IP Header len=5*4=20 bytes, and for each line there’s 16 bytes units started from 0 unit. so the ip data starts from 0035 after 20 bytes header.

TCP Header starts after the IP Header in a IP packet, so if the first bytes stand 45 which means IPv4 and 5*4=20 bytes header, then we should count TCP header after first 20 bytes in a IP packet.

tcpdump -xX : -x will show ip packet data including link layers in hex; -X will show ip data in hex and ascii; so if you want to show data in hex and ascii, just use X is enough.

-n: Don’t convert addresses (i.e., host addresses, port numbers, etc.) to names.

-r: Read packets from file (which was created with the -w option).  Standard input is used if file is ``-''.

if you want to pick up any of one offset byte’s bit set, just use ip[8]$128=128, which means 128(Dec)=10000000 & ? =10000000. The symbol of & means and, which stands for: 0 and 0 = 0 0 and 1 = 0 1 and 0 = 0 1 and 1 = 1 just like a multiply function. so if we use 1111 to and any byte, we would be able to pick up any bit set we want. e.g: ip[0]&0xf=0x5, or ip[0]&0xf!=5

tcpdump -ni /Orange/Vlan_207 -f “ip host 10.240.8.8”

tcpdump -ni /Orange/Vlan_215 -f “port 8905”

config # openssl verify -purpose sslclient -CAfile /config/filestore/files_d/Orange_d/certificate_d/::Orange:Self_BSAPartnerSolutionOrder.crt_1 /tmp/Self_BSAPartnerSolutionOrder.cer

操作方法是: