{"id":409,"date":"2015-03-14T03:43:10","date_gmt":"2015-03-14T00:13:10","guid":{"rendered":"http:\/\/www.chpert.net\/?p=409"},"modified":"2019-05-29T23:40:15","modified_gmt":"2019-05-29T19:10:15","slug":"%d9%85%d9%82%d8%af%d9%85%d9%87%e2%80%8c%d8%a7%db%8c-%d8%a8%d8%b1-tcpdump","status":"publish","type":"post","link":"http:\/\/pahlevanzadeh.net\/?p=409","title":{"rendered":"\u0645\u0642\u062f\u0645\u0647\u200c\u0627\u06cc \u0628\u0631 tcpdump"},"content":{"rendered":"

\u0647\u0645\u06cc\u0634\u0647 \u0628\u0631\u0627\u06cc \u0628\u0639\u0636\u06cc \u0627\u0632 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0633\u0624\u0627\u0644\u0627\u062a\u06cc \u0645\u0637\u0631\u062d \u0627\u0633\u062a \u06a9\u0647 \u0627\u0632 \u06a9\u062f\u0627\u0645 \u0628\u0631\u0646\u0627\u0645\u0647 \u0628\u0631\u0627\u06cc log \u06af\u06cc\u0631\u06cc \u0634\u0628\u06a9\u0647 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0646\u0645\u0627\u06cc\u0646\u062f. \u062a\u0627 \u0632\u0645\u0627\u0646\u06cc \u06a9\u0647 \u0627\u06cc\u0646 \u062e\u0648\u0627\u0633\u062a\u0647 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0645\u0634\u062e\u0635 \u0646\u0628\u0627\u0634\u062f \u0627\u06cc\u0646 \u0633\u0624\u0627\u0644 \u0628\u062f\u0648\u0646 \u062c\u0648\u0627\u0628 \u0628\u0627\u0642\u06cc \u0645\u06cc\u200c\u0645\u0627\u0646\u062f.
\n\u062e\u0648\u0628 \u0645\u0633\u0644\u0645\u0627\u064b \u0628\u0631\u0646\u0627\u0645\u0647\u200c\u0647\u0627\u06cc \u0632\u06cc\u0627\u062f\u06cc \u0628\u0627 \u06a9\u0627\u0631\u0628\u0631\u062f\u200c\u0647\u0627\u06cc \u0632\u06cc\u0627\u062f\u06cc \u0647\u0633\u062a\u0646\u062f \u0627\u0646\u0648\u0627\u0639 monitoring \u0634\u0628\u06a9\u0647 \u0631\u0627 \u062f\u0627\u0631\u06cc\u0645 \u06a9\u0647 \u0647\u0631\u06cc\u06a9 \u0628\u0646\u0627 \u0628\u0647 \u0631\u0633\u062a\u0647 \u062e\u0648\u062f \u0645\u0648\u0631\u062f \u0628\u062d\u062b \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u06af\u06cc\u0631\u062f \u0648 \u0628\u0627\u0632 \u062f\u0631 \u0628\u062d\u062b \"tcpdump\"<\/a>sniffing \u062a\u0642\u0633\u06cc\u0645\u200c\u0628\u0646\u062f\u06cc \u0647\u0627\u06cc \u0645\u062a\u0641\u0627\u0648\u062a\u06cc \u0647\u0645\u0627\u0646\u0646\u062f log \u06af\u06cc\u0631\u06cc \u062d\u062c\u0645 \u0627\u0637\u0627\u0644\u0627\u0639\u0627\u062a \u0634\u0628\u06a9\u0647\u060c capture \u06a9\u0631\u062f\u0646 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u060c \u0627\u0628\u0632\u0627\u0631\u06cc \u0628\u0631\u0627\u06cc \u0628\u0631\u0646\u0627\u0645\u0647\u200c\u0633\u0627\u0632\u06cc \u0648 \u063a\u06cc\u0631\u0647 \u0645\u0648\u062c\u0648\u062f\u0646\u062f \u06a9\u0647 \u0647\u0645\u0632\u0645\u0627\u0646 \u0628\u0627 \u0632\u0645\u0627\u0646 \u0648 \u067e\u0631\u0648\u062a\u06a9\u0644\u200c\u0647\u0627 \u062a\u063a\u06cc\u06cc\u0631 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f.
\n\u0627\u0645\u0627 \u0686\u0631\u0627 tcpdump \u061f \u0632\u0645\u0627\u0646\u06cc \u06a9\u0647 \u06a9\u0627\u0631\u0628\u0631\u06cc \u0628\u062e\u0648\u0627\u0647\u062f \u062f\u0631 \u0645\u0648\u0631\u062f packet \u0647\u0627 \u062a\u062d\u0642\u06cc\u0642\u200c \u06a9\u0646\u062f \u0628\u0627\u06cc\u062f \u0622\u0646\u200c\u0647\u0627 capture \u06a9\u0631\u062f\u0647 \u0648 \u062d\u0627\u0644 \u06cc\u0627 \u0627\u0632 \u0622\u0646\u200c\u0647\u0627 log \u06af\u0631\u0641\u062a\u0647 \u0648 \u0627\u06cc\u0646 log \u0645\u0647\u0645 \u0627\u0633\u062a \u0648 \u06cc\u0627 \u06a9\u0627\u0631 \u0628\u0627 \u06cc\u06a9 grep \u062d\u0644 \u0645\u06cc\u200c\u0634\u0648\u062f. \u0633\u0624\u0627\u0644\u06cc \u06a9\u0647 \u0645\u0637\u0631\u062d \u0645\u06cc\u200c\u0634\u0648\u062f \u0627\u06cc\u0646 \u0627\u0633\u062a \u06a9\u0647 wireshark \u0646\u06cc\u0632 \u0647\u0645\u06cc\u0646 \u06a9\u0627\u0631 \u0631\u0627 \u0627\u0646\u062c\u0627\u0645 \u0645\u06cc\u200c\u062f\u0647\u062f \u0686\u0631\u0627 \u0627\u0632 \u0622\u0646 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0646\u0634\u0648\u062f\u061f \u0645\u0633\u0644\u0645\u0627\u064b \u06cc\u06a9 \u06a9\u0627\u0631\u0628\u0631 \u0634\u0628\u06a9\u0647 \u0647\u0645\u0632\u0645\u0627\u0646 \u0628\u0631 \u0631\u0648\u06cc \u0686\u0646\u062f\u06cc\u0646 \u0633\u0631\u0648\u0631 \u0628\u0627\u06cc\u062f \u0628\u0631\u0648\u062f \u06a9\u0647 \u0647\u06cc\u0686 \u06a9\u0646\u0633\u0648\u0644 \u06af\u0631\u0627\u0641\u06cc\u06a9\u06cc \u0648\u062c\u0648\u062f \u0646\u062f\u0627\u0631\u062f \u0648 \u0628\u0642\u06cc\u0647 \u0642\u0636\u06cc\u0627… \u0627\u0645\u0627 \u0627\u06af\u0631 \u062f\u0631 \u0645\u0648\u0631\u062f \u06a9\u0627\u0631\u0628\u0631\u062f wireshark \u0645\u06cc\u200c\u062e\u0648\u0627\u0647\u06cc\u062f \u0628\u067e\u0631\u0633\u06cc\u062f \u062f\u0631 \u0628\u0631\u0646\u0627\u0645\u0647\u200c\u0633\u0627\u0632\u06cc \u0628\u0647 \u0634\u062f\u062a \u06a9\u0627\u0631\u0628\u0631\u062f \u062f\u0627\u0631\u062f.
\n<\/p>\n

\u06f1. \u062e\u0648\u062f \u0628\u0631\u0646\u0627\u0645\u0647 tcpdump<\/strong><\/p>\n

\u06a9\u0627\u0631 \u0628\u0627 \u0628\u0627 tcpdump \u0628\u0647 \u062f\u0648 \u0628\u062e\u0634 \u062e\u0648\u062f \u0628\u0631\u0646\u0627\u0645\u0647 \u0622\u0646 \u0648 \u0628\u062e\u0634 filter \u0646\u0648\u06cc\u0633\u06cc \u0628\u0631\u0627\u06cc \u0622\u0646 \u062a\u0642\u0633\u06cc\u0645 \u0645\u06cc\u200c\u0634\u0648\u062f. \u0628\u0647 \u0637\u0648\u0631\u06cc \u06a9\u0647 \u062d\u062a\u06cc manual page \u0647\u0627\u06cc \u0622\u0646\u0627\u0646 \u0645\u062a\u0641\u0627\u0648\u062a \u0645\u06cc\u200c\u0628\u0627\u0634\u062f. \u0628\u0631\u0627\u06cc \u062e\u0648\u062f \u0622\u0646 \u0628\u0627\u06cc\u062f (8)tcpdump<\/em> \u0631\u0627 \u0645\u0637\u0627\u0644\u0639\u0647 \u06a9\u0631\u062f \u0648 \u0628\u0631\u0627\u06cc filter \u0646\u0648\u06cc\u0633\u06cc \u062f\u0631 tcpdump \u0628\u0627\u06cc\u062f (7)pcap-filter<\/em> \u0631\u0627 \u0645\u0637\u0627\u0644\u0639\u0647 \u06a9\u0631\u062f.
\n\u0627\u06cc\u0646 \u0628\u0631\u0646\u0627\u0645\u0647 \u062c\u0632\u0648 \u067e\u0631\u0648\u0698\u0647 pcap \u0645\u06cc\u200c\u0628\u0627\u0634\u062f \u06a9\u0647 \u06cc\u06a9 library \u0642\u0648\u06cc \u0628\u0631\u0627\u06cc capture \u06a9\u0631\u062f\u0646 packet \u0647\u0627 \u0645\u06cc\u200c\u0628\u0627\u0634\u062f.
\n\u0628\u0647\u062a\u0631 \u0627\u0633\u062a \u06cc\u06a9 \u0645\u0631\u0648\u0631 \u06a9\u0644\u06cc \u0628\u0631 \u0631\u0648\u06cc option \u0647\u0627\u06cc \u0627\u0635\u0644\u06cc \u0622\u0646 \u062f\u0627\u0634\u062a\u0647 \u0628\u0627\u0634\u06cc\u0645 \u062a\u0627 \u0628\u0647 \u0627\u0635\u0644 \u0642\u0636\u06cc\u0647 \u06cc\u0639\u0646\u06cc \u0646\u0648\u0634\u062a\u0646 \u0641\u06cc\u0644\u062a\u0631 \u0628\u067e\u0631\u062f\u0627\u0632\u06cc\u0645.
\n\u0647\u0645\u0647 \u0686\u06cc\u0632 \u0628\u0627 \u062a\u0639\u06cc\u06cc\u0646 interface \u0645\u0631\u0628\u0648\u0637\u0647 \u0634\u0631\u0648\u0639 \u0645\u06cc\u200c\u0634\u0648\u062f:<\/p>\n

root@debian:\/home\/mohsen# tcpdump -i eth0\r\ntcpdump: verbose output suppressed, use -v or -vv for full protocol decode\r\nlistening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes\r\n21:55:38.963133 IP dev32.1900 > 239.255.255.250.1900: UDP, length 94\r\n21:55:39.512530 IP debian.47888 > google-public-dns-a.google.com.domain: 33222+ PTR? 250.255.255.239.in-addr.arpa. (46)\r\n21:55:39.516780 IP dev32.1900 > 239.255.255.250.1900: UDP, length 94\r\n21:55:39.774315 IP google-public-dns-a.google.com.domain > debian.47888: 33222 NXDomain 0\/1\/0 (103)\r\n21:55:40.175894 IP dev32.1900 > 239.255.255.250.1900: UDP, length 94\r\n^C\r\n5 packets captured\r\n7 packets received by filter\r\n0 packets dropped by kernel\r\n<\/pre>\n
\u0628\u0644\u0647\u060c \u062f\u0631 \u0628\u0627\u0644\u0627 \u0628\u0647 tcpdump \u06af\u0641\u062a\u06cc\u0645 \u0628\u0647 eth0 \u06af\u0648\u0634 \u0641\u0631\u0627 \u062f\u0647\u062f.
\n\u0627\u0645\u0627 \u0628\u06cc\u0627\u06cc\u06cc\u062f \u06a9\u0645\u06cc \u0641\u0631\u0645\u062a \u062e\u0631\u0648\u062c\u06cc \u0631\u0627 \u0628\u0631\u0631\u0633\u06cc \u06a9\u0646\u06cc\u0645:
\n\u0639\u0645\u0644\u06af\u0631 < \u0628\u06cc\u0646 \u062f\u0648 host \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u06af\u06cc\u0631\u0646\u062f \u0648 \u0646\u0634\u0627\u0646\u06af\u0631 \u0648\u0631\u0648\u062f\u06cc \u062e\u0631\u0648\u062c\u06cc \u0633\u06cc\u0633\u062a\u0645 \u0645\u06cc\u200c\u0628\u0627\u0634\u0646\u062f \u0628\u0647 \u062e\u0637 \u0632\u06cc\u0631 \u0646\u06af\u0627\u0647 \u06a9\u0646\u06cc\u062f:\n\n\n
21:55:39.774315 IP google-public-dns-a.google.com.domain > debian.47888: 33222 NXDomain 0\/1\/0 (103)<\/pre>\n
hostname \u0633\u06cc\u0633\u062a\u0645 \u0634\u062e\u0635\u06cc \u0645\u0646 debian \u0645\u06cc\u200c\u0628\u0627\u0634\u062f packet \u0627\u0632 \u0633\u06cc\u0633\u062a\u0645  google-public-dns-a.google.com \u0628\u0647 \u0633\u06cc\u0633\u062a\u0645 \u0645\u0646 \u0627\u0646\u062a\u0642\u0627\u0644 \u067e\u06cc\u062f\u0627 \u06a9\u0631\u062f\u0647 \u0627\u0633\u062a. \u0647\u0645\u0627\u0646\u0637\u0648\u0631 \u06a9\u0647 \u0627\u0632 \u0646\u0627\u0645\u0634 \u067e\u06cc\u062f\u0627\u0633\u062a resolve \u06a9\u0631\u062f\u0646 \u0628\u0648\u062f\u0647 \u06cc\u06a9 NXDomain \u0628\u0648\u062f\u0647 \u0627\u0633\u062a. \u0628\u0647 \u0632\u0648\u062f\u06cc \u0686\u0634\u0645\u062a\u0627\u0646 \u0628\u0627 \u0628\u0642\u06cc\u0647 \u0645\u0642\u0627\u062f\u06cc\u0631 \u0622\u0634\u0646\u0627 \u0645\u06cc\u200c\u0634\u0648\u062f.
\noption \u0647\u0627\u06cc \u062e\u0627\u0646\u0648\u0627\u062f\u0647 v- :<\/strong>
\nv- \u0647\u0645\u0627\u0646\u0637\u0648\u0631 \u06a9\u0647 \u0627\u0632 \u0646\u0627\u0645\u0634 \u067e\u06cc\u062f\u0627\u0633\u062a verbose mode \u0627\u0633\u062a. \u0627\u06cc\u0646 verbose mode \u0628\u0631\u0627\u06cc \u0641\u0631\u0645\u062a \u062e\u0631\u0648\u062c\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc\u200c\u0634\u0648\u062f.
\nvv-  \u0628\u0633\u062a\u0647\u200c\u200c\u0647\u0627 \u0631\u0627 \u0628\u0627\u0632 \u0645\u06cc\u200c\u06a9\u0646\u062f.  \u0648 \u0641\u06cc\u0644\u062f\u0647\u0627\u06cc \u0628\u06cc\u0634\u062a\u0631\u06cc \u0631\u0627 \u0628\u0647 \u0646\u0645\u0627\u06cc\u0634 \u0645\u06cc\u200c\u06af\u0630\u0627\u0631\u062f.
\nvvv- \u0628\u0647 \u0635\u0648\u0631\u062a \u06a9\u0627\u0645\u0644 \u06af\u0632\u06cc\u0646\u0647\u200c\u0647\u0627 \u0631\u0627 \u0646\u0645\u0627\u06cc\u0634 \u0645\u06cc\u200c\u062f\u0647\u062f.
\n\u0646\u06a9\u062a\u0647:<\/strong> \u0627\u06cc\u0646\u062c\u0627 \u0645\u062b\u0627\u0644 \u0646\u0645\u06cc\u0627\u0648\u0631\u06cc\u0645 \u0686\u0648\u0646 \u0641\u0631\u0636 \u0628\u0631 \u0627\u06cc\u0646 \u0627\u0633\u062a \u06a9\u0647 \u06a9\u0627\u0631\u0628\u0631\u06cc \u0634\u0645\u0627 \u0631\u0627 \u0646\u0645\u06cc\u200c\u062f\u0627\u0646\u06cc\u0645\u060c \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u0645\u062b\u0627\u0644\u060c \u06af\u0627\u0647\u06cc \u0628\u0631\u0627\u06cc \u0634\u062e\u0635\u06cc \u0628\u0627\u06cc\u062f \u06cc\u06a9 log \u0628\u06af\u06cc\u0631\u06cc\u062f \u0648 \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u0633\u0646\u062f \u0628\u0631\u0627\u06cc\u0634 \u0628\u0641\u0631\u0633\u062a\u06cc\u062f \u06a9\u0647 \u0628\u0647\u062a\u0631 \u0627\u0633\u062a log \u0634\u0645\u0627 \u06a9\u0627\u0645\u0644 \u0628\u0627\u0634\u062f. \u0627\u0645\u0627 \u0646\u0647 \u06af\u0627\u0647\u06cc \u0646\u06cc\u0627\u0632 \u0627\u0633\u062a \u0627\u0632 tcpdump \u0641\u0642\u0637 \u06cc\u06a9 grep \u06af\u0631\u0641\u062a\u0647 \u06a9\u0647 \u0628\u0627\u0632 \u0628\u0633\u062a\u0647 \u0628\u0647 \u0627\u06cc\u0646 \u06a9\u0647 \u0627\u0632 \u0686\u0647 \u0686\u06cc\u0632\u06cc \u0645\u06cc\u200c\u062e\u0648\u0627\u0647\u06cc\u062f grep \u0628\u06af\u06cc\u0631\u06cc\u062f \u0628\u0647 \u0622\u0646 \u0628\u0627\u06cc\u062f \u06af\u0632\u06cc\u0646\u0647 \u0627\u0636\u0627\u0641\u0647 \u06a9\u0646\u06cc\u062f \u0686\u0648\u0646 \u06a9\u0627\u0631 \u062e\u0648\u062f \u0631\u0627 \u0633\u062e\u062a \u06a9\u0631\u062f\u0647\u200c\u0627\u06cc\u062f. \u067e\u0633 \u0634\u0645\u0627 \u0628\u0627\u06cc\u062f \u062e\u0648\u062f \u0646\u06cc\u0627\u0632\u0633\u0646\u062c\u06cc \u06a9\u0646\u06cc\u062f \u062a\u0627 \u0628\u0647 \u0646\u062a\u06cc\u062c\u0647 \u0628\u0647\u062a\u0631\u06cc \u0628\u0631\u0633\u06cc\u062f.
\n\u067e\u0633 \u062e\u0648\u0627\u0647\u0634\u06cc \u06a9\u0647 \u0648\u062c\u0648\u062f \u062f\u0627\u0631\u062f \u0646\u06a9\u062a\u0647 \u0628\u0627\u0644\u0627 \u0631\u0627 \u062f\u0631 \u062a\u0645\u0627\u0645 \u0645\u062b\u0627\u0644\u200c\u0647\u0627 \u0631\u0639\u0627\u06cc\u062a \u0641\u0631\u0645\u0627\u06cc\u06cc\u062f.
\n\u0627\u0645\u0627 \u0686\u0646\u062f \u0645\u062b\u0627\u0644 \u0633\u0627\u062f\u0647:<\/strong>
\n\u0647\u0645\u0627\u0646\u0646\u062f \u0633\u0627\u06cc\u0631 \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u0645\u062b\u0644 netstat \u0634\u0645\u0627 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f hostname \u0647\u0627 \u0631\u0627 \u0646\u062f\u06cc\u062f \u06af\u0631\u0641\u062a\u0647 \u0648 \u0627\u0632 \u0641\u0631\u0645\u062a IP \u0622\u0646\u200c\u0647\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0646\u0645\u0627\u06cc\u06cc\u062f \u0647\u0645\u0627\u0646\u0646\u062f \u0632\u06cc\u0631 :<\/p>\n
root@debian:\/home\/mohsen# tcpdump  -i eth0 -n\r\ntcpdump: verbose output suppressed, use -v or -vv for full protocol decode\r\nlistening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes\r\n03:07:30.191457 IP 192.168.1.1.32865 > 239.255.255.250.1900: UDP, length 328\r\n03:07:30.300709 IP 192.168.1.1.32865 > 239.255.255.250.1900: UDP, length 328\r\n03:07:30.408663 IP 192.168.1.1.32865 > 239.255.255.250.1900: UDP, length 337\r\n03:07:30.518178 IP 192.168.1.1.32865 > 239.255.255.250.1900: UDP, length 337\r\n03:07:30.627724 IP 192.168.1.1.32865 > 239.255.255.250.1900: UDP, length 392\r\n03:07:30.737305 IP 192.168.1.1.32865 > 239.255.255.250.1900: UDP, length 392\r\n03:07:30.804819 IP 74.125.195.189.443 > 192.168.1.4.43132: Flags [P.], seq 2104755659:2104755718, ack 652043965, win 1653, options [nop,nop,TS val 166742941 ecr 4375072], length 59\r\n03:07:30.804895 IP 192.168.1.4.43132 > 74.125.195.189.443: Flags [.], ack 59, win 940, options [nop,nop,TS val 4381302 ecr 166742941], length 0\r\n03:07:30.847981 IP 192.168.1.1.32865 > 239.255.255.250.1900: UDP, length 402\r\n03:07:30.956411 IP 192.168.1.1.32865 > 239.255.255.250.1900: UDP, length 402\r\n^C\r\n10 packets captured\r\n10 packets received by filter\r\n0 packets dropped by kernel<\/pre>\n
tcpdump \u06cc\u06a9 option \u062f\u0627\u0631\u062f \u06a9\u0647 \u0628\u0647 \u0645\u0627 \u06a9\u0645\u06a9 \u0645\u06cc\u200c\u06a9\u0646\u062f \u06a9\u0647 \u062a\u0639\u062f\u0627\u062f \u0628\u0633\u062a\u0647 \u0631\u0627 \u0645\u0634\u062e\u0635 \u06a9\u0646\u06cc\u0645 \u0627\u0644\u0628\u062a\u0647 \u0628\u062f\u0631\u062f \u0627\u06cc\u0646 \u0645\u0642\u0627\u0644\u0647 \u0645\u06cc\u200c\u062e\u0648\u0631\u062f\u060c \u062f\u0631 \u062f\u0646\u06cc\u0627\u06cc \u0648\u0627\u0642\u0639\u06cc \u06a9\u0627\u0631\u0628\u0631\u062f \u06a9\u0645\u06cc \u062f\u0627\u0631\u062f \u0648\u0644\u06cc \u0628\u0647 \u062f\u0631\u062f \u0622\u0645\u0627\u0631 \u062f\u0631 \u0633\u0627\u0639\u062a \u0645\u06cc\u200c\u062e\u0648\u0631\u062f.
\n\u0628\u06cc\u0627\u06cc\u06cc\u062f \u062f\u0633\u062a\u0648\u0631 \u0632\u06cc\u0631 \u0631\u0627 \u0628\u0631\u0631\u0633\u06cc \u0646\u0645\u0627\u06cc\u06cc\u0645:<\/p>\n
root@debian:\/home\/mohsen# tcpdump -i eth0 -n -c2 -A -vvv\r\ntcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes\r\n03:11:49.131499 IP (tos 0x0, ttl 4, id 0, offset 0, flags [DF], proto UDP (17), length 356)\r\n    192.168.1.1.32865 > 239.255.255.250.1900: [udp sum ok] UDP, length 328\r\nE..d..@..............a.l.P..NOTIFY * HTTP\/1.1\r\nHOST: 239.255.255.250:1900\r\nCACHE-CONTROL: max-age=100\r\nLOCATION: http:\/\/192.168.1.1:49152\/description.xml\r\nNT: upnp:rootdevice\r\nNTS: ssdp:alive\r\nSERVER: Linux\/2.6.22.15, UPnP\/1.0, Portable SDK for UPnP devices\/1.3.1\r\nX-User-Agent: redsonic\r\nUSN: uuid:bc329e00-1dd8-11b2-8601-0026755d2a2e::upnp:rootdevice\r\n\r\n\r\n03:11:49.239209 IP (tos 0x0, ttl 4, id 0, offset 0, flags [DF], proto UDP (17), length 356)\r\n    192.168.1.1.32865 > 239.255.255.250.1900: [udp sum ok] UDP, length 328\r\nE..d..@..............a.l.P..NOTIFY * HTTP\/1.1\r\nHOST: 239.255.255.250:1900\r\nCACHE-CONTROL: max-age=100\r\nLOCATION: http:\/\/192.168.1.1:49152\/description.xml\r\nNT: upnp:rootdevice\r\nNTS: ssdp:alive\r\nSERVER: Linux\/2.6.22.15, UPnP\/1.0, Portable SDK for UPnP devices\/1.3.1\r\nX-User-Agent: redsonic\r\nUSN: uuid:bc329e00-1dd8-11b2-8601-0026755d2a2e::upnp:rootdevice\r\n\r\n\r\n2 packets captured\r\n4 packets received by filter\r\n0 packets dropped by kernel<\/pre>\n
\u062a\u062d\u0644\u06cc\u0644 \u067e\u0627\u0631\u0627\u0645\u062a\u0631\u200c\u0647\u0627\u06cc tcpdump:<\/strong> \u062f\u0631 \u0627\u0628\u062a\u062f\u0627 \u0628\u0647 \u0622\u0646 interface \u0631\u0627 \u0645\u0639\u0631\u0641\u06cc \u06a9\u0631\u062f\u06cc\u0645 \u0648 \u06af\u0641\u062a\u06cc\u0645 \u0647\u0645\u0647 \u0686\u06cc \u0631\u0627 \u0628\u0647\u0647 \u0635\u0648\u0631\u062a numeric \u0628\u0631\u06af\u0631\u062f\u0627\u0646. \u0633\u067e\u0633 \u0628\u0627  c2- \u0628\u0647 \u0622\u0646 \u06af\u0641\u062a\u06cc\u0645 \u062f\u0648 \u0628\u0633\u062a\u0647 \u0631\u0627 capture \u06a9\u0646. \u067e\u0627\u0631\u0627\u0645\u062a\u0631 A- \u0645\u06cc\u200c\u06af\u0648\u06cc\u062f \u0647\u0631 \u0646\u0648\u0639 \u0628\u0633\u062a\u0647\u200c\u0627\u06cc \u0631\u0627 capture \u06a9\u0646\u062f \u06a9\u0647 \u0627\u06cc\u0646 \u0627\u0635\u0644\u0627\u064b \u062e\u0648\u0628 \u0646\u06cc\u0633\u062a \u0648 \u062f\u0631 \u062c\u0644\u0648\u062a\u0631 \u0628\u0627 \u0622\u0646 \u0628\u0631\u062e\u0648\u0631\u062f \u0627\u0633\u0627\u0633\u06cc \u0645\u06cc\u200c\u0634\u0648\u062f. \u0648 \u062f\u0631 \u0646\u0647\u0627\u06cc\u062a \u0628\u0647 \u0635\u0648\u0631\u062a full \u0628\u0633\u062a\u0647 \u0648 option\u0647\u0627\u06cc \u0622\u0646 \u0631\u0627 \u0627\u0632 tcpdump \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u06a9\u0631\u062f\u06cc\u0645.<\/p>\n
\u062a\u062d\u0644\u06cc\u0644 \u0628\u0633\u062a\u0647\u200c\u0647\u0627:<\/strong> \u06a9\u0627\u0641\u06cc\u0633\u062a \u06a9\u0645\u06cc \u0628\u0627 \u0686\u0634\u0645 \u0628\u0647 \u0622\u0646 \u062f\u0648 \u0628\u0633\u062a\u0647 \u06a9\u0647 \u0628\u0627 blank line \u0627\u0632 \u0647\u0645 \u062c\u062f\u0627 \u0634\u062f\u0647\u200c\u0627\u0646\u062f \u062f\u0642\u062a \u06a9\u0646\u06cc\u0645. \u062f\u0648 \u0628\u0633\u062a\u0647 \u0627\u0632 \u0646\u0648\u0639 UDP \u06a9\u0647 \u0628\u0627 \u0637\u0648\u0644 \u06f3\u06f5\u06f6 \u0645\u06cc\u200c\u0628\u0627\u0634\u0646\u062f \u0648 TTL \u0628\u0631\u0627\u0628\u0631 \u06f4. \u0627\u0644\u0628\u062a\u0647 \u062c\u0632\u06cc\u06cc\u0627\u062a \u062e\u06cc\u0644\u06cc \u0628\u06cc\u0634\u062a\u0631 \u0642\u0627\u0628\u0644 \u0631\u0648\u06cc\u062a\u200c \u0647\u0633\u062a\u0646\u062f. \u0647\u0645\u0627\u0646\u0637\u0648\u0631 \u06a9\u0647 \u0642\u0628\u0644\u0627\u064b \u06af\u0641\u062a\u0647 \u0634\u062f vvv- \u062e\u06cc\u0644\u06cc \u0627\u0632 \u0628\u0633\u062a\u0647\u200c\u0647\u0627 \u0631\u0627 \u0628\u0627\u0632\u0646\u0645\u0648\u062f\u0647 \u0648 \u0627\u06cc\u0646 \u06f2 \u0628\u0633\u062a\u0647 \u0627\u0632 \u0646\u0648\u0639 Cache \u0645\u06cc\u200c\u0628\u0627\u0634\u0646\u062f \u0628\u0647 \u0637\u0648\u0631\u06cc \u06a9\u0647X-User-Agent \u0622\u0646\u200c\u0647\u0627 \u0647\u0645 \u0645\u0634\u062e\u0635 \u0627\u0633\u062a.
\n\u0628\u0647 \u0633\u0627\u062f\u06af\u06cc \u0645\u06cc\u200c\u062a\u0648\u0627\u0646 \u06af\u0632\u06cc\u0646\u0647 server \u0631\u0627 \u062f\u0631 \u0622\u0646 grep \u06a9\u0631\u062f\u0647 \u0648 \u0646\u062a\u06cc\u062c\u0647 \u0632\u06cc\u0631 \u0631\u0627 \u062d\u0627\u0635\u0644 \u06a9\u0631\u062f:<\/p>\n
root@debian:\/home\/mohsen# tcpdump -i eth0 -n -c2 -A -vvv |grep -i server \r\ntcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes\r\n2 packets captured\r\n8 packets received by filter\r\n0 packets dropped by kernel\r\nSERVER: Linux\/2.6.22.15, UPnP\/1.0, Portable SDK for UPnP devices\/1.3.1\r\nSERVER: Linux\/2.6.22.15, UPnP\/1.0, Portable SDK for UPnP devices\/1.3.1<\/pre>\n
\u0646\u06a9\u062a\u0647:<\/strong> \u062f\u0644 \u0628\u0647 \u0627\u06cc\u0646 grep \u06a9\u0631\u062f\u0646 \u062e\u0648\u0634 \u0646\u06a9\u0646\u06cc\u0645 \u0648 \u0628\u0647 \u0645\u062b\u0627\u0644\u200c\u0647\u0627\u06cc \u062c\u0644\u0648\u062a\u0631 \u06a9\u0647 \u0628\u0631\u0633\u06cc\u0645 \u0645\u06cc\u200c\u0641\u0647\u0645\u06cc\u0645 \u06a9\u0647 \u0647\u0631 \u0686\u0642\u062f\u0631 \u062c\u0644\u0648\u062a\u0631 \u0628\u0631\u0648\u06cc\u0645 \u0641\u0647\u0645\u0645\u0627\u0646 \u0631\u0627 \u0628\u0627\u06cc\u062f \u0627\u0632 \u0634\u0628\u06a9\u0647 \u0628\u06cc\u0634\u062a\u0631 \u06a9\u0646\u06cc\u0645.
\n\u0622\u06cc\u0627 \u0628\u0633\u062a\u0647 \u0628\u0627 vvv- \u0628\u0627\u0632 \u0634\u062f\u061f \u0628\u0644\u0647 \u0627\u0645\u0627 \u0647\u0646\u0648\u0632 \u0627\u0628\u0632\u0627\u0631 \u0634\u0645\u0627 \u06a9\u0645\u06cc \u0646\u0627\u0642\u0635 \u0627\u0633\u062a. \u0642\u0628\u0644\u0627\u064b xx- \u06a9\u0648\u0686\u06a9 \u0628\u0648\u062f \u06a9\u0647 \u0628\u0647 \u0635\u0648\u0631\u062a hex   \u0647\u062f\u0631\u0647\u0627\u06cc\u06cc \u0631\u0627 \u0628\u0627\u0632 \u0645\u06cc\u200c\u0646\u0645\u0648\u062f \u0627\u0645\u0627 deprecate \u0634\u062f. \u0628\u0647 \u062f\u0648 \u062f\u0644\u06cc\u0644: <\/p>\n