Re: I've got a problem with tcpdump, HELP

To: debian-user@lists.debian.org
Cc: Camaleón <noelamac@gmail.com>
Subject: Re: I've got a problem with tcpdump, HELP
From: Benimaur Gao <benimaur@gmail.com>
Date: Fri, 1 Apr 2011 15:44:46 +0800
Message-id: <[🔎] AANLkTinV-0C+sZ_7Gmf8oW1pKKJ=KW74dYM2xS5=XDFH@mail.gmail.com>
In-reply-to: <20110331183540.GA8293@stt008.linux.site>
References: <AANLkTi=HaohWH5LtoXFPdP4ypyRH-Kn++Gc2Qx5pzzd0@mail.gmail.com> <pan.2011.03.31.15.54.47@gmail.com> <AANLkTinPGpsmTfAAAmB_vZ7eKEsi0XE6iqNfRRxMmn-=@mail.gmail.com> <pan.2011.03.31.16.49.16@gmail.com> <AANLkTinFPJ7GUghNwEjJZ2F9s1aAg9aMBf_hjzaPR6fH@mail.gmail.com> <20110331183540.GA8293@stt008.linux.site>

Answer from tcpdump devels:

On 1 apr 2011, at 03:49, Benimaur Gao wrote:

> The info in this one is quite little!! without request parameter,
> without http headers, and even without the essential data return by
> the server!!
[...]
> can anyone give me some clue?
> I suspect it is cause by different version of tcpdump? if so, can I
> get the same detailed info by the older one?

Different systems use different snaplengths by default. If you want
the output the be the same, you have to set the snaplength yourself.
As you seem to want to view the whole packets, you can use '-s0' on
both systems.

Cheers,


Sake

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

======
// I should have checked the man page more carefully, thank you all!


On Fri, Apr 1, 2011 at 2:35 AM, Camaleón <noelamac@gmail.com> wrote:
> El 2011-04-01 a las 01:02 +0800, Benimaur Gao escribió:
>
> (resending to the list)
>
>> On Fri, Apr 1, 2011 at 12:49 AM, Camaleón wrote:
>
> (...)
>
>> > Sure... I also noted the URI was recorded differently.
>> >
>> > First one is:
>> >
>> > GET /misc/ccs/deleteClubThread.html?id=20162669&type=MAINTYPE&operator=H&md5Code=072fa43b87b31865e60aa6f1111ceb24
>> >
>> > And the second one has been shorted somehow:
>> >
>> > GET /misc/ccs/deleteClubThread
>> >
>> > Maybe a different client request or you visited the same page? :-?
>> >
>> > > I suspect that it is caused by different version of tcpdump? The dilemma
>> > > is I've
>> > > no permission to upgrade the software :(
>> >
>> > I also think so... but even if different releases produce different
>> > output (it could be "understandable"), the date format coming from the
>> > older one looks to be really broken, date is completely cutted and so
>> > useless :-/
>
>> I guarantee that the two request URI should be the same..
>> Thanks for you suggestion!
>
> Okay, I just was poiting out the differences between two outputs O:-)
>
>> I think I should also post in the mailing list from tcpdump proj. :)
>
> That's a very good idea. Devels will provide accurate information on this
> issue. Should you finally find the culprit, post it back, it's quite
> interesting.
>
> Greetings
>
> --
> Camaleón
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/20110331183540.GA8293@stt008.linux.site
>
>

Reply to:

Prev by Date: Re: System becomes very slow after update to squeeze 6.0.1
Next by Date: mounting multipath volumes with /etc/fstab
Previous by thread: Re: WLAN stick
Next by thread: mounting multipath volumes with /etc/fstab
Index(es):
- Date
- Thread