tcpdump mailing list archives
Printing of TCP flags seems incorrect
From: grarpamp <grarpamp () gmail com>
Date: Tue, 1 Jul 2008 19:32:42 -0400
Hi. Surely it is not possible to have both 'no flags' and <any_other_flags> present at the same time? The man page has a few references to the dot, particularly in the 'OUTPUT FORMAT - TCP Packets' example near 'means no flags'. #CVS, the most recent commit I have is: 20080624 #tcpdump version 3.9-PRE-CVS_2008_06_30 #libpcap version 0.9-PRE-CVS ./tcpdump_cvs -ns0 -i fxp0 'tcp[tcpflags] != 0' | egrep '\[[CEUAPRSF]+\.]' ... Flags [R.], ... <=== flag and no flag #tcpdump version 3.9.8 #libpcap version 0.9.8 ./tcpdump_398 -ns0 -i fxp0 'tcp[tcpflags] != 0' | egrep -v ': [CEUAPRSF.] ' ... <nothing> ... Also, shouldn't asking to print only ACK packets display the ACK 'A' instead of the 'no flags' '.' in the flag display field? I printed them with -XX to verify the bitfield. ./tcpdump_cvs -ns0 -i fxp0 'tcp[13] == 16' ./tcpdump_398 -ns0 -i fxp0 'tcp[13] == 16' I'm compiled against and running on the current FreeBSD RELENG_4. Note that when using --with-crypto, I have to add -L to find unresolved libraries. Seems that is also a bug that could be addressed. I think it's in both CVS and 3.9.8. CPPFLAGS=-static LDFLAGS=-static \ ./configure --prefix=/tmp/lpc CPPFLAGS=-static LDFLAGS="-static -L/usr/local/openssl098g/lib" \ ./configure --prefix=/tmp/tcp --with-crypto=/usr/local/openssl098g - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Printing of TCP flags seems incorrect grarpamp (Jul 01)
- Re: Printing of TCP flags seems incorrect Guy Harris (Jul 01)
- Re: Printing of TCP flags seems incorrect grarpamp (Jul 02)
- Re: Printing of TCP flags seems incorrect grarpamp (Jul 02)
- Re: Printing of TCP flags seems incorrect Guy Harris (Jul 03)
- Re: Printing of TCP flags seems incorrect Guy Harris (Jul 03)
- Re: Printing of TCP flags seems incorrect grarpamp (Jul 03)
- Re: Printing of TCP flags seems incorrect grarpamp (Jul 02)
- Re: Printing of TCP flags seems incorrect Guy Harris (Jul 01)