Jefferson Ogata wrote:
Robert Lowe wrote:
Jefferson Ogata wrote:
tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420
Beautiful! But wouldn't the bit-shift be for 4 bits? Thanks
It would, but then you'd have to multiply by 4 since the offset is in
multiples of 4. So >> 2 does the shift and multiply
Robert Lowe wrote:
Jefferson Ogata wrote:
tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420
Beautiful! But wouldn't the bit-shift be for 4 bits? Thanks
It would, but then you'd have to multiply by 4 since the offset is in
multiples of 4. So >> 2 does the shift and multiply in one operation.
--
Robert Lowe wrote:
Beautiful! But wouldn't the bit-shift be for 4 bits?
The TCP header length field (data offset field) is in units of 4-byte
words, not in units of bytes, so it has to be multiplied by 4 to be in
units of bytes.
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.c
Jefferson Ogata wrote:
Robert Lowe wrote:
Anyone have a filter that will capture just HTTP GET requests? I'm
looking for
something more specific than just "dst host X and tcp dst port 80",
but I'm not
worried about requests to non-standard ports. I would suspect I could
reference
tcp[N:3] = G
Robert Lowe wrote:
Anyone have a filter that will capture just HTTP GET requests? I'm
looking for
something more specific than just "dst host X and tcp dst port 80", but
I'm not
worried about requests to non-standard ports. I would suspect I could
reference
tcp[N:3] = GET, but can N be an expr
Hi!
Anyone have a filter that will capture just HTTP GET requests? I'm looking for
something more specific than just "dst host X and tcp dst port 80", but I'm not
worried about requests to non-standard ports. I would suspect I could reference
tcp[N:3] = GET, but can N be an expression itself, e.g
CVS log entries from 07.11.2004 (Sun) 10:06:46 - 08.11.2004 (Mon) 10:06:42 GMT
=
Summary by authors
=
Author: guy
File: libpcap/pcap.3; Revisions: 1.63
File: tcpdump/tcpdump.1; Re
