Created
July 22, 2019 18:01
-
-
Save idosch/7391b77da0b16182406189561fdfa1ef to your computer and use it in GitHub Desktop.
dropwatch and tshark example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dropwatch> set alertmode packet | |
Setting alert mode | |
Alert mode successfully set | |
dropwatch> | |
dropwatch> set trunc 64 | |
Setting truncation length to 64 | |
Truncation length successfully set | |
dropwatch> | |
dropwatch> show | |
Getting existing configuration | |
Alert mode: Packet | |
Truncation length: 64 | |
dropwatch> | |
dropwatch> start | |
Enabling monitoring... | |
Kernel monitoring activated. | |
Issue Ctrl-C to stop monitoring | |
drop at br_stp_rcv+0x1ac/0x118e (0xffffffff96fc8d0c) netdev enp0s20f0 (4) timestamp Mon Jul 22 20:50:36 2019 705017383 nsec length 64 original length 119 | |
drop at ip6_mc_input+0x8b8/0xef8 (0xffffffff96e5d8b8) netdev enp0s20f0 (4) timestamp Mon Jul 22 20:50:37 2019 120095601 nsec length 64 original length 114 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Linux netlink (cooked header) | |
Link-layer address type: Netlink (824) | |
Family: Generic (0x0010) | |
Linux Generic Netlink protocol | |
Netlink message header (type: 0x0018) | |
Length: 192 | |
Family ID: 0x18 (NET_DM) | |
Flags: 0x0000 | |
.... .... .... ...0 = Request: 0 | |
.... .... .... ..0. = Multipart message: 0 | |
.... .... .... .0.. = Ack: 0 | |
.... .... .... 0... = Echo: 0 | |
.... .... ...0 .... = Dump inconsistent: 0 | |
.... .... ..0. .... = Dump filtered: 0 | |
Sequence: 0 | |
Port ID: 0 | |
Command: Drop alert (packet) (5) | |
Family Version: 2 | |
Reserved | |
Linux net_dm (network drop monitor) protocol | |
Attribute: Drop location (PC): 0xffffffffaa057286 | |
Len: 12 | |
Type: 0x0002, Drop location (PC) (2) | |
0... .... .... .... = Nested: 0 | |
.0.. .... .... .... = Network byte order: 0 | |
Attribute type: Drop location (PC) (2) | |
Program counter: 0xffffffffaa057286 | |
Attribute: Drop location (symbol): __netif_receive_skb_core+0xcb6/0x2830 | |
Len: 42 | |
Type: 0x0003, Drop location (symbol) (3) | |
0... .... .... .... = Nested: 0 | |
.0.. .... .... .... = Network byte order: 0 | |
Attribute type: Drop location (symbol) (3) | |
Symbol: __netif_receive_skb_core+0xcb6/0x2830 | |
Attribute: Net device index: 9 | |
Len: 8 | |
Type: 0x0004, Net device index (4) | |
0... .... .... .... = Nested: 0 | |
.0.. .... .... .... = Network byte order: 0 | |
Attribute type: Net device index (4) | |
Net device index: 9 | |
Attribute: Net device name: swp3 | |
Len: 9 | |
Type: 0x0005, Net device name (5) | |
0... .... .... .... = Nested: 0 | |
.0.. .... .... .... = Network byte order: 0 | |
Attribute type: Net device name (5) | |
Net device name: swp3 | |
Attribute: Timestamp | |
Len: 20 | |
Type: 0x0006, Timestamp (6) | |
0... .... .... .... = Nested: 0 | |
.0.. .... .... .... = Network byte order: 0 | |
Attribute type: Timestamp (6) | |
Timestamp: Jul 21, 2019 18:30:37.057724511 IDT | |
Attribute: Original length: 98 | |
Len: 8 | |
Type: 0x000a, Original length (10) | |
0... .... .... .... = Nested: 0 | |
.0.. .... .... .... = Network byte order: 0 | |
Attribute type: Original length (10) | |
Original length: 98 | |
Attribute: Payload | |
Len: 68 | |
Type: 0x0007, Payload (7) | |
0... .... .... .... = Nested: 0 | |
.0.. .... .... .... = Network byte order: 0 | |
Attribute type: Payload (7) | |
Ethernet II, Src: e4:1d:2d:a5:f3:40, Dst: 7c:fe:90:ff:27:d1 | |
Destination: 7c:fe:90:ff:27:d1 | |
Address: 7c:fe:90:ff:27:d1 | |
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) | |
.... ...0 .... .... .... .... = IG bit: Individual address (unicast) | |
Source: e4:1d:2d:a5:f3:40 | |
Address: e4:1d:2d:a5:f3:40 | |
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) | |
.... ...0 .... .... .... .... = IG bit: Individual address (unicast) | |
Type: IPv4 (0x0800) | |
Internet Protocol Version 4, Src: 192.0.2.2, Dst: 192.0.2.1 | |
0100 .... = Version: 4 | |
.... 0101 = Header Length: 20 bytes (5) | |
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) | |
0000 00.. = Differentiated Services Codepoint: Default (0) | |
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) | |
Total Length: 84 | |
[Expert Info (Error/Protocol): IPv4 total length exceeds packet length (50 bytes)] | |
[IPv4 total length exceeds packet length (50 bytes)] | |
[Severity level: Error] | |
[Group: Protocol] | |
Identification: 0xce92 (52882) | |
Flags: 0x4000, Don't fragment | |
0... .... .... .... = Reserved bit: Not set | |
.1.. .... .... .... = Don't fragment: Set | |
..0. .... .... .... = More fragments: Not set | |
...0 0000 0000 0000 = Fragment offset: 0 | |
Time to live: 64 | |
Protocol: ICMP (1) | |
Header checksum: 0xe812 [validation disabled] | |
[Header checksum status: Unverified] | |
Source: 192.0.2.2 | |
Destination: 192.0.2.1 | |
Internet Control Message Protocol | |
Type: 8 (Echo (ping) request) | |
Code: 0 | |
Checksum: 0xea7d incorrect, should be 0x7317 | |
[Expert Info (Warning/Checksum): Bad checksum [should be 0x7317]] | |
[Bad checksum [should be 0x7317]] | |
[Severity level: Warning] | |
[Group: Checksum] | |
[Checksum Status: Bad] | |
Identifier (BE): 19432 (0x4be8) | |
Identifier (LE): 59467 (0xe84b) | |
Sequence number (BE): 4612 (0x1204) | |
Sequence number (LE): 1042 (0x0412) | |
Timestamp from icmp data: Jul 21, 2019 18:30:37.000000000 IDT | |
[Timestamp from icmp data (relative): 0.068574000 seconds] | |
Data (14 bytes) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment