On 4/23/07, Andy Green <andy@xxxxxxxxxxx> wrote:
Kaushal Shriyan wrote: > Hi Aly > > I get > > 03:55:09.050556 IP dhcp-192-18-68-199.test.com.3118 > > it89.hyd.test.com.www: F 1399:1399(0) ack 2062 win 64954 > 03:55:09.050563 IP it89.hyd.test.com.www > > dhcp-192-18-68-199.test.com.3118 : . ack 1400 win 8576 > > so what does it indicate since I do not understand this at all Add -s0 -X to the tcpdump line to see the contents in hex and ascii. These are two ACK packets shown above. The first part of each line is the time, protocol (IP), sender reverse DNS (use -n to stop the DNS lookup and to see 123.123.123.123 addresses instead), sender port, receiver reverse DNS, receiver port and then information about the flags in the TCP/IP headers.
You can also write the output to a file tcpdump -i eth0 -w file.cap port 80 then get the file to your PC where you can install Ethereal (wireshark) and see it graphicaly. http://www.go2linux.org/node/83 -- Guillermo Garron "Linux IS user friendly... It's just selective about who its friends are." (Using FC6, CentOS4.4 and Ubuntu 6.06) http://feeds.feedburner.com/go2linux http://www.go2linux.org
