> hugh@burpelson $ so tcpdump -e -n -i hdlc0
> 15:21:39.562131 < 0:0:0:0:0:0 0:0:0:0:0:1 ip 62: 217.2.192.181.4663 >
>192.171.112.89.www: S 668895481:668895481(0) win 8760 <mss 1460,nop,nop,sackOK> (DF)
> 15:21:39.562144 > 0:0:0:0:0:0 0:0:0:0:0:0 ip 62: 217.2.192.181.4663 >
>192.171.112.89.www: S 668895481:668895481(0) win 8760 <mss 1460,nop,nop,sackOK> (DF)
That's odd - the current version of tcpdump shouldn't print that first
"<" or ">", after the time stamp, if it also prints 2 MAC addresses.
Are you certain this isn't the tcpdump that came with the Linux
distribution you're using? The tcpdump.org tcpdump should print it
after the time stamp only if it's capturing in cooked mode, but the
patched version in some Linux distributions prints it for all devices -
and also
1) defaults to cooked mode
and
2) fakes an Ethernet header in cooked mode, rather than
supplying a new type of fake header in cooked mode as the
tcpdump.org version does.
What happens if you run tcpdump with the "-R" flag? In the current CVS
tree tcpdump.org version, it changes the way AH/ESP packets are printed,
but in the patched version in some Linux distributions, it turns off
cooked mode.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
