Andreas Heise wrote: > > Hi Klaus, > > please try again with "tcpdump port 5060 -s 1600 -v" with -v the message > seems > to be only decoded if the ip packet is complete (-s 1600). > > Tested with tcpdump version 3.9.5, libpcap version 0.9.5 on Debian.
# tcpdump port 5060 -s 1600 -v tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 1600 bytes 01:03:48.001623 IP (tos 0x0, ttl 120, id 14327, offset 0, flags [none], length: 693) 80-121-18-58.adsl.highway.telekom.at.51401 > sip.at43.at.sip: [udp sum ok] UDP, length: 665 01:03:48.002965 IP (tos 0x10, ttl 64, id 1892, offset 0, flags [DF], length: 399) sip.at43.at.sip > 80-121-18-58.adsl.highway.telekom.at.51401: [udp sum ok] UDP, length: 371 # tcpdump -V tcpdump version 3.8.3 libpcap version 0.8.3 probably my tcpdump is too old (debian sarge) thanks anyway klaus _______________________________________________ Users mailing list [email protected] http://lists.openser.org/cgi-bin/mailman/listinfo/users
