Yes, I stop the capture by Ctrl C, but actually, there is no more output.. >........;Ts..p......J..... >j.B$A...GET /misc/ccs/deleteClubThread ~~~~~~~~~~~~~~~~~~~~~~ With this request packet, It's also supposed to have more info, such as Content-Type, Date, Set-Cookie, etc. just as the first case. Why were they discarded here?
I suspect that it is caused by different version of tcpdump? The dilemma is I've no permission to upgrade the software :( >20:14:55.127121 IP 10.20.141.138.synchronet-db > 10.20.141.64.35246: P 1:363(362) >ack 213 win 54 <nop,nop,timestamp 1105987621 1778729508> On Thu, Mar 31, 2011 at 11:54 PM, Camaleón <noela...@gmail.com> wrote: > On Thu, 31 Mar 2011 20:49:03 +0800, Benimaur Gao wrote: > > > I've encountered a problem in using tcpdump. I tried to capture http > > traffic by using the following command: > > > > # tcpdump -Ani eth1 'host 10.20.156.9 and tcp port 9003 and > > (((ip[2:2] - > > ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' > > (notes: the web application serves at 9003 port, not the conventional > > 80 > > instead) > > > > but different results was given by two hosts: > > (...) > > > Date: Thu, 31 Mar 2011 12:16:04 GMT > > Expires: Thu, 01-Jan-1970 00:00:00 GMT Content-Language: cn,zh-cn > > Content-Type: text/html; charset=GBK > > > then I ran the same command on another host, the different result was > > given > > (...) > > > Date: Thu, 31 > ^^^^^^^ ?? > > Indeed, the latter output seems to be broken as if had been unexpectedly > interrupted. How did you manage to stop the capture in both cases? Ctrl > +C? :-? > > Greetings, > > -- > Camaleón > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact > listmas...@lists.debian.org > Archive: http://lists.debian.org/pan.2011.03.31.15.54...@gmail.com > >
