Re: [tcpdump-workers] I've a question about capture result, please help.

2011-04-01 Thread Benimaur Gao
yeah... It's exactly what I want... I should have checked the man page more carefully... Thanks! On Fri, Apr 1, 2011 at 2:18 PM, Sake Blok wrote: > On 1 apr 2011, at 03:49, Benimaur Gao wrote: > >> The info in this one is quite little!! without request parameter, >> without http headers, and even

Re: [tcpdump-workers] I've a question about capture result, please help.

2011-04-01 Thread Guy Harris
On Mar 31, 2011, at 11:18 PM, Sake Blok wrote: > Different systems use different snaplengths by default. And different versions of tcpdump have different default snaplengths - 4.1.0 and later versions have a default of 65535, but earlier versions have a default of 68 if built without IPv6 supp

Re: [tcpdump-workers] I've a question about capture result, please

2011-04-01 Thread Benimaur Gao
yes, I neglected the crucial '-s' parameter... thank you! On Fri, Apr 1, 2011 at 1:10 PM, Darren Reed wrote: > Benimaur Gao wrote: >> >> Dear all, >> I tried to capture http traffic by the following command: >> # tcpdump -Ani eth1 'host 10.20.156.9 and tcp port 9003 and >> (((ip[2:2] - ((ip[0]&0x

Re: [tcpdump-workers] I've a question about capture result, please

2011-04-01 Thread Darren Reed
Benimaur Gao wrote: Dear all, I tried to capture http traffic by the following command: # tcpdump -Ani eth1 'host 10.20.156.9 and tcp port 9003 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' (the web application didn't not serve at the conventional 80 port) but different result

Re: [tcpdump-workers] I've a question about capture result, please help.

2011-03-31 Thread Sake Blok
On 1 apr 2011, at 03:49, Benimaur Gao wrote: > The info in this one is quite little!! without request parameter, > without http headers, and even without the essential data return by > the server!! [...] > can anyone give me some clue? > I suspect it is cause by different version of tcpdump? if so

[tcpdump-workers] I've a question about capture result, please help.

2011-03-31 Thread Benimaur Gao
Dear all, I tried to capture http traffic by the following command: # tcpdump -Ani eth1 'host 10.20.156.9 and tcp port 9003 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' (the web application didn't not serve at the conventional 80 port) but different results was give