IP Header len=5*4=20 bytes, and for each line there’s 16 bytes units started from 0 unit. so the ip data starts from 0035 after 20 bytes header.
TCP Header starts after the IP Header in a IP packet, so if the first bytes stand 45 which means IPv4 and 5*4=20 bytes header, then we should count TCP header after first 20 bytes in a IP packet.
tcpdump -xX : -x will show ip packet data including link layers in hex; -X will show ip data in hex and ascii; so if you want to show data in hex and ascii, just use X is enough.
-n: Don’t convert addresses (i.e., host addresses, port numbers, etc.) to names.
-r: Read packets from file (which was created with the -w option). Standard input is used if file is ``-''.
if you want to pick up any of one offset byte’s bit set, just use ip$128=128, which means 128(Dec)=10000000 & ? =10000000. The symbol of & means and, which stands for: 0 and 0 = 0 0 and 1 = 0 1 and 0 = 0 1 and 1 = 1 just like a multiply function. so if we use 1111 to and any byte, we would be able to pick up any bit set we want. e.g: ip&0xf=0x5, or ip&0xf!=5
tcpdump -ni /Orange/Vlan_207 -f “ip host 10.240.8.8”
tcpdump -ni /Orange/Vlan_215 -f “port 8905”
config # openssl verify -purpose sslclient -CAfile /config/filestore/files_d/Orange_d/certificate_d/::Orange:Self_BSAPartnerSolutionOrder.crt_1 /tmp/Self_BSAPartnerSolutionOrder.cer