Re: tcpdump

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 4/23/07, Andy Green <andy@xxxxxxxxxxx> wrote:
Kaushal Shriyan wrote:
> Hi Aly
>
> I get
>
> 03:55:09.050556 IP dhcp-192-18-68-199.test.com.3118 >
> it89.hyd.test.com.www: F 1399:1399(0) ack 2062 win 64954
> 03:55:09.050563 IP it89.hyd.test.com.www >
> dhcp-192-18-68-199.test.com.3118 : . ack 1400 win 8576
>
> so what does it indicate since I do not understand this at all

Add -s0 -X to the tcpdump line to see the contents in hex and ascii.

These are two ACK packets shown above.  The first part of each line is
the time, protocol (IP), sender reverse DNS (use -n to stop the DNS
lookup and to see 123.123.123.123 addresses instead), sender port,
receiver reverse DNS, receiver port and then information about the flags
in the TCP/IP headers.

You can also write the output to a file

tcpdump -i eth0 -w file.cap port 80

then get the file to your PC where you can install Ethereal
(wireshark) and see it graphicaly.

http://www.go2linux.org/node/83

--
Guillermo Garron
"Linux IS user friendly... It's just selective about who its friends are."
(Using FC6, CentOS4.4 and Ubuntu 6.06)
http://feeds.feedburner.com/go2linux
http://www.go2linux.org


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux