├── .github └── FUNDING.yml ├── gitbook ├── images │ ├── favicon.ico │ └── apple-touch-icon-precomposed-152.png ├── fonts │ └── fontawesome │ │ ├── FontAwesome.otf │ │ ├── fontawesome-webfont.eot │ │ ├── fontawesome-webfont.ttf │ │ ├── fontawesome-webfont.woff │ │ └── fontawesome-webfont.woff2 ├── gitbook-plugin-search │ ├── search.css │ ├── search-engine.js │ ├── search.js │ └── lunr.min.js ├── gitbook-plugin-lunr │ ├── search-lunr.js │ └── lunr.min.js ├── gitbook-plugin-sharing │ └── buttons.js ├── gitbook-plugin-highlight │ └── ebook.css └── gitbook-plugin-fontsettings │ ├── fontsettings.js │ └── website.css ├── posts ├── verify-cryptographic-signature-of-the-tcp-packet.md ├── dont-verify-tcp-udp-or-ip-checksums.md ├── dont-optimize-bpf-program.md ├── set-snapshot-length.md ├── decrypt-ipsec-esp-packets.md ├── dont-put-the-interface-into-promiscuous-mode.md ├── print-verbose-output.md ├── relinquish-privileges-when-running-tcpdump.md ├── list-and-set-data-link-type.md ├── detect-802-11-s-mesh-header.md ├── read-filter-expression-from-file.md ├── set-monitor-mode-for-interface.md ├── load-smi-mib-module.md ├── print-less-protocol-information.md ├── display-serial-number-for-every-capture-packet.md ├── limit-capture-packet-count.md ├── capture-packets-for-specified-direction.md ├── print-autonomous-system-number-in-asdot-notation.md ├── print-undecoded-nfs-handles.md ├── show-help-and-version-info.md ├── capture-packets-in-immediate-mode.md ├── output-line-buffered-or-packet-buffered.md ├── print-absolute-tcp-sequence-number.md ├── set-capture-buffer-size.md ├── specify-network-interfaces.md ├── control-timestamp-display.md ├── rotate-capture-files.md ├── print-link-level-header.md ├── dont-convert-address-to-name.md ├── set-timestamp-type-and-precision-during-capture.md ├── specify-how-to-interpret-packet.md ├── dont-print-domain-name-qualification-of-host-names.md ├── dont-translate-foreign-ipv4-address.md ├── save-packets-into-file.md ├── dump-compiled-bpf-program.md ├── parse-and-print-packets.md ├── the-format-of-tcpdump-command.md ├── decrypt-ipsec-esp-packets.html ├── dont-optimize-bpf-program.html ├── set-snapshot-length.html └── verify-cryptographic-signature-of-the-tcp-packet.html ├── publish.sh ├── LICENSE ├── README.md └── SUMMARY.md /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | patreon: nanxiao 2 | -------------------------------------------------------------------------------- /gitbook/images/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NanXiao/tcpdump-little-book/HEAD/gitbook/images/favicon.ico -------------------------------------------------------------------------------- /gitbook/fonts/fontawesome/FontAwesome.otf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NanXiao/tcpdump-little-book/HEAD/gitbook/fonts/fontawesome/FontAwesome.otf -------------------------------------------------------------------------------- /gitbook/fonts/fontawesome/fontawesome-webfont.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NanXiao/tcpdump-little-book/HEAD/gitbook/fonts/fontawesome/fontawesome-webfont.eot -------------------------------------------------------------------------------- /gitbook/fonts/fontawesome/fontawesome-webfont.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NanXiao/tcpdump-little-book/HEAD/gitbook/fonts/fontawesome/fontawesome-webfont.ttf -------------------------------------------------------------------------------- /gitbook/fonts/fontawesome/fontawesome-webfont.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NanXiao/tcpdump-little-book/HEAD/gitbook/fonts/fontawesome/fontawesome-webfont.woff -------------------------------------------------------------------------------- /gitbook/fonts/fontawesome/fontawesome-webfont.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NanXiao/tcpdump-little-book/HEAD/gitbook/fonts/fontawesome/fontawesome-webfont.woff2 -------------------------------------------------------------------------------- /gitbook/images/apple-touch-icon-precomposed-152.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/NanXiao/tcpdump-little-book/HEAD/gitbook/images/apple-touch-icon-precomposed-152.png -------------------------------------------------------------------------------- /posts/verify-cryptographic-signature-of-the-tcp-packet.md: -------------------------------------------------------------------------------- 1 | # Verify cryptographic signature of the TCP packet 2 | 3 | "`-M secret`" is used to verify cryptographic signature of the `TCP` with the `TCP-MD5` option, and now only `MD5` is supported. -------------------------------------------------------------------------------- /posts/dont-verify-tcp-udp-or-ip-checksums.md: -------------------------------------------------------------------------------- 1 | # Don't verify TCP, UDP or IP checksums 2 | 3 | "`-K/--dont-verify-checksums`" option is used to notify `tcpdump` not check `TCP`, `UDP` or `IP` checksums, but this option should not be applied except there is a compelling reason. -------------------------------------------------------------------------------- /posts/dont-optimize-bpf-program.md: -------------------------------------------------------------------------------- 1 | # Don't optimize BPF program 2 | 3 | "`-O/--no-optimize`" tells `tcpdump` not optimize generated `BPF` program, and this options just sets `optimize`'s value to `0` in [pcap_compile](https://www.tcpdump.org/manpages/pcap_compile.3pcap.html) function. -------------------------------------------------------------------------------- /posts/set-snapshot-length.md: -------------------------------------------------------------------------------- 1 | # Set snapshot length 2 | 3 | "`-s snaplen/--snapshot-length=snaplen`" option is used to set snapshot length; now the default value is `262144`, i.e., `256KiB`. It should satisfy all need. Unless there is a sufficient reason, otherwise just don't bother to modify it. -------------------------------------------------------------------------------- /posts/decrypt-ipsec-esp-packets.md: -------------------------------------------------------------------------------- 1 | # Decrypt IPSec ESP packets 2 | 3 | "`-E spi@ipaddr algo:secret ...`" can be used to decrypt `IPSec ESP` packets. Because this option involves secret key, it should only be used in debugging purpose. `Tcpdump` needs to be compiled with cryptography enabled (there is an [example](https://lists.freebsd.org/pipermail/freebsd-questions/2014-March/256538.html) about how to use this option). -------------------------------------------------------------------------------- /posts/dont-put-the-interface-into-promiscuous-mode.md: -------------------------------------------------------------------------------- 1 | # Don't put the interface into promiscuous mode 2 | 3 | "`-p/--no-promiscuous-mode`" option tells `tcpdump` not put the interface into promiscuous mode. `tcpdump` attains this purpose through either setting `promisc` argument to `0` in [pcap_open_live](https://www.tcpdump.org/manpages/pcap_open_live.3pcap.html) function or calling [pcap_set_promisc](https://www.tcpdump.org/manpages/pcap_set_promisc.3pcap.html) API. -------------------------------------------------------------------------------- /posts/print-verbose-output.md: -------------------------------------------------------------------------------- 1 | # Print verbose output 2 | 3 | There are `3` options which are used to display verbose output: `-v`, `-vv` and `-vvv` (The more `v`, the more detailed information). E.g.: 4 | 5 | # tcpdump -v 6 | ...... 7 | 11:11:35.272933 IP (tos 0x48, ttl 64, id 31847, offset 0, flags [DF], proto TCP (6), length 84) 8 | 192.168.35.211.ssh > 10.217.133.114.62443: Flags [P.], cksum 0x750d (incorrect -> 0x0700), seq 1935872656:1935872700, ack 2008969174, win 317, length 44 9 | ...... -------------------------------------------------------------------------------- /posts/relinquish-privileges-when-running-tcpdump.md: -------------------------------------------------------------------------------- 1 | # Relinquish privileges when running tcpdump 2 | 3 | In some scenarios, when `tcpdump` is running as `root`, after opening the capture device or input savefile, but before opening any savefiles for output, "`-Z user/--relinquish-privileges=user`" option can be used to switch to another user and drop privileges. E.g.: 4 | 5 | # sudo tcpdump -Z nan 6 | dropped privs to nan 7 | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode 8 | ...... 9 | -------------------------------------------------------------------------------- /posts/list-and-set-data-link-type.md: -------------------------------------------------------------------------------- 1 | # List and set data link type 2 | 3 | "`-L/--list-data-link-types`" option is used to list available data link types: 4 | 5 | # tcpdump -L 6 | Data link types for enp0s3 (use option -y to set): 7 | EN10MB (Ethernet) 8 | DOCSIS (DOCSIS) (printing not supported) 9 | 10 | Beware that the output may be different if the interface works in different modes (e.g., monitor mode or not). 11 | 12 | As prompted, "`-y datalinktype/--linktype=datalinktype`" option can be used to set data link type to capture packets: 13 | 14 | # tcpdump -y EN10MB -------------------------------------------------------------------------------- /publish.sh: -------------------------------------------------------------------------------- 1 | # install the plugins and build the static site 2 | gitbook install && gitbook build 3 | 4 | # checkout to the master branch 5 | git checkout master 6 | 7 | # pull the latest updates 8 | git pull origin master --rebase 9 | 10 | # copy the static site files into the current directory. 11 | cp -R _book/* . 12 | 13 | # remove 'node_modules' and '_book' directory 14 | git clean -fx node_modules 15 | git clean -fx _book 16 | 17 | # add all files 18 | git add . 19 | 20 | # commit 21 | git commit -a -m "Update docs" 22 | 23 | # push to the origin 24 | git push origin master 25 | -------------------------------------------------------------------------------- /posts/detect-802-11-s-mesh-header.md: -------------------------------------------------------------------------------- 1 | # Detect 802.11s mesh header 2 | 3 | "`-H`" option is used to detect `802.11s` mesh headers. The related code is [here](https://github.com/the-tcpdump-group/tcpdump/blob/50f375f9f1444e744d6e4b117940f0a7c9dd8c23/print-802_11.c#L2049): 4 | 5 | ...... 6 | if (ndo->ndo_Hflag && FC_TYPE(fc) == T_DATA && 7 | DATA_FRAME_IS_QOS(FC_SUBTYPE(fc))) { 8 | if(!ND_TTEST_1(p + hdrlen)) { 9 | nd_print_trunc(ndo); 10 | return hdrlen; 11 | } 12 | meshdrlen = extract_mesh_header_length(ndo, p + hdrlen); 13 | hdrlen += meshdrlen; 14 | } else 15 | meshdrlen = 0; 16 | ...... -------------------------------------------------------------------------------- /posts/read-filter-expression-from-file.md: -------------------------------------------------------------------------------- 1 | # Read filter expression from file 2 | 3 | The filter expression can be read from file. E.g.: 4 | 5 | # cat filter 6 | port 80 7 | 8 | "`-F file`" option can be used to read filter from file instead of command line: 9 | 10 | # tcpdump -F filter 11 | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode 12 | listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes 13 | ...... 14 | 15 | The code is [here](https://github.com/the-tcpdump-group/tcpdump/blob/511915bef7e4de2f31b8d9f581b4a44b0cfbcf53/tcpdump.c#L2144): 16 | 17 | ...... 18 | if (infile) 19 | cmdbuf = read_infile(infile); 20 | else 21 | cmdbuf = copy_argv(&argv[optind]); 22 | ...... 23 | 24 | -------------------------------------------------------------------------------- /posts/set-monitor-mode-for-interface.md: -------------------------------------------------------------------------------- 1 | # Set monitor mode for interface 2 | 3 | "`-I/--monitor-mode`" option is used to put network interface in "monitor mode" through [pcap_set_rfmon](https://www.tcpdump.org/manpages/pcap_set_rfmon.3pcap.html) API (code is [here](https://github.com/the-tcpdump-group/tcpdump/blob/a64580025249644dbae9fa03efc14e811fcac49b/tcpdump.c#L1305)): 4 | 5 | ...... 6 | if (Iflag) { 7 | status = pcap_set_rfmon(pc, 1); 8 | if (status != 0) 9 | error("%s: Can't set monitor mode: %s", 10 | device, pcap_statustostr(status)); 11 | } 12 | ...... 13 | 14 | Definitely, the interface should support "monitor mode" first, otherwise, following error message will be outputted: 15 | 16 | # tcpdump -I 17 | tcpdump: enp0s3: That device doesn't support monitor mode 18 | -------------------------------------------------------------------------------- /posts/load-smi-mib-module.md: -------------------------------------------------------------------------------- 1 | # Load SMI MIB module 2 | 3 | If `tcpdump` is built with [libsmi](https://www.ibr.cs.tu-bs.de/projects/libsmi/) support, "`-m module`" option can be used to load `MIB` module (code is [here](https://github.com/the-tcpdump-group/tcpdump/blob/f4ebd6cda863de6de39e3fdf4b065df06c99650d/netdissect.c#L122)): 4 | 5 | int 6 | nd_load_smi_module(const char *module, char *errbuf, size_t errbuf_size) 7 | { 8 | #ifdef USE_LIBSMI 9 | if (smiLoadModule(module) == 0) { 10 | nd_snprintf(errbuf, errbuf_size, "could not load MIB module %s", 11 | module); 12 | return (-1); 13 | } 14 | nd_smi_module_loaded = 1; 15 | return (0); 16 | #else 17 | nd_snprintf(errbuf, errbuf_size, "MIB module %s not loaded: no libsmi support", 18 | module); 19 | return (-1); 20 | #endif 21 | } -------------------------------------------------------------------------------- /posts/print-less-protocol-information.md: -------------------------------------------------------------------------------- 1 | # Print less protocol information 2 | 3 | "`-q`" option makes `tcpdump` output quickly, i.e., print less protocol information: 4 | 5 | # tcpdump -q 6 | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode 7 | listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes 8 | 09:20:24.150525 IP 192.168.35.211.ssh > 10.217.133.114.51763: tcp 108 9 | 09:20:24.150678 IP 192.168.35.211.ssh > 10.217.133.114.51763: tcp 36 10 | 09:20:24.150791 IP 192.168.35.211.ssh > 10.217.133.114.51763: tcp 116 11 | 09:20:24.150883 IP 192.168.35.211.ssh > 10.217.133.114.51763: tcp 36 12 | 09:20:24.152401 IP 10.217.133.114.51763 > 192.168.35.211.ssh: tcp 0 13 | 09:20:24.152426 IP 10.217.133.114.51763 > 192.168.35.211.ssh: tcp 0 14 | 09:20:24.351448 IP 10.217.133.114.51763 > 192.168.35.211.ssh: tcp 0 15 | ...... -------------------------------------------------------------------------------- /posts/display-serial-number-for-every-capture-packet.md: -------------------------------------------------------------------------------- 1 | # Display serial number for every capture packet 2 | 3 | "`-#/--number`" option is used to display serial number for every capture packet: 4 | 5 | # tcpdump -# > log.txt 6 | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode 7 | listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes 8 | 1 09:45:29.712740 IP 192.168.35.211.ssh > 10.217.133.114.51554: Flags [P.], seq 2582118158:2582118266, ack 3041963369, win 317, length 108 9 | 2 09:45:29.712927 IP 192.168.35.211.ssh > 10.217.133.114.51554: Flags [P.], seq 108:144, ack 1, win 317, length 36 10 | 3 09:45:29.713078 IP 192.168.35.211.ssh > 10.217.133.114.51554: Flags [P.], seq 144:260, ack 1, win 317, length 116 11 | 4 09:45:29.713275 IP 192.168.35.211.ssh > 10.217.133.114.51554: Flags [P.], seq 260:296, ack 1, win 317, length 36 12 | ...... -------------------------------------------------------------------------------- /posts/limit-capture-packet-count.md: -------------------------------------------------------------------------------- 1 | # Limit capture packet count 2 | 3 | "`-c count`" will limit the number of capture packets. E.g.: 4 | 5 | # tcpdump -c 1 6 | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode 7 | listening on enp0s25, link-type EN10MB (Ethernet), capture size 262144 bytes 8 | 16:45:56.920115 IP archlinux.ssh > 10.218.200.25.59436: Flags [P.], seq 1560371666:1560371854, ack 3724900894, win 501, length 188 9 | 1 packet captured 10 | 4 packets received by filter 11 | 0 packets dropped by kernel 12 | 13 | `tcpdump` exited after only capturing `1` packet. This feature is implemented by setting `cnt` argument of `pcap_loop` function: 14 | 15 | ...... 16 | case 'c': 17 | cnt = atoi(optarg); 18 | if (cnt <= 0) 19 | error("invalid packet count %s", optarg); 20 | break; 21 | ...... 22 | status = pcap_loop(pd, cnt, callback, pcap_userdata); 23 | ...... 24 | -------------------------------------------------------------------------------- /posts/capture-packets-for-specified-direction.md: -------------------------------------------------------------------------------- 1 | # Capture packets for specified direction 2 | 3 | "`-Q direction/--direction=direction`" option is used to restrict capturing packets for specified direction. The value of `direction` can be `in`, `out` or `inout`, and `tcpdump` calls [pcap_setdirection](https://www.tcpdump.org/manpages/pcap_setdirection.3pcap.html) API to set direction. E.g. capture packets received by interface: 4 | 5 | # tcpdump -Q in 6 | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode 7 | listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes 8 | 09:13:52.631770 IP 10.217.133.114.51763 > 192.168.35.211.ssh: Flags [.], ack 3460532592, win 16178, length 0 9 | 09:13:52.631787 IP 10.217.133.114.51763 > 192.168.35.211.ssh: Flags [.], ack 153, win 16140, length 0 10 | 09:13:52.640961 IP dns.scei.a-star.edu.sg.domain > 192.168.35.211.39882: 29830 NXDomain 0/0/0 (45) 11 | 09:13:52.642229 IP dns.scei.a-star.edu.sg.domain > 192.168.35.211.40155: 65204 NXDomain 0/1/0 (95) 12 | ...... -------------------------------------------------------------------------------- /posts/print-autonomous-system-number-in-asdot-notation.md: -------------------------------------------------------------------------------- 1 | # Print Autonomous System Number in ASDOT notation 2 | 3 | The `ASN` (Autonomous System Number, and you can think it as port number) will be outputted in `ASPLAIN` format by default. However, if `-b` option is specified (code is [here](https://github.com/the-tcpdump-group/tcpdump/blob/0636ecf91357b749370170716e0c4cd494bcea84/tcpdump.c#L1522)): 4 | 5 | ...... 6 | case 'b': 7 | ++ndo->ndo_bflag; 8 | break; 9 | ...... 10 | 11 | The `ASN` will be displayed in `ASDOT` notation when the number is bigger than `65535` (code is [here](https://github.com/the-tcpdump-group/tcpdump/blob/0636ecf91357b749370170716e0c4cd494bcea84/print-bgp.c#L522)): 12 | 13 | 14 | static char * 15 | as_printf(netdissect_options *ndo, 16 | char *str, int size, u_int asnum) 17 | { 18 | if (!ndo->ndo_bflag || asnum <= 0xFFFF) { 19 | snprintf(str, size, "%u", asnum); 20 | } else { 21 | snprintf(str, size, "%u.%u", asnum >> 16, asnum & 0xFFFF); 22 | } 23 | return str; 24 | } 25 | -------------------------------------------------------------------------------- /posts/print-undecoded-nfs-handles.md: -------------------------------------------------------------------------------- 1 | # Print undecoded NFS handles 2 | 3 | "`-u`" option is used to print undecoded `NFS` handles, and the code is [here](https://github.com/the-tcpdump-group/tcpdump/blob/33152db7441fcd8fcc39bf129b5d3ebef97726ec/print-nfs.c#L893): 4 | 5 | ...... 6 | if (ndo->ndo_uflag) { 7 | u_int i; 8 | char const *sep = ""; 9 | 10 | ND_PRINT(" fh["); 11 | for (i=0; i 10.217.133.114.52037: Flags [P.], seq 108:144, ack 1, win 317, length 36 10 | 09:37:43.143813 IP 192.168.35.211.ssh > 10.217.133.114.52037: Flags [P.], seq 144:260, ack 1, win 317, length 116 11 | 09:37:43.143893 IP 192.168.35.211.ssh > 10.217.133.114.52037: Flags [P.], seq 260:296, ack 1, win 317, length 36 12 | 09:37:43.145503 IP 10.217.133.114.52037 > 192.168.35.211.ssh: Flags [.], ack 108, win 16244, length 0 13 | ...... 14 | 15 | (2) With `-S` option: 16 | 17 | # tcpdump -S 18 | ...... 19 | 09:38:05.358828 IP 192.168.35.211.ssh > 10.217.133.114.52037: Flags [P.], seq 3717608601:3717608709, ack 3451729629, win 317, length 108 20 | 09:38:05.359036 IP 192.168.35.211.ssh > 10.217.133.114.52037: Flags [P.], seq 3717608709:3717608745, ack 3451729629, win 317, length 36 21 | 09:38:05.359171 IP 192.168.35.211.ssh > 10.217.133.114.52037: Flags [P.], seq 3717608745:3717608861, ack 3451729629, win 317, length 116 22 | ...... 23 | -------------------------------------------------------------------------------- /posts/set-capture-buffer-size.md: -------------------------------------------------------------------------------- 1 | # Set capture buffer size 2 | 3 | "`-B buffer_size/--buffer-size=buffer_size`" option can be used to change capture buffer size (code is [here](https://github.com/the-tcpdump-group/tcpdump/blob/cfc663988081e9ed293d46de626b1f98e91b2de5/tcpdump.c#L1526)): 4 | 5 | ...... 6 | #if defined(HAVE_PCAP_CREATE) || defined(_WIN32) 7 | case 'B': 8 | Bflag = atoi(optarg)*1024; 9 | if (Bflag <= 0) 10 | error("invalid packet buffer size %s", optarg); 11 | break; 12 | #endif /* defined(HAVE_PCAP_CREATE) || defined(_WIN32) */ 13 | ...... 14 | The unit is `KiB`. `pcap_set_buffer_size()` is called to set buffer size (code is [here](https://github.com/the-tcpdump-group/tcpdump/blob/cfc663988081e9ed293d46de626b1f98e91b2de5/tcpdump.c#L1315)): 15 | 16 | ...... 17 | if (Bflag != 0) { 18 | status = pcap_set_buffer_size(pc, Bflag); 19 | if (status != 0) 20 | error("%s: Can't set buffer size: %s", 21 | device, pcap_statustostr(status)); 22 | } 23 | ...... 24 | 25 | On Windows, a special processing is needed (code is [here](https://github.com/the-tcpdump-group/tcpdump/blob/cfc663988081e9ed293d46de626b1f98e91b2de5/tcpdump.c#L2101)): 26 | 27 | ...... 28 | #if !defined(HAVE_PCAP_CREATE) && defined(_WIN32) 29 | if(Bflag != 0) 30 | if(pcap_setbuff(pd, Bflag)==-1){ 31 | error("%s", pcap_geterr(pd)); 32 | } 33 | #endif /* !defined(HAVE_PCAP_CREATE) && defined(_WIN32) */ 34 | ...... -------------------------------------------------------------------------------- /posts/specify-network-interfaces.md: -------------------------------------------------------------------------------- 1 | # Specify network interfaces 2 | 3 | "`-D/--list-interfaces`" option is used to show available network interfaces: 4 | 5 | # tcpdump -D 6 | 1.enp0s3 [Up, Running] 7 | 2.lo [Up, Running, Loopback] 8 | 3.any (Pseudo-device that captures on all interfaces) [Up, Running] 9 | 4.nflog (Linux netfilter log (NFLOG) interface) [none] 10 | 5.nfqueue (Linux netfilter queue (NFQUEUE) interface) [none] 11 | 12 | "`-i/--interface`" option is used to specify the listening interface. If not specified, interface with the lowest index excluding `loopback` is picked (i.e., `enp0s3`). If the traffic through all interfaces need to captured, "`any`" should be the name of interface: 13 | 14 | # tcpdump -i any 15 | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode 16 | listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes 17 | ...... 18 | 17:08:43.333868 IP 192.168.35.211.ssh > 10.217.133.165.49880: Flags [P.], seq 54874791:54874899, ack 1667749708, win 317 19 | , length 108 20 | 17:08:43.333962 IP 192.168.35.211.ssh > 10.217.133.165.49880: Flags [P.], seq 108:144, ack 1, win 317, length 36 21 | 17:08:43.334044 IP 192.168.35.211.ssh > 10.217.133.165.49880: Flags [P.], seq 144:260, ack 1, win 317, length 116 22 | 17:08:43.334125 IP 192.168.35.211.ssh > 10.217.133.165.49880: Flags [P.], seq 260:296, ack 1, win 317, length 36 23 | 24 | Or use index instead: 25 | 26 | # tcpdump -i 3 -------------------------------------------------------------------------------- /gitbook/gitbook-plugin-search/search-engine.js: -------------------------------------------------------------------------------- 1 | require([ 2 | 'gitbook', 3 | 'jquery' 4 | ], function(gitbook, $) { 5 | // Global search objects 6 | var engine = null; 7 | var initialized = false; 8 | 9 | // Set a new search engine 10 | function setEngine(Engine, config) { 11 | initialized = false; 12 | engine = new Engine(config); 13 | 14 | init(config); 15 | } 16 | 17 | // Initialize search engine with config 18 | function init(config) { 19 | if (!engine) throw new Error('No engine set for research. Set an engine using gitbook.research.setEngine(Engine).'); 20 | 21 | return engine.init(config) 22 | .then(function() { 23 | initialized = true; 24 | gitbook.events.trigger('search.ready'); 25 | }); 26 | } 27 | 28 | // Launch search for query q 29 | function query(q, offset, length) { 30 | if (!initialized) throw new Error('Search has not been initialized'); 31 | return engine.search(q, offset, length); 32 | } 33 | 34 | // Get stats about search 35 | function getEngine() { 36 | return engine? engine.name : null; 37 | } 38 | 39 | function isInitialized() { 40 | return initialized; 41 | } 42 | 43 | // Initialize gitbook.search 44 | gitbook.search = { 45 | setEngine: setEngine, 46 | getEngine: getEngine, 47 | query: query, 48 | isInitialized: isInitialized 49 | }; 50 | }); -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | BSD 3-Clause License 2 | 3 | Copyright (c) 2019, Nan Xiao 4 | All rights reserved. 5 | 6 | Redistribution and use in source and binary forms, with or without 7 | modification, are permitted provided that the following conditions are met: 8 | 9 | 1. Redistributions of source code must retain the above copyright notice, this 10 | list of conditions and the following disclaimer. 11 | 12 | 2. Redistributions in binary form must reproduce the above copyright notice, 13 | this list of conditions and the following disclaimer in the documentation 14 | and/or other materials provided with the distribution. 15 | 16 | 3. Neither the name of the copyright holder nor the names of its 17 | contributors may be used to endorse or promote products derived from 18 | this software without specific prior written permission. 19 | 20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | -------------------------------------------------------------------------------- /posts/control-timestamp-display.md: -------------------------------------------------------------------------------- 1 | # Control timestamp display 2 | 3 | `Tcpdump` provides abundant options to control timestamp display: 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 31 | 32 | 33 | 34 | 35 | 36 | 37 |
OptionMeaningExample
-tNo time stamp for each line.IP 192.168.35.211.ssh > 10.217.133.114.64998: Flags [P.], seq 108:144, ack 1, win 317, length 36
-ttUnix style, i.e., seconds and fractions of second since January 1, 1970, 00:00:00, UTC.1561024104.790056 IP 192.168.35.211.ssh > 10.217.133.114.64998: Flags [P.], seq 493732:494000, ack 181, win 317, length 268
-tttShow time delta between current and previous line on each dump line. The default is microsecond resolution.00:00:00.000320 IP 192.168.35.211.ssh > 10.217.133.114.65401: Flags [P.], seq 108:144, ack 1, win 317, length 36
-ttttPrint detailed timestamp of every packet.2019-06-20 18:16:07.208973 IP 192.168.35.211.ssh > 10.217.133.114.65401: Flags [P.], seq 1528425705:1528425813, ack 3085 30 | 343628, win 317, length 108
-tttttShow time delta between current and first line on each dump line. The default is microsecond resolution.00:00:00.000513 IP 192.168.35.211.ssh > 10.217.133.114.65401: Flags [P.], seq 260:296, ack 1, win 317, length 36
-------------------------------------------------------------------------------- /posts/rotate-capture-files.md: -------------------------------------------------------------------------------- 1 | # Rotate capture files 2 | 3 | To rotate capture files, "`-C file_size`" (the unit is `MB`, i.e., `1,000,000` Bytes) option can be used to set the size of rotation file: 4 | 5 | # tcpdump -w enp0s3.pcap -C 1 6 | 7 | Otherwise the files can be rotated based on time (seconds) through "`-G seconds`" option: 8 | 9 | # tcpdump -w enp0s3_%F_%T.pcap -G 3 10 | tcpdump: listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes 11 | ^C10 packets captured 12 | 12 packets received by filter 13 | 0 packets dropped by kernel 14 | # ls -lt *.pcap 15 | -rw-r--r-- 1 root root 100 Jun 6 09:13 enp0s3_2019-06-06_09:13:28.pcap 16 | -rw-r--r-- 1 root root 176 Jun 6 09:13 enp0s3_2019-06-06_09:13:24.pcap 17 | -rw-r--r-- 1 root root 746 Jun 6 09:13 enp0s3_2019-06-06_09:13:21.pcap 18 | 19 | For time format, this [page](http://www.cplusplus.com/reference/ctime/strftime/) gives a reference. 20 | 21 | If some operations need to be done with saved files, "`-z postrotate-command`" option can be used. E.g., compress the rotated file: 22 | 23 | # tcpdump -w enp0s3_%F_%T.pcap -G 3 -z gzip 24 | tcpdump: listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes 25 | ^C22 packets captured 26 | 24 packets received by filter 27 | 0 packets dropped by kernel 28 | # ls *.gz 29 | enp0s3_2019-06-21_13:37:29.pcap.gz enp0s3_2019-06-21_13:37:37.pcap.gz enp0s3_2019-06-21_13:37:43.pcap.gz 30 | enp0s3_2019-06-21_13:37:34.pcap.gz enp0s3_2019-06-21_13:37:40.pcap.gz 31 | 32 | BTW, there is another "`-W filecount`" option which can be used in conjunction with "`-C`" or "`-G`" option to limit the number of files. -------------------------------------------------------------------------------- /posts/print-link-level-header.md: -------------------------------------------------------------------------------- 1 | # Print link level header 2 | 3 | "`-e`" option can be used to print link level header, e.g., `MAC` address. Compare the output without & with "`-e`": 4 | 5 | # tcpdump 6 | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode 7 | listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes 8 | 08:49:05.566481 IP 192.168.35.211.ssh > 10.217.133.165.62575: Flags [P.], seq 3495460430:3495460538, ack 1684770413, win 317, length 108 9 | 08:49:05.566644 IP 192.168.35.211.ssh > 10.217.133.165.62575: Flags [P.], seq 108:144, ack 1, win 317, length 36 10 | 08:49:05.566759 IP 192.168.35.211.ssh > 10.217.133.165.62575: Flags [P.], seq 144:260, ack 1, win 317, length 116 11 | 08:49:05.566851 IP 192.168.35.211.ssh > 10.217.133.165.62575: Flags [P.], seq 260:296, ack 1, win 317, length 36 12 | ...... 13 | 14 | # tcpdump -e 15 | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode 16 | listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes 17 | 08:52:14.998750 08:00:27:70:9e:7a (oui Unknown) > 00:1e:bd:de:67:00 (oui Unknown), ethertype IPv4 (0x0800), length 162: 192.168.35.211.ssh > 10.217.133.165.62575: Flags [P.], seq 3496206666:3496206774, ack 1684770961, win 317, length 108 18 | 08:52:14.998897 08:00:27:70:9e:7a (oui Unknown) > 00:1e:bd:de:67:00 (oui Unknown), ethertype IPv4 (0x0800), length 90: 192.168.35.211.ssh > 10.217.133.165.62575: Flags [P.], seq 108:144, ack 1, win 317, length 36 19 | 08:52:14.999088 08:00:27:70:9e:7a (oui Unknown) > 00:1e:bd:de:67:00 (oui Unknown), ethertype IPv4 (0x0800), length 170: 192.168.35.211.ssh > 10.217.133.165.62575: Flags [P.], seq 144:260, ack 1, win 317, length 116 20 | -------------------------------------------------------------------------------- /posts/dont-convert-address-to-name.md: -------------------------------------------------------------------------------- 1 | # Don't convert address to name 2 | 3 | "`-n`" option tells `tcpdump` not convert address to name. Compare following outputs: 4 | 5 | (1) Without "`-n`": 6 | 7 | # tcpdump port 80 8 | ...... 9 | 17:55:23.767010 IP 192.168.35.211.42314 > sa-in-f106.1e100.net.http: Flags [S], seq 754374479, win 29200, options [mss 1460,sackOK,TS val 3390348087 ecr 0,nop,wscale 7], length 0 10 | 17:55:23.773385 IP sa-in-f106.1e100.net.http > 192.168.35.211.42314: Flags [S.], seq 3627421307, ack 754374480, win 62392, options [mss 1430,sackOK,TS val 1694624530 ecr 3390348087,nop,wscale 8], length 0 11 | 17:55:23.773420 IP 192.168.35.211.42314 > sa-in-f106.1e100.net.http: Flags [.], ack 1, win 229, options [nop,nop,TS val 3390348093 ecr 1694624530], length 0 12 | 17:55:23.773921 IP 192.168.35.211.42314 > sa-in-f106.1e100.net.http: Flags [P.], seq 1:142, ack 1, win 229, options [nop,nop,TS val 3390348094 ecr 1694624530], length 141: HTTP: GET / HTTP/1.1 13 | ...... 14 | 15 | (2) With `-n` (No name resolution, only `IP` addresses are printed): 16 | 17 | # tcpdump port 80 18 | ...... 19 | 17:54:53.516004 IP 192.168.35.211.42310 > 74.125.200.106.80: Flags [S], seq 3573100071, win 29200, options [mss 1460,sackOK,TS val 3390317836 ecr 0,nop,wscale 7], length 0 20 | 17:54:53.519718 IP 74.125.200.106.80 > 192.168.35.211.42310: Flags [S.], seq 1387207616, ack 3573100072, win 62392, options [mss 1430,sackOK,TS val 2574277547 ecr 3390317836,nop,wscale 8], length 0 21 | 17:54:53.519746 IP 192.168.35.211.42310 > 74.125.200.106.80: Flags [.], ack 1, win 229, options [nop,nop,TS val 3390317839 ecr 2574277547], length 0 22 | 17:54:53.520500 IP 192.168.35.211.42310 > 74.125.200.106.80: Flags [P.], seq 1:142, ack 1, win 229, options [nop,nop,TS val 3390317840 ecr 2574277547], length 141: HTTP: GET / HTTP/1.1 23 | ...... 24 | -------------------------------------------------------------------------------- /posts/set-timestamp-type-and-precision-during-capture.md: -------------------------------------------------------------------------------- 1 | # Set timestamp type and precision during capture 2 | 3 | "`-J/--list-time-stamp-types`" option is used to list timestamp types that interface supports: 4 | 5 | $ tcpdump -J 6 | Time stamp types for enp0s3 (use option -j to set): 7 | host (Host) 8 | adapter_unsynced (Adapter, not synced with system time) 9 | 10 | As prompted, "`-j tstamp_type/--time-stamp-type=tstamp_type`" option can be used to set timestamp type. Now `5` types are supported: `host`, `host_lowprec`, `host_hiprec`, `adapter` and `adapter_unsynced` (please refer [pcap-tstamp](https://www.tcpdump.org/manpages/pcap-tstamp.7.html)). 11 | 12 | The timestamp precision can be set in microsecond resolution ("`--time-stamp-precision=macro/--macro`") or nanosecond resolution ("`--time-stamp-precision=nano/--nano`"): 13 | 14 | # tcpdump --time-stamp-precision=nano 15 | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode 16 | listening on enp0s3, link-type EN10MB (Ethernet), snapshot length 262144 bytes 17 | 17:53:08.669795918 IP 192.168.35.211.ssh > 10.217.133.115.56843: Flags [P.], seq 2946671030:2946671138, ack 2526798027, win 317, length 108 18 | 17:53:08.670069187 IP 192.168.35.211.ssh > 10.217.133.115.56843: Flags [P.], seq 108:144, ack 1, win 317, length 36 19 | 17:53:08.670174142 IP 192.168.35.211.ssh > 10.217.133.115.56843: Flags [P.], seq 144:204, ack 1, win 317, length 60 20 | 17:53:08.670267764 IP 192.168.35.211.ssh > 10.217.133.115.56843: Flags [P.], seq 204:272, ack 1, win 317, length 68 21 | 17:53:08.670356638 IP 192.168.35.211.ssh > 10.217.133.115.56843: Flags [P.], seq 272:340, ack 1, win 317, length 68 22 | 17:53:08.670435999 IP 192.168.35.211.ssh > 10.217.133.115.56843: Flags [P.], seq 340:376, ack 1, win 317, length 36 23 | ...... 24 | 25 | The actual precision of timestamp depends on the Operating System and hardware. -------------------------------------------------------------------------------- /gitbook/gitbook-plugin-lunr/search-lunr.js: -------------------------------------------------------------------------------- 1 | require([ 2 | 'gitbook', 3 | 'jquery' 4 | ], function(gitbook, $) { 5 | // Define global search engine 6 | function LunrSearchEngine() { 7 | this.index = null; 8 | this.store = {}; 9 | this.name = 'LunrSearchEngine'; 10 | } 11 | 12 | // Initialize lunr by fetching the search index 13 | LunrSearchEngine.prototype.init = function() { 14 | var that = this; 15 | var d = $.Deferred(); 16 | 17 | $.getJSON(gitbook.state.basePath+'/search_index.json') 18 | .then(function(data) { 19 | // eslint-disable-next-line no-undef 20 | that.index = lunr.Index.load(data.index); 21 | that.store = data.store; 22 | d.resolve(); 23 | }); 24 | 25 | return d.promise(); 26 | }; 27 | 28 | // Search for a term and return results 29 | LunrSearchEngine.prototype.search = function(q, offset, length) { 30 | var that = this; 31 | var results = []; 32 | 33 | if (this.index) { 34 | results = $.map(this.index.search(q), function(result) { 35 | var doc = that.store[result.ref]; 36 | 37 | return { 38 | title: doc.title, 39 | url: doc.url, 40 | body: doc.summary || doc.body 41 | }; 42 | }); 43 | } 44 | 45 | return $.Deferred().resolve({ 46 | query: q, 47 | results: results.slice(0, length), 48 | count: results.length 49 | }).promise(); 50 | }; 51 | 52 | // Set gitbook research 53 | gitbook.events.bind('start', function(e, config) { 54 | var engine = gitbook.search.getEngine(); 55 | if (!engine) { 56 | gitbook.search.setEngine(LunrSearchEngine, config); 57 | } 58 | }); 59 | }); 60 | -------------------------------------------------------------------------------- /posts/specify-how-to-interpret-packet.md: -------------------------------------------------------------------------------- 1 | # Specify how to interpret packet 2 | 3 | "`-T type`" option tells `tcpdump` to interpret packet according to `type` value. The value and meaning of `type` are like following: 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 |
ValueMeaning
aodvAd-hoc On-demand Distance Vector protocol
carpCommon Address Redundancy Protocol
cnfpCisco NetFlow protocol
lmpLink Management Protocol
pgmPragmatic General Multicast
pgm_zmtp1ZMTP/1.0 inside PGM/EPGM
radiusRADIUS
respREdis Serialization Protocol
rpcRemote Procedure Call
rtpReal-Time Applications protocol
rtcpReal-Time Applications control protocol
snmpSimple Network Management Protocol
tftpTrivial File Transfer Protocol
vatVisual Audio Tool
vxlanVirtual eXtensible Local Area Network
wbdistributed White Board
zmtp1ZeroMQ Message Transport Protocol 1.0
-------------------------------------------------------------------------------- /posts/dont-print-domain-name-qualification-of-host-names.md: -------------------------------------------------------------------------------- 1 | # Don't print domain name qualification of host names 2 | 3 | "`-N`" option tells `tcpdump` not print domain name qualification of host names. Compare following outputs: 4 | 5 | (1) Without "`-N`": 6 | 7 | # tcpdump port 80 8 | ...... 9 | 09:28:16.590166 IP 192.168.35.211.36662 > sin10s07-in-f100.1e100.net.http: Flags [S], seq 3705499091, win 29200, options [mss 1460,sackOK,TS val 3283951004 ecr 0,nop,wscale 7], length 0 10 | 09:28:16.593198 IP sin10s07-in-f100.1e100.net.http > 192.168.35.211.36662: Flags [S.], seq 3497055131, ack 3705499092, win 60192, options [mss 1380,sackOK,TS val 340557822 ecr 3283951004,nop,wscale 8], length 0 11 | 09:28:16.593222 IP 192.168.35.211.36662 > sin10s07-in-f100.1e100.net.http: Flags [.], ack 1, win 229, options [nop,nop,TS val 3283951007 ecr 340557822], length 0 12 | 09:28:16.593652 IP 192.168.35.211.36662 > sin10s07-in-f100.1e100.net.http: Flags [P.], seq 1:142, ack 1, win 229, options [nop,nop,TS val 3283951007 ecr 340557822], length 141: HTTP: GET / HTTP/1.1 13 | ...... 14 | 15 | (2) With "`-N`" ("`1e100.net`" is not outputted): 16 | 17 | # tcpdump -N port 80 18 | ...... 19 | 09:16:10.543488 IP 192.168.35.211.36610 > sin10s07-in-f4.http: Flags [S], seq 3887934852, win 29200, options [mss 1460,sackOK,TS val 3283224957 ecr 0,nop,wscale 7], length 0 20 | 09:16:10.546542 IP sin10s07-in-f4.http > 192.168.35.211.36610: Flags [S.], seq 1285438159, ack 3887934853, win 60192, options [mss 1380,sackOK,TS val 2475082608 ecr 3283224957,nop,wscale 8], length 0 21 | 09:16:10.546577 IP 192.168.35.211.36610 > sin10s07-in-f4.http: Flags [.], ack 1, win 229, options [nop,nop,TS val 3283224960 ecr 2475082608], length 0 22 | 09:16:10.547079 IP 192.168.35.211.36610 > sin10s07-in-f4.http: Flags [P.], seq 1:142, ack 1, win 229, options [nop,nop,TS val 3283224961 ecr 2475082608], length 141: HTTP: GET / HTTP/1.1 23 | ...... 24 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Tcpdump little book 2 | 3 | [Tcpdump](https://www.tcpdump.org/) is a very powerful command line tool to analyze network packets on `Unix-like` Operating Systems; it is indispensable for debugging network related issues. Run `tcpdump` in your terminal: 4 | 5 | # tcpdump 6 | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode 7 | listening on enp0s25, link-type EN10MB (Ethernet), capture size 262144 bytes 8 | 08:57:41.148740 IP6 fe80::846b:2555:fb41:1fa8.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit 9 | 08:57:41.208960 IP archlinux.ssh > 10.217.133.206.55977: Flags [P.], seq 687245846:687246034, ack 4010852751, win 501, length 188 10 | ...... 11 | 12 | Without any options and expression, `tcpdump` works in a live-capture mode (the source code is [here](https://github.com/the-tcpdump-group/tcpdump/blob/e6eab7bccfbf8fe9c386e16a9c5441e7a57066ae/tcpdump.c#L2024)): 13 | 14 | ...... 15 | /* 16 | * We're doing a live capture. 17 | */ 18 | if (device == NULL) { 19 | /* 20 | * No interface was specified. Pick one. 21 | */ 22 | #ifdef HAVE_PCAP_FINDALLDEVS 23 | /* 24 | * Find the list of interfaces, and pick 25 | * the first interface. 26 | */ 27 | if (pcap_findalldevs(&devlist, ebuf) == -1) 28 | error("%s", ebuf); 29 | if (devlist == NULL) 30 | error("no interfaces available for capture"); 31 | device = strdup(devlist->name); 32 | pcap_freealldevs(devlist); 33 | #else /* HAVE_PCAP_FINDALLDEVS */ 34 | /* 35 | * Use whatever interface pcap_lookupdev() 36 | * chooses. 37 | */ 38 | device = pcap_lookupdev(ebuf); 39 | if (device == NULL) 40 | error("%s", ebuf); 41 | #endif 42 | } 43 | ...... 44 | 45 | Depends on whether `HAVE_PCAP_FINDALLDEVS` macro is defined, `tcpudmp` will pick a "default" network interface to do capture work. Interesting, right? Since all is set, let's begin this whirlwind tour of `tcpdump`. 46 | 47 | P.S., this manual refers code and documents heavily from [tcpdump](https://www.tcpdump.org/) website, and kudos to `tcpdump` guys! If the small booklet gives you some help, please give it a star in [github](https://github.com/NanXiao/tcpdump-little-book). :-) 48 | 49 | -------------------------------------------------------------------------------- /posts/dont-translate-foreign-ipv4-address.md: -------------------------------------------------------------------------------- 1 | # Don't translate foreign IPv4 address 2 | 3 | "`-f`" option tells `tcpdump` not translate foreign `IPv4` address. Use `tcpdump` to monitor packets from port `80`: 4 | 5 | # tcpdump port 80 6 | tcpdump: verbose output suppressed, use -v or -vv for full protocol decode 7 | listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes 8 | 9 | Open another terminal and run following command: 10 | 11 | # wget google.com 12 | --2019-06-04 08:37:09-- http://google.com/ 13 | Resolving google.com... 74.125.130.102, 74.125.130.113, 74.125.130.139, ... 14 | Connecting to google.com|74.125.130.102|:80... connected. 15 | HTTP request sent, awaiting response... 301 Moved Permanently 16 | ...... 17 | 18 | In the first terminal, `tcpdump` will print following output: 19 | 20 | ...... 21 | 08:37:09.815811 IP 192.168.35.211.41580 > sb-in-f102.1e100.net.http: Flags [S], seq 1939117813, win 29200, options [mss 1460,sackOK,TS val 229353835 ecr 0,nop,wscale 7], length 0 22 | 08:37:09.819276 IP sb-in-f102.1e100.net.http > 192.168.35.211.41580: Flags [S.], seq 1065852934, ack 1939117814, win 60192, options [mss 1380,sackOK,TS val 2316592675 ecr 229353835,nop,wscale 8], length 0 23 | 08:37:09.819307 IP 192.168.35.211.41580 > sb-in-f102.1e100.net.http: Flags [.], ack 1, win 229, options [nop,nop,TS val 229353838 ecr 2316592675], length 0 24 | 08:37:09.819738 IP 192.168.35.211.41580 > sb-in-f102.1e100.net.http: Flags [P.], seq 1:138, ack 1, win 229, options [nop,nop,TS val 229353839 ecr 2316592675], length 137: HTTP: GET / HTTP/1.1 25 | ...... 26 | 27 | If using "`-f`" option ("`tcpdump -f port 80`"), `IP` addresses will be printed instead: 28 | 29 | ...... 30 | 08:37:49.861210 IP 192.168.35.211.48270 > 74.125.130.139.http: Flags [S], seq 177134859, win 29200, options [mss 1460,sackOK,TS val 1024480880 ecr 0,nop,wscale 7], length 0 31 | 08:37:49.865430 IP 74.125.130.139.http > 192.168.35.211.48270: Flags [S.], seq 711300604, ack 177134860, win 60192, options [mss 1380,sackOK,TS val 3503207327 ecr 1024480880,nop,wscale 8], length 0 32 | 08:37:49.865459 IP 192.168.35.211.48270 > 74.125.130.139.http: Flags [.], ack 1, win 229, options [nop,nop,TS val 1024480884 ecr 3503207327], length 0 33 | ...... 34 | 35 | -------------------------------------------------------------------------------- /SUMMARY.md: -------------------------------------------------------------------------------- 1 | * [The format of tcpdump command](posts/the-format-of-tcpdump-command.md) 2 | * [Show help & version info](posts/show-help-and-version-info.md) 3 | * [Print less protocol information](posts/print-less-protocol-information.md) 4 | * [Print verbose output](posts/print-verbose-output.md) 5 | * [Specify how to interpret packet](posts/specify-how-to-interpret-packet.md) 6 | * [Specify network interfaces](posts/specify-network-interfaces.md) 7 | * [Read filter expression from file](posts/read-filter-expression-from-file.md) 8 | * [Save packets into file](posts/save-packets-into-file.md) 9 | * [Rotate capture files](posts/rotate-capture-files.md) 10 | * [Parse and print packets](posts/parse-and-print-packets.md) 11 | * [Print Autonomous System Number in ASDOT notation](posts/print-autonomous-system-number-in-asdot-notation.md) 12 | * [Print absolute TCP sequence number](posts/print-absolute-tcp-sequence-number.md) 13 | * [Set capture buffer size](posts/set-capture-buffer-size.md) 14 | * [Set snapshot length](posts/set-snapshot-length.md) 15 | * [Capture packets for specified direction](posts/capture-packets-for-specified-direction.md) 16 | * [Limit capture packet count](posts/limit-capture-packet-count.md) 17 | * [Display serial number for every capture packet](posts/display-serial-number-for-every-capture-packet.md) 18 | * [Dump compiled BPF program](posts/dump-compiled-bpf-program.md) 19 | * [Don't optimize BPF program](posts/dont-optimize-bpf-program.md) 20 | * [Print link level header](posts/print-link-level-header.md) 21 | * [List and set data link type](posts/list-and-set-data-link-type.md) 22 | * [Don't convert address to name](posts/dont-convert-address-to-name.md) 23 | * [Don't translate foreign IPv4 address](posts/dont-translate-foreign-ipv4-address.md) 24 | * [Don't print domain name qualification of host names](posts/dont-print-domain-name-qualification-of-host-names.md) 25 | * [Output line-buffered or packet-buffered](posts/output-line-buffered-or-packet-buffered.md) 26 | * [Set timestamp type and precision during capture](posts/set-timestamp-type-and-precision-during-capture.md) 27 | * [Control timestamp display](posts/control-timestamp-display.md) 28 | * [Set monitor mode for interface](posts/set-monitor-mode-for-interface.md) 29 | * [Capture packets in immediate mode](posts/capture-packets-in-immediate-mode.md) 30 | * [Don't verify TCP, UDP or IP checksums](posts/dont-verify-tcp-udp-or-ip-checksums.md) 31 | * [Don't put the interface into promiscuous mode](posts/dont-put-the-interface-into-promiscuous-mode.md) 32 | * [Relinquish privileges when running tcpdump](posts/relinquish-privileges-when-running-tcpdump.md) 33 | * [Verify cryptographic signature of the TCP packet](posts/verify-cryptographic-signature-of-the-tcp-packet.md) 34 | * [Load SMI MIB module](posts/load-smi-mib-module.md) 35 | * [Print undecoded NFS handles](posts/print-undecoded-nfs-handles.md) 36 | * [Detect 802.11s mesh header](posts/detect-802-11-s-mesh-header.md) 37 | * [Decrypt IPSec ESP packets](posts/decrypt-ipsec-esp-packets.md) -------------------------------------------------------------------------------- /posts/save-packets-into-file.md: -------------------------------------------------------------------------------- 1 | # Save packets into file 2 | 3 | "`-w file`" option is used to save capture packets into a file instead of printing them in standard output: 4 | 5 | # tcpdump -w enp0s3.pcap 6 | tcpdump: listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes 7 | ^C7 packets captured 8 | 9 packets received by filter 9 | 0 packets dropped by kernel 10 | 11 | If printing packet is also needed when saving to file, "`--print`" optin can help: 12 | 13 | # tcpdump --print -w enp0s3.pcap 14 | tcpdump: listening on enp0s3, link-type EN10MB (Ethernet), snapshot length 262144 bytes 15 | 09:27:48.456071 IP 192.168.35.211.ssh > 10.217.133.114.63884: Flags [P.], seq 485718701:485718745, ack 2592535797, win 317, length 44 16 | 09:27:48.456311 IP 192.168.35.211.ssh > 10.217.133.114.63884: Flags [P.], seq 44:104, ack 1, win 317, length 60 17 | ...... 18 | 19 | The file can be read through "`-r`" option: 20 | 21 | $ tcpdump -r enp0s3.pcap 22 | reading from file enp0s3.pcap, link-type EN10MB (Ethernet) 23 | 09:27:48.456071 IP 192.168.35.211.ssh > 10.217.133.114.63884: Flags [P.], seq 485718701:485718745, ack 2592535797, win 317, length 44 24 | 09:27:48.456311 IP 192.168.35.211.ssh > 10.217.133.114.63884: Flags [P.], seq 44:104, ack 1, win 317, length 60 25 | ...... 26 | 27 | 28 | If there are multiple files to read, create a new file to store paths for these files (one per line), then use "`-V`" option to read them: 29 | 30 | # tcpdump -w enp0s3_0.pcap 31 | ...... 32 | # tcpdump -w enp0s3_1.pcap 33 | ...... 34 | # cat pcap_file.txt 35 | enp0s3_0.pcap 36 | enp0s3_1.pcap 37 | # tcpdump -V pcap_file.txt 38 | reading from file enp0s3_0.pcap, link-type EN10MB (Ethernet) 39 | 11:33:35.806380 IP 192.168.35.211.ssh > 10.217.133.114.62443: Flags [P.], seq 1938680568:1938680612, ack 2008981114, win 317, length 44 40 | 11:33:35.806574 IP 192.168.35.211.ssh > 10.217.133.114.62443: Flags [P.], seq 44:160, ack 1, win 317, length 116 41 | 11:33:35.806710 IP 192.168.35.211.ssh > 10.217.133.114.62443: Flags [P.], seq 160:196, ack 1, win 317, length 36 42 | 11:33:35.807941 IP 10.217.133.114.62443 > 192.168.35.211.ssh: Flags [.], ack 44, win 16316, length 0 43 | 11:33:35.808168 IP 10.217.133.114.62443 > 192.168.35.211.ssh: Flags [.], ack 196, win 16278, length 0 44 | 11:33:35.890102 STP 802.1d, Config, Flags [none], bridge-id 8000.00:09:e8:e0:1e:97.8083, length 43 45 | 11:33:36.629550 IP 192.168.35.145.45715 > 239.255.255.250.ssdp: UDP, length 166 46 | 11:33:37.631041 IP 192.168.35.145.45715 > 239.255.255.250.ssdp: UDP, length 166 47 | reading from file enp0s3_1.pcap, link-type EN10MB (Ethernet) 48 | 11:33:41.703389 IP 192.168.35.211.ssh > 10.217.133.114.62443: Flags [P.], seq 1040:1084, ack 497, win 317, length 44 49 | 11:33:41.703663 IP 192.168.35.211.ssh > 10.217.133.114.62443: Flags [P.], seq 1084:1200, ack 497, win 317, length 116 50 | 11:33:41.703802 IP 192.168.35.211.ssh > 10.217.133.114.62443: Flags [P.], seq 1200:1236, ack 497, win 317, length 36 51 | 11:33:41.705086 IP 10.217.133.114.62443 > 192.168.35.211.ssh: Flags [.], ack 1084, win 16425, length 0 52 | ...... 53 | -------------------------------------------------------------------------------- /posts/dump-compiled-bpf-program.md: -------------------------------------------------------------------------------- 1 | # Dump compiled BPF program 2 | 3 | The `expression` part (please refer [The format of tcpdump command](the-format-of-tcpdump-command.md)) will be compiled into [BPF](https://en.wikipedia.org/wiki/Berkeley_Packet_Filter) program before processing (code is [here](https://github.com/the-tcpdump-group/tcpdump/blob/master/tcpdump.c#L2152)): 4 | 5 | ...... 6 | if (pcap_compile(pd, &fcode, cmdbuf, Oflag, netmask) < 0) 7 | error("%s", pcap_geterr(pd)); 8 | if (dflag) { 9 | bpf_dump(&fcode, dflag); 10 | pcap_close(pd); 11 | free(cmdbuf); 12 | pcap_freecode(&fcode); 13 | exit_tcpdump(S_SUCCESS); 14 | } 15 | ...... 16 | 17 | "`-d`" option can be used to control how to display compiled `BPF` program. 18 | 19 | a) In human readable format (like assembly code): 20 | 21 | # tcpdump -d port 80 22 | (000) ldh [12] 23 | (001) jeq #0x86dd jt 2 jf 10 24 | (002) ldb [20] 25 | (003) jeq #0x84 jt 6 jf 4 26 | (004) jeq #0x6 jt 6 jf 5 27 | (005) jeq #0x11 jt 6 jf 23 28 | (006) ldh [54] 29 | (007) jeq #0x50 jt 22 jf 8 30 | (008) ldh [56] 31 | (009) jeq #0x50 jt 22 jf 23 32 | (010) jeq #0x800 jt 11 jf 23 33 | (011) ldb [23] 34 | (012) jeq #0x84 jt 15 jf 13 35 | (013) jeq #0x6 jt 15 jf 14 36 | (014) jeq #0x11 jt 15 jf 23 37 | (015) ldh [20] 38 | (016) jset #0x1fff jt 23 jf 17 39 | (017) ldxb 4*([14]&0xf) 40 | (018) ldh [x + 14] 41 | (019) jeq #0x50 jt 22 jf 20 42 | (020) ldh [x + 16] 43 | (021) jeq #0x50 jt 22 jf 23 44 | (022) ret #262144 45 | (023) ret #0 46 | 47 | b) In `C` program fragment format: 48 | 49 | # tcpdump -dd port 80 50 | { 0x28, 0, 0, 0x0000000c }, 51 | { 0x15, 0, 8, 0x000086dd }, 52 | { 0x30, 0, 0, 0x00000014 }, 53 | { 0x15, 2, 0, 0x00000084 }, 54 | { 0x15, 1, 0, 0x00000006 }, 55 | { 0x15, 0, 17, 0x00000011 }, 56 | { 0x28, 0, 0, 0x00000036 }, 57 | { 0x15, 14, 0, 0x00000050 }, 58 | { 0x28, 0, 0, 0x00000038 }, 59 | { 0x15, 12, 13, 0x00000050 }, 60 | { 0x15, 0, 12, 0x00000800 }, 61 | { 0x30, 0, 0, 0x00000017 }, 62 | { 0x15, 2, 0, 0x00000084 }, 63 | { 0x15, 1, 0, 0x00000006 }, 64 | { 0x15, 0, 8, 0x00000011 }, 65 | { 0x28, 0, 0, 0x00000014 }, 66 | { 0x45, 6, 0, 0x00001fff }, 67 | { 0xb1, 0, 0, 0x0000000e }, 68 | { 0x48, 0, 0, 0x0000000e }, 69 | { 0x15, 2, 0, 0x00000050 }, 70 | { 0x48, 0, 0, 0x00000010 }, 71 | { 0x15, 0, 1, 0x00000050 }, 72 | { 0x6, 0, 0, 0x00040000 }, 73 | { 0x6, 0, 0, 0x00000000 }, 74 | 75 | c) In raw number format: 76 | 77 | # tcpdump -ddd port 80 78 | 24 79 | 40 0 0 12 80 | 21 0 8 34525 81 | 48 0 0 20 82 | 21 2 0 132 83 | 21 1 0 6 84 | 21 0 17 17 85 | 40 0 0 54 86 | 21 14 0 80 87 | 40 0 0 56 88 | 21 12 13 80 89 | 21 0 12 2048 90 | 48 0 0 23 91 | 21 2 0 132 92 | 21 1 0 6 93 | 21 0 8 17 94 | 40 0 0 20 95 | 69 6 0 8191 96 | 177 0 0 14 97 | 72 0 0 14 98 | 21 2 0 80 99 | 72 0 0 16 100 | 21 0 1 80 101 | 6 0 0 262144 102 | 6 0 0 0 103 | 104 | 105 | 106 | -------------------------------------------------------------------------------- /gitbook/gitbook-plugin-sharing/buttons.js: -------------------------------------------------------------------------------- 1 | require(['gitbook', 'jquery'], function(gitbook, $) { 2 | var SITES = { 3 | 'facebook': { 4 | 'label': 'Facebook', 5 | 'icon': 'fa fa-facebook', 6 | 'onClick': function(e) { 7 | e.preventDefault(); 8 | window.open('http://www.facebook.com/sharer/sharer.php?s=100&p[url]='+encodeURIComponent(location.href)); 9 | } 10 | }, 11 | 'twitter': { 12 | 'label': 'Twitter', 13 | 'icon': 'fa fa-twitter', 14 | 'onClick': function(e) { 15 | e.preventDefault(); 16 | window.open('http://twitter.com/home?status='+encodeURIComponent(document.title+' '+location.href)); 17 | } 18 | }, 19 | 'google': { 20 | 'label': 'Google+', 21 | 'icon': 'fa fa-google-plus', 22 | 'onClick': function(e) { 23 | e.preventDefault(); 24 | window.open('https://plus.google.com/share?url='+encodeURIComponent(location.href)); 25 | } 26 | }, 27 | 'weibo': { 28 | 'label': 'Weibo', 29 | 'icon': 'fa fa-weibo', 30 | 'onClick': function(e) { 31 | e.preventDefault(); 32 | window.open('http://service.weibo.com/share/share.php?content=utf-8&url='+encodeURIComponent(location.href)+'&title='+encodeURIComponent(document.title)); 33 | } 34 | }, 35 | 'instapaper': { 36 | 'label': 'Instapaper', 37 | 'icon': 'fa fa-instapaper', 38 | 'onClick': function(e) { 39 | e.preventDefault(); 40 | window.open('http://www.instapaper.com/text?u='+encodeURIComponent(location.href)); 41 | } 42 | }, 43 | 'vk': { 44 | 'label': 'VK', 45 | 'icon': 'fa fa-vk', 46 | 'onClick': function(e) { 47 | e.preventDefault(); 48 | window.open('http://vkontakte.ru/share.php?url='+encodeURIComponent(location.href)); 49 | } 50 | } 51 | }; 52 | 53 | 54 | 55 | gitbook.events.bind('start', function(e, config) { 56 | var opts = config.sharing; 57 | 58 | // Create dropdown menu 59 | var menu = $.map(opts.all, function(id) { 60 | var site = SITES[id]; 61 | 62 | return { 63 | text: site.label, 64 | onClick: site.onClick 65 | }; 66 | }); 67 | 68 | // Create main button with dropdown 69 | if (menu.length > 0) { 70 | gitbook.toolbar.createButton({ 71 | icon: 'fa fa-share-alt', 72 | label: 'Share', 73 | position: 'right', 74 | dropdown: [menu] 75 | }); 76 | } 77 | 78 | // Direct actions to share 79 | $.each(SITES, function(sideId, site) { 80 | if (!opts[sideId]) return; 81 | 82 | gitbook.toolbar.createButton({ 83 | icon: site.icon, 84 | label: site.text, 85 | position: 'right', 86 | onClick: site.onClick 87 | }); 88 | }); 89 | }); 90 | }); 91 | -------------------------------------------------------------------------------- /posts/parse-and-print-packets.md: -------------------------------------------------------------------------------- 1 | # Parse and print packets 2 | 3 | `-A` option can be used to print packets in `ASCII` format. E.g., show contents of web pages: 4 | 5 | # tcpdump -A port 80 6 | ...... 7 | 15:37:32.623887 IP sin10s02-in-f14.1e100.net.http > archlinux.40742: Flags [.], ack 138, win 240, options [nop,nop,TS val 1699492976 ecr 4020616092], length 0 8 | E..4.%..x......N 9 | ....P.&..6.b*;............ 10 | eL4p.... 11 | 15:37:32.628640 IP sin10s02-in-f14.1e100.net.http > archlinux.40742: Flags [P.], seq 1:529, ack 138, win 240, options [nop,nop,TS val 1699492981 ecr 4020616092], length 528: HTTP: HTTP/1.1 301 Moved Permanently 12 | E..D.'..x......N 13 | ....P.&..6.b*;.....h...... 14 | eL4u....HTTP/1.1 301 Moved Permanently 15 | Location: http://www.google.com/ 16 | Content-Type: text/html; charset=UTF-8 17 | Date: Fri, 03 May 2019 07:37:32 GMT 18 | Expires: Sun, 02 Jun 2019 07:37:32 GMT 19 | Cache-Control: public, max-age=2592000 20 | Server: gws 21 | Content-Length: 219 22 | X-XSS-Protection: 0 23 | X-Frame-Options: SAMEORIGIN 24 | 25 | 26 | 301 Moved 27 |

301 Moved

28 | The document has moved 29 | here. 30 | 31 | ...... 32 | 33 | There is also a group of "`-x/-xx/-X/-XX`" options to parse and print packets: 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 48 | 49 | 50 | 51 | 52 | 56 | 57 | 58 | 59 | 60 | 64 | 65 | 66 | 67 | 68 | 72 | 73 |
OptionMeaningExample
-xPrint the data of each packet (minus its link level header) in hex.12:58:03.592155 IP 192.168.35.211.ssh > 10.217.133.114.54092: Flags [P.], seq 260:296, ack 1, win 317, length 36
45 | 0x0000: 4548 004c 6b56 4000 4006 5a47 c0a8 23d3
46 | 0x0010: 0ad9 8572 0016 d34c 4251 850d 7a7c d8b4
47 | ......
-xxPrint the data of each packet, including its link level header, in hex.13:16:30.839337 IP 192.168.35.211.ssh > 10.217.133.114.54092: Flags [P.], seq 260:296, ack 1, win 317, length 36
53 | 0x0000: 001e bdde 5f00 0800 2770 9e7a 0800 4548
54 | 0x0010: 004c 6ba0 4000 4006 59fd c0a8 23d3 0ad9
55 | ......
-XPrint the data of each packet (minus its link level header) in hex and ASCII.13:19:13.539666 IP 192.168.35.211.ssh > 10.217.133.114.54092: Flags [P.], seq 1114673977:1114674085, ack 2055006128, win 317, length 108
61 | 0x0000: 4548 0094 744c 4000 4006 5109 c0a8 23d3 EH..tL@.@.Q...#.
62 | 0x0010: 0ad9 8572 0016 d34c 4270 9339 7a7c e7b0 ...r...LBp.9z|..
63 | ......
-XXPrint the data of each packet, including its link level header, in hex and ASCII.13:22:22.536935 IP 192.168.35.211.ssh > 10.217.133.114.54092: Flags [P.], seq 1114682321:1114682429, ack 2055007124, win 317, length 108
69 | 0x0000: 001e bdde 5f00 0800 2770 9e7a 0800 4548 ...._...'p.z..EH
70 | 0x0010: 0094 7480 4000 4006 50d5 c0a8 23d3 0ad9 ..t.@.@.P...#...
71 | ......
-------------------------------------------------------------------------------- /posts/the-format-of-tcpdump-command.md: -------------------------------------------------------------------------------- 1 | # The format of tcpdump command 2 | 3 | `Tcpdump`'s format is like following: 4 | 5 | # tcpdump [options] [expression] 6 | 7 | `Tcpdump` only captures packets whose content satisfy `expression` (the format of `expression` is defined [here](https://www.tcpdump.org/manpages/pcap-filter.7.html)). E.g., dump all `HTTP` protocol packets: 8 | 9 | # tcpdump port 80 10 | 14:59:05.989545 IP 192.168.35.211.53160 > 172.217.194.138.http: Flags [S], seq 3145761683, win 29200, options [mss 1460,sackOK,TS val 4055365378 ecr 0,nop,wscale 7], length 0 11 | 14:59:05.994196 IP 172.217.194.138.http > 192.168.35.211.53160: Flags [S.], seq 1475154793, ack 3145761684, win 62392, options [mss 1430,sackOK,TS val 3581048241 ecr 4055365378,nop,wscale 8], length 0 12 | 14:59:05.994235 IP 192.168.35.211.53160 > 172.217.194.138.http: Flags [.], ack 1, win 229, options [nop,nop,TS val 4055365383 ecr 3581048241], length 0 13 | ...... 14 | ^C 15 | 32 packets captured 16 | 36 packets received by filter 17 | 4 packets dropped by kernel 18 | 19 | For every packet, the format is timestamp since midnight followed by packet information. In previous example, the first packet is an `IP` protocol message: protocol, source address, destination address and `TCP SYN` parameters: 20 | 21 | ...... 22 | 14:59:05.989545 IP 192.168.35.211.53160 > 172.217.194.138.http: Flags [S], seq 3145761683, win 29200, options [mss 1460,sackOK,TS val 4055365378 ecr 0,nop,wscale 7], length 0 23 | ...... 24 | 25 | After inputting "`Ctrl+C`" to terminate the `tcpdump` process, it also showed statistics of packets: 26 | 27 | ...... 28 | 32 packets captured 29 | 36 packets received by filter 30 | 4 packets dropped by kernel 31 | 32 | 33 | This info is printed by [info](https://github.com/the-tcpdump-group/tcpdump/blob/65969779d7bfc916dbedc32fbcc8dbb49a4a19de/tcpdump.c#L2637) function: 34 | 35 | static void 36 | info(int verbose) 37 | { 38 | struct pcap_stat stats; 39 | 40 | /* 41 | * Older versions of libpcap didn't set ps_ifdrop on some 42 | * platforms; initialize it to 0 to handle that. 43 | */ 44 | stats.ps_ifdrop = 0; 45 | if (pcap_stats(pd, &stats) < 0) { 46 | (void)fprintf(stderr, "pcap_stats: %s\n", pcap_geterr(pd)); 47 | infoprint = 0; 48 | return; 49 | } 50 | 51 | if (!verbose) 52 | fprintf(stderr, "%s: ", program_name); 53 | 54 | (void)fprintf(stderr, "%u packet%s captured", packets_captured, 55 | PLURAL_SUFFIX(packets_captured)); 56 | if (!verbose) 57 | fputs(", ", stderr); 58 | else 59 | putc('\n', stderr); 60 | (void)fprintf(stderr, "%u packet%s received by filter", stats.ps_recv, 61 | PLURAL_SUFFIX(stats.ps_recv)); 62 | if (!verbose) 63 | fputs(", ", stderr); 64 | else 65 | putc('\n', stderr); 66 | (void)fprintf(stderr, "%u packet%s dropped by kernel", stats.ps_drop, 67 | PLURAL_SUFFIX(stats.ps_drop)); 68 | if (stats.ps_ifdrop != 0) { 69 | if (!verbose) 70 | fputs(", ", stderr); 71 | else 72 | putc('\n', stderr); 73 | (void)fprintf(stderr, "%u packet%s dropped by interface\n", 74 | stats.ps_ifdrop, PLURAL_SUFFIX(stats.ps_ifdrop)); 75 | } else 76 | putc('\n', stderr); 77 | infoprint = 0; 78 | } 79 | 80 | "packets captured" records the packets received and processed by `tcpdump`. There are also "packets received by filter", "packets dropped by kernel" and "packets dropped by interface" statistics. These items are fetched through [pcap_stats](https://www.tcpdump.org/manpages/pcap_stats.3pcap.html) API and depend on the underlying Operating System, so I would not elaborate them here. -------------------------------------------------------------------------------- /gitbook/gitbook-plugin-highlight/ebook.css: -------------------------------------------------------------------------------- 1 | pre, 2 | code { 3 | /* http://jmblog.github.io/color-themes-for-highlightjs */ 4 | /* Tomorrow Comment */ 5 | /* Tomorrow Red */ 6 | /* Tomorrow Orange */ 7 | /* Tomorrow Yellow */ 8 | /* Tomorrow Green */ 9 | /* Tomorrow Aqua */ 10 | /* Tomorrow Blue */ 11 | /* Tomorrow Purple */ 12 | } 13 | pre .hljs-comment, 14 | code .hljs-comment, 15 | pre .hljs-title, 16 | code .hljs-title { 17 | color: #8e908c; 18 | } 19 | pre .hljs-variable, 20 | code .hljs-variable, 21 | pre .hljs-attribute, 22 | code .hljs-attribute, 23 | pre .hljs-tag, 24 | code .hljs-tag, 25 | pre .hljs-regexp, 26 | code .hljs-regexp, 27 | pre .hljs-deletion, 28 | code .hljs-deletion, 29 | pre .ruby .hljs-constant, 30 | code .ruby .hljs-constant, 31 | pre .xml .hljs-tag .hljs-title, 32 | code .xml .hljs-tag .hljs-title, 33 | pre .xml .hljs-pi, 34 | code .xml .hljs-pi, 35 | pre .xml .hljs-doctype, 36 | code .xml .hljs-doctype, 37 | pre .html .hljs-doctype, 38 | code .html .hljs-doctype, 39 | pre .css .hljs-id, 40 | code .css .hljs-id, 41 | pre .css .hljs-class, 42 | code .css .hljs-class, 43 | pre .css .hljs-pseudo, 44 | code .css .hljs-pseudo { 45 | color: #c82829; 46 | } 47 | pre .hljs-number, 48 | code .hljs-number, 49 | pre .hljs-preprocessor, 50 | code .hljs-preprocessor, 51 | pre .hljs-pragma, 52 | code .hljs-pragma, 53 | pre .hljs-built_in, 54 | code .hljs-built_in, 55 | pre .hljs-literal, 56 | code .hljs-literal, 57 | pre .hljs-params, 58 | code .hljs-params, 59 | pre .hljs-constant, 60 | code .hljs-constant { 61 | color: #f5871f; 62 | } 63 | pre .ruby .hljs-class .hljs-title, 64 | code .ruby .hljs-class .hljs-title, 65 | pre .css .hljs-rules .hljs-attribute, 66 | code .css .hljs-rules .hljs-attribute { 67 | color: #eab700; 68 | } 69 | pre .hljs-string, 70 | code .hljs-string, 71 | pre .hljs-value, 72 | code .hljs-value, 73 | pre .hljs-inheritance, 74 | code .hljs-inheritance, 75 | pre .hljs-header, 76 | code .hljs-header, 77 | pre .hljs-addition, 78 | code .hljs-addition, 79 | pre .ruby .hljs-symbol, 80 | code .ruby .hljs-symbol, 81 | pre .xml .hljs-cdata, 82 | code .xml .hljs-cdata { 83 | color: #718c00; 84 | } 85 | pre .css .hljs-hexcolor, 86 | code .css .hljs-hexcolor { 87 | color: #3e999f; 88 | } 89 | pre .hljs-function, 90 | code .hljs-function, 91 | pre .python .hljs-decorator, 92 | code .python .hljs-decorator, 93 | pre .python .hljs-title, 94 | code .python .hljs-title, 95 | pre .ruby .hljs-function .hljs-title, 96 | code .ruby .hljs-function .hljs-title, 97 | pre .ruby .hljs-title .hljs-keyword, 98 | code .ruby .hljs-title .hljs-keyword, 99 | pre .perl .hljs-sub, 100 | code .perl .hljs-sub, 101 | pre .javascript .hljs-title, 102 | code .javascript .hljs-title, 103 | pre .coffeescript .hljs-title, 104 | code .coffeescript .hljs-title { 105 | color: #4271ae; 106 | } 107 | pre .hljs-keyword, 108 | code .hljs-keyword, 109 | pre .javascript .hljs-function, 110 | code .javascript .hljs-function { 111 | color: #8959a8; 112 | } 113 | pre .hljs, 114 | code .hljs { 115 | display: block; 116 | background: white; 117 | color: #4d4d4c; 118 | padding: 0.5em; 119 | } 120 | pre .coffeescript .javascript, 121 | code .coffeescript .javascript, 122 | pre .javascript .xml, 123 | code .javascript .xml, 124 | pre .tex .hljs-formula, 125 | code .tex .hljs-formula, 126 | pre .xml .javascript, 127 | code .xml .javascript, 128 | pre .xml .vbscript, 129 | code .xml .vbscript, 130 | pre .xml .css, 131 | code .xml .css, 132 | pre .xml .hljs-cdata, 133 | code .xml .hljs-cdata { 134 | opacity: 0.5; 135 | } 136 | -------------------------------------------------------------------------------- /gitbook/gitbook-plugin-search/search.js: -------------------------------------------------------------------------------- 1 | require([ 2 | 'gitbook', 3 | 'jquery' 4 | ], function(gitbook, $) { 5 | var MAX_RESULTS = 15; 6 | var MAX_DESCRIPTION_SIZE = 500; 7 | 8 | var usePushState = (typeof history.pushState !== 'undefined'); 9 | 10 | // DOM Elements 11 | var $body = $('body'); 12 | var $bookSearchResults; 13 | var $searchInput; 14 | var $searchList; 15 | var $searchTitle; 16 | var $searchResultsCount; 17 | var $searchQuery; 18 | 19 | // Throttle search 20 | function throttle(fn, wait) { 21 | var timeout; 22 | 23 | return function() { 24 | var ctx = this, args = arguments; 25 | if (!timeout) { 26 | timeout = setTimeout(function() { 27 | timeout = null; 28 | fn.apply(ctx, args); 29 | }, wait); 30 | } 31 | }; 32 | } 33 | 34 | function displayResults(res) { 35 | $bookSearchResults.addClass('open'); 36 | 37 | var noResults = res.count == 0; 38 | $bookSearchResults.toggleClass('no-results', noResults); 39 | 40 | // Clear old results 41 | $searchList.empty(); 42 | 43 | // Display title for research 44 | $searchResultsCount.text(res.count); 45 | $searchQuery.text(res.query); 46 | 47 | // Create an
  • element for each result 48 | res.results.forEach(function(res) { 49 | var $li = $('
  • ', { 50 | 'class': 'search-results-item' 51 | }); 52 | 53 | var $title = $('

    '); 54 | 55 | var $link = $('', { 56 | 'href': gitbook.state.basePath + '/' + res.url, 57 | 'text': res.title 58 | }); 59 | 60 | var content = res.body.trim(); 61 | if (content.length > MAX_DESCRIPTION_SIZE) { 62 | content = content.slice(0, MAX_DESCRIPTION_SIZE).trim()+'...'; 63 | } 64 | var $content = $('

    ').html(content); 65 | 66 | $link.appendTo($title); 67 | $title.appendTo($li); 68 | $content.appendTo($li); 69 | $li.appendTo($searchList); 70 | }); 71 | } 72 | 73 | function launchSearch(q) { 74 | // Add class for loading 75 | $body.addClass('with-search'); 76 | $body.addClass('search-loading'); 77 | 78 | // Launch search query 79 | throttle(gitbook.search.query(q, 0, MAX_RESULTS) 80 | .then(function(results) { 81 | displayResults(results); 82 | }) 83 | .always(function() { 84 | $body.removeClass('search-loading'); 85 | }), 1000); 86 | } 87 | 88 | function closeSearch() { 89 | $body.removeClass('with-search'); 90 | $bookSearchResults.removeClass('open'); 91 | } 92 | 93 | function launchSearchFromQueryString() { 94 | var q = getParameterByName('q'); 95 | if (q && q.length > 0) { 96 | // Update search input 97 | $searchInput.val(q); 98 | 99 | // Launch search 100 | launchSearch(q); 101 | } 102 | } 103 | 104 | function bindSearch() { 105 | // Bind DOM 106 | $searchInput = $('#book-search-input input'); 107 | $bookSearchResults = $('#book-search-results'); 108 | $searchList = $bookSearchResults.find('.search-results-list'); 109 | $searchTitle = $bookSearchResults.find('.search-results-title'); 110 | $searchResultsCount = $searchTitle.find('.search-results-count'); 111 | $searchQuery = $searchTitle.find('.search-query'); 112 | 113 | // Launch query based on input content 114 | function handleUpdate() { 115 | var q = $searchInput.val(); 116 | 117 | if (q.length == 0) { 118 | closeSearch(); 119 | } 120 | else { 121 | launchSearch(q); 122 | } 123 | } 124 | 125 | // Detect true content change in search input 126 | // Workaround for IE < 9 127 | var propertyChangeUnbound = false; 128 | $searchInput.on('propertychange', function(e) { 129 | if (e.originalEvent.propertyName == 'value') { 130 | handleUpdate(); 131 | } 132 | }); 133 | 134 | // HTML5 (IE9 & others) 135 | $searchInput.on('input', function(e) { 136 | // Unbind propertychange event for IE9+ 137 | if (!propertyChangeUnbound) { 138 | $(this).unbind('propertychange'); 139 | propertyChangeUnbound = true; 140 | } 141 | 142 | handleUpdate(); 143 | }); 144 | 145 | // Push to history on blur 146 | $searchInput.on('blur', function(e) { 147 | // Update history state 148 | if (usePushState) { 149 | var uri = updateQueryString('q', $(this).val()); 150 | history.pushState({ path: uri }, null, uri); 151 | } 152 | }); 153 | } 154 | 155 | gitbook.events.on('page.change', function() { 156 | bindSearch(); 157 | closeSearch(); 158 | 159 | // Launch search based on query parameter 160 | if (gitbook.search.isInitialized()) { 161 | launchSearchFromQueryString(); 162 | } 163 | }); 164 | 165 | gitbook.events.on('search.ready', function() { 166 | bindSearch(); 167 | 168 | // Launch search from query param at start 169 | launchSearchFromQueryString(); 170 | }); 171 | 172 | function getParameterByName(name) { 173 | var url = window.location.href; 174 | name = name.replace(/[\[\]]/g, '\\$&'); 175 | var regex = new RegExp('[?&]' + name + '(=([^&#]*)|&|#|$)', 'i'), 176 | results = regex.exec(url); 177 | if (!results) return null; 178 | if (!results[2]) return ''; 179 | return decodeURIComponent(results[2].replace(/\+/g, ' ')); 180 | } 181 | 182 | function updateQueryString(key, value) { 183 | value = encodeURIComponent(value); 184 | 185 | var url = window.location.href; 186 | var re = new RegExp('([?&])' + key + '=.*?(&|#|$)(.*)', 'gi'), 187 | hash; 188 | 189 | if (re.test(url)) { 190 | if (typeof value !== 'undefined' && value !== null) 191 | return url.replace(re, '$1' + key + '=' + value + '$2$3'); 192 | else { 193 | hash = url.split('#'); 194 | url = hash[0].replace(re, '$1$3').replace(/(&|\?)$/, ''); 195 | if (typeof hash[1] !== 'undefined' && hash[1] !== null) 196 | url += '#' + hash[1]; 197 | return url; 198 | } 199 | } 200 | else { 201 | if (typeof value !== 'undefined' && value !== null) { 202 | var separator = url.indexOf('?') !== -1 ? '&' : '?'; 203 | hash = url.split('#'); 204 | url = hash[0] + separator + key + '=' + value; 205 | if (typeof hash[1] !== 'undefined' && hash[1] !== null) 206 | url += '#' + hash[1]; 207 | return url; 208 | } 209 | else 210 | return url; 211 | } 212 | } 213 | }); 214 | -------------------------------------------------------------------------------- /gitbook/gitbook-plugin-fontsettings/fontsettings.js: -------------------------------------------------------------------------------- 1 | require(['gitbook', 'jquery'], function(gitbook, $) { 2 | // Configuration 3 | var MAX_SIZE = 4, 4 | MIN_SIZE = 0, 5 | BUTTON_ID; 6 | 7 | // Current fontsettings state 8 | var fontState; 9 | 10 | // Default themes 11 | var THEMES = [ 12 | { 13 | config: 'white', 14 | text: 'White', 15 | id: 0 16 | }, 17 | { 18 | config: 'sepia', 19 | text: 'Sepia', 20 | id: 1 21 | }, 22 | { 23 | config: 'night', 24 | text: 'Night', 25 | id: 2 26 | } 27 | ]; 28 | 29 | // Default font families 30 | var FAMILIES = [ 31 | { 32 | config: 'serif', 33 | text: 'Serif', 34 | id: 0 35 | }, 36 | { 37 | config: 'sans', 38 | text: 'Sans', 39 | id: 1 40 | } 41 | ]; 42 | 43 | // Return configured themes 44 | function getThemes() { 45 | return THEMES; 46 | } 47 | 48 | // Modify configured themes 49 | function setThemes(themes) { 50 | THEMES = themes; 51 | updateButtons(); 52 | } 53 | 54 | // Return configured font families 55 | function getFamilies() { 56 | return FAMILIES; 57 | } 58 | 59 | // Modify configured font families 60 | function setFamilies(families) { 61 | FAMILIES = families; 62 | updateButtons(); 63 | } 64 | 65 | // Save current font settings 66 | function saveFontSettings() { 67 | gitbook.storage.set('fontState', fontState); 68 | update(); 69 | } 70 | 71 | // Increase font size 72 | function enlargeFontSize(e) { 73 | e.preventDefault(); 74 | if (fontState.size >= MAX_SIZE) return; 75 | 76 | fontState.size++; 77 | saveFontSettings(); 78 | } 79 | 80 | // Decrease font size 81 | function reduceFontSize(e) { 82 | e.preventDefault(); 83 | if (fontState.size <= MIN_SIZE) return; 84 | 85 | fontState.size--; 86 | saveFontSettings(); 87 | } 88 | 89 | // Change font family 90 | function changeFontFamily(configName, e) { 91 | if (e && e instanceof Event) { 92 | e.preventDefault(); 93 | } 94 | 95 | var familyId = getFontFamilyId(configName); 96 | fontState.family = familyId; 97 | saveFontSettings(); 98 | } 99 | 100 | // Change type of color theme 101 | function changeColorTheme(configName, e) { 102 | if (e && e instanceof Event) { 103 | e.preventDefault(); 104 | } 105 | 106 | var $book = gitbook.state.$book; 107 | 108 | // Remove currently applied color theme 109 | if (fontState.theme !== 0) 110 | $book.removeClass('color-theme-'+fontState.theme); 111 | 112 | // Set new color theme 113 | var themeId = getThemeId(configName); 114 | fontState.theme = themeId; 115 | if (fontState.theme !== 0) 116 | $book.addClass('color-theme-'+fontState.theme); 117 | 118 | saveFontSettings(); 119 | } 120 | 121 | // Return the correct id for a font-family config key 122 | // Default to first font-family 123 | function getFontFamilyId(configName) { 124 | // Search for plugin configured font family 125 | var configFamily = $.grep(FAMILIES, function(family) { 126 | return family.config == configName; 127 | })[0]; 128 | // Fallback to default font family 129 | return (!!configFamily)? configFamily.id : 0; 130 | } 131 | 132 | // Return the correct id for a theme config key 133 | // Default to first theme 134 | function getThemeId(configName) { 135 | // Search for plugin configured theme 136 | var configTheme = $.grep(THEMES, function(theme) { 137 | return theme.config == configName; 138 | })[0]; 139 | // Fallback to default theme 140 | return (!!configTheme)? configTheme.id : 0; 141 | } 142 | 143 | function update() { 144 | var $book = gitbook.state.$book; 145 | 146 | $('.font-settings .font-family-list li').removeClass('active'); 147 | $('.font-settings .font-family-list li:nth-child('+(fontState.family+1)+')').addClass('active'); 148 | 149 | $book[0].className = $book[0].className.replace(/\bfont-\S+/g, ''); 150 | $book.addClass('font-size-'+fontState.size); 151 | $book.addClass('font-family-'+fontState.family); 152 | 153 | if(fontState.theme !== 0) { 154 | $book[0].className = $book[0].className.replace(/\bcolor-theme-\S+/g, ''); 155 | $book.addClass('color-theme-'+fontState.theme); 156 | } 157 | } 158 | 159 | function init(config) { 160 | // Search for plugin configured font family 161 | var configFamily = getFontFamilyId(config.family), 162 | configTheme = getThemeId(config.theme); 163 | 164 | // Instantiate font state object 165 | fontState = gitbook.storage.get('fontState', { 166 | size: config.size || 2, 167 | family: configFamily, 168 | theme: configTheme 169 | }); 170 | 171 | update(); 172 | } 173 | 174 | function updateButtons() { 175 | // Remove existing fontsettings buttons 176 | if (!!BUTTON_ID) { 177 | gitbook.toolbar.removeButton(BUTTON_ID); 178 | } 179 | 180 | // Create buttons in toolbar 181 | BUTTON_ID = gitbook.toolbar.createButton({ 182 | icon: 'fa fa-font', 183 | label: 'Font Settings', 184 | className: 'font-settings', 185 | dropdown: [ 186 | [ 187 | { 188 | text: 'A', 189 | className: 'font-reduce', 190 | onClick: reduceFontSize 191 | }, 192 | { 193 | text: 'A', 194 | className: 'font-enlarge', 195 | onClick: enlargeFontSize 196 | } 197 | ], 198 | $.map(FAMILIES, function(family) { 199 | family.onClick = function(e) { 200 | return changeFontFamily(family.config, e); 201 | }; 202 | 203 | return family; 204 | }), 205 | $.map(THEMES, function(theme) { 206 | theme.onClick = function(e) { 207 | return changeColorTheme(theme.config, e); 208 | }; 209 | 210 | return theme; 211 | }) 212 | ] 213 | }); 214 | } 215 | 216 | // Init configuration at start 217 | gitbook.events.bind('start', function(e, config) { 218 | var opts = config.fontsettings; 219 | 220 | // Generate buttons at start 221 | updateButtons(); 222 | 223 | // Init current settings 224 | init(opts); 225 | }); 226 | 227 | // Expose API 228 | gitbook.fontsettings = { 229 | enlargeFontSize: enlargeFontSize, 230 | reduceFontSize: reduceFontSize, 231 | setTheme: changeColorTheme, 232 | setFamily: changeFontFamily, 233 | getThemes: getThemes, 234 | setThemes: setThemes, 235 | getFamilies: getFamilies, 236 | setFamilies: setFamilies 237 | }; 238 | }); 239 | 240 | 241 | -------------------------------------------------------------------------------- /gitbook/gitbook-plugin-fontsettings/website.css: -------------------------------------------------------------------------------- 1 | /* 2 | * Theme 1 3 | */ 4 | .color-theme-1 .dropdown-menu { 5 | background-color: #111111; 6 | border-color: #7e888b; 7 | } 8 | .color-theme-1 .dropdown-menu .dropdown-caret .caret-inner { 9 | border-bottom: 9px solid #111111; 10 | } 11 | .color-theme-1 .dropdown-menu .buttons { 12 | border-color: #7e888b; 13 | } 14 | .color-theme-1 .dropdown-menu .button { 15 | color: #afa790; 16 | } 17 | .color-theme-1 .dropdown-menu .button:hover { 18 | color: #73553c; 19 | } 20 | /* 21 | * Theme 2 22 | */ 23 | .color-theme-2 .dropdown-menu { 24 | background-color: #2d3143; 25 | border-color: #272a3a; 26 | } 27 | .color-theme-2 .dropdown-menu .dropdown-caret .caret-inner { 28 | border-bottom: 9px solid #2d3143; 29 | } 30 | .color-theme-2 .dropdown-menu .buttons { 31 | border-color: #272a3a; 32 | } 33 | .color-theme-2 .dropdown-menu .button { 34 | color: #62677f; 35 | } 36 | .color-theme-2 .dropdown-menu .button:hover { 37 | color: #f4f4f5; 38 | } 39 | .book .book-header .font-settings .font-enlarge { 40 | line-height: 30px; 41 | font-size: 1.4em; 42 | } 43 | .book .book-header .font-settings .font-reduce { 44 | line-height: 30px; 45 | font-size: 1em; 46 | } 47 | .book.color-theme-1 .book-body { 48 | color: #704214; 49 | background: #f3eacb; 50 | } 51 | .book.color-theme-1 .book-body .page-wrapper .page-inner section { 52 | background: #f3eacb; 53 | } 54 | .book.color-theme-2 .book-body { 55 | color: #bdcadb; 56 | background: #1c1f2b; 57 | } 58 | .book.color-theme-2 .book-body .page-wrapper .page-inner section { 59 | background: #1c1f2b; 60 | } 61 | .book.font-size-0 .book-body .page-inner section { 62 | font-size: 1.2rem; 63 | } 64 | .book.font-size-1 .book-body .page-inner section { 65 | font-size: 1.4rem; 66 | } 67 | .book.font-size-2 .book-body .page-inner section { 68 | font-size: 1.6rem; 69 | } 70 | .book.font-size-3 .book-body .page-inner section { 71 | font-size: 2.2rem; 72 | } 73 | .book.font-size-4 .book-body .page-inner section { 74 | font-size: 4rem; 75 | } 76 | .book.font-family-0 { 77 | font-family: Georgia, serif; 78 | } 79 | .book.font-family-1 { 80 | font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; 81 | } 82 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal { 83 | color: #704214; 84 | } 85 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal a { 86 | color: inherit; 87 | } 88 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal h1, 89 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal h2, 90 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal h3, 91 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal h4, 92 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal h5, 93 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal h6 { 94 | color: inherit; 95 | } 96 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal h1, 97 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal h2 { 98 | border-color: inherit; 99 | } 100 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal h6 { 101 | color: inherit; 102 | } 103 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal hr { 104 | background-color: inherit; 105 | } 106 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal blockquote { 107 | border-color: inherit; 108 | } 109 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal pre, 110 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal code { 111 | background: #fdf6e3; 112 | color: #657b83; 113 | border-color: #f8df9c; 114 | } 115 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal .highlight { 116 | background-color: inherit; 117 | } 118 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal table th, 119 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal table td { 120 | border-color: #f5d06c; 121 | } 122 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal table tr { 123 | color: inherit; 124 | background-color: #fdf6e3; 125 | border-color: #444444; 126 | } 127 | .book.color-theme-1 .book-body .page-wrapper .page-inner section.normal table tr:nth-child(2n) { 128 | background-color: #fbeecb; 129 | } 130 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal { 131 | color: #bdcadb; 132 | } 133 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal a { 134 | color: #3eb1d0; 135 | } 136 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal h1, 137 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal h2, 138 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal h3, 139 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal h4, 140 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal h5, 141 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal h6 { 142 | color: #fffffa; 143 | } 144 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal h1, 145 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal h2 { 146 | border-color: #373b4e; 147 | } 148 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal h6 { 149 | color: #373b4e; 150 | } 151 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal hr { 152 | background-color: #373b4e; 153 | } 154 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal blockquote { 155 | border-color: #373b4e; 156 | } 157 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal pre, 158 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal code { 159 | color: #9dbed8; 160 | background: #2d3143; 161 | border-color: #2d3143; 162 | } 163 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal .highlight { 164 | background-color: #282a39; 165 | } 166 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal table th, 167 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal table td { 168 | border-color: #3b3f54; 169 | } 170 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal table tr { 171 | color: #b6c2d2; 172 | background-color: #2d3143; 173 | border-color: #3b3f54; 174 | } 175 | .book.color-theme-2 .book-body .page-wrapper .page-inner section.normal table tr:nth-child(2n) { 176 | background-color: #35394b; 177 | } 178 | .book.color-theme-1 .book-header { 179 | color: #afa790; 180 | background: transparent; 181 | } 182 | .book.color-theme-1 .book-header .btn { 183 | color: #afa790; 184 | } 185 | .book.color-theme-1 .book-header .btn:hover { 186 | color: #73553c; 187 | background: none; 188 | } 189 | .book.color-theme-1 .book-header h1 { 190 | color: #704214; 191 | } 192 | .book.color-theme-2 .book-header { 193 | color: #7e888b; 194 | background: transparent; 195 | } 196 | .book.color-theme-2 .book-header .btn { 197 | color: #3b3f54; 198 | } 199 | .book.color-theme-2 .book-header .btn:hover { 200 | color: #fffff5; 201 | background: none; 202 | } 203 | .book.color-theme-2 .book-header h1 { 204 | color: #bdcadb; 205 | } 206 | .book.color-theme-1 .book-body .navigation { 207 | color: #afa790; 208 | } 209 | .book.color-theme-1 .book-body .navigation:hover { 210 | color: #73553c; 211 | } 212 | .book.color-theme-2 .book-body .navigation { 213 | color: #383f52; 214 | } 215 | .book.color-theme-2 .book-body .navigation:hover { 216 | color: #fffff5; 217 | } 218 | /* 219 | * Theme 1 220 | */ 221 | .book.color-theme-1 .book-summary { 222 | color: #afa790; 223 | background: #111111; 224 | border-right: 1px solid rgba(0, 0, 0, 0.07); 225 | } 226 | .book.color-theme-1 .book-summary .book-search { 227 | background: transparent; 228 | } 229 | .book.color-theme-1 .book-summary .book-search input, 230 | .book.color-theme-1 .book-summary .book-search input:focus { 231 | border: 1px solid transparent; 232 | } 233 | .book.color-theme-1 .book-summary ul.summary li.divider { 234 | background: #7e888b; 235 | box-shadow: none; 236 | } 237 | .book.color-theme-1 .book-summary ul.summary li i.fa-check { 238 | color: #33cc33; 239 | } 240 | .book.color-theme-1 .book-summary ul.summary li.done > a { 241 | color: #877f6a; 242 | } 243 | .book.color-theme-1 .book-summary ul.summary li a, 244 | .book.color-theme-1 .book-summary ul.summary li span { 245 | color: #877f6a; 246 | background: transparent; 247 | font-weight: normal; 248 | } 249 | .book.color-theme-1 .book-summary ul.summary li.active > a, 250 | .book.color-theme-1 .book-summary ul.summary li a:hover { 251 | color: #704214; 252 | background: transparent; 253 | font-weight: normal; 254 | } 255 | /* 256 | * Theme 2 257 | */ 258 | .book.color-theme-2 .book-summary { 259 | color: #bcc1d2; 260 | background: #2d3143; 261 | border-right: none; 262 | } 263 | .book.color-theme-2 .book-summary .book-search { 264 | background: transparent; 265 | } 266 | .book.color-theme-2 .book-summary .book-search input, 267 | .book.color-theme-2 .book-summary .book-search input:focus { 268 | border: 1px solid transparent; 269 | } 270 | .book.color-theme-2 .book-summary ul.summary li.divider { 271 | background: #272a3a; 272 | box-shadow: none; 273 | } 274 | .book.color-theme-2 .book-summary ul.summary li i.fa-check { 275 | color: #33cc33; 276 | } 277 | .book.color-theme-2 .book-summary ul.summary li.done > a { 278 | color: #62687f; 279 | } 280 | .book.color-theme-2 .book-summary ul.summary li a, 281 | .book.color-theme-2 .book-summary ul.summary li span { 282 | color: #c1c6d7; 283 | background: transparent; 284 | font-weight: 600; 285 | } 286 | .book.color-theme-2 .book-summary ul.summary li.active > a, 287 | .book.color-theme-2 .book-summary ul.summary li a:hover { 288 | color: #f4f4f5; 289 | background: #252737; 290 | font-weight: 600; 291 | } 292 | -------------------------------------------------------------------------------- /gitbook/gitbook-plugin-lunr/lunr.min.js: -------------------------------------------------------------------------------- 1 | /** 2 | * lunr - http://lunrjs.com - A bit like Solr, but much smaller and not as bright - 0.5.12 3 | * Copyright (C) 2015 Oliver Nightingale 4 | * MIT Licensed 5 | * @license 6 | */ 7 | !function(){var t=function(e){var n=new t.Index;return n.pipeline.add(t.trimmer,t.stopWordFilter,t.stemmer),e&&e.call(n,n),n};t.version="0.5.12",t.utils={},t.utils.warn=function(t){return function(e){t.console&&console.warn&&console.warn(e)}}(this),t.EventEmitter=function(){this.events={}},t.EventEmitter.prototype.addListener=function(){var t=Array.prototype.slice.call(arguments),e=t.pop(),n=t;if("function"!=typeof e)throw new TypeError("last argument must be a function");n.forEach(function(t){this.hasHandler(t)||(this.events[t]=[]),this.events[t].push(e)},this)},t.EventEmitter.prototype.removeListener=function(t,e){if(this.hasHandler(t)){var n=this.events[t].indexOf(e);this.events[t].splice(n,1),this.events[t].length||delete this.events[t]}},t.EventEmitter.prototype.emit=function(t){if(this.hasHandler(t)){var e=Array.prototype.slice.call(arguments,1);this.events[t].forEach(function(t){t.apply(void 0,e)})}},t.EventEmitter.prototype.hasHandler=function(t){return t in this.events},t.tokenizer=function(t){return arguments.length&&null!=t&&void 0!=t?Array.isArray(t)?t.map(function(t){return t.toLowerCase()}):t.toString().trim().toLowerCase().split(/[\s\-]+/):[]},t.Pipeline=function(){this._stack=[]},t.Pipeline.registeredFunctions={},t.Pipeline.registerFunction=function(e,n){n in this.registeredFunctions&&t.utils.warn("Overwriting existing registered function: "+n),e.label=n,t.Pipeline.registeredFunctions[e.label]=e},t.Pipeline.warnIfFunctionNotRegistered=function(e){var n=e.label&&e.label in this.registeredFunctions;n||t.utils.warn("Function is not registered with pipeline. This may cause problems when serialising the index.\n",e)},t.Pipeline.load=function(e){var n=new t.Pipeline;return e.forEach(function(e){var i=t.Pipeline.registeredFunctions[e];if(!i)throw new Error("Cannot load un-registered function: "+e);n.add(i)}),n},t.Pipeline.prototype.add=function(){var e=Array.prototype.slice.call(arguments);e.forEach(function(e){t.Pipeline.warnIfFunctionNotRegistered(e),this._stack.push(e)},this)},t.Pipeline.prototype.after=function(e,n){t.Pipeline.warnIfFunctionNotRegistered(n);var i=this._stack.indexOf(e);if(-1==i)throw new Error("Cannot find existingFn");i+=1,this._stack.splice(i,0,n)},t.Pipeline.prototype.before=function(e,n){t.Pipeline.warnIfFunctionNotRegistered(n);var i=this._stack.indexOf(e);if(-1==i)throw new Error("Cannot find existingFn");this._stack.splice(i,0,n)},t.Pipeline.prototype.remove=function(t){var e=this._stack.indexOf(t);-1!=e&&this._stack.splice(e,1)},t.Pipeline.prototype.run=function(t){for(var e=[],n=t.length,i=this._stack.length,o=0;n>o;o++){for(var r=t[o],s=0;i>s&&(r=this._stack[s](r,o,t),void 0!==r);s++);void 0!==r&&e.push(r)}return e},t.Pipeline.prototype.reset=function(){this._stack=[]},t.Pipeline.prototype.toJSON=function(){return this._stack.map(function(e){return t.Pipeline.warnIfFunctionNotRegistered(e),e.label})},t.Vector=function(){this._magnitude=null,this.list=void 0,this.length=0},t.Vector.Node=function(t,e,n){this.idx=t,this.val=e,this.next=n},t.Vector.prototype.insert=function(e,n){this._magnitude=void 0;var i=this.list;if(!i)return this.list=new t.Vector.Node(e,n,i),this.length++;if(en.idx?n=n.next:(i+=e.val*n.val,e=e.next,n=n.next);return i},t.Vector.prototype.similarity=function(t){return this.dot(t)/(this.magnitude()*t.magnitude())},t.SortedSet=function(){this.length=0,this.elements=[]},t.SortedSet.load=function(t){var e=new this;return e.elements=t,e.length=t.length,e},t.SortedSet.prototype.add=function(){var t,e;for(t=0;t1;){if(r===t)return o;t>r&&(e=o),r>t&&(n=o),i=n-e,o=e+Math.floor(i/2),r=this.elements[o]}return r===t?o:-1},t.SortedSet.prototype.locationFor=function(t){for(var e=0,n=this.elements.length,i=n-e,o=e+Math.floor(i/2),r=this.elements[o];i>1;)t>r&&(e=o),r>t&&(n=o),i=n-e,o=e+Math.floor(i/2),r=this.elements[o];return r>t?o:t>r?o+1:void 0},t.SortedSet.prototype.intersect=function(e){for(var n=new t.SortedSet,i=0,o=0,r=this.length,s=e.length,a=this.elements,h=e.elements;;){if(i>r-1||o>s-1)break;a[i]!==h[o]?a[i]h[o]&&o++:(n.add(a[i]),i++,o++)}return n},t.SortedSet.prototype.clone=function(){var e=new t.SortedSet;return e.elements=this.toArray(),e.length=e.elements.length,e},t.SortedSet.prototype.union=function(t){var e,n,i;return this.length>=t.length?(e=this,n=t):(e=t,n=this),i=e.clone(),i.add.apply(i,n.toArray()),i},t.SortedSet.prototype.toJSON=function(){return this.toArray()},t.Index=function(){this._fields=[],this._ref="id",this.pipeline=new t.Pipeline,this.documentStore=new t.Store,this.tokenStore=new t.TokenStore,this.corpusTokens=new t.SortedSet,this.eventEmitter=new t.EventEmitter,this._idfCache={},this.on("add","remove","update",function(){this._idfCache={}}.bind(this))},t.Index.prototype.on=function(){var t=Array.prototype.slice.call(arguments);return this.eventEmitter.addListener.apply(this.eventEmitter,t)},t.Index.prototype.off=function(t,e){return this.eventEmitter.removeListener(t,e)},t.Index.load=function(e){e.version!==t.version&&t.utils.warn("version mismatch: current "+t.version+" importing "+e.version);var n=new this;return n._fields=e.fields,n._ref=e.ref,n.documentStore=t.Store.load(e.documentStore),n.tokenStore=t.TokenStore.load(e.tokenStore),n.corpusTokens=t.SortedSet.load(e.corpusTokens),n.pipeline=t.Pipeline.load(e.pipeline),n},t.Index.prototype.field=function(t,e){var e=e||{},n={name:t,boost:e.boost||1};return this._fields.push(n),this},t.Index.prototype.ref=function(t){return this._ref=t,this},t.Index.prototype.add=function(e,n){var i={},o=new t.SortedSet,r=e[this._ref],n=void 0===n?!0:n;this._fields.forEach(function(n){var r=this.pipeline.run(t.tokenizer(e[n.name]));i[n.name]=r,t.SortedSet.prototype.add.apply(o,r)},this),this.documentStore.set(r,o),t.SortedSet.prototype.add.apply(this.corpusTokens,o.toArray());for(var s=0;s0&&(i=1+Math.log(this.documentStore.length/n)),this._idfCache[e]=i},t.Index.prototype.search=function(e){var n=this.pipeline.run(t.tokenizer(e)),i=new t.Vector,o=[],r=this._fields.reduce(function(t,e){return t+e.boost},0),s=n.some(function(t){return this.tokenStore.has(t)},this);if(!s)return[];n.forEach(function(e,n,s){var a=1/s.length*this._fields.length*r,h=this,l=this.tokenStore.expand(e).reduce(function(n,o){var r=h.corpusTokens.indexOf(o),s=h.idf(o),l=1,u=new t.SortedSet;if(o!==e){var c=Math.max(3,o.length-e.length);l=1/Math.log(c)}return r>-1&&i.insert(r,a*s*l),Object.keys(h.tokenStore.get(o)).forEach(function(t){u.add(t)}),n.union(u)},new t.SortedSet);o.push(l)},this);var a=o.reduce(function(t,e){return t.intersect(e)});return a.map(function(t){return{ref:t,score:i.similarity(this.documentVector(t))}},this).sort(function(t,e){return e.score-t.score})},t.Index.prototype.documentVector=function(e){for(var n=this.documentStore.get(e),i=n.length,o=new t.Vector,r=0;i>r;r++){var s=n.elements[r],a=this.tokenStore.get(s)[e].tf,h=this.idf(s);o.insert(this.corpusTokens.indexOf(s),a*h)}return o},t.Index.prototype.toJSON=function(){return{version:t.version,fields:this._fields,ref:this._ref,documentStore:this.documentStore.toJSON(),tokenStore:this.tokenStore.toJSON(),corpusTokens:this.corpusTokens.toJSON(),pipeline:this.pipeline.toJSON()}},t.Index.prototype.use=function(t){var e=Array.prototype.slice.call(arguments,1);e.unshift(this),t.apply(this,e)},t.Store=function(){this.store={},this.length=0},t.Store.load=function(e){var n=new this;return n.length=e.length,n.store=Object.keys(e.store).reduce(function(n,i){return n[i]=t.SortedSet.load(e.store[i]),n},{}),n},t.Store.prototype.set=function(t,e){this.has(t)||this.length++,this.store[t]=e},t.Store.prototype.get=function(t){return this.store[t]},t.Store.prototype.has=function(t){return t in this.store},t.Store.prototype.remove=function(t){this.has(t)&&(delete this.store[t],this.length--)},t.Store.prototype.toJSON=function(){return{store:this.store,length:this.length}},t.stemmer=function(){var t={ational:"ate",tional:"tion",enci:"ence",anci:"ance",izer:"ize",bli:"ble",alli:"al",entli:"ent",eli:"e",ousli:"ous",ization:"ize",ation:"ate",ator:"ate",alism:"al",iveness:"ive",fulness:"ful",ousness:"ous",aliti:"al",iviti:"ive",biliti:"ble",logi:"log"},e={icate:"ic",ative:"",alize:"al",iciti:"ic",ical:"ic",ful:"",ness:""},n="[^aeiou]",i="[aeiouy]",o=n+"[^aeiouy]*",r=i+"[aeiou]*",s="^("+o+")?"+r+o,a="^("+o+")?"+r+o+"("+r+")?$",h="^("+o+")?"+r+o+r+o,l="^("+o+")?"+i,u=new RegExp(s),c=new RegExp(h),f=new RegExp(a),d=new RegExp(l),p=/^(.+?)(ss|i)es$/,m=/^(.+?)([^s])s$/,v=/^(.+?)eed$/,y=/^(.+?)(ed|ing)$/,g=/.$/,S=/(at|bl|iz)$/,w=new RegExp("([^aeiouylsz])\\1$"),x=new RegExp("^"+o+i+"[^aeiouwxy]$"),k=/^(.+?[^aeiou])y$/,b=/^(.+?)(ational|tional|enci|anci|izer|bli|alli|entli|eli|ousli|ization|ation|ator|alism|iveness|fulness|ousness|aliti|iviti|biliti|logi)$/,E=/^(.+?)(icate|ative|alize|iciti|ical|ful|ness)$/,_=/^(.+?)(al|ance|ence|er|ic|able|ible|ant|ement|ment|ent|ou|ism|ate|iti|ous|ive|ize)$/,F=/^(.+?)(s|t)(ion)$/,O=/^(.+?)e$/,P=/ll$/,N=new RegExp("^"+o+i+"[^aeiouwxy]$"),T=function(n){var i,o,r,s,a,h,l;if(n.length<3)return n;if(r=n.substr(0,1),"y"==r&&(n=r.toUpperCase()+n.substr(1)),s=p,a=m,s.test(n)?n=n.replace(s,"$1$2"):a.test(n)&&(n=n.replace(a,"$1$2")),s=v,a=y,s.test(n)){var T=s.exec(n);s=u,s.test(T[1])&&(s=g,n=n.replace(s,""))}else if(a.test(n)){var T=a.exec(n);i=T[1],a=d,a.test(i)&&(n=i,a=S,h=w,l=x,a.test(n)?n+="e":h.test(n)?(s=g,n=n.replace(s,"")):l.test(n)&&(n+="e"))}if(s=k,s.test(n)){var T=s.exec(n);i=T[1],n=i+"i"}if(s=b,s.test(n)){var T=s.exec(n);i=T[1],o=T[2],s=u,s.test(i)&&(n=i+t[o])}if(s=E,s.test(n)){var T=s.exec(n);i=T[1],o=T[2],s=u,s.test(i)&&(n=i+e[o])}if(s=_,a=F,s.test(n)){var T=s.exec(n);i=T[1],s=c,s.test(i)&&(n=i)}else if(a.test(n)){var T=a.exec(n);i=T[1]+T[2],a=c,a.test(i)&&(n=i)}if(s=O,s.test(n)){var T=s.exec(n);i=T[1],s=c,a=f,h=N,(s.test(i)||a.test(i)&&!h.test(i))&&(n=i)}return s=P,a=c,s.test(n)&&a.test(n)&&(s=g,n=n.replace(s,"")),"y"==r&&(n=r.toLowerCase()+n.substr(1)),n};return T}(),t.Pipeline.registerFunction(t.stemmer,"stemmer"),t.stopWordFilter=function(e){return e&&t.stopWordFilter.stopWords[e]!==e?e:void 0},t.stopWordFilter.stopWords={a:"a",able:"able",about:"about",across:"across",after:"after",all:"all",almost:"almost",also:"also",am:"am",among:"among",an:"an",and:"and",any:"any",are:"are",as:"as",at:"at",be:"be",because:"because",been:"been",but:"but",by:"by",can:"can",cannot:"cannot",could:"could",dear:"dear",did:"did","do":"do",does:"does",either:"either","else":"else",ever:"ever",every:"every","for":"for",from:"from",get:"get",got:"got",had:"had",has:"has",have:"have",he:"he",her:"her",hers:"hers",him:"him",his:"his",how:"how",however:"however",i:"i","if":"if","in":"in",into:"into",is:"is",it:"it",its:"its",just:"just",least:"least",let:"let",like:"like",likely:"likely",may:"may",me:"me",might:"might",most:"most",must:"must",my:"my",neither:"neither",no:"no",nor:"nor",not:"not",of:"of",off:"off",often:"often",on:"on",only:"only",or:"or",other:"other",our:"our",own:"own",rather:"rather",said:"said",say:"say",says:"says",she:"she",should:"should",since:"since",so:"so",some:"some",than:"than",that:"that",the:"the",their:"their",them:"them",then:"then",there:"there",these:"these",they:"they","this":"this",tis:"tis",to:"to",too:"too",twas:"twas",us:"us",wants:"wants",was:"was",we:"we",were:"were",what:"what",when:"when",where:"where",which:"which","while":"while",who:"who",whom:"whom",why:"why",will:"will","with":"with",would:"would",yet:"yet",you:"you",your:"your"},t.Pipeline.registerFunction(t.stopWordFilter,"stopWordFilter"),t.trimmer=function(t){var e=t.replace(/^\W+/,"").replace(/\W+$/,"");return""===e?void 0:e},t.Pipeline.registerFunction(t.trimmer,"trimmer"),t.TokenStore=function(){this.root={docs:{}},this.length=0},t.TokenStore.load=function(t){var e=new this;return e.root=t.root,e.length=t.length,e},t.TokenStore.prototype.add=function(t,e,n){var n=n||this.root,i=t[0],o=t.slice(1);return i in n||(n[i]={docs:{}}),0===o.length?(n[i].docs[e.ref]=e,void(this.length+=1)):this.add(o,e,n[i])},t.TokenStore.prototype.has=function(t){if(!t)return!1;for(var e=this.root,n=0;no;o++){for(var r=t[o],s=0;i>s&&(r=this._stack[s](r,o,t),void 0!==r);s++);void 0!==r&&e.push(r)}return e},t.Pipeline.prototype.reset=function(){this._stack=[]},t.Pipeline.prototype.toJSON=function(){return this._stack.map(function(e){return t.Pipeline.warnIfFunctionNotRegistered(e),e.label})},t.Vector=function(){this._magnitude=null,this.list=void 0,this.length=0},t.Vector.Node=function(t,e,n){this.idx=t,this.val=e,this.next=n},t.Vector.prototype.insert=function(e,n){this._magnitude=void 0;var i=this.list;if(!i)return this.list=new t.Vector.Node(e,n,i),this.length++;if(en.idx?n=n.next:(i+=e.val*n.val,e=e.next,n=n.next);return i},t.Vector.prototype.similarity=function(t){return this.dot(t)/(this.magnitude()*t.magnitude())},t.SortedSet=function(){this.length=0,this.elements=[]},t.SortedSet.load=function(t){var e=new this;return e.elements=t,e.length=t.length,e},t.SortedSet.prototype.add=function(){var t,e;for(t=0;t1;){if(r===t)return o;t>r&&(e=o),r>t&&(n=o),i=n-e,o=e+Math.floor(i/2),r=this.elements[o]}return r===t?o:-1},t.SortedSet.prototype.locationFor=function(t){for(var e=0,n=this.elements.length,i=n-e,o=e+Math.floor(i/2),r=this.elements[o];i>1;)t>r&&(e=o),r>t&&(n=o),i=n-e,o=e+Math.floor(i/2),r=this.elements[o];return r>t?o:t>r?o+1:void 0},t.SortedSet.prototype.intersect=function(e){for(var n=new t.SortedSet,i=0,o=0,r=this.length,s=e.length,a=this.elements,h=e.elements;;){if(i>r-1||o>s-1)break;a[i]!==h[o]?a[i]h[o]&&o++:(n.add(a[i]),i++,o++)}return n},t.SortedSet.prototype.clone=function(){var e=new t.SortedSet;return e.elements=this.toArray(),e.length=e.elements.length,e},t.SortedSet.prototype.union=function(t){var e,n,i;return this.length>=t.length?(e=this,n=t):(e=t,n=this),i=e.clone(),i.add.apply(i,n.toArray()),i},t.SortedSet.prototype.toJSON=function(){return this.toArray()},t.Index=function(){this._fields=[],this._ref="id",this.pipeline=new t.Pipeline,this.documentStore=new t.Store,this.tokenStore=new t.TokenStore,this.corpusTokens=new t.SortedSet,this.eventEmitter=new t.EventEmitter,this._idfCache={},this.on("add","remove","update",function(){this._idfCache={}}.bind(this))},t.Index.prototype.on=function(){var t=Array.prototype.slice.call(arguments);return this.eventEmitter.addListener.apply(this.eventEmitter,t)},t.Index.prototype.off=function(t,e){return this.eventEmitter.removeListener(t,e)},t.Index.load=function(e){e.version!==t.version&&t.utils.warn("version mismatch: current "+t.version+" importing "+e.version);var n=new this;return n._fields=e.fields,n._ref=e.ref,n.documentStore=t.Store.load(e.documentStore),n.tokenStore=t.TokenStore.load(e.tokenStore),n.corpusTokens=t.SortedSet.load(e.corpusTokens),n.pipeline=t.Pipeline.load(e.pipeline),n},t.Index.prototype.field=function(t,e){var e=e||{},n={name:t,boost:e.boost||1};return this._fields.push(n),this},t.Index.prototype.ref=function(t){return this._ref=t,this},t.Index.prototype.add=function(e,n){var i={},o=new t.SortedSet,r=e[this._ref],n=void 0===n?!0:n;this._fields.forEach(function(n){var r=this.pipeline.run(t.tokenizer(e[n.name]));i[n.name]=r,t.SortedSet.prototype.add.apply(o,r)},this),this.documentStore.set(r,o),t.SortedSet.prototype.add.apply(this.corpusTokens,o.toArray());for(var s=0;s0&&(i=1+Math.log(this.documentStore.length/n)),this._idfCache[e]=i},t.Index.prototype.search=function(e){var n=this.pipeline.run(t.tokenizer(e)),i=new t.Vector,o=[],r=this._fields.reduce(function(t,e){return t+e.boost},0),s=n.some(function(t){return this.tokenStore.has(t)},this);if(!s)return[];n.forEach(function(e,n,s){var a=1/s.length*this._fields.length*r,h=this,l=this.tokenStore.expand(e).reduce(function(n,o){var r=h.corpusTokens.indexOf(o),s=h.idf(o),l=1,u=new t.SortedSet;if(o!==e){var c=Math.max(3,o.length-e.length);l=1/Math.log(c)}return r>-1&&i.insert(r,a*s*l),Object.keys(h.tokenStore.get(o)).forEach(function(t){u.add(t)}),n.union(u)},new t.SortedSet);o.push(l)},this);var a=o.reduce(function(t,e){return t.intersect(e)});return a.map(function(t){return{ref:t,score:i.similarity(this.documentVector(t))}},this).sort(function(t,e){return e.score-t.score})},t.Index.prototype.documentVector=function(e){for(var n=this.documentStore.get(e),i=n.length,o=new t.Vector,r=0;i>r;r++){var s=n.elements[r],a=this.tokenStore.get(s)[e].tf,h=this.idf(s);o.insert(this.corpusTokens.indexOf(s),a*h)}return o},t.Index.prototype.toJSON=function(){return{version:t.version,fields:this._fields,ref:this._ref,documentStore:this.documentStore.toJSON(),tokenStore:this.tokenStore.toJSON(),corpusTokens:this.corpusTokens.toJSON(),pipeline:this.pipeline.toJSON()}},t.Index.prototype.use=function(t){var e=Array.prototype.slice.call(arguments,1);e.unshift(this),t.apply(this,e)},t.Store=function(){this.store={},this.length=0},t.Store.load=function(e){var n=new this;return n.length=e.length,n.store=Object.keys(e.store).reduce(function(n,i){return n[i]=t.SortedSet.load(e.store[i]),n},{}),n},t.Store.prototype.set=function(t,e){this.has(t)||this.length++,this.store[t]=e},t.Store.prototype.get=function(t){return this.store[t]},t.Store.prototype.has=function(t){return t in this.store},t.Store.prototype.remove=function(t){this.has(t)&&(delete this.store[t],this.length--)},t.Store.prototype.toJSON=function(){return{store:this.store,length:this.length}},t.stemmer=function(){var t={ational:"ate",tional:"tion",enci:"ence",anci:"ance",izer:"ize",bli:"ble",alli:"al",entli:"ent",eli:"e",ousli:"ous",ization:"ize",ation:"ate",ator:"ate",alism:"al",iveness:"ive",fulness:"ful",ousness:"ous",aliti:"al",iviti:"ive",biliti:"ble",logi:"log"},e={icate:"ic",ative:"",alize:"al",iciti:"ic",ical:"ic",ful:"",ness:""},n="[^aeiou]",i="[aeiouy]",o=n+"[^aeiouy]*",r=i+"[aeiou]*",s="^("+o+")?"+r+o,a="^("+o+")?"+r+o+"("+r+")?$",h="^("+o+")?"+r+o+r+o,l="^("+o+")?"+i,u=new RegExp(s),c=new RegExp(h),f=new RegExp(a),d=new RegExp(l),p=/^(.+?)(ss|i)es$/,m=/^(.+?)([^s])s$/,v=/^(.+?)eed$/,y=/^(.+?)(ed|ing)$/,g=/.$/,S=/(at|bl|iz)$/,w=new RegExp("([^aeiouylsz])\\1$"),x=new RegExp("^"+o+i+"[^aeiouwxy]$"),k=/^(.+?[^aeiou])y$/,b=/^(.+?)(ational|tional|enci|anci|izer|bli|alli|entli|eli|ousli|ization|ation|ator|alism|iveness|fulness|ousness|aliti|iviti|biliti|logi)$/,E=/^(.+?)(icate|ative|alize|iciti|ical|ful|ness)$/,_=/^(.+?)(al|ance|ence|er|ic|able|ible|ant|ement|ment|ent|ou|ism|ate|iti|ous|ive|ize)$/,F=/^(.+?)(s|t)(ion)$/,O=/^(.+?)e$/,P=/ll$/,N=new RegExp("^"+o+i+"[^aeiouwxy]$"),T=function(n){var i,o,r,s,a,h,l;if(n.length<3)return n;if(r=n.substr(0,1),"y"==r&&(n=r.toUpperCase()+n.substr(1)),s=p,a=m,s.test(n)?n=n.replace(s,"$1$2"):a.test(n)&&(n=n.replace(a,"$1$2")),s=v,a=y,s.test(n)){var T=s.exec(n);s=u,s.test(T[1])&&(s=g,n=n.replace(s,""))}else if(a.test(n)){var T=a.exec(n);i=T[1],a=d,a.test(i)&&(n=i,a=S,h=w,l=x,a.test(n)?n+="e":h.test(n)?(s=g,n=n.replace(s,"")):l.test(n)&&(n+="e"))}if(s=k,s.test(n)){var T=s.exec(n);i=T[1],n=i+"i"}if(s=b,s.test(n)){var T=s.exec(n);i=T[1],o=T[2],s=u,s.test(i)&&(n=i+t[o])}if(s=E,s.test(n)){var T=s.exec(n);i=T[1],o=T[2],s=u,s.test(i)&&(n=i+e[o])}if(s=_,a=F,s.test(n)){var T=s.exec(n);i=T[1],s=c,s.test(i)&&(n=i)}else if(a.test(n)){var T=a.exec(n);i=T[1]+T[2],a=c,a.test(i)&&(n=i)}if(s=O,s.test(n)){var T=s.exec(n);i=T[1],s=c,a=f,h=N,(s.test(i)||a.test(i)&&!h.test(i))&&(n=i)}return s=P,a=c,s.test(n)&&a.test(n)&&(s=g,n=n.replace(s,"")),"y"==r&&(n=r.toLowerCase()+n.substr(1)),n};return T}(),t.Pipeline.registerFunction(t.stemmer,"stemmer"),t.stopWordFilter=function(e){return e&&t.stopWordFilter.stopWords[e]!==e?e:void 0},t.stopWordFilter.stopWords={a:"a",able:"able",about:"about",across:"across",after:"after",all:"all",almost:"almost",also:"also",am:"am",among:"among",an:"an",and:"and",any:"any",are:"are",as:"as",at:"at",be:"be",because:"because",been:"been",but:"but",by:"by",can:"can",cannot:"cannot",could:"could",dear:"dear",did:"did","do":"do",does:"does",either:"either","else":"else",ever:"ever",every:"every","for":"for",from:"from",get:"get",got:"got",had:"had",has:"has",have:"have",he:"he",her:"her",hers:"hers",him:"him",his:"his",how:"how",however:"however",i:"i","if":"if","in":"in",into:"into",is:"is",it:"it",its:"its",just:"just",least:"least",let:"let",like:"like",likely:"likely",may:"may",me:"me",might:"might",most:"most",must:"must",my:"my",neither:"neither",no:"no",nor:"nor",not:"not",of:"of",off:"off",often:"often",on:"on",only:"only",or:"or",other:"other",our:"our",own:"own",rather:"rather",said:"said",say:"say",says:"says",she:"she",should:"should",since:"since",so:"so",some:"some",than:"than",that:"that",the:"the",their:"their",them:"them",then:"then",there:"there",these:"these",they:"they","this":"this",tis:"tis",to:"to",too:"too",twas:"twas",us:"us",wants:"wants",was:"was",we:"we",were:"were",what:"what",when:"when",where:"where",which:"which","while":"while",who:"who",whom:"whom",why:"why",will:"will","with":"with",would:"would",yet:"yet",you:"you",your:"your"},t.Pipeline.registerFunction(t.stopWordFilter,"stopWordFilter"),t.trimmer=function(t){var e=t.replace(/^\W+/,"").replace(/\W+$/,"");return""===e?void 0:e},t.Pipeline.registerFunction(t.trimmer,"trimmer"),t.TokenStore=function(){this.root={docs:{}},this.length=0},t.TokenStore.load=function(t){var e=new this;return e.root=t.root,e.length=t.length,e},t.TokenStore.prototype.add=function(t,e,n){var n=n||this.root,i=t[0],o=t.slice(1);return i in n||(n[i]={docs:{}}),0===o.length?(n[i].docs[e.ref]=e,void(this.length+=1)):this.add(o,e,n[i])},t.TokenStore.prototype.has=function(t){if(!t)return!1;for(var e=this.root,n=0;n 3 | 4 | 5 | 6 | 7 | Decrypt IPSec ESP packets · GitBook 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 |

    68 |
    69 | 70 | 71 | 74 | 75 | 76 | 598 | 599 | 600 |
    601 | 602 |
    603 | 604 |
    605 | 606 | 607 | 608 | 617 | 618 | 619 | 620 | 621 |
    622 |
    623 | 624 |
    625 |
    626 | 627 |
    628 | 629 |

    Decrypt IPSec ESP packets

    630 |

    "-E spi@ipaddr algo:secret ..." can be used to decrypt IPSec ESP packets. Because this option involves secret key, it should only be used in debugging purpose. Tcpdump needs to be compiled with cryptography enabled (there is an example about how to use this option).

    631 | 632 | 633 |
    634 | 635 |
    636 |
    637 |
    638 | 639 |

    results matching ""

    640 |
      641 | 642 |
      643 |
      644 | 645 |

      No results matching ""

      646 | 647 |
      648 |
      649 |
      650 | 651 |
      652 |
      653 | 654 |
      655 | 656 | 657 | 658 | 659 | 660 | 661 | 662 | 663 | 664 | 665 |
      666 | 667 | 673 |
      674 | 675 | 676 | 677 | 678 | 679 | 680 | 681 | 682 | 683 | 684 | 685 | 686 | 687 | 688 | 689 | 690 | 691 | 692 | 693 | 694 | 695 | 696 | 697 | 698 | 699 | 700 | 701 | 702 | 703 | 704 | 705 | 706 | 707 | -------------------------------------------------------------------------------- /posts/dont-optimize-bpf-program.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Don't optimize BPF program · GitBook 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 |
      70 |
      71 | 72 | 73 | 76 | 77 | 78 | 600 | 601 | 602 |
      603 | 604 |
      605 | 606 |
      607 | 608 | 609 | 610 | 619 | 620 | 621 | 622 | 623 |
      624 |
      625 | 626 |
      627 |
      628 | 629 |
      630 | 631 |

      Don't optimize BPF program

      632 |

      "-O/--no-optimize" tells tcpdump not optimize generated BPF program, and this options just sets optimize's value to 0 in pcap_compile function.

      633 | 634 | 635 |
      636 | 637 |
      638 |
      639 |
      640 | 641 |

      results matching ""

      642 |
        643 | 644 |
        645 |
        646 | 647 |

        No results matching ""

        648 | 649 |
        650 |
        651 |
        652 | 653 |
        654 |
        655 | 656 |
        657 | 658 | 659 | 660 | 661 | 662 | 663 | 664 | 665 | 666 | 667 | 668 | 669 | 670 | 671 |
        672 | 673 | 679 |
        680 | 681 | 682 | 683 | 684 | 685 | 686 | 687 | 688 | 689 | 690 | 691 | 692 | 693 | 694 | 695 | 696 | 697 | 698 | 699 | 700 | 701 | 702 | 703 | 704 | 705 | 706 | 707 | 708 | 709 | 710 | 711 | 712 | 713 | -------------------------------------------------------------------------------- /posts/set-snapshot-length.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Set snapshot length · GitBook 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 |
        70 |
        71 | 72 | 73 | 76 | 77 | 78 | 600 | 601 | 602 |
        603 | 604 |
        605 | 606 |
        607 | 608 | 609 | 610 | 619 | 620 | 621 | 622 | 623 |
        624 |
        625 | 626 |
        627 |
        628 | 629 |
        630 | 631 |

        Set snapshot length

        632 |

        "-s snaplen/--snapshot-length=snaplen" option is used to set snapshot length; now the default value is 262144, i.e., 256KiB. It should satisfy all need. Unless there is a sufficient reason, otherwise just don't bother to modify it.

        633 | 634 | 635 |
        636 | 637 |
        638 |
        639 |
        640 | 641 |

        results matching ""

        642 |
          643 | 644 |
          645 |
          646 | 647 |

          No results matching ""

          648 | 649 |
          650 |
          651 |
          652 | 653 |
          654 |
          655 | 656 |
          657 | 658 | 659 | 660 | 661 | 662 | 663 | 664 | 665 | 666 | 667 | 668 | 669 | 670 | 671 |
          672 | 673 | 679 |
          680 | 681 | 682 | 683 | 684 | 685 | 686 | 687 | 688 | 689 | 690 | 691 | 692 | 693 | 694 | 695 | 696 | 697 | 698 | 699 | 700 | 701 | 702 | 703 | 704 | 705 | 706 | 707 | 708 | 709 | 710 | 711 | 712 | 713 | -------------------------------------------------------------------------------- /posts/verify-cryptographic-signature-of-the-tcp-packet.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Verify cryptographic signature of the TCP packet · GitBook 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 |
          70 |
          71 | 72 | 73 | 76 | 77 | 78 | 600 | 601 | 602 |
          603 | 604 |
          605 | 606 |
          607 | 608 | 609 | 610 | 619 | 620 | 621 | 622 | 623 |
          624 |
          625 | 626 |
          627 |
          628 | 629 |
          630 | 631 |

          Verify cryptographic signature of the TCP packet

          632 |

          "-M secret" is used to verify cryptographic signature of the TCP with the TCP-MD5 option, and now only MD5 is supported.

          633 | 634 | 635 |
          636 | 637 |
          638 |
          639 |
          640 | 641 |

          results matching ""

          642 |
            643 | 644 |
            645 |
            646 | 647 |

            No results matching ""

            648 | 649 |
            650 |
            651 |
            652 | 653 |
            654 |
            655 | 656 |
            657 | 658 | 659 | 660 | 661 | 662 | 663 | 664 | 665 | 666 | 667 | 668 | 669 | 670 | 671 |
            672 | 673 | 679 |
            680 | 681 | 682 | 683 | 684 | 685 | 686 | 687 | 688 | 689 | 690 | 691 | 692 | 693 | 694 | 695 | 696 | 697 | 698 | 699 | 700 | 701 | 702 | 703 | 704 | 705 | 706 | 707 | 708 | 709 | 710 | 711 | 712 | 713 | --------------------------------------------------------------------------------