• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

anyone use tcpdump or windump before?

kevman

kevman

Diamond Member
I'm attempting to analyze network data to get a clue as to what is happening on a certian NIC. i've used windump and have all this info spit out on the screen but what to look for? how to transalte it to something meaningfull?
 
The manpages for tcpdump are pretty good.

Random me browsing undeadly.org:
19:08:52.198334 10.150.1.2.44841 > anchorman.srv.ualberta.ca.www: P 1635:2182(547) ack 698 win 16384 <nop,nop,timestamp 583531008 605578982> (DF)
Click to expand...

19:08:52.198334 timestamp
10.150.1.2.44841 source ip.port
> anchorman.srv.ualberta.ca.www to this ip.port
P 1635:2182(547) ack 698 I'm guessing that the P is push, the syn id, ack id
win 16384 window
(DF) Don't fragment.

Some of this is basically just a guess. If I needed it, I'd check out the manual. 😉 Limiting the selection of what you see is important. tcpdump uses standard BPF. To get webtraffic something like: tcpdump port 80 can be used. You can further limit it by hostnames/ip addresses. Use "and" or "or" to create strings: tcpdump host www.undeadly.org and port 80
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top