aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--doc/tshark.pod500
1 files changed, 250 insertions, 250 deletions
diff --git a/doc/tshark.pod b/doc/tshark.pod
index e037adc811..f9f7a9c76a 100644
--- a/doc/tshark.pod
+++ b/doc/tshark.pod
@@ -750,6 +750,30 @@ Currently implemented statistics are:
=item B<-z> camel,srt
+=item B<-z> conv,I<type>[,I<filter>]
+
+Create a table that lists all conversations that could be seen in the
+capture. I<type> specifies the conversation endpoint types for which we
+want to generate the statistics; currently the supported ones are:
+
+ "eth" Ethernet addresses
+ "fc" Fibre Channel addresses
+ "fddi" FDDI addresses
+ "ip" IPv4 addresses
+ "ipv6" IPv6 addresses
+ "ipx" IPX addresses
+ "tcp" TCP/IP socket pairs Both IPv4 and IPv6 are supported
+ "tr" Token Ring addresses
+ "udp" UDP/IP socket pairs Both IPv4 and IPv6 are supported
+
+If the optional I<filter> is specified, only those packets that match the
+filter will be used in the calculations.
+
+The table is presented with one line for each conversation and displays
+the number of packets/bytes in each direction as well as the total
+number of packets/bytes. The table is sorted according to the total
+number of frames.
+
=item B<-z> dcerpc,srt,I<uuid>,I<major>.I<minor>[,I<filter>]
Collect call/reply SRT (Service Response Time) data for DCERPC interface I<uuid>,
@@ -767,6 +791,154 @@ on those calls that match that filter.
Example: S<B<-z dcerpc,srt,12345778-1234-abcd-ef00-0123456789ac,1.0,ip.addr==1.2.3.4>> will collect SAMR
SRT statistics for a specific host.
+=item B<-z> diameter,avp[,I<cmd.code>,I<field>,I<field>,I<...>]
+
+This option enables extraction of most important diameter fields from large capture files.
+Exactly one text line for each diameter message with matched B<diameter.cmd.code> will be printed.
+
+Empty diameter command code or '*' can be specified to mach any B<diameter.cmd.code>
+
+Example: B<-z diameter,avp> extract default field set from diameter messages.
+
+Example: B<-z diameter,avp,280> extract default field set from diameter DWR messages.
+
+Example: B<-z diameter,avp,272> extract default field set from diameter CC messages.
+
+Extract most important fields from diameter CC messages:
+
+B<tshark -r file.cap.gz -q -z diameter,avp,272,CC-Request-Type,CC-Request-Number,Session-Id,Subscription-Id-Data,Rating-Group,Result-Code>
+
+Following fields will be printed out for each diameter message:
+
+ "frame" Frame number.
+ "time" Unix time of the frame arrival.
+ "src" Source address.
+ "srcport" Source port.
+ "dst" Destination address.
+ "dstport" Destination port.
+ "proto" Constant string 'diameter', which can be used for post processing of tshark output. E.g. grep/sed/awk.
+ "msgnr" seq. number of diameter message within the frame. E.g. '2' for the third diameter message in the same frame.
+ "is_request" '0' if message is a request, '1' if message is an answer.
+ "cmd" diameter.cmd_code, E.g. '272' for credit control messages.
+ "req_frame" Number of frame where matched request was found or '0'.
+ "ans_frame" Number of frame where matched answer was found or '0'.
+ "resp_time" response time in seconds, '0' in case if matched Request/Answer is not found in trace. E.g. in the begin or end of capture.
+
+B<-z diameter,avp> option is much faster than B<-V -T text> or B<-T pdml> options.
+
+B<-z diameter,avp> option is more powerful than B<-T field> and B<-z proto,colinfo> options.
+
+Multiple diameter messages in one frame are supported.
+
+Several fields with same name within one diameter message are supported, e.g. I<diameter.Subscription-Id-Data> or I<diameter.Rating-Group>.
+
+Note: B<tshark -q> option is recommended to suppress default B<tshark> output.
+
+=item B<-z> expert[I<,error|,warn|,note|,chat>][I<,filter>]
+
+Collects information about all expert info, and will display them in order,
+grouped by severity.
+
+Example: B<-z expert,sip> will show expert items of all severity for frames that
+match the sip protocol.
+
+This option can be used multiple times on the command line.
+
+If the optional I<filter> is provided, the stats will only be calculated
+on those calls that match that filter.
+
+Example: B<-z "expert,note,tcp"> will only collect expert items for frames that
+include the tcp protocol, with a severity of note or higher.
+
+=item B<-z> follow,I<prot>,I<mode>,I<filter>[I<,range>]
+
+Displays the contents of a TCP or UDP stream between two nodes. The data
+sent by the second node is prefixed with a tab to differentiate it from the
+data sent by the first node.
+
+I<prot> specifies the transport protocol. It can be one of:
+ B<tcp> TCP
+ B<udp> UDP
+
+I<mode> specifies the output mode. It can be one of:
+ B<ascii> ASCII output with dots for non-printable characters
+ B<hex> Hexadecimal and ASCII data with offsets
+ B<raw> Hexadecimal data
+
+Since the output in B<ascii> mode may contain newlines, the length of each section
+of output plus a newline precedes each section of output.
+
+I<filter> specifies the stream to be displayed. UDP streams are selected with
+IP address plus port pairs. TCP streams are selected with either the stream
+index or IP address plus port pairs. For example:
+ B<ip-addr0>:B<port0>,B<ip-addr1>:B<port1>
+ B<tcp-stream-index>
+
+I<range> optionally specifies which "chunks" of the stream should be displayed.
+
+Example: B<-z "follow,tcp,hex,1"> will display the contents of the first TCP
+stream in "hex" format.
+
+ ===================================================================
+ Follow: tcp,hex
+ Filter: tcp.stream eq 1
+ Node 0: 200.57.7.197:32891
+ Node 1: 200.57.7.198:2906
+ 00000000 00 00 00 22 00 00 00 07 00 0a 85 02 07 e9 00 02 ...".... ........
+ 00000010 07 e9 06 0f 00 0d 00 04 00 00 00 01 00 03 00 06 ........ ........
+ 00000020 1f 00 06 04 00 00 ......
+ 00000000 00 01 00 00 ....
+ 00000026 00 02 00 00
+
+Example: B<-z "follow,tcp,ascii,200.57.7.197:32891,200.57.7.198:2906"> will
+display the contents of a TCP stream between 200.57.7.197 port 32891 and
+200.57.7.98 port 2906.
+
+ ===================================================================
+ Follow: tcp,ascii
+ Filter: (ommitted for readability)
+ Node 0: 200.57.7.197:32891
+ Node 1: 200.57.7.198:2906
+ 38
+ ...".....
+ ................
+ 4
+ ....
+
+=item B<-z> h225,counter[I<,filter>]
+
+Count ITU-T H.225 messages and their reasons. In the first column you get a
+list of H.225 messages and H.225 message reasons, which occur in the current
+capture file. The number of occurrences of each message or reason is displayed
+in the second column.
+
+Example: B<-z h225,counter>.
+
+If the optional I<filter> is provided, the stats will only be calculated
+on those calls that match that filter.
+Example: use B<-z "h225,counter,ip.addr==1.2.3.4"> to only collect stats for
+H.225 packets exchanged by the host at IP address 1.2.3.4 .
+
+This option can be used multiple times on the command line.
+
+=item B<-z> h225,srt[I<,filter>]
+
+Collect requests/response SRT (Service Response Time) data for ITU-T H.225 RAS.
+Data collected is number of calls of each ITU-T H.225 RAS Message Type,
+Minimum SRT, Maximum SRT, Average SRT, Minimum in Packet, and Maximum in Packet.
+You will also get the number of Open Requests (Unresponded Requests),
+Discarded Responses (Responses without matching request) and Duplicate Messages.
+
+Example: B<-z h225,srt>
+
+This option can be used multiple times on the command line.
+
+If the optional I<filter> is provided, the stats will only be calculated
+on those calls that match that filter.
+
+Example: B<-z "h225,srt,ip.addr==1.2.3.4"> will only collect stats for
+ITU-T H.225 RAS packets exchanged by the host at IP address 1.2.3.4 .
+
=item B<-z> hosts[,ipv4][,ipv6]
Dump any collected IPv4 and/or IPv6 addresses in "hosts" format. Both IPv4
@@ -961,29 +1133,52 @@ the total number of bytes transmitted to the client (unidirectionally) at IP add
000.000- 33576 29721685 33576 29721685 870 29004801
=======================================================================================================================
-=item B<-z> conv,I<type>[,I<filter>]
+=item B<-z> mac-lte,stat[I<,filter>]
-Create a table that lists all conversations that could be seen in the
-capture. I<type> specifies the conversation endpoint types for which we
-want to generate the statistics; currently the supported ones are:
+This option will activate a counter for LTE MAC messages. You will get
+information about the maximum number of UEs/TTI, common messages and
+various counters for each UE that appears in the log.
- "eth" Ethernet addresses
- "fc" Fibre Channel addresses
- "fddi" FDDI addresses
- "ip" IPv4 addresses
- "ipv6" IPv6 addresses
- "ipx" IPX addresses
- "tcp" TCP/IP socket pairs Both IPv4 and IPv6 are supported
- "tr" Token Ring addresses
- "udp" UDP/IP socket pairs Both IPv4 and IPv6 are supported
+Example: B<-z mac-lte,stat>.
-If the optional I<filter> is specified, only those packets that match the
-filter will be used in the calculations.
+This option can be used multiple times on the command line.
-The table is presented with one line for each conversation and displays
-the number of packets/bytes in each direction as well as the total
-number of packets/bytes. The table is sorted according to the total
-number of frames.
+If the optional I<filter> is provided, the stats will only be calculated
+for those frames that match that filter.
+Example: B<-z "mac-lte,stat,mac-lte.rnti>3000"> will only collect stats for
+UEs with an assigned RNTI whose value is more than 3000.
+
+=item B<-z> megaco,rtd[I<,filter>]
+
+Collect requests/response RTD (Response Time Delay) data for MEGACO.
+(This is similar to B<-z smb,srt>). Data collected is the number of calls
+for each known MEGACO Type, MinRTD, MaxRTD and AvgRTD.
+Additionally you get the number of duplicate requests/responses,
+unresponded requests, responses, which don't match with any request.
+Example: B<-z megaco,rtd>.
+
+If the optional I<filter> is provided, the stats will only be calculated
+on those calls that match that filter.
+Example: B<-z "megaco,rtd,ip.addr==1.2.3.4"> will only collect stats for
+MEGACO packets exchanged by the host at IP address 1.2.3.4 .
+
+This option can be used multiple times on the command line.
+
+=item B<-z> mgcp,rtd[I<,filter>]
+
+Collect requests/response RTD (Response Time Delay) data for MGCP.
+(This is similar to B<-z smb,srt>). Data collected is the number of calls
+for each known MGCP Type, MinRTD, MaxRTD and AvgRTD.
+Additionally you get the number of duplicate requests/responses,
+unresponded requests, responses, which don't match with any request.
+Example: B<-z mgcp,rtd>.
+
+This option can be used multiple times on the command line.
+
+If the optional I<filter> is provided, the stats will only be calculated
+on those calls that match that filter.
+Example: B<-z "mgcp,rtd,ip.addr==1.2.3.4"> will only collect stats for
+MGCP packets exchanged by the host at IP address 1.2.3.4 .
=item B<-z> proto,colinfo,I<filter>,I<field>
@@ -1013,48 +1208,27 @@ B<-z "proto,colinfo,nfs.fh.hash && ip.src==1.2.3.4,nfs.fh.hash">
This option can be used multiple times on the command line.
-=item B<-z> diameter,avp[,I<cmd.code>,I<field>,I<field>,I<...>]
-
-This option enables extraction of most important diameter fields from large capture files.
-Exactly one text line for each diameter message with matched B<diameter.cmd.code> will be printed.
-
-Empty diameter command code or '*' can be specified to mach any B<diameter.cmd.code>
-
-Example: B<-z diameter,avp> extract default field set from diameter messages.
-
-Example: B<-z diameter,avp,280> extract default field set from diameter DWR messages.
-
-Example: B<-z diameter,avp,272> extract default field set from diameter CC messages.
-
-Extract most important fields from diameter CC messages:
-
-B<tshark -r file.cap.gz -q -z diameter,avp,272,CC-Request-Type,CC-Request-Number,Session-Id,Subscription-Id-Data,Rating-Group,Result-Code>
-
-Following fields will be printed out for each diameter message:
+=item B<-z> rlc-lte,stat[I<,filter>]
- "frame" Frame number.
- "time" Unix time of the frame arrival.
- "src" Source address.
- "srcport" Source port.
- "dst" Destination address.
- "dstport" Destination port.
- "proto" Constant string 'diameter', which can be used for post processing of tshark output. E.g. grep/sed/awk.
- "msgnr" seq. number of diameter message within the frame. E.g. '2' for the third diameter message in the same frame.
- "is_request" '0' if message is a request, '1' if message is an answer.
- "cmd" diameter.cmd_code, E.g. '272' for credit control messages.
- "req_frame" Number of frame where matched request was found or '0'.
- "ans_frame" Number of frame where matched answer was found or '0'.
- "resp_time" response time in seconds, '0' in case if matched Request/Answer is not found in trace. E.g. in the begin or end of capture.
+This option will activate a counter for LTE RLC messages. You will get
+information about common messages and various counters for each UE that appears
+in the log.
-B<-z diameter,avp> option is much faster than B<-V -T text> or B<-T pdml> options.
+Example: B<-z rlc-lte,stat>.
-B<-z diameter,avp> option is more powerful than B<-T field> and B<-z proto,colinfo> options.
+This option can be used multiple times on the command line.
-Multiple diameter messages in one frame are supported.
+If the optional I<filter> is provided, the stats will only be calculated
+for those frames that match that filter.
+Example: B<-z "rlc-lte,stat,rlc-lte.ueid>3000"> will only collect stats for
+UEs with a UEId of more than 3000.
-Several fields with same name within one diameter message are supported, e.g. I<diameter.Subscription-Id-Data> or I<diameter.Rating-Group>.
+=item B<-z> rpc,programs
-Note: B<tshark -q> option is recommended to suppress default B<tshark> output.
+Collect call/reply SRT data for all known ONC-RPC programs/versions.
+Data collected is number of calls for each protocol/version, MinSRT,
+MaxSRT and AvgSRT.
+This option can only be used once on the command line.
=item B<-z> rpc,srt,I<program>,I<version>[,I<filter>]
@@ -1071,13 +1245,6 @@ on those calls that match that filter.
Example: B<-z rpc,srt,100003,3,nfs.fh.hash==0x12345678> will collect NFS v3
SRT statistics for a specific file.
-=item B<-z> rpc,programs
-
-Collect call/reply SRT data for all known ONC-RPC programs/versions.
-Data collected is number of calls for each protocol/version, MinSRT,
-MaxSRT and AvgSRT.
-This option can only be used once on the command line.
-
=item B<-z> rtp,streams
Collect statistics for all RTP streams and calculate max. delta, max. and
@@ -1102,29 +1269,20 @@ on those calls that match that filter.
Example: B<-z scsi,srt,0,ip.addr==1.2.3.4> will collect SCSI SBC
SRT statistics for a specific iscsi/ifcp/fcip host.
-=item B<-z> smb,srt[,I<filter>]
-
-Collect call/reply SRT (Service Response Time) data for SMB. Data collected
-is number of calls for each SMB command, MinSRT, MaxSRT and AvgSRT.
+=item B<-z> sip,stat[I<,filter>]
-Example: B<-z smb,srt>
+This option will activate a counter for SIP messages. You will get the number
+of occurrences of each SIP Method and of each SIP Status-Code. Additionally
+you also get the number of resent SIP Messages (only for SIP over UDP).
-The data will be presented as separate tables for all normal SMB commands,
-all Transaction2 commands and all NT Transaction commands.
-Only those commands that are seen in the capture will have its stats
-displayed.
-Only the first command in a xAndX command chain will be used in the
-calculation. So for common SessionSetupAndX + TreeConnectAndX chains,
-only the SessionSetupAndX call will be used in the statistics.
-This is a flaw that might be fixed in the future.
+Example: B<-z sip,stat>.
This option can be used multiple times on the command line.
If the optional I<filter> is provided, the stats will only be calculated
on those calls that match that filter.
-
-Example: B<-z "smb,srt,ip.addr==1.2.3.4"> will only collect stats for
-SMB packets exchanged by the host at IP address 1.2.3.4 .
+Example: B<-z "sip,stat,ip.addr==1.2.3.4"> will only collect stats for
+SIP packets exchanged by the host at IP address 1.2.3.4 .
=item B<-z> smb,sids
@@ -1140,187 +1298,29 @@ S<B<-o "smb.sid_name_snooping:TRUE">> on the B<TShark> command line.
The current method used by B<TShark> to find the SID->name mapping
is relatively restricted with a hope of future expansion.
-=item B<-z> mgcp,rtd[I<,filter>]
-
-Collect requests/response RTD (Response Time Delay) data for MGCP.
-(This is similar to B<-z smb,srt>). Data collected is the number of calls
-for each known MGCP Type, MinRTD, MaxRTD and AvgRTD.
-Additionally you get the number of duplicate requests/responses,
-unresponded requests, responses, which don't match with any request.
-Example: B<-z mgcp,rtd>.
-
-This option can be used multiple times on the command line.
-
-If the optional I<filter> is provided, the stats will only be calculated
-on those calls that match that filter.
-Example: B<-z "mgcp,rtd,ip.addr==1.2.3.4"> will only collect stats for
-MGCP packets exchanged by the host at IP address 1.2.3.4 .
-
-=item B<-z> megaco,rtd[I<,filter>]
-
-Collect requests/response RTD (Response Time Delay) data for MEGACO.
-(This is similar to B<-z smb,srt>). Data collected is the number of calls
-for each known MEGACO Type, MinRTD, MaxRTD and AvgRTD.
-Additionally you get the number of duplicate requests/responses,
-unresponded requests, responses, which don't match with any request.
-Example: B<-z megaco,rtd>.
-
-If the optional I<filter> is provided, the stats will only be calculated
-on those calls that match that filter.
-Example: B<-z "megaco,rtd,ip.addr==1.2.3.4"> will only collect stats for
-MEGACO packets exchanged by the host at IP address 1.2.3.4 .
-
-This option can be used multiple times on the command line.
-
-=item B<-z> h225,counter[I<,filter>]
-
-Count ITU-T H.225 messages and their reasons. In the first column you get a
-list of H.225 messages and H.225 message reasons, which occur in the current
-capture file. The number of occurrences of each message or reason is displayed
-in the second column.
-
-Example: B<-z h225,counter>.
-
-If the optional I<filter> is provided, the stats will only be calculated
-on those calls that match that filter.
-Example: use B<-z "h225,counter,ip.addr==1.2.3.4"> to only collect stats for
-H.225 packets exchanged by the host at IP address 1.2.3.4 .
-
-This option can be used multiple times on the command line.
-
-=item B<-z> h225,srt[I<,filter>]
-
-Collect requests/response SRT (Service Response Time) data for ITU-T H.225 RAS.
-Data collected is number of calls of each ITU-T H.225 RAS Message Type,
-Minimum SRT, Maximum SRT, Average SRT, Minimum in Packet, and Maximum in Packet.
-You will also get the number of Open Requests (Unresponded Requests),
-Discarded Responses (Responses without matching request) and Duplicate Messages.
-
-Example: B<-z h225,srt>
-
-This option can be used multiple times on the command line.
-
-If the optional I<filter> is provided, the stats will only be calculated
-on those calls that match that filter.
-
-Example: B<-z "h225,srt,ip.addr==1.2.3.4"> will only collect stats for
-ITU-T H.225 RAS packets exchanged by the host at IP address 1.2.3.4 .
-
-=item B<-z> sip,stat[I<,filter>]
-
-This option will activate a counter for SIP messages. You will get the number
-of occurrences of each SIP Method and of each SIP Status-Code. Additionally
-you also get the number of resent SIP Messages (only for SIP over UDP).
-
-Example: B<-z sip,stat>.
-
-This option can be used multiple times on the command line.
-
-If the optional I<filter> is provided, the stats will only be calculated
-on those calls that match that filter.
-Example: B<-z "sip,stat,ip.addr==1.2.3.4"> will only collect stats for
-SIP packets exchanged by the host at IP address 1.2.3.4 .
-
-=item B<-z> mac-lte,stat[I<,filter>]
-
-This option will activate a counter for LTE MAC messages. You will get
-information about the maximum number of UEs/TTI, common messages and
-various counters for each UE that appears in the log.
-
-Example: B<-z mac-lte,stat>.
-
-This option can be used multiple times on the command line.
-
-If the optional I<filter> is provided, the stats will only be calculated
-for those frames that match that filter.
-Example: B<-z "mac-lte,stat,mac-lte.rnti>3000"> will only collect stats for
-UEs with an assigned RNTI whose value is more than 3000.
-
-=item B<-z> rlc-lte,stat[I<,filter>]
-
-This option will activate a counter for LTE RLC messages. You will get
-information about common messages and various counters for each UE that appears
-in the log.
-
-Example: B<-z rlc-lte,stat>.
-
-This option can be used multiple times on the command line.
-
-If the optional I<filter> is provided, the stats will only be calculated
-for those frames that match that filter.
-Example: B<-z "rlc-lte,stat,rlc-lte.ueid>3000"> will only collect stats for
-UEs with a UEId of more than 3000.
+=item B<-z> smb,srt[,I<filter>]
-=item B<-z> expert[I<,error|,warn|,note|,chat>][I<,filter>]
+Collect call/reply SRT (Service Response Time) data for SMB. Data collected
+is number of calls for each SMB command, MinSRT, MaxSRT and AvgSRT.
-Collects information about all expert info, and will display them in order,
-grouped by severity.
+Example: B<-z smb,srt>
-Example: B<-z expert,sip> will show expert items of all severity for frames that
-match the sip protocol.
+The data will be presented as separate tables for all normal SMB commands,
+all Transaction2 commands and all NT Transaction commands.
+Only those commands that are seen in the capture will have its stats
+displayed.
+Only the first command in a xAndX command chain will be used in the
+calculation. So for common SessionSetupAndX + TreeConnectAndX chains,
+only the SessionSetupAndX call will be used in the statistics.
+This is a flaw that might be fixed in the future.
This option can be used multiple times on the command line.
If the optional I<filter> is provided, the stats will only be calculated
on those calls that match that filter.
-Example: B<-z "expert,note,tcp"> will only collect expert items for frames that
-include the tcp protocol, with a severity of note or higher.
-
-=item B<-z> follow,I<prot>,I<mode>,I<filter>[I<,range>]
-
-Displays the contents of a TCP or UDP stream between two nodes. The data
-sent by the second node is prefixed with a tab to differentiate it from the
-data sent by the first node.
-
-I<prot> specifies the transport protocol. It can be one of:
- B<tcp> TCP
- B<udp> UDP
-
-I<mode> specifies the output mode. It can be one of:
- B<ascii> ASCII output with dots for non-printable characters
- B<hex> Hexadecimal and ASCII data with offsets
- B<raw> Hexadecimal data
-
-Since the output in B<ascii> mode may contain newlines, the length of each section
-of output plus a newline precedes each section of output.
-
-I<filter> specifies the stream to be displayed. UDP streams are selected with
-IP address plus port pairs. TCP streams are selected with either the stream
-index or IP address plus port pairs. For example:
- B<ip-addr0>:B<port0>,B<ip-addr1>:B<port1>
- B<tcp-stream-index>
-
-I<range> optionally specifies which "chunks" of the stream should be displayed.
-
-Example: B<-z "follow,tcp,hex,1"> will display the contents of the first TCP
-stream in "hex" format.
-
- ===================================================================
- Follow: tcp,hex
- Filter: tcp.stream eq 1
- Node 0: 200.57.7.197:32891
- Node 1: 200.57.7.198:2906
- 00000000 00 00 00 22 00 00 00 07 00 0a 85 02 07 e9 00 02 ...".... ........
- 00000010 07 e9 06 0f 00 0d 00 04 00 00 00 01 00 03 00 06 ........ ........
- 00000020 1f 00 06 04 00 00 ......
- 00000000 00 01 00 00 ....
- 00000026 00 02 00 00
-
-Example: B<-z "follow,tcp,ascii,200.57.7.197:32891,200.57.7.198:2906"> will
-display the contents of a TCP stream between 200.57.7.197 port 32891 and
-200.57.7.98 port 2906.
-
- ===================================================================
- Follow: tcp,ascii
- Filter: (ommitted for readability)
- Node 0: 200.57.7.197:32891
- Node 1: 200.57.7.198:2906
- 38
- ...".....
- ................
- 4
- ....
+Example: B<-z "smb,srt,ip.addr==1.2.3.4"> will only collect stats for
+SMB packets exchanged by the host at IP address 1.2.3.4 .
=back
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-25 18:38:37 +0000