tcpdump mailing list archives
Re: Only SYN
From: Guy Harris <guy () alum mit edu>
Date: Thu, 22 Jul 2004 14:19:51 -0700
On Jul 22, 2004, at 9:10 AM, César Cárdenas wrote:
I am trying: windump -i 2 'tcp[13]&2==2' It recognizes the interface but still there doing nothing...
I assume from the "-i 2" that you have more than one interface on your machine. What happens if you try to connect from the machine running WinDump to a machine with an IP address that would cause the first machine to send a packet to the second machine over the interface that "-i 2" refers to, using some TCP-based protocol? Does it print anything?
Note that you might not see any packets from some other machine to some other machine; if that interface is on a switched network, you might only see broadcast packets, multicast packets, and unicast packets to and from your machine, not unicast packets between other machines:
http://www.tcpdump.org/faq.html#promiscsniff
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- error-message "IP11 truncated-ip" in last tcpdump/libpcap Klaus Schrod (Jul 12)
- Re: error-message "IP11 truncated-ip" in last tcpdump/libpcap Guy Harris (Jul 12)
- Re: error-message "IP11 truncated-ip" in last tcpdump/libpcap Klaus Schrod (Jul 13)
- Re: error-message "IP11 truncated-ip" in last tcpdump/libpcap Guy Harris (Jul 13)
- Re: error-message "IP11 truncated-ip" in last tcpdump/libpcap Guy Harris (Jul 13)
- windump options 4 writing in a *.txt file César Cárdenas (Jul 13)
- Re: windump options 4 writing in a *.txt file Guy Harris (Jul 13)
- Only SYN César Cárdenas (Jul 22)
- Re: Only SYN Guy Harris (Jul 22)
- Re: error-message "IP11 truncated-ip" in last tcpdump/libpcap Klaus Schrod (Jul 13)
- Re: error-message "IP11 truncated-ip" in last tcpdump/libpcap Guy Harris (Jul 12)