The E..(..@ and so on is the ascii representation of the packet data (4500 0028 etc.). The first part of the dump (4500 ... 8006) is the ip-header and the next 5 dwords are the tcp-header; the rest is the payload of the high level protocol (here from an ftp connection).
- Alex ----- Original Message ----- From: "Mike Cramp" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, October 21, 2001 1:42 PM Subject: TCPDUMP Output > Mailer: SecurityFocus > > Hey guys, I am trying to understand this tcpdump > output. I do a tcpdump -x -X on the command line, > and I get this: > > 20:33:44.633857 192.168.0.3.1391 > > 216.52.220.11.ftp-data: . ack 944300 win 8760 (DF) > 0x0000 4500 0028 1489 4000 8006 715b c0a8 0003 > 0x0010 d834 dc0b 056f 0014 00c2 be9c 82a5 774d > 0x0020 5010 2238 59dc 0000 0000 0000 0100 > E..([email protected][.... > .4...o........wM (This stuff is off to the > right) > P."8Y......... > > That the heck is this stuff below? > E..([email protected][.... > .4...o........wM > P."8Y......... > > Please explain... > > -mike cramp >
