On Thu, 31 Mar 2011 20:49:03 +0800, Benimaur Gao wrote:
> I've encountered a problem in using tcpdump. I tried to capture http
> traffic by using the following command:
>
> # tcpdump -Ani eth1 'host 10.20.156.9 and tcp port 9003 and
> (((ip[2:2] -
> ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
> (notes: the web application serves at 9003 port, not the conventional
> 80
> instead)
>
> but different results was given by two hosts:
(...)
> Date: Thu, 31 Mar 2011 12:16:04 GMT
> Expires: Thu, 01-Jan-1970 00:00:00 GMT Content-Language: cn,zh-cn
> Content-Type: text/html; charset=GBK
> then I ran the same command on another host, the different result was
> given
(...)
> Date: Thu, 31
^^^^^^^ ??
Indeed, the latter output seems to be broken as if had been unexpectedly
interrupted. How did you manage to stop the capture in both cases? Ctrl
+C? :-?
Greetings,
--
Camaleón
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/pan.2011.03.31.15.54...@gmail.com
