Re:TCPDUMP Output

Sat, 03 Nov 2001 18:07:15 -0800 

Combinations of various binary values often are the same as the ASCII values
that are represented by the information "off to the right."  The main use for
the information off to the right is to read the ASCII text that makes up the
body of many messages.  There is no value in reading the ASCII text of a packet
header.
KH

____________________Reply Separator____________________
Subject:    TCPDUMP Output 
Author: Mike Cramp <[EMAIL PROTECTED]>
Date:       10/21/01 9:42 PM

Mailer: SecurityFocus

Hey guys, I am trying to understand this tcpdump
output.  I do a tcpdump -x -X on the command line,
and I get this:

20:33:44.633857 192.168.0.3.1391 >
216.52.220.11.ftp-data: . ack 944300 win 8760 (DF)
0x0000   4500 0028 1489 4000 8006 715b c0a8 0003   
0x0010   d834 dc0b 056f 0014 00c2 be9c 82a5 774d   
0x0020   5010 2238 59dc 0000 0000 0000 0100       
E..([email protected][....
.4...o........wM  (This stuff is off to the
right)   
P."8Y.........

That the heck is this stuff below? 
E..([email protected][....
.4...o........wM     
P."8Y......... 

Please explain...

-mike cramp

 


Received: from relay2.faa.gov [172.27.170.37] by faa.gov (ccMail Link to SMTP 
R8.31.00.5)
        ; Thu, 01 Nov 2001 14:17:38 -0500
Return-Path: <[EMAIL PROTECTED]>
Received: from outgoing.securityfocus.com (outgoing2.securityfocus.com [66.38.151.26])
        by relay2.faa.gov (Switch-2.0.6/Switch-2.0.6) with ESMTP id fA1JHb005300
        for <[EMAIL PROTECTED]>; Thu, 1 Nov 2001 14:17:37 -0500 (EST)
Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.19])
        by outgoing.securityfocus.com (Postfix) with QMQP
        id 3E1288F2BC; Thu,  1 Nov 2001 11:54:32 -0700 (MST)
Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm
Precedence: bulk
List-Id: <security-basics.list-id.securityfocus.com>
List-Post: <mailto:[EMAIL PROTECTED]>
List-Help: <mailto:[EMAIL PROTECTED]>
List-Unsubscribe: <mailto:[EMAIL PROTECTED]>
List-Subscribe: <mailto:[EMAIL PROTECTED]>
Delivered-To: moderator for [EMAIL PROTECTED]
Received: (qmail 23967 invoked from network); 31 Oct 2001 19:09:55 -0000
Date: 21 Oct 2001 21:42:01 -0000
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: Mike Cramp <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: TCPDUMP Output

Reply via email to