tcpdump
Guillermo Garron
guillermo.fedora at gmail.com
Mon Apr 23 22:47:28 UTC 2007
On 4/23/07, Andy Green <andy at warmcat.com> wrote:
> Kaushal Shriyan wrote:
> > Hi Aly
> >
> > I get
> >
> > 03:55:09.050556 IP dhcp-192-18-68-199.test.com.3118 >
> > it89.hyd.test.com.www: F 1399:1399(0) ack 2062 win 64954
> > 03:55:09.050563 IP it89.hyd.test.com.www >
> > dhcp-192-18-68-199.test.com.3118 : . ack 1400 win 8576
> >
> > so what does it indicate since I do not understand this at all
>
> Add -s0 -X to the tcpdump line to see the contents in hex and ascii.
>
> These are two ACK packets shown above. The first part of each line is
> the time, protocol (IP), sender reverse DNS (use -n to stop the DNS
> lookup and to see 123.123.123.123 addresses instead), sender port,
> receiver reverse DNS, receiver port and then information about the flags
> in the TCP/IP headers.
You can also write the output to a file
tcpdump -i eth0 -w file.cap port 80
then get the file to your PC where you can install Ethereal
(wireshark) and see it graphicaly.
http://www.go2linux.org/node/83
--
Guillermo Garron
"Linux IS user friendly... It's just selective about who its friends are."
(Using FC6, CentOS4.4 and Ubuntu 6.06)
http://feeds.feedburner.com/go2linux
http://www.go2linux.org
More information about the fedora-list
mailing list