tcpdump mailing list archives

Re: tcpdump filter for HTTP GET

From: Robert Lowe <Robert.H.Lowe () lawrence edu>
Date: Mon, 08 Nov 2004 14:16:08 -0600

Jefferson Ogata wrote:

Robert Lowe wrote:
Jefferson Ogata wrote:
tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420
Beautiful!  But wouldn't the bit-shift be for 4 bits?  Thanks!!!!
It would, but then you'd have to multiply by 4 since the offset is inmultiples of 4. So >> 2 does the shift and multiply in one operation.


Ah yes, of course!  Thanks again!!!  I learned a lot from one example that
I couldn't glean from the manpage.  You made my day.  :-)

-Robert

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.

Current thread:

tcpdump filter for HTTP GET Robert Lowe (Nov 08)
- Re: tcpdump filter for HTTP GET Jefferson Ogata (Nov 08)
  - Re: tcpdump filter for HTTP GET Robert Lowe (Nov 08)
    - Re: tcpdump filter for HTTP GET Guy Harris (Nov 08)
    - Re: tcpdump filter for HTTP GET Jefferson Ogata (Nov 08)
    - Re: tcpdump filter for HTTP GET Robert Lowe (Nov 08)