+ printf("\n\tTS/PC ");
if(len < 6) goto corrupt;
- printf("packet counter %u timestamp %u", EXTRACT_16BITS(message + 2),
- EXTRACT_32BITS (message + 4));
+ printf("timestamp %u packetcounter %u", EXTRACT_32BITS (message + 4),
+ EXTRACT_16BITS(message + 2));
}
break;
- case MESSAGE_HD : {
+ case MESSAGE_HMAC : {
if(!vflag)
- printf(" hd");
+ printf(" hmac");
else {
- unsigned j, dlen;
- printf("\n\tHash Digest ");
- if(len < 19) goto corrupt;
- dlen = message[4];
- printf("key-id %u dlen %u ", EXTRACT_16BITS(message + 2), dlen);
- if(dlen < 16 || dlen > len - 3) goto corrupt;
- printf("digest ");
- for (j = 0; j < dlen; j++)
- printf ("%02X", message[5 + j]);
+ unsigned j;
+ printf("\n\tHMAC ");
+ if(len < 18) goto corrupt;
+ printf("key-id %u digest-%u ", EXTRACT_16BITS(message + 2), len - 2);
+ for (j = 0; j < len - 2; j++)
+ printf ("%02X", message[4 + j]);
}
}
break;
.\" WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
.\"
-.TH TCPDUMP 1 "05 March 2009"
+.TH TCPDUMP 1 "12 July 2012"
.SH NAME
tcpdump \- dump traffic on a network
.SH SYNOPSIS
The ability to decrypt packets is only present if \fItcpdump\fP was compiled
with cryptography enabled.
.IP
-\fIsecret\fP is the ASCII text for ESP secret key.
+\fIsecret\fP is the ASCII text for ESP secret key.
If preceded by 0x, then a hex value will be read.
.IP
The option assumes RFC2406 ESP, not RFC1827 ESP.
and other occasions.
.IP
In addition to the above syntax, the syntax \fIfile name\fP may be used
-to have tcpdump read the provided file in. The file is opened upon
+to have tcpdump read the provided file in. The file is opened upon
receiving the first ESP packet, so any special permissions that tcpdump
may have been given should already have been given up.
.TP
.B \-U
flag to cause packets to be written as soon as they are received.
.IP
+The MIME type \fIapplication/vnd.tcpdump.pcap\fP has been registered
+with IANA for \fIpcap\fP files. The filename extension \fI.pcap\fP
+appears to be the most commonly used along with \fI.cap\fP and
+\fI.dmp\fP. \fITcpdump\fP itself doesn't check the extension when
+reading capture files and doesn't add an extension when writing them
+(it uses magic numbers in the file header instead). However, many
+operating systems and applications will use the extension if it is
+present and adding one (e.g. .pcap) is recommended.
+.IP
See
.BR pcap-savefile (@MAN_FILE_FORMATS@)
for a description of the file format.
.TP
.B \-W
-Used in conjunction with the
-.B \-C
+Used in conjunction with the
+.B \-C
option, this will limit the number
of files created to the specified number, and begin overwriting files
-from the beginning, thus creating a 'rotating' buffer.
+from the beginning, thus creating a 'rotating' buffer.
In addition, it will name
the files with enough leading 0s to support the maximum number of
files, allowing them to sort correctly.
.IP
-Used in conjunction with the
+Used in conjunction with the
.B \-G
option, this will limit the number of rotated dump files that get
created, exiting with status 0 when reaching the limit. If used with
.B \-x
When parsing and printing,
in addition to printing the headers of each packet, print the data of
-each packet (minus its link level header) in hex.
+each packet (minus its link level header) in hex.
The smaller of the entire packet or
.I snaplen
bytes will be printed. Note that this is the entire link-layer
.PP
This can be demonstrated as:
.RS
-.B
+.B
tcpdump -i xl0 'tcp[tcpflags] & tcp-push != 0'
.RE
.PP
.SH "SEE ALSO"
stty(1), pcap(3PCAP), bpf(4), nit(4P), pcap-savefile(@MAN_FILE_FORMATS@),
pcap-filter(@MAN_MISC_INFO@), pcap-tstamp-type(@MAN_MISC_INFO@)
+.LP
+.RS
+.I http://www.iana.org/assignments/media-types/application/vnd.tcpdump.pcap
+.RE
+.LP
.SH AUTHORS
The original authors are:
.LP
MakeFilename(char *buffer, char *orig_name, int cnt, int max_chars)
{
char *filename = malloc(NAME_MAX + 1);
+ if (filename == NULL)
+ error("Makefilename: malloc);
/* Process with strftime if Gflag is set. */
if (Gflag != 0) {
-IP6 (class 0xc0, hlim 1, next-header UDP (17) payload length: 428) fe80::b299:28ff:fec8:d646.6696 > ff02::1:6.6696: [udp sum ok] babel 2 (416)
- Hello seqno 49146 interval 10
- PC/TS packet counter 1 timestamp 1341883553
- Hash Digest key-id 30 dlen 20 digest F241C89C5CA3C529318CADDAA94159F6BE980A38
- Hash Digest key-id 50 dlen 32 digest DBD54F3E22400C810F152317DA9E48F31F8BBBC1C639E584A0DA4E9CA70C9817
- Hash Digest key-id 1000 dlen 64 digest 62F1C4D9CDA325D7D688823C8CD8696CFC186C61571E61C402A875AECAB950C2F490A18BEA05AFE281EF006E47641BE3B184C544CEE30A1A2CEB58ED199777E6
- Hash Digest key-id 1000 dlen 48 digest 806DE17066ABB44987FC542FF0261582F293C654170A51066B5AEC2518B3811203234B663506E13E65433C32E9A7ADE2
- Hash Digest key-id 100 dlen 20 digest F03A90F81052BC44A5B42652BB8E9F6ABDAC1574
- Hash Digest key-id 2000 dlen 64 digest 567A330662E9A86DF52D88EDA2E68E57EE66B04C537820690DA06D11C0669292B13152FA8256599C59C391E3849C7B51718F7D28BEF94289D4758215C00519D5
- Hash Digest key-id 2000 dlen 48 digest 444250292FD14582E71F3E98B8EE36E4AD306CDC9AC261285BA20278A9DD07725A432566054397F080431D0AAD55AF9A
- Hash Digest key-id 3000 dlen 64 digest 7AA0B5EE9B8C46682CB9EAAA733CDD290D4DDE1252220543DEF324CDF577D9BEB4CCADA20186C7B6024B2A0B000F6823CA8733F337AEDE801BD27E9DC34087EE
+IP6 (class 0xc0, hlim 1, next-header UDP (17) payload length: 436) fe80::b299:28ff:fec8:d646.6696 > ff02::1:6.6696: [udp sum ok] babel 2 (424)
+ Hello seqno 58134 interval 400
+ Update/id ::/0 metric 65535 seqno 41391 interval 65535
+ Request for any
+ TS/PC timestamp 1339081200 packetcounter 2
+ HMAC key-id 30 digest-20 AD0FA7CD8D5A1898EC5409C8EDDA68B3ACA21B80
+ HMAC key-id 50 digest-32 8239F283D985047FA4B88597FDE3246455C6E4DD917B1441C2F3A82B9F737674
+ HMAC key-id 1000 digest-64 6718CB4C2BB0976C127AB3CCCBFA1105A1D158F035BC9FAD86B0610A7ACD27E5A3D5A3090FFB0312D7CBB31834E5D3EA2B68CD1FEC3CFB9CE731D16BA8FEBA8C
+ HMAC key-id 1000 digest-48 D2A5B80FF9D006907E3B6601C0C255D7D12D6EC61815E413A334E2A0D9271C75AFBC086C070C714E3EFF3496C20C56FB
+ HMAC key-id 100 digest-20 7213CED66FE7154034EC64CD14AE4142A092DF33
+ HMAC key-id 2000 digest-64 2A5D9D55393B19E440FAC49BDA521E18A7FE77F7AB4A90377009E46E2FFE49336435C7E4E7BE215996DF4F59C167EA1CCCDB4FF788DA29A30E34D974307ADFF4
+ HMAC key-id 2000 digest-48 FE91AF27EEE137EF489F37FEE449100CDA8CCB3E794D0C4A225D12724A8CE2FFC85811B879CC566FD172269847091ED1
+ HMAC key-id 3000 digest-64 38C4D82883A5778500D728D1E243E7579DE96FA726C9DB7F0805C52E96FEFDCE7A5FB9AF2CB845703926EAAB43C3E44989D6CCB158FC06DB455E9F8D0550B54F
M...M...
22:57:35.939423 IP 127.0.0.1.55920 > 127.0.0.1.80: Flags [P.], seq 1:203, ack 1, win 8192, options [nop,nop,TS val 1306300951 ecr 1306300950], length 202
E....l@.@. ..........p.P7X..7z.... ........
-M...M...GET / HTTP/1.1\r
-Host: localhost\r
-User-Agent: ELinks/0.10.4-7-debian (textmode; Linux 2.6.11-1-686-smp i686; 132x56-2)\r
-Accept: */*\r
-Accept-Encoding: gzip\r
-Accept-Language: en\r
-Connection: Keep-Alive\r
-\r
+M...M...GET / HTTP/1.1
+Host: localhost
+User-Agent: ELinks/0.10.4-7-debian (textmode; Linux 2.6.11-1-686-smp i686; 132x56-2)
+Accept: */*
+Accept-Encoding: gzip
+Accept-Language: en
+Connection: Keep-Alive
+
22:57:35.940474 IP 127.0.0.1.80 > 127.0.0.1.55920: Flags [.], ack 203, win 8192, options [nop,nop,TS val 1306300952 ecr 1306300951], length 0
M...M...
22:57:35.941232 IP 127.0.0.1.80 > 127.0.0.1.55920: Flags [P.], seq 1:5560, ack 203, win 8192, options [nop,nop,TS val 1306300953 ecr 1306300951], length 5559
E.....@.@..%.........P.p7z..7X.I.. ........
-M...M...HTTP/1.1 200 OK\r
-Date: Wed, 06 Jul 2005 03:57:35 GMT\r
-Server: Apache/1.3.33\r
-Last-Modified: Sun, 15 Aug 2004 00:43:41 GMT\r
-ETag: "6e80f0-148a-411eb1bd"\r
-Accept-Ranges: bytes\r
-Content-Length: 5258\r
-Keep-Alive: timeout=15, max=100\r
-Connection: Keep-Alive\r
-Content-Type: text/html; charset=iso-8859-1\r
-\r
+M...M...HTTP/1.1 200 OK
+Date: Wed, 06 Jul 2005 03:57:35 GMT
+Server: Apache/1.3.33
+Last-Modified: Sun, 15 Aug 2004 00:43:41 GMT
+ETag: "6e80f0-148a-411eb1bd"
+Accept-Ranges: bytes
+Content-Length: 5258
+Keep-Alive: timeout=15, max=100
+Connection: Keep-Alive
+Content-Type: text/html; charset=iso-8859-1
+
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
M...M...
22:57:35.939423 IP 127.0.0.1.55920 > 127.0.0.1.80: Flags [P.], seq 1:203, ack 1, win 8192, options [nop,nop,TS val 1306300951 ecr 1306300950], length 202
..............E....l@.@. ..........p.P7X..7z.... ........
-M...M...GET / HTTP/1.1\r
-Host: localhost\r
-User-Agent: ELinks/0.10.4-7-debian (textmode; Linux 2.6.11-1-686-smp i686; 132x56-2)\r
-Accept: */*\r
-Accept-Encoding: gzip\r
-Accept-Language: en\r
-Connection: Keep-Alive\r
-\r
+M...M...GET / HTTP/1.1
+Host: localhost
+User-Agent: ELinks/0.10.4-7-debian (textmode; Linux 2.6.11-1-686-smp i686; 132x56-2)
+Accept: */*
+Accept-Encoding: gzip
+Accept-Language: en
+Connection: Keep-Alive
+
22:57:35.940474 IP 127.0.0.1.80 > 127.0.0.1.55920: Flags [.], ack 203, win 8192, options [nop,nop,TS val 1306300952 ecr 1306300951], length 0
M...M...
22:57:35.941232 IP 127.0.0.1.80 > 127.0.0.1.55920: Flags [P.], seq 1:5560, ack 203, win 8192, options [nop,nop,TS val 1306300953 ecr 1306300951], length 5559
..............E.....@.@..%.........P.p7z..7X.I.. ........
-M...M...HTTP/1.1 200 OK\r
-Date: Wed, 06 Jul 2005 03:57:35 GMT\r
-Server: Apache/1.3.33\r
-Last-Modified: Sun, 15 Aug 2004 00:43:41 GMT\r
-ETag: "6e80f0-148a-411eb1bd"\r
-Accept-Ranges: bytes\r
-Content-Length: 5258\r
-Keep-Alive: timeout=15, max=100\r
-Connection: Keep-Alive\r
-Content-Type: text/html; charset=iso-8859-1\r
-\r
+M...M...HTTP/1.1 200 OK
+Date: Wed, 06 Jul 2005 03:57:35 GMT
+Server: Apache/1.3.33
+Last-Modified: Sun, 15 Aug 2004 00:43:41 GMT
+ETag: "6e80f0-148a-411eb1bd"
+Accept-Ranges: bytes
+Content-Length: 5258
+Keep-Alive: timeout=15, max=100
+Connection: Keep-Alive
+Content-Type: text/html; charset=iso-8859-1
+
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
projects / tcpdump / commitdiff
