perrotcp.8.in

记录IP/TCP/UDP/ICMP网络包日志

.TH PERROTCP 8 "@releasedate@" "Release @version@" "PERROTCP"
.SH NAME
perrotcp \- TCP packet logger.
.SH SYNOPSIS
.B perrotcp
[\-q] [\-lwr] [-f flagmask] [-i hostname[/mask]]
.SH DESCRIPTION
.B perrotcp
is a daemon that logs all TCP packets that your host receives.
.SS OPTIONS
.TP
.I "\-q"
Quiet mode. Do not send output to stdout. Only error messages
are printed.
.TP
.I "\-l"
Make a simple human readeable log.
.TP
.I "\-w"
Log raw data, exactly as it was read from the socket, prefixing to each
packet, sizeof( time_t) bytes containing the date when the packet arrived.
You can later interpret this data, obtaining a detailed report of the
packet data using the program
.IR ipretperro .
.TP
.I "\-r"
Resolve domain names. By default the program won't resolve
IP addresses to domain names because of the slow down it produces.
.TP
.I "\-f flagmask"
Only log packets that matches
.IR flagmask .
The TCP header flags are six, each, one bit long. They are
.IR URG ,
.IR ACK ,
.IR PUSH ,
.IR RST ,
.IR SYN
and
.IR FIN .
They are arranged in the TCP header in that order. To log
packets that have set any of them, you must use a number with
a 1 at the flag position. If you want to log packets with two
or more flags set, you must use a logic
.B OR
with the numbers of each flag. So, to log TCP packets
with only the
.B SYN
flag on, and all others off, you must use a
.B flagmask
of
.IR 2 .
To detect
.B FIN
scannings set it to
.IR 1 .
To detect both
.B SYN
and
.B FIN
you must use a
.IR 3 .
If it is confusing see the file
.B TCP.flags.txt
in the documentation of Perro.
.TP
.I "\-i hostname[/mask]"
Ignore packets.
.B
hostname
can be a hostname, a network name, or an IP address.
The
.B
mask
can be a network mask or a number that specify the number of ones
at the left side of the network mask. So, a mask of
.B 16
is the same that
.IR 255.255.0.0 .
You can also use this option more than once, to ignore logging
packets from hosts that belong to different networks.
.SH FILES
@logdir@/tcp.log      TCP simple human readeable log
.PP
@logdir@/tcp.raw      time + TCP raw data (header + data)
.SH SEE ALSO
.BR ipretperro (8),
.BR perroicmp (8),
.BR perroudp (8).
.SH BUGS
None for now, if you find one, email it to me <diego@grigna.com>
.SH VERSION
Perro is now at version @version@.
.PP
The latest version of Perro could be found at:
    http://www.grigna.com/diego/linux/perro/
.SH AUTHOR
.PP
    Diego Javier Grigna <diego@grigna.com>