Output is:
[EMAIL PROTECTED]:~$ su -
Password:
www:~# tcpdump -d src host centernet.jhuccp.org and \( ip proto \\tcp or \\udp \)
(000) ldh [12]
(001) jeq #0x800 jt 2 jf 8
(002) ld [26]
(003) jeq #0xa281e1c0 jt 4 jf 8
(004) ldb [23]
(005) jeq #0x6 jt 7 jf 6
(006) jeq #0x11 jt 7 jf 8
(007) ret #96
(008) ret #0
www:~# tcpdump src host centernet.jhuccp.org and \( ip proto \\tcp or \\udp \)
tcpdump: listening on eth0
15:33:05.757014 virtual.jhuccp.org.59313 > ns1.jhmi.edu.domain: 37894+ AAAA?
centernet.jhuccp.org. (38) (DF)
15:33:05.758609 ns1.jhmi.edu.domain > virtual.jhuccp.org.59313: 37894* 0/1/0 (97) (DF)
15:33:05.758927 virtual.jhuccp.org.59313 > ns1.jhmi.edu.domain: 37895+ A?
centernet.jhuccp.org. (38) (DF)
15:33:05.765150 ns1.jhmi.edu.domain > virtual.jhuccp.org.59313: 37895* 1/2/2 A
162.129.225.192 (130) (DF)
4 packets received by filter
0 packets dropped by kernel
www:~# tcpdump -h
tcpdump version 3.6
libpcap version 0.6
Usage: tcpdump [-adeflnNOpqStuvxX] [-c count] [ -F file ]
[ -i interface ] [ -r file ] [ -s snaplen ]
[ -T type ] [ -w file ] [ expression ]
www:~#
Thanks, again, Guy.
-Kevin
>>> [EMAIL PROTECTED] 09/27/04 03:32PM >>>
KEVIN ZEMBOWER wrote:
> As you can see, I'm still getting packets from ns1.jhmi.edu on the DNS port.
What does the command
tcpdump -d src host centernet.jhuccp.org and \( ip proto \\tcp or \\udp \)
print?
> If it helps, I'm using bash 2.05 on a Debian woody (stable, 3.0) distro
> running kernal 2.4.18.
The bash and kernel versions probably aren't the most important version
numbers - the libpcap version is.
What does
tcpdump -h
print?
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
