10 More Discussions You Might Find Interesting
1. Solaris
I'd like to use SPARC Solaris10 to 'wake up' an old PC on same LAN.
what is the simplest way of doing it? (preferably without installing new software)
thanks. (14 Replies)
Discussion started by: orange47
14 Replies
2. Solaris
I have problem with oracle solaris 10 running on oracle sparc T4-2 server.
Os information: 5.10 Generic_150400-03 sun4v sparc sun4v
Output from tcpstat.d script
TCP bytes: out outRetrans in inDup inUnorder
6833763 7300 98884 0... (2 Replies)
Discussion started by: insatiable1610
2 Replies
3. AIX
(5 Replies)
Discussion started by: Vishal_dba
5 Replies
4. Solaris
Greetings, I'm stuck in a time warp using ancient machines from the prehistoric era that should be rightfully displayed in the Smithsonian.
We're running Solaris 7 on FDDI n/w on an E6500 host and wish to use MTU (packet size) > 1500, more like 3072 bytes to begin with and possibly up to 4096... (9 Replies)
Discussion started by: sharique
9 Replies
5. UNIX for Advanced & Expert Users
We're running Solaris 7 on FDDI n/w on an E6500 host and wish to use MTU (packet size) > 1500, more like 3072 bytes to begin with and possibly up to 4096 bytes.
Linux has /etc/network/interfaces. Does ANYONE remember the equivalent in Unix? When I do ifconfig eth0 mtu 4000, I get the error... (0 Replies)
Discussion started by: sharique
0 Replies
6. Programming
Hi all,
I need to change the source port number of an outgoing TCP packet. First I have to bind the socket to a particular port(suppose 9001) but when I send the TCP packet I want to change the source port number lets say to 9002 still letting the socket to be bound to the same old port (9001).... (0 Replies)
Discussion started by: anuragrai134
0 Replies
7. IP Networking
Hello,
I'm having an issue with TCP sockets.
When the TCP connection is terminated on one end, TCP packet with RST flag set is being sent to the sender. All the packets sent so far were carrying the DSCP 'AF21' set by me. But packet with RST flag is carrying DSCP '0'.
Is this expected or... (0 Replies)
Discussion started by: Solace
0 Replies
8. HP-UX
how to get network packet size
I would like get network output rate(kb/sec)
I type command "netstat -i"
Ipkts Ierrs Opkts Oerrs 653387 0 678202 0
but i didn't know what is it packet size ,
how could i get it? (1 Reply)
Discussion started by: alert0919
1 Replies
9. UNIX for Advanced & Expert Users
Hi,
When i try this command
ping ukblx151.ukhx.astrazeneca.net -n 3 | grep icmp
it gives following error :mad::
0821-077 ping: illegal packet size.
But when i give command
ping ukblx151.ukhx.astrazeneca.net
It returns correct output.:D
Could you please help? (2 Replies)
Discussion started by: vishal_ranjan
2 Replies
10. IP Networking
Hi,
Is there any way that i can directly take out the IP packet and see its contents.
Waiting for your answer ..............
Bye (4 Replies)
Discussion started by: manjunath
4 Replies
PF.OS(5) BSD File Formats Manual PF.OS(5)
NAME
pf.os -- format of the operating system fingerprints file
DESCRIPTION
The pf(4) firewall and the tcpdump(8) program can both fingerprint the operating system of hosts that originate an IPv4 TCP connection. The
file consists of newline-separated records, one per fingerprint, containing nine colon (':') separated fields. These fields are as follows:
window The TCP window size.
TTL The IP time to live.
df The presence of the IPv4 don't fragment bit.
packet size The size of the initial TCP packet.
TCP options An ordered list of the TCP options.
class The class of operating system.
version The version of the operating system.
subtype The subtype of patchlevel of the operating system.
description The overall textual description of the operating system, version and subtype.
The window field corresponds to the th->th_win field in the TCP header and is the source host's advertised TCP window size. It may be
between zero and 65,535 inclusive. The window size may be given as a multiple of a constant by prepending the size with a percent sign '%'
and the value will be used as a modulus. Three special values may be used for the window size:
* An asterisk will wildcard the value so any window size will match.
S Allow any window size which is a multiple of the maximum segment size (MSS).
T Allow any window size which is a multiple of the maximum transmission unit (MTU).
The ttl value is the initial time to live in the IP header. The fingerprint code will account for the volatility of the packet's TTL as it
traverses a network.
The df bit corresponds to the Don't Fragment bit in an IPv4 header. It tells intermediate routers not to fragment the packet and is used for
path MTU discovery. It may be either a zero or a one.
The packet size is the literal size of the full IP packet and is a function of all of the IP and TCP options.
The TCP options field is an ordered list of the individual TCP options that appear in the SYN packet. Each option is described by a single
character separated by a comma and certain ones may include a value. The options are:
Mnnn maximum segment size (MSS) option. The value is the maximum packet size of the network link which may include the '%'
modulus or match all MSSes with the '*' value.
N the NOP option (NO Operation).
T[0] the timestamp option. Certain operating systems always start with a zero timestamp in which case a zero value is added to
the option; otherwise no value is appended.
S the Selective ACKnowledgement OK (SACKOK) option.
Wnnn window scaling option. The value is the size of the window scaling which may include the '%' modulus or match all window
scalings with the '*' value.
No TCP options in the fingerprint may be given with a single dot '.'.
An example of OpenBSD's TCP options are:
M*,N,N,S,N,W0,N,N,T
The first option M* is the MSS option and will match all values. The second and third options N will match two NOPs. The fourth option S
will match the SACKOK option. The fifth N will match another NOP. The sixth W0 will match a window scaling option with a zero scaling size.
The seventh and eighth N options will match two NOPs. And the ninth and final option T will match the timestamp option with any time value.
The TCP options in a fingerprint will only match packets with the exact same TCP options in the same order.
The class field is the class, genre or vendor of the operating system.
The version is the version of the operating system. It is used to distinguish between different fingerprints of operating systems of the
same class but different versions.
The subtype is the subtype or patch level of the operating system version. It is used to distinguish between different fingerprints of oper-
ating systems of the same class and same version but slightly different patches or tweaking.
The description is a general description of the operating system, its version, patchlevel and any further useful details.
EXAMPLES
The fingerprint of a plain OpenBSD 3.3 host is:
16384:64:1:64:M*,N,N,S,N,W0,N,N,T:OpenBSD:3.3::OpenBSD 3.3
The fingerprint of an OpenBSD 3.3 host behind a PF scrubbing firewall with a no-df rule would be:
16384:64:0:64:M*,N,N,S,N,W0,N,N,T:OpenBSD:3.3:!df:OpenBSD 3.3 scrub no-df
An absolutely braindead embedded operating system fingerprint could be:
65535:255:0:40:.:DUMMY:1.1:p3:Dummy embedded OS v1.1p3
The tcpdump(8) output of
# tcpdump -s128 -c1 -nv 'tcp[13] == 2'
03:13:48.118526 10.0.0.1.3377 > 10.0.0.2.80: S [tcp sum ok]
534596083:534596083(0) win 57344 <mss 1460> (DF) [tos 0x10]
(ttl 64, id 11315, len 44)
almost translates into the following fingerprint
57344:64:1:44:M1460: exampleOS:1.0::exampleOS 1.0
SEE ALSO
pf(4), pf.conf(5), pfctl(8), tcpdump(8)
BSD
May 31, 2007 BSD