[tcpdump-workers] Difference between -xx and -XX option outputs

Thu, 24 Nov 2005 02:52:39 -0800 

Hi all,
Can any one explain me about the outputs of tcpdump -xx and -XX options.
The outputs for these options looks like:

tcpdump -xx:
15:56:04.440349 arp who-has 172.16.38.3 tell 172.16.16.110
        0x0000:  ffff ffff ffff 0003 4724 f364 0806 0001  ........G$.d....
        0x0010:  0800 0604 0001 0003 4724 f364 ac10 106e  ........G$.d...n
        0x0020:  0000 0000 0000 ac10 2603 0000 0000 0000  ........&.......
        0x0030:  0000 0000 0000 0000 0000 0000            ............
15:56:04.440505 IP 172.16.16.38.32834 > dns3.nitk.intranet.domain:  12646+
PTR? 223.67.16.172.in-addr.arpa. (44)
        0x0000:  0040 f420 37ea 000d 8845 ac0e 0800 4500  [EMAIL PROTECTED]
        0x0010:  0048 1b20 4000 4011 ef3a ac10 1026 ac10  [EMAIL 
PROTECTED]@..:...&..
        0x0020:  c803 8042 0035 0034 3090 3166 0100 0001  ...B.5.40.1f....
        0x0030:  0000 0000 0000 0332 3233 0236 3702 3136  .......223.67.16
        0x0040:  0331 3732 0769 6e2d 6164 6472 0461 7270  .172.in-addr.arp
        0x0050:  6100 000c 0001                           a.....

tcpdump -XX
15:57:09.832436 arp who-has 172.16.206.150 tell 172.16.20.10
        0x0000:  ffff ffff ffff 0009 6b91 1894 0806 0001  ........k.......
        0x0010:  0800 0604 0001 0009 6b91 1894 ac10 140a  ........k.......
        0x0020:  0000 0000 0000 ac10 ce96 0000 0000 0000  ................
        0x0030:  0000 0000 0000 0000 0000 0000            ............
15:57:09.839410 arp who-has 172.16.206.151 tell 172.16.20.10
        0x0000:  ffff ffff ffff 0009 6b91 1894 0806 0001  ........k.......
        0x0010:  0800 0604 0001 0009 6b91 1894 ac10 140a  ........k.......
        0x0020:  0000 0000 0000 ac10 ce97 0000 0000 0000  ................
        0x0030:  0000 0000 0000 0000 0000 0000            ............

The -xx option prints each packet including its link level header in hex.
And -XX option prints each  packet including its link level header in hex
and ASCII format.

As i observed the dots at the end of each output line refers individual
bytes........Since there are 16 bytes and 16 dots in each line. Is the dots
indicate ASCII format of the packet??

If it is like that,in the above o/p format -xx option was printing more
ASCII information than the -XX option.(as -XX option has to print the packet
both in hex and ASCII formats)

tcpdump version : 3.8
libpcap version : 0.8.3
I am running my machine on  (EN10MB)Ethernet.


--
Thaks & Regards,
Latha.
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.

Reply via email to