Network Interface Packet Analyser, 1.3.0
*** This product is licenced to: Acme Inc ***
*** Demo Copy ***
Verbosity level is 2
Input contains 1 packet-capture session.
Session 1: Hostname=alpha, Interface: le0
Base time is Wed Apr 9 14:35:54 2008
- Evt=2 (21.854016): ETH; IP: beta->alpha <DF,LAST>, id=44697.0; UDP: SUNRPC->33273; data=28 [RPC R=876903651, status=0,0]
- Evt=3 (21.854017): ETH; IP: alpha->beta <DF,LAST>, id=13864.0; UDP: 33273->32940; data=40 [RPC C=893680867, mountd.2.Null]
- Evt=4 (22.389518): ETH; IP: beta->alpha <DF,LAST>, id=44698.0; UDP: 32940->33273; data=24 [RPC R=893680867, status=0,0]
- Evt=5 (22.398333): ETH; IP: alpha->beta <DF,LAST>, id=13865.0; UDP: 748->32940; data=124 [RPC C=910458083, mountd.2.Mount]
- Evt=6 (23.331688): ETH; IP: beta->alpha <DF,LAST>, id=44699.0; UDP: 32940->748; data=60 [RPC R=910458083, status=0,0]
- Evt=8 (23.607301): ETH; IP: beta->alpha <DF,LAST>, id=44700.0; UDP: SUNRPC->33274; data=28 [RPC R=877208772, status=0,0]
- Evt=12 (24.676339): ETH; IP: beta->alpha <DF,LAST>, id=44702.0; UDP: SUNRPC->33275; data=28 [RPC R=877343965, status=0,0]
- Evt=13 (24.687295): ETH; IP: alpha->beta <DF,LAST>, id=13869.0; UDP: 33276->NFSD; data=40 [RPC C=877030784, nfs.2.Null]
- Evt=14 (25.066842): ETH; IP: beta->alpha <DF,LAST>, id=44703.0; UDP: NFSD->33276; data=24 [RPC R=877030784, status=0,0]
- Evt=15 (26.731577): ETH; IP: alpha->beta <DF,LAST>, id=13870.0; UDP: 1022->NFSD; data=144 [RPC C=2164886821, nfs.2.GetAttr]
- Evt=16 (27.098874): ETH; IP: beta->alpha <DF,LAST>, id=44704.0; UDP: NFSD->1022; data=96 [RPC R=2164886821, status=0,0]
- Evt=40 (43.869669): ETH; IP: beta->alpha <DF,LAST>, id=44716.0; UDP: NFSD->1022; data=128 [RPC R=2366213413, status=0,0]
- Evt=41 (43.869670): ETH; IP: alpha->beta <DF,LAST>, id=13883.0; UDP: 1022->NFSD; data=156 [RPC C=2382990629, nfs.2.Lookup]
- Evt=42 (44.355381): ETH; IP: beta->alpha <DF,LAST>, id=44717.0; UDP: NFSD->1022; data=128 [RPC R=2382990629, status=0,0]
- Evt=43 (44.355382): ETH; IP: alpha->beta <DF,LAST>, id=13884.0; UDP: 1022->NFSD; data=156 [RPC C=2399767845, nfs.2.Lookup]
- Evt=44 (44.756348): ETH; IP: beta->alpha <DF,LAST>, id=44718.0; UDP: NFSD->1022; data=128 [RPC R=2399767845, status=0,0]
- Evt=45 (54.444795): END - packet-capture session terminated normally
End Of File
Observations
- The event number is now followed by a timestamp, with microsecond
resolution. This is measured relative to the start time of the niftap session.
- The presence of the ethernet header is now indicated. Level-2 displays do
not omit any protocol layers, but nor do they show any parameters for those
that are layered below IP. The exception is for ethernet or FDDI broadcasts,
in which case nifpan will mention that it was a broadcast packet.
- More parameters are shown, for layers 3 and 4 (IP, ICMP, UDP, TCP,
etc).
In this example, we can see that the IP flags. Don't Fragment and
Last Fragment (DF,LAST) were in effect in these packets. Other
possible flags are MF (opposite of DF) and MORE (opposite
of LAST).
IP's datagram ID and datagram offset are also shown.