Re: I've got a problem with tcpdump, HELP

To: debian-user@lists.debian.org
Subject: Re: I've got a problem with tcpdump, HELP
From: Camaleón <noelamac@gmail.com>
Date: Thu, 31 Mar 2011 15:54:47 +0000 (UTC)
Message-id: <[🔎] pan.2011.03.31.15.54.47@gmail.com>
References: <[🔎] AANLkTi=HaohWH5LtoXFPdP4ypyRH-Kn++Gc2Qx5pzzd0@mail.gmail.com>

On Thu, 31 Mar 2011 20:49:03 +0800, Benimaur Gao wrote:

>     I've encountered a problem in using tcpdump. I tried to capture http
>     traffic by using the following command:
> 
>     # tcpdump -Ani eth1 'host 10.20.156.9 and tcp port 9003 and
>     (((ip[2:2] -
> ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
>    (notes: the web application serves at 9003 port, not the conventional
>    80
> instead)
> 
>    but different results was given by two hosts:

(...)

> Date: Thu, 31 Mar 2011 12:16:04 GMT
> Expires: Thu, 01-Jan-1970 00:00:00 GMT Content-Language: cn,zh-cn
> Content-Type: text/html; charset=GBK

> then I ran the same command on another host, the different result was
> given

(...)

> Date: Thu, 31
        ^^^^^^^ ??

Indeed, the latter output seems to be broken as if had been unexpectedly 
interrupted. How did you manage to stop the capture in both cases? Ctrl
+C? :-?

Greetings,

-- 
Camaleón

Reply to:

Follow-Ups:
- Re: I've got a problem with tcpdump, HELP
  - From: Benimaur Gao <benimaur@gmail.com>

References:
- I've got a problem with tcpdump, HELP
  - From: Benimaur Gao <benimaur@gmail.com>

Prev by Date: Re: how to get 3D acceleration with an intel i7?
Next by Date: Re: About to order motherboard Asus M4A78LT-M - any known issues?
Previous by thread: I've got a problem with tcpdump, HELP
Next by thread: Re: I've got a problem with tcpdump, HELP
Index(es):
- Date
- Thread