mirror of
https://github.com/wader/fq.git
synced 2024-11-23 09:56:07 +03:00
25 lines
2.3 KiB
Plaintext
25 lines
2.3 KiB
Plaintext
# fq 'first(.. | select(format=="tcp")) | tobytes' many_interfaces.pcapng > tcp
|
|
$ fq -d tcp verbose /tcp
|
|
|00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f|0123456789abcdef|.: {} /tcp (tcp) 0x0-0x2b.7 (44)
|
|
0x00|c7 25 |.% | source_port: 50981 0x0-0x1.7 (2)
|
|
0x00| 01 bb | .. | destination_port: "https" (443) (http protocol over TLS/SSL) 0x2-0x3.7 (2)
|
|
0x00| 2b ce 2e 8a | +... | sequence_number: 734932618 0x4-0x7.7 (4)
|
|
0x00| 00 00 00 00 | .... | acknowledgment_number: 0 0x8-0xb.7 (4)
|
|
0x00| b0 | . | data_offset: 11 0xc-0xc.3 (0.4)
|
|
0x00| b0 | . | reserved: 0 0xc.4-0xc.6 (0.3)
|
|
0x00| b0 | . | ns: false 0xc.7-0xc.7 (0.1)
|
|
0x00| 02 | . | cwr: false 0xd-0xd (0.1)
|
|
0x00| 02 | . | ece: false 0xd.1-0xd.1 (0.1)
|
|
0x00| 02 | . | urg: false 0xd.2-0xd.2 (0.1)
|
|
0x00| 02 | . | ack: false 0xd.3-0xd.3 (0.1)
|
|
0x00| 02 | . | psh: false 0xd.4-0xd.4 (0.1)
|
|
0x00| 02 | . | rst: false 0xd.5-0xd.5 (0.1)
|
|
0x00| 02 | . | syn: true 0xd.6-0xd.6 (0.1)
|
|
0x00| 02 | . | fin: false 0xd.7-0xd.7 (0.1)
|
|
0x00| ff ff| ..| window_size: 65535 0xe-0xf.7 (2)
|
|
0x10|45 e4 |E. | checksum: 0x45e4 0x10-0x11.7 (2)
|
|
0x10| 00 00 | .. | urgent_pointer: 0 0x12-0x13.7 (2)
|
|
0x10| 02 04 05 b4 01 03 03 05 01 01 08 0a| ............| options: raw bits 0x14-0x2b.7 (24)
|
|
0x20|4b 2a 91 21 00 00 00 00 04 02 00 00| |K*.!........| |
|
|
| | | data: raw bits 0x2c-NA (0)
|