Sivakumar Ramagopal wrote:
When it dissects the packets for a particular protocol, it uses its
built-in notion of which port numbers are used on which ports.
Did you mean notion of which *protocols* are used on which ports?
Yes.
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/
>
> "identifies" in what sense?
"identifies" in the same sense as what you have explained :)
>
> When it displays a name for a TCP port number, e.g.:
>
> 15:22:22.268265 IP host2.49536 > host2.http: . ack 1 win 65535
>
> it uses "getservbyport()", so it either uses /etc/services or whatever
Siva Ramagopal wrote:
I'm interested in knowing how tcpdump identifies the application or
service to which a packet belongs to. Is the /etc/services file used in
this operation or is there a list of mappings between well-known ports
to their corresponding applications that is used instead?
"iden
Hi,
I'm interested in knowing how tcpdump identifies the application or
service to which a packet belongs to. Is the /etc/services file used in
this operation or is there a list of mappings between well-known ports
to their corresponding applications that is used instead? Also, I'm
interested i
