Many Thanks Kiss, Dear all:
I am using windump (windows 2000)...
I really appreciate if you could say me how I can determine the number of
concurrent TCP connections?
César
>-- Mensaje Original --
>Date: Tue, 24 Aug 2004 19:57:36 +0200 (CEST)
>From: Kiss Karoly <[EMAIL PROTECTED]>
>To: [EMAIL PROT
Guy Harris wrote:
As per that bug, turn off the optimizer:
tcpdump -i eth0 -O '(tcp[0:2]>=1024) && (tcp[0:2] <=6)'
That did it. Thank you.
Ed
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
alex medvedev wrote:
Hi Ed,
this is strange, because at least:
# tcpdump tcp[0:2] \> 1 and tcp[0:2] \< 79
# tcpdump 'tcp[0:2] > 1 and tcp[0:2] < 79'
both correctly work for me
These do not work for me. No packets are displayed.
on
# tcpdump -V
tcpdump version 3.6
libpcap version 0.6
and
# ./tcpdum
Hi Ed,
this is strange, because at least:
# tcpdump tcp[0:2] \> 1 and tcp[0:2] \< 79
# tcpdump 'tcp[0:2] > 1 and tcp[0:2] < 79'
both correctly work for me on
# tcpdump -V
tcpdump version 3.6
libpcap version 0.6
and
# ./tcpdump -V
tcpdump version 3.8
libpcap version 0.7.2
could it be your she
On Aug 24, 2004, at 6:37 PM, Ed Sawicki wrote:
There appears to be a parser error with compound
expressions like this:
tcpdump -i eth0 '(tcp[0:2]>=1024) && (tcp[0:2] <=6)'
You probably mean "compiler error" - it's probably a problem with the
optimizer, not the parser:
http://sourceforge.ne
There appears to be a parser error with compound
expressions like this:
tcpdump -i eth0 '(tcp[0:2]>=1024) && (tcp[0:2] <=6)'
Is there a way around this?
Ed
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
On Tue, 24 Aug 2004, [iso-8859-1] César Cárdenas wrote:
> Dear all:
> In a captured file I found '.', S, F and FP flags...
> According to the manual:
>
> flag = '.' and data-seqno = '1' implies the first time tcpdump sees a TCP
> conversation.
>
> flag = 'S' and 'win (value)' stands for the beginn
Apologizes for the inconvenience...
My algo for finding the number of concurrent TCP connections got more FIN
& FP flags than SYN (more than -1000)...Is it possible?
It has same behaviour if I do not take into account the FP flags?
Many thnaks for your help,
Cesar
>-- Mensaje Original --
>Date: Tu
Dear all:
In a captured file I found '.', S, F and FP flags...
According to the manual:
flag = '.' and data-seqno = '1' implies the first time tcpdump sees a TCP
conversation.
flag = 'S' and 'win (value)' stands for the beginning of a TCP conversation
flag = 'F" implies FIN (end) and flag = 'FP'
I'm running the latest versions of tcpdump and pcap. I can't
filter on tcp port ranges.
These don't work - no packets are captured:
tcpdump -i eth1 tcp[0:2] > 1023 and tcp[0:2] < 6
tcpdump -i eth1 'tcp[0:2] > 1023 and tcp[0:2] < 6'
tcpdump -i eth1 'tcp[0:2] > 1023' and 'tcp[0:2] < 6'
tc
ury segal wrote:
OK... Assuming I insist on enabling localhost
sniffing on Solaris to the benerfit of all:
You might want to rephrase that as "insist on *attempting* to enable..."
- there's no guarantee that you'll succeed, no matter how beneficial
it'd be, as the Solaris networking code might no
11 matches
Mail list logo
