Hello Guy Harris
Thanks for the detailed answer!
David Front
CERN IT
- Original Message -
From: "Guy Harris" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, August 25, 2004 8:18 PM
Subject: Re: [tcpdump-workers] 'tcpdump -s0' payload length limit?
>
> On Aug 25,
tcpdump may not be the right tool for the job, but considerable work has
been done on IP flows.
You might want to look at tcptrace, or a flows analysis package like
Coralreef, or a flow probe like fprobe or ntop.
http://jarok.cs.ohiou.edu/software/tcptrace/tcptrace.html
http://www.caida.org/too
On Aug 25, 2004, at 11:09 AM, Guy Harris wrote:
Note, however, that the reassembly is *NOT* done at the low-layer
capture level, so a capture filter of "port 12509" will only capture
the first fragment of a fragmented datagram, and Ethereal and
Tethereal will *NOT* be able to reassemble the pack
On Aug 25, 2004, at 11:05 AM, David Front wrote:
11:33:55.601653 IP lxfs5623.cern.ch.32962 > lcgmon002d.cern.ch.12509:
UDP, length: 1637
"UDP, length: 1637" means that the *UDP* packet length is 1637 bytes.
That doesn't mean that the *Ethernet* packet is 1637 bytes, as you note
later:
IP message
Hello Guy Harris
Thanks for your fast response.
Jumbo frames are not used on the CERN
site.
Following is printout of the problem:
1) tcpdump command:
[EMAIL PROTECTED] d]# tcpdump -A port 12509 -s0
-c1000 > /tmp/tcpdummedtcpdump: verbose output suppressed, use -v or
-
David Front wrote:
I notice that 'tcpdump -s0' truncates packets with payloads longer than
(~1400 or) ~1500 bytes.
Is there a way to get full long payloads (or is this due to a (Ethernet MTU)
limit, or a tcpdump limitation/bug)?
Is this on Ethernet? If so, why are there packets with payloads longe
Hello
I notice that 'tcpdump -s0' truncates packets with payloads longer than
(~1400 or) ~1500 bytes.
Is there a way to get full long payloads (or is this due to a (Ethernet MTU)
limit, or a tcpdump limitation/bug)?
Thanks
David Front
CERN, IT
-
This is the tcpdump-workers list.
Visit ht
man tethereal
feed the capture through tethereal and use the flags
-R "not frame" -z conv,tcp
the -R flag is to stop tethereal from printing any packet summaries to stdout,
-z flag is to make tethereal to print a table of all TCP sessions to
stdout after the entire capture file has been parsed.
Dear all:
I apologize because I was not clear about my question...
I use the following instruction for capturing packet info in a file:
windump ?n ?i 2 tcp >tcptest.txt
I am using windows 2000
I want to determine the number of concurrent TCP connections during the
capturing interval...I look at