On 4/23/07, Andy Green andy@warmcat.com wrote:
Kaushal Shriyan wrote:
Hi Aly
I get
03:55:09.050556 IP dhcp-192-18-68-199.test.com.3118 > it89.hyd.test.com.www: F 1399:1399(0) ack 2062 win 64954 03:55:09.050563 IP it89.hyd.test.com.www > dhcp-192-18-68-199.test.com.3118 : . ack 1400 win 8576
so what does it indicate since I do not understand this at all
Add -s0 -X to the tcpdump line to see the contents in hex and ascii.
These are two ACK packets shown above. The first part of each line is the time, protocol (IP), sender reverse DNS (use -n to stop the DNS lookup and to see 123.123.123.123 addresses instead), sender port, receiver reverse DNS, receiver port and then information about the flags in the TCP/IP headers.
You can also write the output to a file
tcpdump -i eth0 -w file.cap port 80
then get the file to your PC where you can install Ethereal (wireshark) and see it graphicaly.
http://www.go2linux.org/node/83