tcpdump not print all of it's output? - TCP-IP

This is a discussion on tcpdump not print all of it's output? - TCP-IP ; I am attempting some files that I know should have some specific results. Items like the ttl and frag values are not printing. I'm running version 3.9.2 on a Linux 2.4.29 kernel. I've tried the toggles -nv...

+ Reply to Thread
Results 1 to 5 of 5

Thread: tcpdump not print all of it's output?

  1. tcpdump not print all of it's output?

    I am attempting some files that I know should have some specific
    results.

    Items like the ttl and frag values are not printing.

    I'm running version 3.9.2 on a Linux 2.4.29 kernel.

    I've tried the toggles -nv

  2. Re: tcpdump not print all of it's output?

    S Reese writes:

    > I am attempting some files that I know should have some specific
    > results.
    >
    > Items like the ttl and frag values are not printing.
    >
    > I'm running version 3.9.2 on a Linux 2.4.29 kernel.
    >
    > I've tried the toggles -nv


    Try these:


    -e Print the link-level header on each dump line.

    -v (Slightly more) verbose output. For example, the
    time to live, identification, total length and
    options in an IP packet are printed. Also enables
    additional packet integrity checks such as verify-
    ing the IP and ICMP header checksum.

    -vv Even more verbose output. For example, additional
    fields are printed from NFS reply packets, and SMB
    packets are fully decoded.

    -vvv Even more verbose output. For example, telnet SB
    ... SE options are printed in full. With -X telnet
    options are printed in hex as well.


    --
    Posted via a free Usenet account from http://www.teranews.com


  3. Re: tcpdump not print all of it's output?

    On Jan 26, 7:32*am, Bruce Barnett
    wrote:
    > S Reese writes:
    > > I am attempting some files that I know should have some specific
    > > results.

    >
    > > Items like the ttl and frag values are not printing.

    >
    > > I'm running version 3.9.2 on a Linux 2.4.29 kernel.

    >
    > > I've tried the toggles -nv

    >
    > Try these:
    >
    > * * * *-e * * Print the link-level header on each dump line.
    >
    > * * * *-v * * (Slightly more) verbose output. *For *example, *the
    > * * * * * * * time *to *live, *identification, *total *length and
    > * * * * * * * options in an IP packet are printed. *Also *enables
    > * * * * * * * additional *packet integrity checks such as verify-
    > * * * * * * * ing the IP and ICMP header checksum.
    >
    > * * * *-vv * *Even more verbose output. *For example, *additional
    > * * * * * * * fields *are printed from NFS reply packets, and SMB
    > * * * * * * * packets are fully decoded.
    >
    > * * * *-vvv * Even more verbose output. *For example, *telnet *SB
    > * * * * * * * ... SE options are printed in full. *With -Xtelnet
    > * * * * * * * options are printed in hex as well.
    >
    > --
    > Posted via a free Usenet account fromhttp://www.teranews.com


    I found that ttl values (I just over looked them). But I haven't been
    able to get the frag values to print.

    For example towards the bottom of this page the output includes frag
    information: http://lists.netfilter.org/pipermail...e/053698..html.
    I would like my output to include this information if it exists for a
    specific record(s).

    Thanks.




  4. Re: tcpdump not print all of it's output?

    In article
    <2c871c65-ebe4-4d73-9821-08257dedc685@v29g2000hsf.googlegroups.com>,
    S Reese wrote:

    > I found that ttl values (I just over looked them). But I haven't been
    > able to get the frag values to print.
    >
    > For example towards the bottom of this page the output includes frag
    > information:
    > http://lists.netfilter.org/pipermail...ne/053698.html.
    > I would like my output to include this information if it exists for a
    > specific record(s).


    Maybe none of the traffic you've been capturing includes fragmented
    datagrams? Path MTU Discovery is used frequently these days, so
    fragmentation is not very common.

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    *** PLEASE don't copy me on replies, I'll read them in the group ***

  5. Re: tcpdump not print all of it's output?

    On Jan 27, 3:01*am, Barry Margolin wrote:
    > In article
    > <2c871c65-ebe4-4d73-9821-08257dedc...@v29g2000hsf.googlegroups.com>,
    > *S Reese wrote:
    >
    > > I found that ttl values (I just over looked them). But I haven't been
    > > able to get the frag values to print.

    >
    > > For example towards the bottom of this page the output includes frag
    > > information:
    > >http://lists.netfilter.org/pipermail...ne/053698.html.
    > > I would like my output to include this information if it exists for a
    > > specific record(s).

    >
    > Maybe none of the traffic you've been capturing includes fragmented
    > datagrams? *Path MTU Discovery is used frequently these days, so
    > fragmentation is not very common.
    >
    > --
    > Barry Margolin, bar...@alum.mit.edu
    > Arlington, MA
    > *** PLEASE post questions in newsgroups, not directly to me ***
    > *** PLEASE don't copy me on replies, I'll read them in the group ***


    The data that I'm analyzing is for a project that I have the answers
    for (example output is provided). I would provide the binary but I
    don't believe the organization that provides the training for the
    certification would appreciate me doing that. I'll contact them to see
    if they can help. Thank you for your time.

+ Reply to Thread