Windows 2000 | Linux |
usage: pipacs.exe options
where options: [-c:sec] Dump cycle in sec (10) [-f:file[-e:program]] Results into a file [and exec program](-) [-n:db] Execute just db cycle (0) [-l:lineno] Print lineno lines of hosts(25) [-a] Print packet info&data (-) [-h] Print just the header [-p] Print just summary info (-) Otherwise print sum&ip pairs [-g] Make GRE encapsulation transparent (-) [-t:[tcp|udp|icmp|.....|number]] Filter on protocoll (ALL) [-sa:IP[/Net]] Filter on source address (-)/net [-sp:Port] Filter on source port (-) [-da:IP[/Net]] Filter on dest address/net (-) [-dp:Port] Filter on dest port(-) [-xa:IP[/Net]] Filter on src|dest address/net (-) [-xp:Port] Filter on src|dest port (-) [-pa:pattern] String match (0), last param!!! [-i:int] Capture on this interface (0) Available interfaces: 0 ........ [212.97.0.121] Filtering rules: t && (sa|da|xa) && (sp|dp|xp) Ver. 2.4 (c):2000-2004, P�l�czi-Horv�th J�nos | usage: pipacs options
where options: [-i:int[,int]] Capture on this interface(s) (eth0) [-c:sec] Dump cycle in sec (60) [-f:file[-e:program]] Results into a file [and exec program](-) [-f:file -a] Produce Wireshark compatible dump to file (-) [-n:db] Execute just db cycle (0) [-l:lineno] Print lineno lines of hosts(25) [-k] Sort reult by packet count (size) [-1] Ignore source IP (-) [-2] Ignore destination IP (-) [-h] Print just the header (-) [-w[012]] Wireless mode,0=dot11 1=prism 2-radiotap (0) [-r] Don't print RAW ( no 802.3 ) packets (-) [-a] Print packet info&data (-) [-h] Print just the header (-) [-p] Print just summary info (-) Otherwise print sum&ip pairs [-t:[tcp|udp|icmp|.....|number]] Filter on protocoll (ALL) [-g] Make GRE encapsulation transparent (-) [-v][:xx] Skip VLAN headers [xx bytes (4)] (-) [-sa:[!]IP[/Net]] Filter on [not] source address (-)/net [-sp:[!]Port] Filter on [not] source port (-) [-da:[!]IP[/Net]] Filter on [not] dest address/net (-) [-dp:[!]Port] Filter on [not] dest port(-) [-xa:[!]IP[/Net]] Filter on [not] src|dest address/net (-) [-xp:[!]Port] Filter on [not] src|dest port (-) [-pa:pattern] String match , last param!!! Filtering rules: t && (sa|da|xa) && (sp|dp|xp) Ver. 4.2 (c):2000-2008, P�l�czi-Horv�th J�nos |
pipacs.zip | pipacs |
2004.04.14/15: The oulook ( new print the F:2/0 = don't fragment bit set, 0=offset ) were modified, and some bug were removed. There are three major modifications:
The -g parameter when set, the decoder decapsulate all GRE packets and in the case the original frame is an IP one, transparently show the the packets content, so you can filter for address/ports inside the GRE packets.
You can filter not just the TCP/UDP protocoll, but you can give any protocoll to filter giving the number or the protocoll name.
The ICMP packet decoder quite follow the RFC.
eth0,eth1,eth2 Speed: 22.44 Kbit/s , 18 IP pairs / 10 secs. phj@phj.hu
Prot: TCP : 98/15.0 k UDP : 34/4.7 k OSPF : 6/440 Port: 0445: 61/7.2 k 3251: 61/7.2 k 0022: 19/6.7 k 1106: 14/6.1 k 0514: 30/3.7 k 0138: 8/2.0 k 3379: 8/982 0110: 11/700 212.92.31.254 212.97.0.121 10 pkt , 6048 byte : 4.72 Kbps 95.80.10.0 1.1.0.0 2 pkt , 4096 byte : 3.20 Kbps 212.97.0.107 212.97.0.116 41 pkt , 3680 byte : 2.88 Kbps 212.97.0.116 212.97.0.107 20 pkt , 3680 byte : 2.88 Kbps 212.97.0.101 212.97.0.116 22 pkt , 2788 byte : 2.18 Kbps 212.97.0.105 212.97.0.116 8 pkt , 982 byte : 0.77 Kbps 195.228.193.11 193.6.32.239 11 pkt , 700 byte : 0.55 Kbps 212.97.0.115 212.97.0.121 3 pkt , 536 byte : 0.42 Kbps 10.0.80.241 212.97.0.115 2 pkt , 508 byte : 0.40 Kbps 212.97.0.115 10.0.80.241 2 pkt , 500 byte : 0.39 Kbps 10.0.1.1 224.0.0.5 4 pkt , 304 byte : 0.24 Kbps 195.199.27.219 193.225.209.24 4 pkt , 240 byte : 0.19 Kbps 212.97.0.121 212.92.31.254 4 pkt , 160 byte : 0.12 Kbps 212.97.0.121 212.97.0.115 2 pkt , 128 byte : 0.10 Kbps 195.70.35.64 193.6.32.239 2 pkt , 80 byte : 0.06 Kbps 212.97.0.115 224.0.0.5 1 pkt , 68 byte : 0.05 Kbps 212.97.0.116 224.0.0.5 1 pkt , 68 byte : 0.05 Kbps 195.199.74.252 193.225.209.24 1 pkt , 60 byte : 0.05 Kbps |
2001.06.26 23:43:47 8:0:6a:2a:b3:57 > 8:0:e:21:33:96 193.6.32.101 > 193.6.32.196 TTL:253 Proto:UDP F:0/0 TOS:00 UDP: SPort: 53 | DPort: 1024 | Len: 196 | CSum: 0x0000ada0 54 fa 85 80 00 01 00 01 00 03 00 03 03 32 34 33 T............243 02 38 38 02 39 30 03 32 30 37 07 69 6e 2d 61 64 .88.90.207.in-ad 64 72 04 61 72 70 61 00 00 0c 00 01 c0 0c 00 0c dr.arpa......... 00 01 00 01 51 80 00 1e 04 64 32 34 30 03 61 73 ....Q....d240.as 30 04 65 61 74 6e 02 6f 68 07 76 6f 79 61 67 65 0.eatn.oh.voyage 72 03 6e 65 74 00 c0 10 00 02 00 01 00 01 51 80 r.net.........Q. 00 08 02 65 30 02 6e 73 c0 49 c0 10 00 02 00 01 ...e0.ns.I...... 00 01 51 80 00 05 02 65 31 c0 65 c0 10 00 02 00 ..Q....e1.e..... 01 00 01 51 80 00 05 02 65 32 c0 65 c0 62 00 01 ...Q....e2.e.b.. 00 01 00 01 51 80 00 04 a9 cf 02 48 c0 76 00 01 ....Q......H.v.. 00 01 00 01 51 80 00 04 cf 59 80 0d c0 87 00 01 ....Q....Y...... 00 01 00 01 51 80 00 04 cf 00 e5 fc 49 69 52 80 ....Q.......IiR. 9b df 45 36 35 e6 2d 2c ad d6 ..E65.-,.. 2001.06.26 23:43:48 8:0:6a:2a:b3:57 > 8:0:e:21:33:96 195.70.32.222 > 193.6.32.196 TTL:58 Proto:TCP F:0/0 TOS:00 TCP: SPort: 5676 DPort: 1461 Seq: C66DC413 ACK: 1771B5C Flags: ACK PSH 23 23 23 b9 d3 e6 f7 e6 fa a2 fd d3 e6 f7 e6 fa ###............. c3 f7 f1 e6 e5 ea ae b5 b0 b4 b5 bb ad e7 ea e2 ................ ef ad ee e2 f7 e2 f5 ad ed e6 f7 a3 d2 d6 ca d7 ................ a3 b9 c0 ef ea e6 ed f7 a3 e6 fb ea f7 e6 e7 0d ................ 0a 7f e9 af 98 c8 fb 03 36 ea 8d d3 56 7e 35 ........6...V~5 2001.06.26 23:43:48 8:0:6a:2a:b3:57 > 8:0:e:21:33:96 207.90.88.243 > 193.6.32.196 TTL:106 Proto:TCP F:0/0 TOS:00 TCP: SPort: 1216 DPort: 8000 Seq: 3EB38AB ACK: 0 Flags: SYN 02 04 02 18 01 01 04 02 0e fd cb 9c 20 e7 3e 25 ............ .>% c3 8f 65 85 25 9a ..e.%. 2001.06.26 23:43:48 8:0:6a:2a:b3:57 > 8:0:e:21:33:96 207.90.88.243 > 193.6.32.196 TTL:106 Proto:TCP F:0/0 TOS:00 TCP: SPort: 1216 DPort: 8000 Seq: 3EB38AB ACK: 0 Flags: SYN 02 04 02 18 01 01 04 02 01 00 1a 00 00 00 00 09 ................ 3e 02 a8 1b aa 55 >....U 2001.06.26 23:43:49 8:0:6a:2a:b3:57 > 8:0:e:21:33:96 195.70.32.222 > 193.6.32.196 TTL:58 Proto:TCP F:0/0 TOS:00 TCP: SPort: 5676 DPort: 1461 Seq: C66DC454 ACK: 1771B5C Flags: ACK PSH 23 23 23 b9 c9 f6 e0 ea a2 fd c9 f6 e0 ea c3 f7 ###............. f1 e6 e5 ea ae b2 b6 b4 b1 b6 ad e7 ea e2 ef ad ................ e5 f1 e6 e6 f0 f7 e2 f1 f7 ad eb f6 a3 d2 d6 ca ................ d7 a3 b9 c1 f1 ec e8 e6 ed a3 f3 ea f3 e6 0d 0a ................ 00 b1 18 e8 71 4f 50 52 8b 56 f8 8b 46 f6 ....qOPR.V..F. |