Visham, : I have to capture those three packets for each and every TCP : stream that is initiated. Also, I'm looking only for outbound : communication, i.e emanating from the PC on which I'm trying to : catch the packets. So the ACK packet will be generated on the PC : itself. But the problem how do I capture that particular ACK : packet and not the other ACK packets during data transfer phase, : w/o keeping track of IP address/port no. pairs.
It sounds like argus [0] may provide a better solution to your problem. You will get much more information than you'd get with tcpdump, but you'll get at least what you describe. -Martin [0] http://www.qosient.com/argus/ -- Martin A. Brown http://linux-ip.net/ _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
