tcpdumpやwiresharkでARPのオペレーションや、ICMPのタイプとコードを指定してパケットを収集する方法を忘れることが多いのでメモ。
ARP(RARP)
| ARP Request | "arp[6:2]=0x0001" |
|---|---|
| ARP Reply | "arp[6:2]=0x0002" |
| RARP Request | "arp[6:2]=0x0003" |
| RARP Reply | "arp[6:2]=0x0004" |
Address Resolution Protocol (ARP) Parameters(www.iana.org)
ICMP
| Echo Request (Type:8,Code:0) | "icmp[0:2]=0x0800" |
|---|---|
| Echo Reply (Type:0,Code:0) | "icmp[0:2]=0x0000" |
| Time to Live exceeded in Transit (Type:11,Code:0) | "icmp[0:2]=0x0B00" |
| Port Unreachable (Type:3,Code:3) | "icmp[0:2]=0x0303" |
| Communication with Destination Host is Administratively Prohibited (Type:3,Code:10) | "icmp[0:2]=0x030A" |
| Fragmentation Needed and Don't Fragment was Set (Type:3,Code:4) | "icmp[0:2]=0x0304" |
| Source Route Failed (Type:3,Code:5) | "icmp[0:2]=0x0305" |
| Fragment Reassembly Time Exceeded (Type:11,Code:1) | "icmp[0:2]=0x0B01" |
ICMP TYPE NUMBERS(www.iana.org)
