Alfonso Armenta wrote:
> A simple question about tcpdump. I use the following command:
>
> % tcpdump -n -f -O -l -q -i eth0 tcp
>
> This gives me lots of the following:
>
> 09:13:36.803236 10.0.2.2.1991 > 10.0.1.1.8080: tcp 0 (DF)
> 09:13:36.804613 10.0.1.1.8080 > 10.0.2.2.1991: tcp 1417 (DF)
>
> Those are two packets between 10.0.2.2 and 10.0.1.1... Now, is the number right
> after 'tcp' supposed to be the size of the packet? Is there anyway to deduce the
> size of the packet based on that number? What surprises me is the 0 on the first
> packet...
The tcpdump manpage doesn't describe the format which is used when the
-q switch is given, but my guess is that it is the relative sequence
number.
--
Glynn Clements <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
