Latha G wrote:
The purpose of tcpdump -q option is given as Print less protocol
information so output lines are shorter.
Less protocol Information means how much less?
It depends on the protocol.
For example, for TCP, without "-q", tcpdump 3.8.3 prints
12:05:11.208835 IP client.60784 > server.http: S
2247021960:2247021960(0) win 65535 <mss 1460,nop,wscale
0,nop,nop,timestamp 640171993 0>
12:05:11.223156 IP server.http > client.60784: S
1177413861:1177413861(0) ack 2247021961 win 5792 <mss
1460,nop,nop,timestamp 63801102 640171993,nop,wscale 0>
12:05:11.223296 IP client.60784 > server.http: . ack 1 win 65535
<nop,nop,timestamp 640171993 63801102>
for the initial 3-way handshake for an HTTP connection, and with "-q",
it prints
12:05:23.210905 IP client.60785 > server.http: tcp 0
12:05:23.225955 IP server.http > client.60785: tcp 0
12:05:23.226091 IP client.60785 > server.http: tcp 0
I used tcpdump -q ,the message came from tcpdump is
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
It capturing 96 bytes of data[same as for all options], so how come it
prints less information?
It prints less information because you ran it with the "-q" flag.
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.