读取tcpdump标题长度命令 [英] Reading tcpdump header length command

问题描述

这是我的第一篇文章，我绝对< 3这个网站！非常棒的内容！

所以，我有下面的TCPDump命令我想明白它在问什么（用简单的英文）。

tcpdump'tcp [12]&它是否要求获取字节偏移量为12（TCP报头长度和保留位）的所有TCP数据包，其值至少为80，这是真的吗？80！= 0'

我相信我错了。

如果以上是真的，有人可以写出可能的二进制文件吗？

<我的导师也写下了：1111 0000和0111 0000.但我不知道为什么......

如果它至少是80，二进制组合对于那可能是无数...

解决方案

是否要求获取所有TCP数据包的字节偏移量为12（TCP报头长度和保留位数），其值至少为80，即为真实的

十进制中的80是十六进制的50，所以它相当于 tcp [12]& 0x50！= 0 ，它测试是否设置了TCP报头的第12个字节中的0100 0000位或0001 0000位。 0101 0000也是如此，但1111 0000和0111 0000以及0100 0000和0001 0000和0100 1111也是如此。

如果你想要测试该字节的最高位，你可以使用 tcp [12]& 0x80！= 0 。实际上， 匹配所有值> = 0x80。

This is my first post and I absolutely <3 this site! So much great content!

So, I have the following TCPDump command I want to understand what it is asking (in plain English).

tcpdump 'tcp[12] & 80 !=0'

Is it asking to grab all TCP packets on byte offset 12 (TCP Header length and Reserved bits) with values at least 80 that is true? I believe I am wrong.

If the above is true, can someone write out the possible binaries for it?

80 gives 0101 0000. My mentor also wrote down: 1111 0000 and 0111 0000. But I don't know why...

If it's at least 80, the binary combo for that could be countless...

解决方案

Is it asking to grab all TCP packets on byte offset 12 (TCP Header length and Reserved bits) with values at least 80 that is true

No. 80 in decimal is 50 in hexadecimal, so it's equivalent to tcp[12] & 0x50 !=0, which tests whether either the 0100 0000 bit or the 0001 0000 bit in the 12th byte of the TCP header are set. That's true of 0101 0000, but is also true of 1111 0000 and 0111 0000, as well as 0100 0000 and 0001 0000 and 0100 1111 and....

If you want to test the uppermost bit of that byte, you'd use tcp[12] & 0x80 !=0. That would, in effect, match all values >= 0x80.

这篇关于读取tcpdump标题长度命令的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！