At http://www.tcpdump.org/#documentation, there are links to the tcpdump and
pcap man pages, but I was looking for the pcap-filter man page, which has the
detailed syntax information.
Obviously these man pages are only needed when local access isn't available, and
one can find them elsewhere, but
Guy Harris alum.mit.edu> writes:
> On Apr 18, 2012, at 3:05 PM, Sam Roberts wrote:
>
> > For what its worth, the last message I saw was on Mar 13th, thought I
> > have 2 or 3 more messages than I can see on
> > http://news.gmane.org/gmane.network.tcpdump.devel
> >
> > I'm CCing tcpdump-workers,
Ankith Agarwal cdac.in> writes:
> Thank you for your valuable suggestions. I have tried out this filter
> expression---"ip[6]&0x02 == 1 and (sip related port numbers)". But, if a
> fragmented SIP packet is encountered, will this filter return the first
> fragments as sip or the last fragment?
H
