Команды SFK
    1        2        3        4        5        6        7        8        9        10    
Раздел 6. Networking - Сеть
fromnet | ftp | ftpserv | httpserv | ip | netlog | ping | pingdiff | tcpdump | udpdump | udpsend | web | wget |
Help:   Рус   |   Eng        Refer:   Рус   |   Eng  
Команда: tcpdump
sfk tcpdump [-showle] [...] port [-forward host:port] [...]

   create human-readable hexdump of tcp socket input, and optionally
   dump a tcp conversation, for debugging of web applications.

   options
      -showle  highlights line ending characters CR and LF.
               you may also add "le" to the command name.
      -wide    dumps 32 input bytes per line.
      -lean    dumps 16 input bytes per line.
      -post    reduced format e.g. for forum posts
      -min     minimal format with alnum only text
      -forward specifies a host and port to which to forward
               incoming requests, to dump a tcp conversation.
      -timeout number of milliseconds to wait after last transfer
               until connections are closed. default is 60000,
               or 10000 if http is detected.
      -pure    lists flat hex characters:
               53464B2D544553540D0A
      -hexsrc  lists hex comma separated values:
               0x53,0x46,0x4B,0x2D,0x54,0x45,0x53,0x54,0x0D,0x0A,
      -decsrc  lists decimal comma separated values:
               83,70,75,45,84,69,83,84,13,10,
      -maxdump=n   dump only first n bytes of incoming data.
      -flat        no hexdump, print characters as they come.

   see also
     sfk udpdump - dump incoming UDP packets.
     sfk hexdump - for further format options.

   web reference
      http://stahlworks.com/sfk-tcpdump

   examples
     sfk tcpdump 9000 -showle -forward www.google.com:80 -timeout 2000
        then connect with your browser to localhost:9000 and see
        the http requests and replies which are passing through.
        small timeouts are recommended to trace http communication,
        as the web browser may wait until the connection is closed.

     sfk tcpdump 5000 -flat -timeout 2000 -forward myproxy:8000
        show plaintext communication to anywhere via a proxy server.
        to connect this way, you MUST connect to sfk as a proxy:
        in Firefox, open tools/options/advanced/network/settings, set
        manual proxy configuration, http proxy "localhost" port 5000.
        then type some external servername, e.g. "http://google.com"
        in your browser. In this example, is expected that a proxy
        machine "myproxy" exists within your local network.
        After the test, disable the proxy setting in your browser.