yeah... It's exactly what I want...
I should have checked the man page more carefully... Thanks!
On Fri, Apr 1, 2011 at 2:18 PM, Sake Blok wrote:
> On 1 apr 2011, at 03:49, Benimaur Gao wrote:
>
>> The info in this one is quite little!! without request parameter,
>> without http headers, and even
On Mar 31, 2011, at 11:18 PM, Sake Blok wrote:
> Different systems use different snaplengths by default.
And different versions of tcpdump have different default snaplengths - 4.1.0
and later versions have a default of 65535, but earlier versions have a default
of 68 if built without IPv6 supp
yes, I neglected the crucial '-s' parameter...
thank you!
On Fri, Apr 1, 2011 at 1:10 PM, Darren Reed wrote:
> Benimaur Gao wrote:
>>
>> Dear all,
>> I tried to capture http traffic by the following command:
>> # tcpdump -Ani eth1 'host 10.20.156.9 and tcp port 9003 and
>> (((ip[2:2] - ((ip[0]&0x
Benimaur Gao wrote:
Dear all,
I tried to capture http traffic by the following command:
# tcpdump -Ani eth1 'host 10.20.156.9 and tcp port 9003 and
(((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
(the web application didn't not serve at the conventional 80 port)
but different result
On 1 apr 2011, at 03:49, Benimaur Gao wrote:
> The info in this one is quite little!! without request parameter,
> without http headers, and even without the essential data return by
> the server!!
[...]
> can anyone give me some clue?
> I suspect it is cause by different version of tcpdump? if so
Dear all,
I tried to capture http traffic by the following command:
# tcpdump -Ani eth1 'host 10.20.156.9 and tcp port 9003 and
(((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
(the web application didn't not serve at the conventional 80 port)
but different results was give