[MASOCH-L] analise do payload
Eduardo Ascenco Reis
eduardo at intron.com.br
Thu Mar 30 18:38:21 -03 2006
Rogério,
On Thu, 30 Mar 2006 15:38:51 -0300, "Rogério Moura" <rogerpop at gmail.com> escreveu:
> Ola pessoal, alguem sabe de algum programa que eu possa analisar o conteúdo
> do pacote...
>
> tentei com o TCPDUMP, mas ele até onde eu sei, só analisa o cabeçalho do
> pacote.
No tcpdump você pode utilizar a opção -s para definir a quantidade de bytes a serem capturados, sendo que o valor 0 irá capturar o pacote todo.
Veja as informações do manual:
########################################################
-s Snarf snaplen bytes of data from each packet rather than the default of 68 (with SunOS's NIT, the minimum is actually 96). 68 bytes is adequate for IP, ICMP, TCP and UDP but may truncate protocol information from name server and NFS packets (see below). Packets truncated because of a limited snapshot are indicated in the output with ``[|proto]'', where proto is the name of the protocol level at which the truncation has occurred. Note that taking larger snapshots both increases the amount of time it takes to process packets and, effectively, decreases the amount of packet buffering. This may cause packets to be lost. You should limit snaplen to the smallest number that will capture the protocol information you're interested in. Setting snaplen to 0 means use the required length to catch whole packets.
########################################################
E com a opção -w pode-se gravar as informações capturadas em um arquivo (libpcap) que depois pode ser aberto pelo próprio tcpdump ou Ethereal (dentre muitas outras opções/recursos).
Abraços,
Eduardo Ascenço Reis.
More information about the masoch-l
mailing list