msgid "" msgstr "" "Project-Id-Version: French (cnp3-ebook)\n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2026-04-19 00:56+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: French \n" "Language: fr\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n > 1;\n" "X-Generator: Weblate 5.14.3\n" #: ../../exercises/trace.rst:6 msgid "Analyzing packet traces" msgstr "" #: ../../exercises/trace.rst:8 msgid "" "When debugging networking problems or to figure out performance problems, it " "is sometimes useful to capture the segments that are exchanged between two " "hosts and to analyze them." msgstr "" #: ../../exercises/trace.rst:10 msgid "" "Several packet trace analysis tools are available, either as commercial or " "open-source tools. These tools are able to capture all the packets exchanged " "on a link. Of course, capturing packets require administrator privileges. " "They can also analyze the content of the captured packets and display " "information about them. The captured packets can be stored in a file for " "offline analysis." msgstr "" #: ../../exercises/trace.rst:12 msgid "" "tcpdump_ is probably one of the most well known packet capture software. It " "is able to both capture packets and display their content. tcpdump_ is a " "text-based tool that can display the value of the most important fields of " "the captured packets. Additional information about tcpdump_ may be found in " ":manpage:`tcpdump(1)`." msgstr "" #: ../../exercises/trace.rst:15 msgid "" "As an illustration, let us use tcpdump_ to analyze the packets exchanged " "while executing the following command on a Linux host:" msgstr "" #: ../../exercises/trace.rst:28 msgid "" "The ``-6`` parameter passed to curl_ forces the utilization of IPv6. curl_ " "returns an HTML page that indicates that https must be used instead of http " "to access this web site." msgstr "" #: ../../exercises/trace.rst:35 msgid "" "A first solution to analyze this trace is to use tcpdump_ on the command " "line. The `-n` disables the reverse DNS lookups that tcpdump_ does by " "default for all IP addresses. The `-r` argument is the name of the file " "contained the captured packets. The trace starts with the DNS request. This " "request was sent over IPv4 which is the default on this host. tcpdump_ " "indicates the query and the response returned by the local DNS resolver." msgstr "" #: ../../exercises/trace.rst:45 msgid "" "The following three lines of the tcpdump_ output correspond to TCP's three-" "way handshake. There are several interesting points to note in this output. " "First, ``Flags [S]`` indicates that the `SYN` flag was set in the first and " "second segments. In this first segment, tcpdump_ indicates the initial " "sequence number (``2681184541``). In the second segment, tcpdump_ indicates " "both the initial sequence number (``3804204915``) and the acknowledgment " "number (``2681184542``). Both segments contain TCP options. Starting in the " "third segment, tcpdump_ shows relative sequence numbers. Thus, the " "acknowledgment that you observe in the third segment is an acknowledgment " "for the `SYN` returned by the server." msgstr "" #: ../../exercises/trace.rst:59 msgid "" "The two lines above correspond to the request sent by the client and the " "acknowledgment returned by the server. Note that the first byte sent by the " "client has `1` as relative sequence number. In this example, the HTTP " "request has a total length of 92 bytes. This request is immediately " "acknowledged by the server." msgstr "" #: ../../exercises/trace.rst:62 msgid "" "The server then sends its response, which fits inside a single segment. The " "client acknowledges the reception of this segment." msgstr "" #: ../../exercises/trace.rst:71 msgid "" "The TCP connection is then closed by exchanging three segments, the first " "two having the `FIN` flag set." msgstr "" #: ../../exercises/trace.rst:79 msgid "" "tcpdump_ can provide more detailed information about the packets by using " "the `-v` or `-vv` option." msgstr "" #: ../../exercises/trace.rst:82 msgid "" "wireshark_ is more recent than tcpdump_. It evolved from the ethereal packet " "trace analysis software. It can be used as a text tool like tcpdump_. For a " "TCP connection, wireshark_ can provide almost the same output as tcpdump_. " "The main advantage of wireshark_ is that it also includes a graphical user " "interface that allows performing various types of analysis on a packet trace." msgstr "" #: ../../exercises/trace.rst:88 msgid "Wireshark : default window" msgstr "" #: ../../exercises/trace.rst:94 msgid "" "The wireshark_ window is divided in three parts. The top part of the window " "is a summary of the first packets from the trace. By clicking on one of the " "lines, you can show the detailed content of this packet in the middle part " "of the window. The middle of the window allows you to inspect all the fields " "of the captured packet. The bottom part of the window is the hexadecimal " "representation of the packet, with the field selected in the middle window " "being highlighted." msgstr "" #: ../../exercises/trace.rst:96 msgid "" "wireshark_ is very good at displaying packets, but it also contains several " "analysis tools that can be very useful. The first tool is `Follow TCP stream`" ". It is part of the `Analyze` menu and allows you to reassemble and display " "all the payload exchanged during a TCP connection. This tool can be useful " "if you need to analyze for example the commands exchanged during an HTTP or " "SMTP session." msgstr "" #: ../../exercises/trace.rst:98 msgid "" "The second tool is the flow graph that is part of the `Statistics` menu. It " "provides a time sequence diagram of the packets exchanged with some comments " "about the packet contents. See below for an example." msgstr "" #: ../../exercises/trace.rst:104 msgid "Wireshark : flow graph" msgstr "" #: ../../exercises/trace.rst:107 msgid "" "Use wireshark to analyze the packet traces described earlier :download:`" "traces/simple-trace.pcap`." msgstr "" #: ../../exercises/trace.rst:109 msgid "" "When analyzing packet traces with wireshark_, it is often very useful to use " "`Display filters` that only show the packets that match some specific " "criteria. There filters are described in several online documents:" msgstr "" #: ../../exercises/trace.rst:111 msgid "" "the `wireshark wiki ` page on `Display filters " "`_" msgstr "" #: ../../exercises/trace.rst:112 msgid "" "a nice `list of Wireshark Display Filters `_ by Robert Allen" msgstr "" #: ../../exercises/trace.rst:114 msgid "" "You can now use your understanding of wireshark_ and tcpdump_ to analyze a 2-" "minutes long packet trace." msgstr ""