RIGHT:Total:&counter; Today:&counter(Today); Yesterday:&counter(Yesterday); Online:&online; * パケットダンプした結果を再現するツール [#s73c8ec5] - [[tcprelay:http://tcpreplay.synfin.net/]] - [[NetPoke:http://www.ll.mit.edu/IST/ideval/tools/tools_index.html]] - [[tcpslice:http://www.tcpdump.org/other/tcpslice.tar.Z]] - [[chaosreader:http://chaosreader.sourceforge.net/]] - [[tcptrace:http://tcptrace.org/]] - [[NetDude:http://netdude.sourceforge.net/]] ** 解説サイト [#d8b0a8c8] - [[ログを“再生”できるツール「NetPoke」を活用する:http://itpro.nikkeibp.co.jp/members/ITPro/SEC_CHECK/20020329/1/]] - [[tcpreplay:http://news23h.plala.jp/tecnote/index.php?tcpreplay%A4%F2%BB%C8%A4%C3%A4%C6%A4%DF%A4%EB]] - [[O'REILLY Network Troubleshooting Tools:http://www.oreilly.co.jp/books/4873110807/]] * パケット加工送出関係 [#j7760570] - [[パケット作成 - HackingWiki:http://bogus.jp/pukiwiki/index.php?%A5%D1%A5%B1%A5%C3%A5%C8%BA%EE%C0%AE]] * ethereal/tcpdump で取得したデータ部分の抽出 [#l1f896ed] ''see) 日経Linux 2004.8 P130-P136'' tcptraceを用いれば簡単に行うことが出来る。 + 必要なパケットを予めetherealで抽出し,pcapファイルに書き出しを行う + tcptrace -e hoge.pcap 上記の方法で取り出せる。送信部分と受信部分,分けて出力される。 ** help [#e801a0e4] $ tcptrace -hargs Note: these options are first read from the file $HOME/.tcptracerc (if it exists), and then from the environment variable TCPTRACEOPTS (if it exists), and finally from the command line Output format options -b brief output format -l long output format -r print rtt statistics (slower for large files) -W report on estimated congestion window (not generally useful) -q no output (if you just want modules output) Graphing options -T create throughput graph[s], (average over 10 segments, see -A) -R create rtt sample graph[s] -S create time sequence graph[s] -N create owin graph[s] (_o_utstanding data on _N_etwork) -F create segsize graph[s] -L create time line graph[s] -G create ALL graphs Output format detail options -D print in decimal -X print in hexadecimal -n don't resolve host or service names (much faster) -s use short names (list "picard.cs.ohiou.edu" as just "picard") Connection filtering options -iN ignore connection N (can use multiple times) -oN[-M] only connection N (or N through M). Arg can be used many times. If N is a file rather than a number, read list from file instead. -c ignore non-complete connections (didn't see syn's and fin's) -BN first segment number to analyze (default 1) -EN last segment number to analyze (default last in file) Graphing detail options -C produce color plot[s] -M produce monochrome (b/w) plot[s] -AN Average N segments for throughput graphs, default is 10 -z zero axis options -z plot time axis from 0 rather than wall clock time (backward compat) -zx plot time axis from 0 rather than wall clock time -zy plot sequence numbers from 0 (time sequence graphs only) -zxy plot both axes from 0 -y omit the (yellow) instantaneous throughput points in tput graph Misc options -Z dump raw rtt sample times to file[s] -p print all packet contents (can be very long) -P print packet contents for selected connections -t 'tick' off the packet numbers as a progress indication -fEXPR output filtering (see -hfilter) -v print version information and exit -w print various warning messages -d whistle while you work (enable debug, use -d -d for more output) -e extract contents of each TCP stream into file -h print help messages -u perform (minimal) UDP analysis too -Ofile dump matched packets to tcpdump file 'file' +[v] reverse the setting of the -[v] flag (for booleans) Dump File Names Anything else in the arguments is taken to be one or more filenames. The files can be compressed, see compress.h for configuration. If the dump file name is 'stdin', then we read from standard input rather than from a file Extended boolean options (unambiguous prefixes also work) --showsacks show SACK blocks on time sequence graphs (default) --noshowsacks DON'T show SACK blocks on time sequence graphs --showrexmit mark retransmits on time sequence graphs (default) --noshowrexmit DON'T mark retransmits on time sequence graphs --showoutorder mark out-of-order on time sequence graphs (default) --noshowoutorder DON'T mark out-of-order on time sequence graphs --showzerowindow mark zero windows on time sequence graphs (default) --noshowzerowindow DON'T mark zero windows on time sequence graphs --showurg mark packets with URGENT bit set on the time sequence graphs (default) --noshowurg DON'T mark packets with URGENT bit set on the time sequence graphs --showrttdongles mark non-RTT-generating ACKs with special symbols --noshowrttdongles DON'T mark non-RTT-generating ACKs with special symbols (default) --showdupack3 mark triple dupacks on time sequence graphs (default) --noshowdupack3 DON'T mark triple dupacks on time sequence graphs --showzerolensegs show zero length packets on time sequence graphs (default) --noshowzerolensegs DON'T show zero length packets on time sequence graphs --showzwndprobes show zero window probe packets on time sequence graphs (default) --noshowzwndprobes DON'T show zero window probe packets on time sequence graphs --showtitle show title on the graphs (default) --noshowtitle DON'T show title on the graphs --showrwinline show yellow receive-window line in owin graphs (default) --noshowrwinline DON'T show yellow receive-window line in owin graphs --res_addr resolve IP addresses into names (may be slow) (default) --nores_addr DON'T resolve IP addresses into names (may be slow) --res_port resolve port numbers into names (default) --nores_port DON'T resolve port numbers into names --checksum verify IP and TCP checksums --nochecksum DON'T verify IP and TCP checksums (default) --dupack3_data count a duplicate ACK carrying data as a triple dupack --nodupack3_data DON'T count a duplicate ACK carrying data as a triple dupack (default) --check_hwdups check for 'hardware' dups (default) --nocheck_hwdups DON'T check for 'hardware' dups --warn_ooo print warnings when packets timestamps are out of order --nowarn_ooo DON'T print warnings when packets timestamps are out of order (default) --warn_printtrunc print warnings when packets are too short to analyze --nowarn_printtrunc DON'T print warnings when packets are too short to analyze (default) --warn_printbadmbz print warnings when MustBeZero TCP fields are NOT 0 --nowarn_printbadmbz DON'T print warnings when MustBeZero TCP fields are NOT 0 (default) --warn_printhwdups print warnings for hardware duplicates --nowarn_printhwdups DON'T print warnings for hardware duplicates (default) --warn_printbadcsum print warnings when packets with bad checksums --nowarn_printbadcsum DON'T print warnings when packets with bad checksums (default) --warn_printbad_syn_fin_seq print warnings when SYNs or FINs rexmitted with different sequence numbers --nowarn_printbad_syn_fin_seq DON'T print warnings when SYNs or FINs rexmitted with different sequence numbers (default) --dump_packet_data print all packets AND dump the TCP/UDP data --nodump_packet_data DON'T print all packets AND dump the TCP/UDP data (default) --continuous run continuously and don't provide a summary --nocontinuous DON'T run continuously and don't provide a summary (default) --print_seq_zero print sequence numbers as offset from initial sequence number --noprint_seq_zero DON'T print sequence numbers as offset from initial sequence number (default) --limit_conn_num limit the maximum number of connections kept at a time in real-time mode --nolimit_conn_num DON'T limit the maximum number of connections kept at a time in real-time mode (default) --xplot_all_files display all generated xplot files at the end --noxplot_all_files DON'T display all generated xplot files at the end (default) --ns_hdrs assume that ns has the useHeaders_flag true (uses IP+TCP headers) (default) --nons_hdrs DON'T assume that ns has the useHeaders_flag true (uses IP+TCP headers) --csv display the long output as comma separated values --nocsv DON'T display the long output as comma separated values (default) --tsv display the long output as tab separated values --notsv DON'T display the long output as tab separated values (default) --turn_off_BSD_dupack turn of the BSD version of the duplicate ack handling --noturn_off_BSD_dupack DON'T turn of the BSD version of the duplicate ack handling (default) Extended variable options (unambiguous prefixes also work) --output_dir="STR" directory where all output files are placed (default: '<NULL>') --output_prefix="STR" prefix all output files with this string (default: '<NULL>') --xplot_title_prefix="STR" prefix to place in the titles of all xplot files (default: '<NULL>') --update_interval="STR" time interval for updates in real-time mode (default: '<NULL>') --max_conn_num="STR" maximum number of connections to keep at a time in real-time mode (default: '<NULL>') --remove_live_conn_interval="STR" idle time after which an open connection is removed in real-time mode (default: '<NULL>') --endpoint_reuse_interval="STR" time interval of inactivity after which an open connection is considered closed (default: '<NULL>') --remove_closed_conn_interval="STR" time interval after which a closed connection is removed in real-time mode (default: '<NULL>') --xplot_args="STR" arguments to pass to xplot, if we are calling xplot from here (default: '<NULL>') --sv="STR" separator to use for long output with <STR>-separated-values (default: '<NULL>') Module options -xMODULE_SPECIFIC (see -hxargs for details) Version: Ostermann's tcptrace -- version 6.6.1 -- Wed Nov 19, 2003 Compiled by 'frodo' at 'Wed Apr 7 01:00:40 EDT 2004' on machine 'yyz'