On Sun, Aug 22, 1999 at 01:03:41PM +0100, Tim Ricketts wrote:
> On Sat, 21 Aug 1999, John Dalbec wrote:
>
> > I finally got a FIN packet showing up in the output.
> > 21:01:52.930921 199.190.116.159.4190 > 209.81.8.242.http: F 854084334:854084334(0)
>ack 3932797143 win 32120
> ignore this FIN:
> ignore tcp !tcp.live,tcp.dest=tcp.www
> ignore tcp !tcp.live,tcp.source=tcp.www
This won't work for this particular purpose. tcp.live is defined as the
4 bytes starting at offset 127 into the tcp header; which contains the
address of the remote host. This is valid even when sending FIN packets
so diald will not ignore those packets. The rule
ignore tcp tcp.fin
is guaranteed to work for any tcp connection, not just those with port
80 as the destination or source port.
--
Gyepi Sam --+-- Designer/Programmer --+-- Network/System Administrator
[EMAIL PROTECTED] --+-- http://www.praxis-sw.com/gyepi
And that's the way it is... -- Walter Cronkite
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
