this looks like data from your ftp session that you sniffed. you might want to use the -s 1500 option on tcpdump to make sure that you capture the entire packet. also, give ethereal a try...it really helps break out the packets in a nice GUI...another cool tool is netdude.
-tuanis On 21 Oct 2001, Mike Cramp wrote: > Mailer: SecurityFocus > > Hey guys, I am trying to understand this tcpdump > output. I do a tcpdump -x -X on the command line, > and I get this: > > 20:33:44.633857 192.168.0.3.1391 > > 216.52.220.11.ftp-data: . ack 944300 win 8760 (DF) > 0x0000 4500 0028 1489 4000 8006 715b c0a8 0003 > 0x0010 d834 dc0b 056f 0014 00c2 be9c 82a5 774d > 0x0020 5010 2238 59dc 0000 0000 0000 0100 > E..([email protected][.... > .4...o........wM (This stuff is off to the > right) > P."8Y......... > > That the heck is this stuff below? > E..([email protected][.... > .4...o........wM > P."8Y......... > > Please explain... > > -mike cramp >
