[tcpdump-workers] TCP or IP Packets??

[Yi Han]

Hi,
        I have a question about the Data I collected using Windump (TCPdump).  I
ran the program under Win98 and Win2000 in a school network.

The command I used to launch Windump (TCP dump) are as follows:

windump -n -q -tt ip and port 80

A sample of the data I collected under Win98 are:

1011898765.465003 130.215.24.173.1131 > 130.215.25.52.80: tcp 0 (DF)
1011898765.472396 130.215.24.173.1131 > 130.215.25.52.80: tcp 276 (DF)
1011898765.497211 130.215.25.52.80 > 130.215.24.173.1131: tcp 1460 (DF)
1011898765.498303 130.215.25.52.80 > 130.215.24.173.1131: tcp 1433 (DF)
1011898765.498378 130.215.24.173.1131 > 130.215.25.52.80: tcp 0 (DF)
1011898765.498663 130.215.25.52.80 > 130.215.24.173.1132: tcp 388 (DF)
1011898765.520735 130.215.24.173.1132 > 130.215.25.52.80: tcp 277 (DF)
1011898765.525439 130.215.24.173.1131 > 130.215.25.52.80: tcp 274 (DF)
1011898765.557582 130.215.25.52.80 > 130.215.24.173.1132: tcp 1460 (DF)
1011898765.558796 130.215.25.52.80 > 130.215.24.173.1132: tcp 1460 (DF)
1011898765.558867 130.215.24.173.1132 > 130.215.25.52.80: tcp 0 (DF)
1011898765.559783 130.215.25.52.80 > 130.215.24.173.1132: tcp 1176 (DF)
1011898765.560496 130.215.25.52.80 > 130.215.24.173.1132: tcp 663 (DF)
1011898765.560572 130.215.24.173.1132 > 130.215.25.52.80: tcp 0 (DF)
1011898765.561769 130.215.25.52.80 > 130.215.24.173.1131: tcp 1460 (DF)

And A sample of the data I collected Under Win2000 using the same command to
launch the WinDump(TCPDump) are:

1008817347.180581 129.86.240.203.80 129.86.163.79.1698: 0
1008817347.180782 129.86.163.79.1698 129.86.240.203.80: 0
1008817347.185096 129.86.240.203.80 129.86.163.79.1698: 0
1008817347.185182 129.86.163.79.1698 129.86.240.203.80: 359
1008817347.672485 129.86.240.203.80 129.86.163.79.1698: 182
1008817347.833109 129.86.163.79.1698 129.86.240.203.80: 0
1008817347.833861 129.86.240.203.80 129.86.163.79.1698: 1278
1008817347.835088 129.86.240.203.80 129.86.163.79.1698: 1460
1008817347.835240 129.86.163.79.1698 129.86.240.203.80: 0
1008817347.838639 129.86.240.203.80 129.86.163.79.1698: 1460
1008817347.839007 129.86.163.79.1698 129.86.240.203.80: 0
1008817347.839811 129.86.240.203.80 129.86.163.79.1698: 1460
1008817347.841220 129.86.240.203.80 129.86.163.79.1698: 1460

My question iis:  Are the Data I collected IP Packets or TCP Packet??  It
seems to me that they are TCP Packets since the data from Win98 has TCP in
every line.
I am collecting those data as a research on Wireless internet traffic.  And
I need to Collect IP Packets.  If I am collecting TCP data using the command
"windump -n -q -tt ip and port 80"  What do I need to do to collect IP
Packet instead?

Thank you very much for any help you can give me.

Looking forward to hear from you.

Yi Han

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe